Lucene search
K

2830 matches found

seebug.org
seebug.org
added 2014/12/09 12:0 a.m.20 views

Iwebsns最新版SQL注入第一枚

简要描述: Iwebsns最新版SQL注入第一枚 详细说明: 在wooyun上看到雨牛提了5个iwebsns的漏洞了( WooYun: Iwebsns sql 第五枚。 ),我来捡捡漏儿吧,已对比,不重复,下载Iwebsns最新的1.1.0来看看。 为了使审核的大大们容易确认是否有重复,我先把存在漏洞的文件和注入参数分别写在这里:/action/album/photouplflash.action.php sesscode 下面看看漏洞是怎么产生的/action/album/photouplflash.action.php 无关代码 //变量定义区...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/12/08 12:0 a.m.30 views

Iwebmall最新版SQL注入第一枚

简要描述: Iwebmall最新版SQL注入第一枚 详细说明: 看到wooyun上有人提了几个iweb的漏洞( WooYun: iwebmall商城程序sql注入 ),我来捡捡漏儿吧,希望不要重复。官网下载最新v1.2来看看。 先把注入点拿出来:www.xxx.com/do.php?act=userfavoritedel,POST的内容中有个参数favorite,存在注入。 /action/user/favoritedel.action.php 无关代码 // 处理post变量 ifempty$POST $favoriteid = intvalgetargs'id'; else...

7AI score
Exploits0
exploitpack
exploitpack
added 2014/11/11 12:0 a.m.28 views

Subex Fms 7.4 - SQL Injection

Subex Fms 7.4 - SQL Injection ======================================================================================= Subex ROC Fraud Management System v7.4 - Unauthenticated Blind-Time Based SQL Injection =======================================================================================...

7.5CVSS0.1AI score0.01203EPSS
Exploits3
Exploit DB
Exploit DB
added 2014/09/25 12:0 a.m.45 views

Cart Engine 3.0 - Multiple Vulnerabilities

=== Details === Quantum Leap Advisory: http://www.quantumleap.it/cart-engine-3-0-multiple-vulnerabilities-sql-injection-reflected-xss-open-redirect/ Affected Product: Cart Engine Version: 3.0 === Executive Summary === SQL Injection: Using a specially crafted HTTP request, it is possible to exploi...

7AI score
Exploits0
Packet Storm
Packet Storm
added 2014/09/16 12:0 a.m.37 views

Cart Engine 3.0 XSS / Open Redirect / SQL Injection

=== Details === Quantum Leap Advisory: http://www.quantumleap.it/cart-engine-3-0-multiple-vulnerabilities-sql-injection-reflected-xss-open-redirect/ Affected Product: Cart Engine Version: 3.0 === Executive Summary === SQL Injection: Using a specially crafted HTTP request, it is possible to exploi...

0.3AI score
Exploits0
seebug.org
seebug.org
added 2014/08/26 12:0 a.m.23 views

TinyShop同一处盲注和存储型xss

简要描述: 参数未进行过滤,导致同一位置出现sql注入和可打后台存储xss。 详细说明: 先看看tinyshop如何处理传递的参数: /framework/lib/util/requestclass.php中 public static function get $num = funcnumargs; $args = funcgetargs; if$num==1 ifisset$GET$args0 ifisarray$GET$args0return $GET$args0; else return trim$GET$args0; return null; else if$num=2...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2014/08/24 12:0 a.m.28 views

@CMS 2.1.1 SQL Injection

SQL Injection on @CMS 2.1.1 Stable Risk: High CWE number: CWE-89 Date: 22/08/2014 Vendor: www.atcode.net Author: Felipe " Renzi " Gabriel Contact: [email protected] Tested on: Linux Mint Vulnerable File: articles.php Exploit: http://host/articles.php?catid=SQLI PoC:...

0.2AI score
Exploits0
WPVulnDB
WPVulnDB
added 2014/08/01 10:59 a.m.10 views

WP Realty - MySQL Time Based Injection

The wp-realty WordPress plugin was affected by a MySQL Time Based Injection security vulnerability...

1.7AI score
Exploits0References3Affected Software1
0day.today
0day.today
added 2014/07/12 12:0 a.m.32 views

InvGate Service Desk 4.2.36 SQL Injection Vulnerability

InvGate Service Desk version 4.2.36 suffers from multiple remote SQL injection vulnerabilities. InvGate Service Desk v4.2.36 multiple vulnerabilities http://www.invgate.com/en/service-desk/ http://www.invgate.com/en/service-desk/on-premise-trial/ Invgate Service Desk suffers from many SQL...

8.3AI score
Exploits0
Packet Storm
Packet Storm
added 2014/07/10 12:0 a.m.27 views

InvGate Service Desk 4.2.36 SQL Injection

InvGate Service Desk v4.2.36 multiple vulnerabilities http://www.invgate.com/en/service-desk/ http://www.invgate.com/en/service-desk/on-premise-trial/ Invgate Service Desk suffers from many SQL injections as an authenticated, but non-privileged end-user role user. Most are also stacked injections...

