82 matches found
WeBid 1.0.2 - Persistent Cross-Site Scripting (via SQL Injection)
Exploit Title: presistent XSS through SQLi WeBid 1.0.2 Google Dork: "powered by WeBid" Date: 15-06-2011 Author: Saif El-Sherei Software Link: http://sourceforge.net/projects/simpleauction/ Version: 1.0.2 Tested on: Firefox 4, XAMPP Info: Open source php/mysql fully featured auction script. Perfec...
WeBid 1.0.2 presistent XSS via SQL Injection
Exploit for php platform in category web applications Exploit Title: presistent XSS through SQLi WeBid 1.0.2 Google Dork: "powered by WeBid" Author: Saif El-Sherei Software Link: http://sourceforge.net/projects/simpleauction/ Version: 1.0.2 Tested on: Firefox 4, XAMPP Info: Open source php/mysql...
Bs Auction Script SQL Injection
1 1 0 I'm Sid3^effects member from Inj3ct0r Team 1 1 0 0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1 Name : Bs Auction Script Sqli Vulnerability Date : july 5,2010 Critical Level : HIGH vendor URL :http://www.brotherscripts.com/ Price:$24.95 Author : Sid3^effects aKa Ha...
Bs Auction Script - SQL Injection
Bs Auction Script - SQL Injection 1 1 0 I'm Sid3^effects member from Inj3ct0r Team 1 1 0 0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1 Name : Bs Auction Script Sqli Vulnerability Date : july 5,2010 Critical Level : HIGH vendor URL :http://www.brotherscripts.com/...
CVE-2010-2144
CVE-2010-2144 describes a cross-site scripting (XSS) vulnerability in SignInForm.php of the Zeeways eBay Clone Auction Script, exploitable by remote attackers via the msg parameter. Affected component: signinform.php; vulnerability arises from improper handling of user-supplied input leading to s...
Sql injection
Multiple SQL injection vulnerabilities in login.php in 2daybiz Auction Script allow remote attackers to execute arbitrary SQL commands via 1 the login field aka the username parameter, and possibly 2 the password field, to index.php. NOTE: some of these details are obtained from third party...
CVE-2010-1706
CVE-2010-1706 concerns multiple SQL injection vulnerabilities in login.php of the 2daybiz Auction Script, allowing remote attackers to execute arbitrary SQL commands via the login field (username) and possibly the password field, directed at index.php. The issue is documented across multiple sour...
CVE-2010-1706
Multiple SQL injection vulnerabilities in login.php in 2daybiz Auction Script allow remote attackers to execute arbitrary SQL commands via 1 the login field aka the username parameter, and possibly 2 the password field, to index.php. NOTE: some of these details are obtained from third party...
2daybiz Auction Script SQL Injection
Exploit Title: Authentication bypass in 2daybiz Auction Script Date: 27-apr-2010 Author: Sid3^effects Software Link: N/a CVE : Code : Authentication bypass in 2daybiz Auction Script Vendor:http://www.2daybiz.com/ Author:Sid3^effects aKa haRi Description : 2daybiz Auction Script provides everythin...
2DayBiz Auction Script - Authentication Bypass
2DayBiz Auction Script - Authentication Bypass Authentication bypass in 2daybiz Auction Script Vendor:http://www.2daybiz.com/ Author:Sid3^effects aKa haRi Description : 2daybiz Auction Script provides everything you need, to establish a professionally looking online Auction website like Ebay.com...
2daybiz Auction Script Authentication Bypass
Exploit for php platform in category web applications ============================================ 2daybiz Auction Script Authentication Bypass ============================================ Authentication bypass in 2daybiz Auction Script Vendor:http://www.2daybiz.com/ Author:Sid3^effects aKa haRi...
Sql injection
SQL injection vulnerability in allauctions.php in Telebid Auction Script allows remote attackers to execute arbitrary SQL commands via the aid parameter...
CVE-2009-4058
SQL injection vulnerability in allauctions.php in Telebid Auction Script allows remote attackers to execute arbitrary SQL commands via the aid parameter...
CVE-2009-4058
SQL injection vulnerability in allauctions.php in Telebid Auction Script allows remote attackers to execute arbitrary SQL commands via the aid parameter...
CVE-2009-4058
The vulnerability is a SQL injection in Telebid Auction Script, affecting the allauctions.php endpoint via the aid parameter. Exploitation could allow remote attackers to execute arbitrary SQL commands, with the NVD noting a HIGH base score (7.5) and network-based, low-complexity access. The conn...
Sql injection
SQL injection vulnerability in item.php in WeBid auction script 0.5.4 allows remote attackers to execute arbitrary SQL commands via the id parameter...
Sql injection
SQL injection vulnerability in the admin panel admin/ in WeBid auction script 0.5.4 allows remote attackers to execute arbitrary SQL commands via the username...
Cross site scripting
eledicss.php in WeBid auction script 0.5.4 allows remote attackers to modify arbitrary cascading style sheets CSS files via a certain request with the file parameter set to style.css. NOTE: this can probably be leveraged for cross-site scripting XSS attacks...
CVE-2008-7119
SQL injection vulnerability in item.php in WeBid auction script 0.5.4 allows remote attackers to execute arbitrary SQL commands via the id parameter...
CVE-2008-7117
eledicss.php in WeBid auction script 0.5.4 allows remote attackers to modify arbitrary cascading style sheets CSS files via a certain request with the file parameter set to style.css. NOTE: this can probably be leveraged for cross-site scripting XSS attacks...