227 matches found
BoastMachine 3.1 - mail.php id SQL Injection
BoastMachine 3.1 - mail.php id SQL Injection ...:::::boastMachine =3.1 SQL Injection Vulnerbility ::::.... Virangar Security Team www.virangar.org www.virangar.net -------- Discoverd By :virangar security teamhadihadi special tnx to:MR.nosrati,black.shadowes,MR.hesy,Zahra & all virangar members &...
Tribisur 'forum.php'/'cat_main.php' SQL注入漏洞
BUGTRAQ ID: 27149 CNCAN ID:CNCAN-2008010812 Tribisur是一款基于PHP的WEB应用程序。 Tribisur不正确过滤用户提交的URI数据,远程攻击者可以利用漏洞进行SQL注入攻击,可获得敏感信息或操作数据库。 问题是由于'forum.php'和'catmain.php'脚本对用户提交的WEB参数处理缺少充分过滤,提交恶意SQL查询作为参数数据,可更改原来的SQL逻辑,获得敏感信息或操作数据库。 Thomas PEREZ Tribisur 2.0 厂商解决方案 --------- 目前没有解决方案提供:...
Toko Instan 7.6 - Multiple SQL Injections
Indonesian Newhack Security Advisory ------------------------------------ Toko Instan V7.6 - Multiple Remote SQL Injection Vulnerabilities Waktu : Nov 14 2007 08:30AM Software : Toko Instan V7.6 Vendor : http://www.tokohandal.com/ Demo Site : http://www.tokohandal.com/demo/demo2.php Ditemukan ole...
aigaion-sql.txt
--==+================================================================================+==-- --==+ Aigaion = 1.3.3 SQL Injection Exploit +==-- --==+================================================================================+==-- DISCOVERED BY: Cody "CypherXero" Rester PAYLOAD: Admin username a...
Aigaion 1.3.3 - topic topic_id SQL Injection
Aigaion 1.3.3 - topic topicid SQL Injection --==+================================================================================+==-- --==+ Aigaion = 1.3.3 SQL Injection Exploit +==-- --==+================================================================================+==-- DISCOVERED BY: Cody...
XOOPS Module eCal 2.24 - 'display.php' SQL Injection
!/usr/bin/perl Script Name: XOOPS Module eCal 2.24 : "; $dir = ; chop $dir; if $dir = /exit/ print "-- Exploit FailedYou Are Exited \n"; exit; if $dir = /// else print "-- Exploit FailedNo DIR \n"; exit; $target =...
CascadianFaq Index.PHP SQL注入漏洞
CascadianFaq是一款基于PHP的WEB应用程序。 CascadianFaq不正确过滤用户提交的输入,远程攻击者可以利用漏洞进行SQL注入攻击,获得敏感信息。 问题是'Index.PHP'脚本对用户提交的'catid'参数缺少过滤,提交恶意SQL脚本代码作为参数数据,可更改原来的SQL逻辑,导致获得敏感信息。 Eclectic Designs CascadianFAQ 4.1 目前没有解决方案提供,请关注以下链接: http://eclectic-designs.com/cascadianfaq.php...