Exploits0
seebug.org
seebug.org
added 2014/07/09 12:0 a.m.27 views

kppw威客系统SQL注入一枚

简要描述: rt 详细说明: 注册处。 function checkall$regusername, $regemail, $regcode global $lang,$K; $res1 = $this-checkip ; if$K'do' $url = 'index.php?do='.$K'do'; else $url = 'index.php?do=register'; $res1 === true or $result = $res1; $res2 = $this-checkusername $regusername ; $res2 === true or $result =...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.26 views

Wordpress Plugin Realty - Blind SQL Injection

No description provided by source. $$$$$$\ $$\ $$\ $$$$$$\ $$ $$\ $$ | $$ | $$ $$\ $$ / | $$ | $$ | $$ / | $$ |$$$$\ $$$$$$$$ | $$$$$$\ $$ |$$ | $$ $$ | $$\ $$ | $$ | $$ | $$ | $$\ $$ | $$$$$$ |$$\ $$ | $$ |$$\$$$$$$ | / || ||/ Exploit Title: Wordpress - wp-realty - MySQL Time Based...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.47 views

vBulletin Yet Another Awards System 4.0.2 - SQL Injection

No description provided by source. Exploit Title: vBulletin Yet Another Awards System 4.0.2 Time Based SQL Injection 0day Google Dork: inurl:awards.php intext:powered by vbulletin Date: 29/08/12 Exploit Author: Backsl@sh/Dan Software Link: http://www.vbulletin.org/forum/showthread.php?t=232684...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.39 views

Kordil EDMS 2.2.60rc3 - SQL Injection Vulnerability

No description provided by source. Exploit Title: Kordil EDMS v2.2.60rc3 SQL Injection Vulnerability Date: 12/05/2012 Exploit Author: Woody Hughes [email protected] Vendor Homepage: http://sourceforge.net/projects/kordiledms/ Software Link:...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.38 views

Centreon Enterprise Server 2.3.3-2.3.9-4 - Blind SQL Injection Exploit

No description provided by source. !/usr/bin/env python Exploit Title: Centreon 2.3.3 - 2.3.9-4 menuXML.php Blind SQL Injection Exploit Disclosure Date: December 12, 2012 Author: modpr0be @modpr0be Platform: Linux Tested on: Centreon Enterprise Server with Centreon 2.3.9-4 on CentOS 5.5 x8664 Fin...

6.5CVSS0.2AI score0.0331EPSS
Exploits4
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.10 views

PizzaInn_Project - SQL Injection

No description provided by source. + Exploit: PizzaInnProject - SQL Injection + Author: vinicius777 + Contact: vinicius777 AT gmail @vinicius777 + Vendor Homepage: http://sourceforge.net/projects/restaurantmis/ 1 Sql Injection Time Based Blind PoC: http://127.0.0.1/reserve-exec.php?id=1' SQL...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.18 views

Authenex A-Key/ASAS Web Management Control 3.1.0.2 (latest) - Time-based SQL Injection

No description provided by source. ============================================================ FOREGROUND SECURITY, SECURITY ADVISORY 2011-002 - Original release date: September 21, 2011 - Discovered by: Jose Carlos de Arriba - Senior Security Analyst at Foreground Security - Contact: jcarriba a...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.29 views

Joomla 1.5 com_virtuemart <= 1.1.7 - Blind time-based SQL Injection (MSF)

No description provided by source. Exploit Title: Joomla 1.5 comvirtuemart = 1.1.7 blind time-based sql injection MSF module Date: Thu Jul 28, 2011 Author: TecR0c - tecr0c.mythsec @ gmail.com Version: = 1.1.7 Download: http://dev.virtuemart.net/projects/virtuemart/files Greetz: mythsec team, Jame...

6.7AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.25 views

GeoCore MAX DB Ver. 7.3.3 - Time-Based Blind Injection

No description provided by source. Exploit Title: GeoCore MAX DB Ver. 7.3.3 - Time-Based Blind Injection Official site: http://geodesicsolutions.com Risk Level: High Vendor : http://geodesicsolutions.com Exploit Author: Esac Homepage author : www.iss4m.ma Last Checked: 25/04/2014 +----------+ |...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.21 views

Joomla DJ Classifieds Extension 2.0 - Blind SQL Injection Vulnerability

No description provided by source. $$$$$$\ $$\ $$\ $$$$$$\ $$ $$\ $$ | $$ | $$ $$\ $$ / | $$ | $$ | $$ / | $$ |$$$$\ $$$$$$$$ | $$$$$$\ $$ |$$ | $$ $$ | $$\ $$ | $$ | $$ | $$ | $$\ $$ | $$$$$$ |$$\ $$ | $$ |$$\$$$$$$ | / || ||/ Exploit Title: Joomla - DJ Classifieds - Time-Based Blind...

7.1AI score
Exploits0
Rows per page
Query Builder