[Full-disclosure] CubeCart <=3.0.14 Bind Sql Injection POC.

Exploit Discoverd By Novalok & Kasper Of KasaNova Security Coded By A Friend ?php / Vendor : Devellion Limited 2006 Exploit: Blind SQL injection look below for more info Impact: of Discovered by: KasaNova Security --------------------------------------------------------------------------------...

Woltlab Burning Board Lite 1.0.2 - Blind SQL Injection

Woltlab Burning Board Lite 1.0.2 - Blind SQL Injection ?php printr' -------------------------------------------------------------------------------- Woltlab Burning Board Lite 1.0.2 ZendHashDelKeyOrIndex / / blind sql injection exploit by rgod [email protected] site: http://retrogod.altervista.org...

etm_0612_sqlinj.pl.txt

!/usr/bin/perl -w use IO::Socket; use strict; Etomite CMS "id" SQL Injection Version: 0.6.1.2 Url: http://www.etomite.org Author : Alfredo Pesoli 'revenge' Description: The "id" parameter isn't properly sanitised before being returned in sql query and can be used to inject craft SQL queries, we c...

PHPWind <= 5.0.1 (AdminUser) Remote Blind SQL Injection Exploit

Exploit for unknown platform in category web applications =============================================================== PHPWind = 5.0.1 AdminUser Remote Blind SQL Injection Exploit =============================================================== ?php printr'...

PHPWind 5.0.1 - &#039;AdminUser&#039; Blind SQL Injection

126...

PHPWind 5.0.1 - AdminUser Blind SQL Injection

PHPWind 5.0.1 - AdminUser Blind SQL Injection...

Berty Forum &lt;= 1.4 (index.php) Remote Blind SQL Injection Exploit

No description provided by source. % Response.Buffer = True % % On Error Resume Next % % Server.ScriptTimeout = 100 % % '=============================================================================================== 'Script Name: Berty Forum = 1.4index.php Remote Blind SQL Injection Exploit 'Cod...

Berty Forum 1.4 - index.php Blind SQL Injection

Berty Forum 1.4 - index.php Blind SQL Injection exploit1.asp 'Using : Write Target and ID after Submit Click '=============================================================================================== % Berty Forum v1.4index.php Blind SQL Injection Exploit function functionControl1...

Berty Forum 1.4 - &#039;index.php&#039; Blind SQL Injection

exploit1.asp 'Using : Write Target and ID after Submit Click '=============================================================================================== % Berty Forum v1.4index.php Blind SQL Injection Exploit function functionControl1 setTimeout"functionControl2",2000; function...

GNUTURK 2G - t_id SQL Injection

GNUTURK 2G - tid SQL Injection ",$html; $rtmp=explode"",$tmp1; $ausername=$rtmp0; $tmp=explode'',$html; $rtmp=explode"",$tmp1; $apass=$rtmp0; echo "--------------------------------\n"; echo "Powered by p2y...

Timesheet 1.2.1 Blind SQL Injection Vulnerability

About: Timesheet.php is a PHP application designed to keep track of the hours worked by multiple people on multiple projects. It allows users to log in through their web browser and manage the times that they are clocked on or clocked off. Description: A vulnerability can be found on the file...

Icblogger.txt

Icblogger = "YID" Remote Blind SQL Injection - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Credit by | Chironex Fleckeri Mail | [email protected] - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Usage : http://www.target.com/path/devam.asp?YID=-...

icblogger v2 (YID) Remote SQL Injection Vulnerability

No description provided by source. Icblogger = "YID" Remote Blind SQL Injection - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Credit by | Chironex Fleckeri Mail | [email protected] - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Usage :...

CubeCart 3.0.11 - &#039;oid&#039; Blind SQL Injection

!/usr/bin/php -q -d shortopentag=on this works against MySQL =4.1 allowing subs -------------------------------------------------------------------------------- '; / short explaination: software site: http://www.cubecart.com/site/home/ same kind of sql injection of...

CubeCart <= 3.0.11 (oid) Remote Blind SQL Injection Exploit

Exploit for unknown platform in category web applications =========================================================== CubeCart this works against MySQL =4.1 allowing subs -------------------------------------------------------------------------------- '; / short explaination: software site:...

ATutor 1.5.3.1 - &#039;links&#039; Blind SQL Injection

!/usr/bin/php -q -d shortopentag=on = 4.1 allowing SELECT subqueries for ORDER BY statements see http://dev.mysql.com/doc/refman/5.0/en/subqueries.html - with at least 2 links in atlinks table / if $argc5 echo "Usage: php ".$argv0." host path user pass OPTIONS\r\n"; echo "host: target server...

ATutor 1.5.3.1 - links Blind SQL Injection

ATutor 1.5.3.1 - links Blind SQL Injection !/usr/bin/php -q -d shortopentag=on = 4.1 allowing SELECT subqueries for ORDER BY statements see http://dev.mysql.com/doc/refman/5.0/en/subqueries.html - with at least 2 links in atlinks table / if $argc5 echo "Usage: php ".$argv0." host path user pass...

ATutor <= 1.5.3.1 (links) Remote Blind SQL Injection Exploit

Exploit for unknown platform in category web applications ============================================================ ATutor = 4.1 allowing SELECT subqueries for ORDER BY statements see http://dev.mysql.com/doc/refman/5.0/en/subqueries.html - with at least 2 links in atlinks table / if $argc5 ec...

X7 Chat 2.0.4 - old_prefix Blind SQL Injection

X7 Chat 2.0.4 - oldprefix Blind SQL Injection !/usr/bin/php -q -d shortopentag=on 126 $result.=" ."; else $result.=" ".$string$i; i...

geoauctionsSQL.txt

------=Part10286255599.1153211407989 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline Be kind to publish it quickly, Regards, Angel Team NewAngels Advisory 12 GeoAuctions Enterprise & Others - Blind SQL Injection Vulnerability...