PHP-Nuke <= 8.1.0.3.5b (Your_Account Module) Remote Blind SQL Injection (Benchmark Mode)

No description provided by source. PHP-Nuke = 8.1.0.3.5b YourAccount Module Remote Blind SQL Injection Benchmark Mode Author: yawn Contact Me: http://www.unitx.net Requirements: magicquotesgpc : off Greetings: [email protected] | [email protected] | Dante90 You will remember, Watson, how the...

Mambo <= 4.6rc1 (Weblinks) Blind SQL Injection Exploit

No description provided by source. !/usr/bin/php -q -d shortopentag=on ? echo Mambo = 4.6rc1 'Weblinks' blind SQL injection / admin credentials\r\n; echo disclosure exploit benchmark vesion\r\n; echo by rgod [email protected]\r\n; echo site: http://retrogod.altervista.org\r\n; echo this is calle...

PostNuke <= 0.764 - Blind SQL Injection Exploit

No description provided by source. !/usr/bin/python ================================================================================================= / | |\ \ / | / |/ | | |/ \ | | / \ \ | \ \ | | | \ | |/ \ | | // | || | ||| /| / /\ | |||| /| / /...

Joomla 1.5 com_virtuemart <= 1.1.7 - Blind time-based SQL Injection (MSF)

No description provided by source. Exploit Title: Joomla 1.5 comvirtuemart = 1.1.7 blind time-based sql injection MSF module Date: Thu Jul 28, 2011 Author: TecR0c - tecr0c.mythsec @ gmail.com Version: = 1.1.7 Download: http://dev.virtuemart.net/projects/virtuemart/files Greetz: mythsec team, Jame...

WordPress AdRotate plugin <= 3.6.6 - SQL Injection

No description provided by source. Exploit Title: WordPress AdRotate plugin = 3.6.6 SQL Injection Vulnerability Date: 2011-11-8 Author: Miroslav Stampar miroslav.stamparatgmail.com @stamparm Software Link: http://downloads.wordpress.org/plugin/adrotate.3.6.6.zip Version: 3.6.6 tested Note:...

LightNEasy Cms 3.2.1 - Blind SQL Injection Vulnerability

No description provided by source. Exploit Title: LightNEasy Cms 3.2.1 Blind SQL Injection Vulnerability Date: 20.09.2010 Author: Stephan Sattler // Solidmedia.de Software Website: http://www.lightneasy.org/ Software Link: http://www.lightneasy.org/addons/downloads/send.php?dlid=127 Version: 3.2....

php weby directory software 1.2 - Multiple Vulnerabilities

No description provided by source. =========================================== Vulnerable Software: PHP Weby directory software version 1.2 Vendor: http://phpweby.com Download: htp://phpweby.com/down/phpwebydirectory.zip Vuln: Blind SQL injection && CSRF Dork: intext:Powered by PHP weby software...

blur6ex <= 0.3.462 (ID) Admin Disclosure / Blind SQL Injection Exploit

No description provided by source. !/usr/bin/php -q -d shortopentag=on ? echo blur6ex = 0.3.462 'ID' blind SQL injection / admin credentials disclosure\r\n; echo by rgod [email protected]\r\n; echo site: http://retrogod.altervista.org\r\n; echo dork: \powered by blur6ex\r\n\r\n; / works...

Wordpress Plugin Bannerize <= 2.8.7 - SQL Injection Vulnerability

No description provided by source. Exploit Title: WordPress WP Bannerize plugin = 2.8.7 SQL Injection Vulnerability Date: 2011-09-22 Author: Miroslav Stampar miroslav.stamparatgmail.com @stamparm Software Link: http://downloads.wordpress.org/plugin/wp-bannerize.zip Version: 2.8.7 tested...

YapBB <= 1.2 (forumID) Blind SQL Injection Exploit

No description provided by source. --+++======================================================+++-- --+++====== YapBB = 1.2 Blind SQL Injection Exploit ======+++-- --+++======================================================+++-- !/usr/bin/perl use strict; use warnings; use IO::Socket; sub usage d...

AuraCMS <= 2.2.1 (online.php) Remote Blind SQL Injection Exploit

No description provided by source. !/usr/bin/perl -w Indonesian Newhack Security Advisory ------------------------------------ AuraCMS 2.x online.php - Remote Blind SQL Injection Exploit Waktu : Feb 15 2008 01:00PM Software : AuraCMS Versi : 2.0 2.1 2.2.1 Vendor : http://www.auracms.org/...

Uzbey: SQL injection, tile ID

The tile ID parameter to the tile image script is vulnerable to SQL injection. The following will cause the script to run a benchmark, returning 8-10 seconds later: https://staging.uzbey.com/tiles1600/693/sleep10...

Linux Performance Monitor: Nmon

Nmon Nigel’s performance Monitor for Linux is another very useful command line utility that can display information about various system resources like cpu, memory, disk, network etc. It was developed at IBM and later released open source. It is available for most common architectures like x86, A...

MySQL: Обход фильтрации символов в имени колонок

Прим.: Вариант, который потерялся, и о котором никто не напомнил: https://rdot.org/forum/showpost.php?...2&postcount=10 Материал ниже все равно может быть полезен при изучении специфических SQL-запросов в MySQL и при некоторых типах WAF. ------------ Недавно, изучая одну уязвимость возникла...

MySQL: Вытягивание записей в строку с использованием встроенной функции insert

Все вы знаете о выводе колонок MySQL таблицы в одну строку, итак, встречаем - Четвертый метод! Но об этом немного позже, а сейчас вспомним то, что имеется на сегодняшний день. Из статьи Dr.Z3r0: MySQL SQL Injection полный FAQ: 1. groupconcat + Простое использование, небольшой размер - Ограничение...

tipask问答系统2.0SQL时间盲注漏洞

简要描述： 其实我是来膜拜猪头子的 详细说明： 关于对get/post检测的部分，主要就是看猪头子大牛的： WooYun: tipask问答系统2.0 ajaxsearch二次编码注入漏洞 /model/question.php function ontag $tag = urldecode$this-get'2'; //二次编码绕过 //echo $tag; $encodeword = urlencode$tag; $navtitle = $tag . '-标签搜索'; $qstatus = $status = intval$this-get3; !$status && $qstatu...

Gaming Platforms as an attack vector against remote systems

Little more than a year ago I wrote about the possibility to attack gaming platform to compromise large audience of gamers in stealthy way, the access to millions of machines represent a dream for every attackers and I hypnotized its repercussion in cyber warfare domains. Gaming platform are...

PHP Weby Directory Software 1.2 SQL Injection / Cross Site Request Forgery

=========================================== Vulnerable Software: PHP Weby directory software version 1.2 Vendor: http://phpweby.com Download: htp://phpweby.com/down/phpwebydirectory.zip Vuln: Blind SQL injection && CSRF Dork: intext:Powered by PHP weby software...

xt:Commerce <= v3.04 SP2.1 Time Based Blind SQL Injection

Exploit for php platform in category web applications +---------------------------------+ | xt:Commerce = v3.04 SP2.1 | | commerce:SEO = v2.1 CE | | Gambio = v2.0.10 SP1.4 | | Time Based Blind SQL Injection | +---------------------------------+ Author.............: Ralf Zimmermann...

Seditio 165 SQL Injection / Denial Of Service

cs Seditio 165 from seditio-eklenti.com Denial Of Service exploit by AkaStep. We will exploit Sql injection using this exploit and as result we will cause Denial of Service. Mysql server will go down or will overloaded +server will get overloadedHigh CPU Load. // Vuln Discovered By AkaStep +...