MicroNews Admin Direct Access vulnerability

MicroNews Authentication Bypass Homepage: http://phptoys.com/ Download: http://www.phptoys.com/download.php?view.31 Found by Xcross87 | xcross87.info | hcegroup.net Simply access news input http://site/path/admin.php ^$^ Enjoy ! - by Xcross -...

FaScript FaName 1.0 - SQL Injection

FaScript FaName 1.0 - SQL Injection FaScript FaName v1 Remote Sql Injection BY IRCRASH AUTHOR : IRCRASH Dr.Crash Script Download : http://www.hotscripts.com/Detailed/66472.html Injection Adress : http://Sitename/faname/page.php?id= Help : In This Script Admin Username and Password Save in...

Agares phpAutoVideo 2.21 - 'articlecat' SQL Injection (2)

!/usr/bin/perl Agares PhpAutoVideo 2.21 articlecat Remote SQL Injection Exploit Bug Found by ka0x http://milw0rm.org/exploits/4901 .. but sql injection works if we include in index.php bug file with sql injection..like this :...

0DayDB 2.3 (delete id) Remote Admin Bypass Exploit

Exploit for unknown platform in category web applications ================================================== 0DayDB 2.3 delete id Remote Admin Bypass Exploit ================================================== !/usr/bin/perl Autor : Pr0metheuS Script : 0DayDB v2.3 Version : v2.3 Dork : "Powered By...

IceWarp Mail Server admin/index.html message Parameter XSS

The remote host is running IceWarp Merak Mail Server, a webmail server for Windows and Linux. The remote version of IceWarp fails to sanitize user input to the 'message ' parameter of the 'admin/index.html' script before using it to generate dynamic content. An unauthenticated, remote attacker ma...

TUTOS 1.3 - cmd.php Remote Command Execution

TUTOS 1.3 - cmd.php Remote Command Execution AUTHOR : H-T TeaM HouSSaMix ToXiC350 HOME : http://no-hack.net Script : TUTOS Tested in version 1.3 other versions may also be affected. Download : http://www.tutos.org/homepage/index.html BUG : Command Execution Vulnerability | 3xpl0it4t10n -1- :...

TUTOS 1.3 (cmd.php) Remote Command Execution Vulnerability

Exploit for unknown platform in category web applications ========================================================== TUTOS 1.3 cmd.php Remote Command Execution Vulnerability ========================================================== AUTHOR : H-T TeaM HouSSaMix ToXiC350 HOME : http://no-hack.net...

tribisur-sql.txt

!/usr/bin/php -q And now the bugged code :- : So we can exploit it with this simple PoC: forum.php?action=liste&cat=-1+union+select+0,concatpseudo,0x3a,passe,0,0,0,0,0,0,0,0+from+utiliz+where+id=1 Bug 2 in catmain.php : So like the first we can exploit it with:...

CVE-2007-6614

CVE-2007-6614 : PHP remote file inclusion in Agares Media phpAutoVideo 2.21. The vulnerability affects the admin/frontpage_right.php script and allows remote attackers to execute arbitrary PHP code via a URL supplied to the loadadminpage parameter. This is described as related to CVE-2007-6542. N...

CuteNews <= 1.4.5 Admin Password md5 Hash Fetching Exploit

No description provided by source. ?php errorreportingEALL; /////////////////////////////////////////////////////////////////////// /////////////////////////////////////////////////////////////////////// // Cutenews = 1.4.5 admin password md5 hash fetching exploit // Version 1.0 // written by Jan...

nicLOR CMS (sezione_news.php) Remote SQL Injection Vulnerability

No description provided by source. Name : nicLOR-CMS SQL Injection Vulnerability. Author : x0kster Email : [email protected] Script Download : http://www.niclor.net/prodotti/16-04-06-niclorcms.zip Date : 21/12/2007 SQL Injection in sezionenews.php ?php ... $intSezioneID = $GET'id'; ... $strSQL =...

Windows NT/2k/XP useradd shellcode for russian systems 318 bytes

No description provided by source. / \ win32 useradd shellcode for russian systems / by Darkeagle \ ExploiterZ Lab / http://exploiterz.org \ / // add user "slim" with password "shady" with admin prem. in Russian Systems unsigned char data318 = 0xEB, 0x0F, 0x58, 0x80, 0x30, 0x17, 0x40, 0x81, 0x38,...

XSS vulnerabilities in WP-ContactForm

Здравствуйте 3APA3A! Сообщаю вам о найденных мною Cross-Site Scripting уязвимостях в WP-ContactForm. Это плагин для WordPress. Данные уязвимости - это persistent XSS. Уязвима версия плагина WP-ContactForm 1.5 alpha и предыдущие. Ранее я уже писал про уязвимости в WP-ContactForm...

cmsgalaxie-sql.txt

/ \ / \ | | | | | | | | | | | / | | | | | | | ' / | | ' \ / \ | | | | || | || | | | \ | | | | / | , |/ /|| ||| |||| / | |/ Program Title CMS Galaxie Software - Remote SQL Injection Note Alright, bible.org is vuln to the sql injection.. but weird as it may seem the login doesnt work.. its a...

CVE-2007-6310

Multiple cross-site scripting XSS vulnerabilities in Falt4Extreme RC4 10.9.2007 allow remote attackers to inject arbitrary web script or HTML via the handler parameter to 1 index.php and possibly 2 admin/index.php, and 3 the topic parameter to modules/feed/feed.php aka modules/feed.php...

CVE-2007-6163

SQL injection vulnerability in admin/index2.asp in GOUAE DWD Realty allows remote attackers to execute arbitrary SQL commands via the pword aka Password parameter. NOTE: some of these details are obtained from third party information...

Remote file inclusion

Multiple PHP remote file inclusion vulnerabilities in IAPR COMMENCE 1.3 allow remote attackers to execute arbitrary PHP code via a URL in the a phprootpath and sometimes the b privilegerootpath parameter to various PHP scripts under 1 admin/includes/, 2 admin/phase/, 3 includes/, 4...

runcms-overwrite.txt

RunCmss Bug Yahoo! Crawler body font-size: 10px; font-family: verdana; INPUT BORDER-TOP-WIDTH: 1px; FONT-WEIGHT: bold; BORDER-LEFT-WIDTH: 1px; FONT-SIZE: 10px; BORDER-LEFT-COLOR: D50428; BACKGROUND: 590009; BORDER-BOTTOM-WIDTH: 1px; BORDER-BOTTOM-COLOR: D50428; COLOR: 00ff00; BORDER-TOP-COLOR:...

Content Injector 1.52 (index.php cat) Remote SQL Injection Vulnerability

Exploit for unknown platform in category web applications ======================================================================== Content Injector 1.52 index.php cat Remote SQL Injection Vulnerability ========================================================================...

Softbiz Ad Management plus Script ver 1 Remote SQL Injection Vuln

Exploit for unknown platform in category web applications ================================================================= Softbiz Ad Management plus Script ver 1 Remote SQL Injection Vuln ================================================================= Softbiz Ad Management plus Script ver 1 S...