LDAP - Injection

LDAP - Injection + Vurnerebility: LDAP Injection + Category : Implemented Web exploit + Category : Attack Technique + Author : mc2s3lector + dork : X/o" + Contact : www.yogyacarderlink.web.id + date : 4-2-10 + biGthank to : Allah SWT,jasakom,KeDai Computerworks,0n3-d4y n3ro,eplaciano,...

LDAP - Injection

Vurnerebility: LDAP Injection + Category : Implemented Web exploit + Category : Attack Technique + Author : mc2s3lector + dork : X/o" + Contact : www.yogyacarderlink.web.id + date : 4-2-10 + biGthank to : Allah SWT,jasakom,KeDai Computerworks,0n3-d4y n3ro,eplaciano, all.indonesian like a coding,...

LDAP Injection Vulnerability

Exploit for unknown platform in category local exploits ============================ LDAP Injection Vulnerability ============================ + Vurnerebility: LDAP Injection + Category : Implemented Web exploit + Category : Attack Technique + Author : mc2s3lector + dork : X/o" + Contact :...

Smart PHP Statistics 1.0 suffer from XSS Vulnerability

No description provided by source. view source print? ? ?????????????????????????In The Name Of Allah The Mercifull?????????????????????? ? Tybe: suffer from XSS Vulnerability ? Vendor: www.smartphpstatistics.com ? ? Software : Smart PHP Statistics 1.0 ? - ? - author: R3d-D3v!L ? TEAM: ArAB!AN...

Ultimate Fade-in Slideshow 1.51 - Arbitrary File Upload

================== NaMe: Ultimate Fade-in slideshow 1.51 = Shell Upload Vulnerability Author : NeX HaCkeR Contact: [email protected] ================== Script site : http://www.dynamicdrive.com ================== ExplOiT: 1: register in site http://www.xxx.com/path/userregister.php 2: go to your Ad...

JNM Guestbook 3.0 - 'index.php' Cross-Site Scripting

source: https://www.securityfocus.com/bid/43697/info JNM Guestbook is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context...

Lussumo Vanilla 1.1.51.1.7 - updatecheck.php Cross-Site Scripting

Lussumo Vanilla 1.1.51.1.7 - updatecheck.php Cross-Site Scripting source: https://www.securityfocus.com/bid/35124/info Vanilla is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary scrip...

Nokia N95-8 browser - 'setAttributeNode' Method Crash

Application: Nokia N95-8 OS: Symbian ------------------------------------------------------ 1 - Description 2 - Vulnerability 3 - POC/EXPLOIT ------------------------------------------------------ Description The nokia n95 is a smartphone, this phone have more tools, for example:...

dieseljobsite-sql.txt

Diesel Job Site Blind Sql Injection P0c Author : Stack Home Script : http://www.dieselscripts.com Desc : look the select Job Viewed: in real id+and+1=1 true the times change each time but in real id+and+1=0 false it remains stable go to url exploit or poc 2 or 3 times for see the difference betwe...

efestechvideo-sql.txt

$Author : RMx $Mail : [email protected] $Homepage : Coderx.org $Script name :Efestech video v5.0 $Script download :http://www.aspindir.com/goster/4835 $Script Sales : Free $Thanks : Ex-47 , TRIP $Vulnerable file : Default.asp $Vulnerable code : id parameters cannot filter... $Exploit :...

Tellmatic tm_includepath远程文件包含漏洞

Tellmatic是一款基于PHP的WEB应用程序。 Tellmatic不正确过滤用户提交的URI数据，远程攻击者可以利用漏洞以WEB权限执行任意PHP代码。 问题是由于脚本对用户提交的'tmincludepath'参数缺少过滤，指定远程服务器上的任意文件作为包含参数，可导致以WEB权限执行任意PHP代码。 Tellmatic Tellmatic 1.0.7 Tellmatic Tellmatic 1.0.7.1 目前没有详细解决方案提供： http://www.tellmatic.org/...

Eurologon CMS files.php任何文件下载漏洞

Eurologon CMS是一款基于PHP的WEB应用程序。 Eurologon CMS不正确过滤用户提交的URI数据，远程攻击者可以利用漏洞以WEB权限下载任意文件，获得敏感信息。 问题是由于'files.php'脚本对用户提交的'file'参数缺少过滤，提交包含多个"../"字符作为参数数据，可绕过WEB ROOT限制，以WEB权限下载任意文件，获得敏感信息。 Eurologon CMS 目前没有详细解决方案提供： http://www.eurologon.com/...

OBLOG js.asp漏洞

漏洞文件：js.asp 看代码 "" And teamid"0" Then teamid=Replaceteamid,"|","," Sql=Sql & " And teamid In " & teamid & " " End If Sql=Sql & " Order by postid Desc" Set rs=oblog.ExecuteSql sRet="" Do While Not rs.Eof sAddon="" sRet=sRet & "" & oblog.FilthtmlLeftrs2,l & "" If u=1 Then sAddon=rs4 if t=1 Then If...

ASPCart.txt

vendor site: http://www.aspcart.com product: ASP Cart bug: multiples injection sql post & get global risk: high ! injection get : http://site.com/prodetails.asp?prodid='sql injection post : 1http://site.com/display.asp Variables: /display.asp?page='sql 2http://site.com/addcart.asp Variables:...

OPENi-CMS 1.0.1beta - 'config' Remote File Inclusion

Update: 22:44 09/11/06 Subject: "OPENi-CMS 1.0.1config Remote File Inclusion Vulnerability " Vulnerable version: OPENi-CMS 1.0.1 Operating System: - All OS Vendor URL: Support - [email protected] Website - http://www.openi-cms.org/ Description: Openi-CMS he one software PHP Content Management...

PHP Forge <= 3 beta 2 (cfg_racine) Remote File Inclusion Vulnerability

No description provided by source. \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ phpforge3b2cfgracine Remote File Inclusion Vulnerability ------------------------ Virangar Security Team www.virangar.org public www.virangar.net priv8 -------- Discoverd By : Snake...

Cisco Secure ACS 2.3 - LoginProxy.cgi Cross-Site Scripting

Cisco Secure ACS 2.3 - LoginProxy.cgi Cross-Site Scripting source: https://www.securityfocus.com/bid/18449/info Cisco Secure ACS is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage...

ASPSitem 2.0 - SQL Injection / Database Disclosure

ASPSitem ICQ: 10072 MSN/Mail: [email protected] web: www.nukedx.com This exploits works on ASPSitem GET - http://victim/ASPSitemDir/Anket.asp?hid=SQL EXAMPLE - http://victim/ASPSitemDir/Anket.asp?hid=4%20union%20select%20sifre,0%20from%20uyeler%20where%20 id%20like%201 with this example remote...

SoftMaker Shop - Multiple Cross-Site Scripting Vulnerabilities

SoftMaker Shop - Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/16471/info SoftMaker Shop is prone to multiple cross-site scripting vulnerabilities. These issues are due to a lack of proper sanitization of user-supplied input. An attacker may leverage thes...

Use MS0601 vulnerability do web Trojan generator-vulnerability warning-the black bar safety net

We first need to understand this vulnerability you! Applicable system: Microsoft Windows 2 0 0 0 Service Pack 4 – download the update Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2 – Download the update Microsoft Windows XP Professional x64 Edition – download the upda...