888 matches found
Rookie looking for a loophole---the penetration site of“reflection”-vulnerability warning-the black bar safety net
Things causes is QQ a friend sent me a site, say like there is a loophole, because this friend is just contact the network security aspect, I took to the site a look, really the so-called porous yeah, of course this site is not going to be the little black miss home obviously be people hanging on...
CVE-2007-3451
PHP remote file inclusion vulnerability in admin/index.php in 6ALBlog allows remote authenticated administrators to execute arbitrary PHP code via a URL in the pg parameter...
Remote file inclusion
Multiple PHP remote file inclusion vulnerabilities in Supasite 1.23b allow remote attackers to execute arbitrary PHP code via a URL in the supadbpath parameter to 1 commonfunctions.php, 2 adminauthcookies.php, 3 adminmods.php, 4 adminnews.php, 5 admintopics.php, 6 adminusers.php, 7...
Net Portal Dynamic System (NPDS) <= 5.10 Remote Code Execution
Exploit for unknown platform in category web applications ============================================================== Net Portal Dynamic System NPDS Options OPTIONS | -proxy If you wanna use a proxy | -proxyauth Basic authentification ";exit1; $url = getparam'url',1; $pro = getparam'proxy'; $p...
Net Portal Dynamic System (NPDS) 5.10 - Remote Code Execution (1)
Net Portal Dynamic System NPDS 5.10 - Remote Code Execution 1 !/usr/bin/php Options OPTIONS | -proxy If you wanna use a proxy | -proxyauth Basic authentification ";exit1; $url = getparam'url',1; $pro = getparam'proxy'; $pra = getparam'proyauth'; $xpl = new phpsploit; $xpl-agent'Mozilla Firefox';...
Net Portal Dynamic System (NPDS) 5.10 - Remote Code Execution (1)
!/usr/bin/php Options OPTIONS | -proxy If you wanna use a proxy | -proxyauth Basic authentification ";exit1; $url = getparam'url',1; $pro = getparam'proxy'; $pra = getparam'proyauth'; $xpl = new phpsploit; $xpl-agent'Mozilla Firefox'; if$pro $xpl-proxy$pro; if$pra $xpl-proxyauth$pra; +print.php S...
liens_dynamiques xss and admin authentification
liensdynamiques xss and admin authentification By : sn0oPy Risk : high Site : http://xentraz.free.fr/ Dork : "liensdynamiques" | "liensdynamiques2.1" exploit : + inject any script on the add menu "liens.php3?ajouter=1", you cas del it without admin permission one the del menu...
EternalMart Guestbook 1.10 (admin/auth.php) Remote Inclusion Vuln
Exploit for unknown platform in category web applications ================================================================= EternalMart Guestbook 1.10 admin/auth.php Remote Inclusion Vuln ================================================================= EternalMart Guestbook 1.1.0 emgbadminpath...
CVE-2006-5592
Admin/adpoll.asp in PacPoll 4.0 and earlier allows remote attackers to bypass authentication by setting the polllog cookie value to "xx"...
gCards <= 1.45 Multiple Vulnerabilities All-In-One Exploit
No description provided by source. !/usr/bin/php -q -d shortopentag=on ? echo "gCards = 1.45 multiple vulnerabilities\r\n"; echo "by rgod [email protected]\r\n"; echo "site: http://retrogod.altervista.org\r\n\r\n"; echo "Sun-Tzu:"At first, then, exhibit the coyness of a maiden, until the\r\n";...
gCards <= 1.45 Multiple Vulnerabilities All-In-One Exploit
Exploit for unknown platform in category web applications ========================================================== gCards languageredirect == $SERVER'PHPSELF' if isset$GET'setLang' $SESSION'setLang' = $GET'setLang'; $langFile = $page-relpath.'inc/lang/'.$lang$SESSION'setLang''file'; if...
Nodez <= 4.6.1.1 Mercury Multiple Remote Vulnerabilities
No description provided by source. !/usr/bin/php -q -d shortopentag=on ? echo "Nodez 4.6.1.1 Mercury possibly prior versions multiple vulnerabilities\r\n"; echo "by rgod [email protected]\r\n"; echo "site: http://retrogod.altervista.org\r\n\r\n"; / software: site: nodez.greentinted.com/...
Nodez <= 4.6.1.1 Mercury Multiple Remote Vulnerabilities
Exploit for unknown platform in category web applications ======================================================== Nodez = 4.6.1.1 Mercury Multiple Remote Vulnerabilities ======================================================== !/usr/bin/php -q -d shortopentag=on ? echo "Nodez 4.6.1.1 Mercury...
Clever_Copy_V3_sql.txt
Clever Copy SQL injection vulnerable code in mailarticle.php 11-12 ... $getnews="SELECT from CCnews where entryid='$ID'"; $getnews2=mysqlquery$getnews or die"Could not get blog"; ... "ID" var is not properly sanitized before to be used in a SQL query, poc:...
Clever Copy 3.0 - Admin Auth Details SQL Injection
Clever Copy 3.0 - Admin Auth Details SQL Injection this works with magicquotesgpc = Off usage: launch from Apache, fill in requested fields, then go! Sun-Tzu: "While heading the profit of my counsel, avail yourself also of any helpful circumstances over and beyond the ordinary rules"...
Clever Copy 3.0 - Admin Auth Details / SQL Injection
this works with magicquotesgpc = Off usage: launch from Apache, fill in requested fields, then go! Sun-Tzu: "While heading the profit of my counsel, avail yourself also of any helpful circumstances over and beyond the ordinary rules" errorreporting0; iniset"maxexecutiontime",0;...
paFaq10beta4.txt
GulfTech Security Research June 20th, 2005 Vendor : php Arena URL : http://www.phparena.net/pafaq.php Version : paFAQ 1.0 Beta 4 Risk : Multiple Vulnerabilities Description: paFAQ is a FAQ/Knowledge base system that allows webmasters to keep an organized database of Frequently Asked Questions; a...
e107 v0.617 several new and old vulnerabilities
Hello, The e107 is an open-source, PHP and SQL based portal and content management system1. I found some new vulnerabilities in the current release v0.617. Also some "older" flaws2 has been re-discovered in different ways. This email has been sent some months ago to the e107 developers. They fixe...
Exploti...
Try to ad thix exploit to Your files... ACNews 1.0 = Admin Authentication Bypass SQL Injection http://www.google.com/search?hl=en&lr=&q=acnews+1.0+login.asp&btnG=Search /str0ke Product:ACNews version :1.0 VULNERABILITY CLASS: SQL injection exploit Log in with username:' or 'x'='x password :' or...
ACNews <= 1.0 Admin Authentication Bypass SQL Injection Exploit
Exploit for unknown platform in category web applications =============================================================== ACNews = 1.0 Admin Authentication Bypass SQL Injection Exploit ===============================================================...