compteur 2.0 - (param_editor.php) Remote File Include Vulnerability

No description provided by source. Title..: 7 php scripts File Inclusion Vuln / Source disclosure Credits: DarkFig Og.link: http://acid-root.new.fr/poc/13061007.txt Using http://www.google.com/codesearch Few examples about what we can do with a code search engine For educational purpose only. You...

MyBulletinBoard (MyBB) <= 1.2.3 - Remote Code Execution Exploit

No description provided by source. !/usr/bin/php ?php errorreportingEALL ^ ENOTICE; http://www.milw0rm.com/exploits/2012 They corrected not all a lot of SQL requests which use the ipaddress, with $db-escapestring. They don't corrected the function this is a choice ... the bad and they forgot to...

Album Photo Sans Nom <= 1.6 - Remote Source Disclosure Vulnerability

No description provided by source. Title..: 7 php scripts File Inclusion Vuln / Source disclosure Credits: DarkFig Og.link: http://acid-root.new.fr/poc/13061007.txt Using http://www.google.com/codesearch Few examples about what we can do with a code search engine For educational purpose only. You...

Nuked-klaN 1.7.6 - Remote Code Execution Exploit

No description provided by source. ?php Nuked-klaN 1.7.6 Remote Code Execution Exploit ------------------------------------------------ Author: DarkFig [email protected] Website: http://www.acid-root.new.fr/ PHP conditions: None = Private since 2 months. errorreportingEALL ^ ENOTICE; This file...

SturGeoN Upload Arbitrary File Upload Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/18764/info SturGeoN Upload is prone to an arbitrary file-upload vulnerability. An attacker can exploit this vulnerability to upload arbitrary code and execute it in the context of the webserver process. This may facilitat...

Coppermine Photo Gallery <= 1.4.10 Remote SQL Injection Exploit

No description provided by source. !/usr/bin/php ?php if$argc 4 print \n---------------------------------------------------------; print \nAffected.scr..: Coppermine Photo Gallery = 1.4.10; print \nPoc.ID........: 19070104; print \nType..........: SQL Injection; print \nRisk.level....: Medium;...

Jupiter CMS 1.1.5 - Remote File Upload Exploit

No description provided by source. ? / Title: Jupiter CMS 1.1.5 File Upload Vulnerability Advisory ID: 12070214 Risk level: High Author: DarkFig [email protected] URL: http://www.acid-root.new.fr/advisories/12070214.txt / errorreportingEALL ^ ENOTICE; $url = ' http://localhost/jupiter/'; $xpl =...

Net Portal Dynamic System <= 5.0 (register users) Denial of Service

No description provided by source. !/usr/bin/perl Type|+ Register multiple users for Denial of Service Vendor url|+ www.npds.org Little description|+ NPDS Net Portal Dynamic System is a Frenchand now English ! GNU dynamic portal Solution|+ None official but you can add a visual confirmation if yo...

ipb235-sql.txt

?php errorreportingEALL; /////////////////////////////////////////////////////////////////////// /////////////////////////////////////////////////////////////////////// // IPB = 2.3.5 sql injection exploit // Version 1.0 // written by Janek Vind "waraxe" // Estonia, Tartu // http://www.waraxe.us/...

Invision Power Board <= 2.3.5 Remote SQL Injection Exploit

Exploit for unknown platform in category web applications ========================================================== Invision Power Board = 2.3.5 Remote SQL Injection Exploit ========================================================== ?php errorreportingEALL;...

Nuked-Klan <= 1.7.6 Multiple Vulnerabilities Exploit

Exploit for unknown platform in category web applications ==================================================== Nuked-Klan Remote Code Execution - Remote File Upload - Admin Hash Extraction Remote Code Exec vulnerability used in this exploit was discovered by DarkFig. / print "\n"; print "...

VHCS &lt;= 2.4.7.1 (vhcs2_daemon) Remote Root Exploit

No description provided by source. !/usr/bin/php -q ?php errorreportingEALL ^ ENOTICE; darkfig@darky:/ ./vhcssploit.php -url http://localhost/vhcs2/ VHCS = 2.4.7.1 vhcs2daemon Remote Root Exploit -------------------------------------------------- About: by DarkFig gmdarkfig at gmail dot com...

VHCS &lt;= 2.4.7.1 &#40;vhcs2_daemon&#41; Remote Root Exploit

!/usr/bin/php -q ?php This file requires the PhpSploit class. If you want to use this class, the latest version can be downloaded from acid-root.new.fr. errorreportingEALL ^ ENOTICE; require'phpsploitclass.php'; darkfig@darky:/ ./vhcssploit.php -url http://localhost/vhcs2/ VHCS = 2.4.7.1...

VHCS 2.4.7.1 - vhcs2_daemon Remote Code Execution

VHCS 2.4.7.1 - vhcs2daemon Remote Code Execution !/usr/bin/php -q http://acid-root.new.fr/ [email protected] Exploit: + Logged in Administrator + The administrator has 2 resellers / Changing dareseller's password / Trying to connect as dareseller:thatpwnz + Login successful + The reseller...

VHCS <= 2.4.7.1 (vhcs2_daemon) Remote Root Exploit

Exploit for linux platform in category remote exploits ================================================== VHCS http://acid-root.new.fr/ email protected Exploit: + Logged in Administrator + The administrator has 2 resellers / Changing dareseller's password / Trying to connect as dareseller:thatpwn...

Belkin Wireless G Plus MIMO Router F5D9230-4 Auth Bypass Vulnerability

Exploit for hardware platform in category remote exploits ====================================================================== Belkin Wireless G Plus MIMO Router F5D9230-4 Auth Bypass Vulnerability ====================================================================== VULNERABILITY: Belkin...

Belkin F5D9230-4 Wireless G Plus MIMO Router - Authentication Bypass

Belkin F5D9230-4 Wireless G Plus MIMO Router - Authentication Bypass VULNERABILITY: Belkin Wireless G Plus MIMO Router F5D9230-4 Authentication Bypass Vulnerability AUTHOR: DarkFig http://acid-root.new.fr/?0:17 [email protected] INTRODUCTION: I recently bought this router for my local...

Belkin F5D9230-4 Wireless G Plus MIMO Router - Authentication Bypass

VULNERABILITY: Belkin Wireless G Plus MIMO Router F5D9230-4 Authentication Bypass Vulnerability AUTHOR: DarkFig http://acid-root.new.fr/?0:17 [email protected] INTRODUCTION: I recently bought this router for my local network without modem integrated, now I can tell that it was a bad choic...

jbcexplorer-exec.txt

!/usr/bin/php agent'Mozilla Firefox'; $xpl-allowredirection1; $xpl-cookiejar1; if$prx $xpl-proxy$prx; if$pra $xpl-proxyauth$pra; print "0x01Deleting the file auth.inc.php"; $xpl-post$url.'dirsys/modules/auth.php', 'suppr=1'; print "\n0x02Creating the file auth.inc.php";...

Pluxml 0.3.1 Remote Code Execution Exploit

?php This file require the PhpSploit class. If you want to use this class, the latest version can be downloaded from acid-root.new.fr. Note: The new version is compatible with PHP 4 by default. errorreportingEALL ^ ENOTICE; require'phpsploitclass.php'; C: sploit.php -url...