18 matches found
EUVD-2020-5031
Malware in sbrugna...
CVE-2020-8803
SuiteCRM through 7.11.11 allows Directory Traversal to include arbitrary .php files within the webroot via addtoprospectlist...
Exponent CMS <= 0.96.3 (view) Remote Command Execution Exploit
No description provided by source. !/usr/bin/php -q -d shortopentag=on ? printr' .:---------------------------------------------------------------------------:. Exponent CMS 0.96.3 stable possibly other versions "view" arbitrary local inclusion / remote commands xctn exploit by rgod...
Coppermine Photo Gallery <= 1.4.3 - Remote Commands Execution Exploit
No description provided by source. ?php ---cpg143inclxpl.php 15.38 04/12/2005 Coppermine Photo Gallery = 1.4.3 remote commands execution coded by rgod site: http://retrogod.altervista.org - this works regardless of any php.ini settings, you need a normal user account with upload rights in persona...
Sugar Suite Open Source <= 4.2 (OptimisticLock) Remote Exploit
No description provided by source. !/usr/bin/php -q -d shortopentag=on ? echo Sugar Suite Open Source = 4.2 \OptimisticLock!\ arbitrary remote inclusion exploit\r\n; echo by rgod [email protected]\r\n; echo site: http://retrogod.altervista.org\r\n\r\n; echo this is called the \five claws of...
Exponent CMS 0.96.3 - 'view' Remote Command Execution
!/usr/bin/php -q -d shortopentag=on 126...
xmb_196_cnd_xpl.txt
!/usr/bin/php -q -d shortopentag=on ? echo "XMB = 1.9.6 Final basename 'langfilenew' arbitrary local inclusion / remote commands xctn\n"; echo "by rgod [email protected]\n"; echo "site: http://retrogod.altervista.org\n"; echo "dork: "Powered by XMB"\n\n"; / works regardless of php.ini settings /...
DotClear 1.2.4 - prepend.php Remote File Inclusion
DotClear 1.2.4 - prepend.php Remote File Inclusion !/usr/bin/php -q -d shortopentag=on ? echo "DotClear = 1.2.4 prepend.php/'blogdcpath' arbitrary remote inclusion\r\n"; echo "by rgod [email protected]\r\n"; echo "site: http://retrogod.altervista.org\r\n\r\n"; echo "dork: "propulsé par DotClear"...
unb_161p1_incl_xpl.txt
!/usr/bin/php -q -d shortopentag=on ? echo "Unclassified NewsBoard = 1.6.1 patch 1 ABBCConfigsmileset arbitrary\r\n"; echo "local inclusion\r\n"; echo "by rgod [email protected]\r\n"; echo "site: http://retrogod.altervista.org\r\n\r\n"; echo "works with registerglobals = On & magicquotesgpc =...
Sugar Suite Open Source 4.2 - 'OptimisticLock' Command Execution
!/usr/bin/php -q -d shortopentag=on \r\n"; die; / software site: http://www.sugarcrm.com/crm/ i vulnerable code in modules/OptimisticLock/LockResolve.php:...
phpWebSite 0.10.2 - hub_dir Remote Command Execution
phpWebSite 0.10.2 - hubdir Remote Command Execution !/usr/bin/php -q -d shortopentag=on arbitrary local inclusion, works with magicquotesgpc = Off\r\n"; echo "by rgod, mail: [email protected]\r\n"; echo "site: http://retrogod.altervista.org\r\n\r\n"; if $argc 0 include$hubdir . 'conf/config.php'...
4Images <= 1.7.1 (Local Inclusion) Remote Code Execution Exploit
No description provided by source. ?php ----4images171inclxpl.php 6.45 26/02/2006 4Images = 1.7.1 remote commands execution through arbitrary local inclusion coded by rgod site: http://retrogod.altervista.org - this works regardless of magicquotesgpc settings Sun-Tzu: "Having doomed spies, doing...
PHPKIT >= 1.6.1r2 arbitrary local/remote inclusion (unproperly patched in previous versions)
---------- PHPKit = v.1.6.1 release 2 remote code execution ------------------- software: site: www.phpkit.de description: a Content Management / homepage / community building software written in PHP language --------------------------------------------------------------------------------...
Coppermine Photo Gallery <= 1.4.3 Remote Commands Execution Exploit
Exploit for unknown platform in category web applications =================================================================== Coppermine Photo Gallery this works regardless of any php.ini settings, you need a normal user account with upload rights in personal albums and at least one album usage:...
Coppermine Photo Gallery 1.4.3 - Remote Command Execution
this works regardless of any php.ini settings, you need a normal user account with upload rights in personal albums and at least one album usage: launch from Apache, fill in requested fields, then go! Sun-Tzu: "The direct and the indirect lead on to each other in turn. It is like moving in a...
RunCMS 1.2 - 'class.forumposts.php' Remote File Inclusion
?php ---runcms13axpl.php 17.30 09/02/2006 RunCMS = 1.2 arbitrary remote inclusion exploit " = 1.3a shell upload through FCKEditor coded by rgod site: http://retrogod.altervista.org usage: launch from Apache, fill in requested fields, then go! Sun-Tzu: "But when the army is restless and distrustfu...
guppy459_xpl.txt
Guppy README";echo" now I have an 20051128162317hacker.inc file with this code inside: errors code HTTP."; $date = "Date : 28/11/2005 16:23"; $dest = "Page requested : ?"; $source = "Page source : "; $browser = "Browser : "; $addrip = "IP address : ";passthru"ls -laREADME";echo""; $domaine =...
Guppy <= 4.5.9 Remote code execution
Guppy = 4.5.9 Remote code execution / various arbitrary inclusion issues software: site: http://www.freeguppy.org/ description: a very popular French PHP CMS that stores data in files i remote code/commands execution tested and working against php 5.0.2 and php 4.3.3 with register globals off and...