EUVD-2014-1535

Malware in sbrugna...

doorGets CMS 12 Shell Upload

==================================================================================================================================== | Title : doorGets CMS v12 Unrestricted File Upload Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox...

DoorGets CMS 7.0 Information Disclosure

==================================================================================================================================== | Title : DoorGets CMS v7.0 Sensitive information disclosure Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla...

doorGets CMS 7.0 Shell Upload

==================================================================================================================================== | Title : doorGets CMS v7.0 Unrestricted File Upload Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox...

doorGets CMS 7.0 File Download

Exploit Title: doorGets CMS 7.0 - Arbitrary File Download Dork: N/A Date: 2019-01-16 Exploit Author: Ihsan Sencan Vendor Homepage: http://www.doorgets.com/ Software Link: https://netix.dl.sourceforge.net/project/doorgets-cms/doorGets%20CMS%20V7/doorGetsCMSV7.0.zip Version: 7.0 Category: Webapps...

doorGets CMS 7.0 - Arbitrary File Download

Exploit Title: doorGets CMS 7.0 - Arbitrary File Download Dork: N/A Date: 2019-01-16 Exploit Author: Ihsan Sencan Vendor Homepage: http://www.doorgets.com/ Software Link: https://netix.dl.sourceforge.net/project/doorgets-cms/doorGets%20CMS%20V7/doorGetsCMSV7.0.zip Version: 7.0 Category: Webapps...

doorGets CMS 7.0 - Arbitrary File Download

doorGets CMS 7.0 - Arbitrary File Download Exploit Title: doorGets CMS 7.0 - Arbitrary File Download Dork: N/A Date: 2019-01-16 Exploit Author: Ihsan Sencan Vendor Homepage: http://www.doorgets.com/ Software Link:...

DoorGets CMS 7.0 Open Redirect

Title: Open Redirect DoorGets CMS Version: 7.0 vendor: https://github.com/doorgets/doorGets/ Tested on: Windows 64-bit Author: Rudra Sarkar @rudr4sarkar CVE: 2016-3726 1. Affected Param back= 2. Full URL http://127.0.0.1/dg-user/?controller=authentification&back=http%3A%2F%2Fexploitlab.ex%2F 3. G...

doorGets CMS 5.2 - SQL Injection Vulnerability

doorGets CMS 5.2 sql注入漏洞 虽然标题是5.2版本的，但厂商在漏洞公布后就修复了并且没有更新版本， 所以漏洞其实存在于5.1版本（下载了不同版本，实验证实） 漏洞存在于/doorgets/core/doorgetsFunctions.php文件中 --------省略部分代码 507: $id = $this-Controller-form'positiondown'-i'id'; $type = $this-Controller-form'positiondown'-i'type'; $pos =...

doorGets CMS - CSRF Vulnerability

No description provided by source. Title: Doorgets CSRF Vulnerability Author: n0pe Software Link: http://www.doorgets.com/ Download: http://www.doorgets.com/?sourcescms Tested: BackBox Linux 3 With this vulnerability you can change the configuration of the site. Proof of concept: html body form...

doorGets CMS SQL injection vulnerability-vulnerability warning-the black bar safety net

Vulnerability version: doorGets CMS 5.2 Vulnerability description: CVE ID:CVE-2 0 1 4-1 4 5 9 doorGets CMS is a content management system. Since the transfer to"/dg-admin/index.php"script"positiondownid" HTTP POST parameters failed to adequately filtered, the attacker can access the management...

CVE-2014-1459

SQL injection vulnerability in dg-admin/index.php in doorGets CMS 5.2 and earlier allows remote authenticated administrators to execute arbitrary SQL commands via the positiondownid parameter. NOTE: this can be leveraged using CSRF to allow remote attackers to execute arbitrary SQL commands...

Sql injection

SQL injection vulnerability in dg-admin/index.php in doorGets CMS 5.2 and earlier allows remote authenticated administrators to execute arbitrary SQL commands via the positiondownid parameter. NOTE: this can be leveraged using CSRF to allow remote attackers to execute arbitrary SQL commands...

CVE-2014-1459

DoorGets CMS

CVE-2014-1459

SQL injection vulnerability in dg-admin/index.php in doorGets CMS 5.2 and earlier allows remote authenticated administrators to execute arbitrary SQL commands via the positiondownid parameter. NOTE: this can be leveraged using CSRF to allow remote attackers to execute arbitrary SQL commands...

SQL Injection in doorGets CMS

Advisory ID: HTB23197 Product: doorGets CMS Vendor: doorGets Vulnerable Versions: 5.2 and probably prior Tested Version: 5.2 Advisory Publication: January 15, 2014 without technical details Vendor Notification: January 15, 2014 Vendor Patch: January 15, 2014 Public Disclosure: February 5, 2014...

doorGets CMS 5.2 - SQL Injection Vulnerability

Exploit for php platform in category web applications Advisory Details: High-Tech Bridge Security Research Lab discovered vulnerability in doorGets CMS, which can be exploited to perform SQL Injection attacks. 1 SQL Injection in doorGets CMS: CVE-2014-1459 The vulnerability exists due to...

doorGets CMS 5.2 - SQL Injection

Advisory ID: HTB23197 Product: doorGets CMS Vendor: doorGets Vulnerable Versions: 5.2 and probably prior Tested Version: 5.2 Advisory Publication: January 15, 2014 without technical details Vendor Notification: January 15, 2014 Vendor Patch: January 15, 2014 Public Disclosure: February 5, 2014...

doorGets CMS 5.2 - SQL Injection

doorGets CMS 5.2 - SQL Injection Advisory ID: HTB23197 Product: doorGets CMS Vendor: doorGets Vulnerable Versions: 5.2 and probably prior Tested Version: 5.2 Advisory Publication: January 15, 2014 without technical details Vendor Notification: January 15, 2014 Vendor Patch: January 15, 2014 Publi...

doorGets CMS 5.2 SQL Injection

Advisory ID: HTB23197 Product: doorGets CMS Vendor: doorGets Vulnerable Versions: 5.2 and probably prior Tested Version: 5.2 Advisory Publication: January 15, 2014 without technical details Vendor Notification: January 15, 2014 Vendor Patch: January 15, 2014 Public Disclosure: February 5, 2014...