22 matches found
GEL CMS 4.0 SQL Injection Vulnerability
GEL CMS version 4.0 suffers from a remote SQL injection vulnerability that allows for login bypass. ad8888888888ba Bypass super-Admin GEL4.0 dP' "8b, 8 ,aaa, "Y888a ,aaaa, ,aaa, ,aa, 8 8' 8 "8baaaad""""baaaad""""baad""8b 8 8 8 """" """" "" 8b 8 8, ,8 ,aaaaaaaaaaaaaaaaaaaaaaaaddddd88P 8 """' ,d8""...
GEL CMS 4.0 SQL Injection
ad8888888888ba Bypass super-Admin GEL4.0 dP' "8b, 8 ,aaa, "Y888a ,aaaa, ,aaa, ,aa, 8 8' 8 "8baaaad""""baaaad""""baad""8b 8 8 8 """" """" "" 8b 8 8, ,8 ,aaaaaaaaaaaaaaaaaaaaaaaaddddd88P 8 """' ,d8"" Yb, ,ad8" "Y8888888888P" Exploit Title: SQLi Bypass super-admin GEL CMS 4.0 Google Dork:...
CVE-2013-4879
Vulnerability: CVE-2013-4879 affects BigTree CMS 4.0 RC2 and earlier, due to an SQL injection in the code path that processes input via PATH_INFO to index.php (affecting core/inc/bigtree/cms.php). The root cause is insufficient sanitization/validation of user-supplied data, enabling remote attack...
PHPaa CMS 4. 0 injection 0day-vulnerability warning-the black bar safety net
One is called Philip the brother of the storm vulnerability. It storms a lot of Holes. Uh, I think PHPaa pretty safe. Uh, the big cattle do not see it could it? I like injection. Just inject this. Other own Baidu Bit. Vulnerability file: admin/page.add.php admin/ message.action.php...
Joe guest(joekoe) CMS 4.0 upload and SQL injection vulnerabilities-vulnerability warning-the black bar safety net
Joekoe CMS 4.0 brings you a perfect design, in the member interaction and Security aspects of a unique innovative system for the Windows NT Service environment of a Web site or a business platform of the best solutions. Its well-designed architecture with functional mechanisms, from the individua...
JAF CMS 4.0 Upload Exploit
Exploit for php platform in category web applications ========================== JAF CMS 4.0 Upload Exploit ========================== 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //...
Slaed CMS 4.0 - Multiple Vulnerabilities
======================================================================================== | Title : Script Slaed Cms 4 Mullti Vulnerability | Author : indoushka | email : [email protected] | Home : www.sec-war.com | Web Site : | Dork : Powered by SLAED CMS © 2005-2008 SLAED. All rights reserve...
TYPO3 CMS 4.0 (showUid) Remote SQL Injection Vulnerability
No description provided by source. ----- TYPO3 CMS 4.0 SQL-Injection Vulnerability ----- + Author : CyberNaj, JxE-13 + Vulnerability : SQL injection + Group : Ro0T-MaFia ----- Info CMS: Name : TYPO3 Web : http://typo3.org dowloand : http://typo3.org/download/packages/ Country : Venezuela -----...
CVE-2008-1609
CVE-2008-1609 affects JAF CMS 4.0 RC2. Connected sources describe a remote file inclusion vulnerability whereby input in the website parameter (to forum/main.php and forum/forum.php) and the main_dir parameter (to forum/forum.php) can be used to include arbitrary files, enabling arbitrary PHP exe...
jafcms-rfi.txt
┌┌───────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An Unimaginable crack.... ────┐...
JAF CMS 4.0 RC2 - Multiple Remote File Inclusions
JAF CMS 4.0 RC2 - Multiple Remote File Inclusions ??????????????????????????????????????????????????????????????????????????????? ?? C r a C k E r ?? ?? T H E C R A C K O F E T E R N A L M I G H T ?? ?????????????????????????????????????????????????????????????????????????????? ????? From The Ash...
CVE-2007-6142
The CVE affects ph03y3nk just another flat file (JAF) CMS 4.0 RC2. It describes reflected Cross‑Site Scripting via the index.php show parameter and the print.php print parameter, enabling injection of arbitrary web script/HTML. The root cause is input handling in these two parameters leading to s...
joekoe CMS 4.0 上传漏洞
Joekoe CMS 4.0 给您带来一个经过完善的设计,在会员互动及安全方面有独特创新性的系统,适用于Windows NT服务环境下的的Web站点或商务平台的最佳解决方案。它精心设计的架构与功能机制,从个人到企业各方面应用的要求,为你提供一个安全、稳定、高效而快捷的Web站点和一体化的商务平台解决方案。 看\common\include\web.upload.asp 中的代码 sub doPageLoad if APPSTATUS="close" then treeData.addItem "status","error.message" treeData.addItem...
joekoe CMS 4.0 注入漏洞
Joekoe CMS 4.0 给您带来一个经过完善的设计,在会员互动及安全方面有独特创新性的系统,适用于Windows NT服务环境下的的Web站点或商务平台的最佳解决方案。它精心设计的架构与功能机制,从个人到企业各方面应用的要求,为你提供一个安全、稳定、高效而快捷的Web站点和一体化的商务平台解决方案。 在web.upload.asp中: ........... sub doParseUploadData dim tmpFilePath,tmpFileType,tmpFileSize,tmpName tmpFilePath=up.getFileInfo"file.path"...
CVE-2006-7127
Multiple PHP remote file inclusion vulnerabilities in JAF CMS 4.0 and 4.0 RC2 allow remote attackers to execute arbitrary PHP code via a URL in the maindir parameter to 1 forum/main.php and 2 forum/headlines.php...
CVE-2006-7128
CVE-2006-7128 describes a PHP remote file inclusion in JAF CMS 4.0 RC1, exploitable via the URL in the website parameter of forum.php, allowing remote code execution. The NVD CVSSv2 base score is 7.5 (HIGH) with network access, low complexity, no authentication, and partial impact on confidential...
CVE-2006-7127
CVE-2006-7127 affects the JAF CMS (versions 4.0 and 4.0 RC2). Affected component: the forum/ directory handling pages (forum/main.php and forum/headlines.php). Root cause: remote PHP code execution via a crafted URL passed to the main_dir parameter, enabling an attacker to include and run arbitra...
CVE-2006-5131
module/shout/jafshout.php aka the shoutbox in ph03y3nk just another flat file JAF CMS 4.0 RC1 allows remote attackers to execute arbitrary code within sections bounded by "", possibly due to a static code injection vulnerability involving admin/datainc.php...
CVE-2006-5129
Multiple cross-site scripting XSS vulnerabilities in ph03y3nk just another flat file JAF CMS 4.0 RC1 allow remote attackers to inject arbitrary web script or HTML via 1 the message parameter, and possibly other parameters, in module/shout/jafshout.php aka the shoutbox; and 2 the message body in a...
CVE-2006-5129
CVE-2006-5129 affects ph03y3nk just another flat file (JAF) CMS 4.0 RC1. The vulnerabilities are cross-site scripting in two spots: (1) module/shout/jafshout.php (the shoutbox) via the message parameter and related name/email/title/date/ldate/lname variables, and (2) the message body in a forum p...