122 matches found
Easyndexer 1.0 - Cross-Site Request Forgery (Add Admin)
Easyndexer 1.0 - Cross-Site Request Forgery Add Admin Exploit Title: Easyndexer 1.0 - Cross-Site Request Forgery Add Admin Dork: N/A Date: 2018-11-10 Exploit Author: Ihsan Sencan Vendor Homepage: https://sourceforge.net/projects/easyndexer/ Software Link:...
Zomato: [www.zomato.com] Leaking Email Addresses of merchants via reset password feature
Hi Team, Introduction Found a cool IDOR, which again leaks the email addresses of all Zomato Users. This attack works no matter if you own the restaurant or not. Proof of Concept - Below Post Request leaks the email addresses of the Restaurant Owners in response - Request POST...
SQL injection vulnerability in phpaaCMS friendlink.action.php page
phpaaCMS is a simple article management system. A SQL injection vulnerability exists in the friendlink.action.php page of phpaaCMS v0.5, which can be exploited by attackers to obtain sensitive information about the database...
Whois Maintainer Accidentally Makes Password Hashes Available For Download
The regional internet registrar that administers IP addresses for the Asia Pacific region accidentally leaked Whois database data, including hashed passwords, forcing it to reset all passwords for objects in its Whois database. According to Asia Pacific Network Information Center APNIC, the...
Razer US: Database credentials leak on the https://razer-id.razerzone.com/
The tester discovered database parameters left around in a YAML file that was publicly visible. The credentials were for a database that was no longer in use and never stored sensitive data, but we consider this a good find anyway because this was out of bounds of our security practices. I...
IBOS Enterprise Collaboration Management Software AssignmentfinishedController.php page actionIndex function has SQL injection vulnerability
IBOS Enterprise Collaboration Management Software is a PHP-based collaborative office management system. An SQL injection vulnerability exists in the actionIndex function on the AssignmentfinishedController.php page of IBOS Enterprise Collaboration Management Software. An attacker can exploit the...
Leaky WWE Database Exposes Personal Data of 3M Fans
Pro wrestling giant World Wrestling Entertainment notified fans on Thursday that a database containing personal information of three million fans was left on an insecure server. According to the WWE, personal information included names, both home and email addresses, earnings, ethnicity, children...
SQL injection vulnerability in the xh parameter of the student/WorkAndStudy.asp page of the informatization management system of Guangzhou Zhongda Dongri Education Technology Co.
Guangzhou Zhongda Dongri Education Technology Co., Ltd. education information management system is to provide an integrated campus information solution. A SQL injection vulnerability exists in the informatization management system of Guangzhou CUHK Dongri Education Technology Co. The lack of...
PageAdmin v3.0 /e/database/v3.mdb 数据库泄漏
PageAdmin CMS V3.0版,默认数据库地址“/e/database/v3.mdb“,默认后台地址:“/e/master/login.aspx”,由于数据库地址未做限制,导致可以下载。通过逆向管理员MD5加密算法获得md5密文,并通过md5密文可以破解管理员密码。发现非常规MD5加密,于是使用ILSPY逆向源代码,查看加密方式public string GetMd5string s MD5 mD = new MD5CryptoServiceProvider; Encoding encoding = Encoding.GetEncoding"UTF-8"; string s2 =...
用友多个系统通用漏洞设计缺陷(自带已保存的口令)
简要描述: 详细说明: 默认密码 其实是根本不用输入密码,账号密码自动保存,点确认就登入了、 导致 源码泄露 可调试 源码 这套 系统很多套用友系统都带着,具体请看 WooYun: 用友多个系统通用漏洞导致接口信息泄露引发多数据库信息泄露(涉及多个大型厂商) 然后从这个得来的灵感 http://gpms.foton.com.cn/uapws/ http://erp.suning.com.cn/uapws/ http://fm2.cscec.com/uapws/ http://bap.ufida.com/uapws/ http://61.178.99.236:9002/uapws/...
MAS China Mobile Proxy Server SQL Injection Vulnerability
WAS China Mobile Proxy Server is a gateway that is deployed within the Intranet of group customers for application coupling with their OA, ERP, CRP and other application systems in order to satisfy the informatization needs of group customers who have a high degree of informatization to realize...
xEpan 1.0.4 - Multiple Vulnerabilities
xEpan 1.0.4 - Multiple Vulnerabilities Exploit Title: Multiple Vulnerability xEpan 1.0.4 Google Dork: not yet Date: 2014-11-27 Exploit Author: Parikesit , Kurawa In Disorder Vendor Homepage: http://xepan.org Software Link: http://www.xepan.org/index.php?subpage=download Version: 1.0.4 Tested on:...
Oracle Demantra Database Credentials Leak
This module exploits a database credentials leak found in Oracle Demantra 12.2.1 in combination with an authentication bypass. This way an unauthenticated user can retrieve the database name, username and password on any vulnerable machine. This module requires Metasploit:...
Anonymous leaks database from Israeli Musical Act Magazine site #OpIsrael
This Morning Anonymous member with twitter handle @OsamaTheGod leaked a huge database from server of Israeli Musical Act Magazine act.co.il. The leaked database posted on public note website and includes users ID, username, password in clear text, IP address and phone numbers. Hacker posted data ...
AVX Corporation Hacked by Anonymous #OpColtan
Anonymous Operation OpColtan have announced another attack in the name of this operation and this time its on a Manufacturer and Supplierof Electronic Components AVX Corporation www.avx.com. AVX It's a big firm wich produce ceramic and tantalum capacitors, connectors, thick and thin film...
Department of Homeland Security and U.S Navy hacked
Department of Homeland Security and U.S Navy hacked Department of Homeland Security and U.S Navy websites once again at Major Risk. This time hacking group called "Digital-corruption" hacked into subdomains of both sites and leak database info on pastebin. In its announcement on the pastebin.com...
FOX Sports website database hacked and leaked by Shad0w
FOX Sports website database hacked and leaked by Shad0w One of the Biggest Fox Sports website with world rank 678 and millions of Readers/Day got hacked. Hacker named "Shad0w " release SQL injection Vulnerability on one of the sub domain of Fox Sports and exploit it to extract the database. Leake...
Top100 Arena Gaming Sites Network hacked By ACA [Albanian Cyber Army]
Top100 Arena Gaming Sites Network hacked By ACA Albanian Cyber Army Albania hackers have exploited one of the biggest Game Arena site "Top100 " database using SQL injection attack. They leak the database on mediafire. Hackers belongs from group ACA Albanian Cyber Army...
Uronimo - Mobile platform website Hacked by Team Inj3ct0r
Uronimo - Mobile platform website Hacked by Team Inj3ct0r Uronimo - Mobile platform Hacked by Team Inj3ct0r today. They leak the database of site on Pastebin , including Username, Hash Password, emails and Phone Numbers of 1000 users...
Uronimo - Mobile platform website Hacked by Team Inj3ct0r
Uronimo - Mobile platform website Hacked by Team Inj3ct0r Uronimo - Mobile platform Hacked by Team Inj3ct0r today. They leak the database of site on Pastebin , including Username, Hash Password, emails and Phone Numbers of 1000 users...