Lucene search
K

119 matches found

myhack58
myhack58
added 2008/10/19 12:0 a.m.36 views

Let you become the ASP Trojan master-vulnerability warning-the black bar safety net

Name: how to make a picture of the ASP Trojan can display pictures Built an asp file, the content of!-- of i nclude file="ating.jpg"--找 一 个 正常 图片 ating.jpg, insert the word Trojan,such as the ice Fox, with ultraedit to hex compiled, insert a picture, to run a successful, but also to search%and %...

7.8AI score
Exploits0
seebug.org
seebug.org
added 2008/10/01 12:0 a.m.23 views

Dvbbs·php Version 2.0++ Blind SQL Injection

No description provided by source. html head titleDvbbs·php Version 2.0++ Blind SQL Injection Exploit/title script language="Javascript" type="text/javascript" / ---------------------------------------------------------------------------------------------- - DVBBS PHP 2.0 Forum Blind SQL Injectio...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2008/08/30 12:0 a.m.10 views

DVBBS php2.0 topicother.php 注入漏洞

topicother.php中在处理$costnum参数时,没有进行严格的考虑,存在SQL注入漏洞。 DVBBS php2.0 http://www.dvbbs.net http://p.dvbbs.net/topicother.php?t=9&action=join&activeid=1//and//10=select//count//from//dvadmin http://p.dvbbs.net/topicother.php?/topicother.php?t=9&action=join&boardid=2&id=1&activeid=1//and//1=selec...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2008/06/01 12:0 a.m.31 views

动网论坛DvBBS login.asp脚本多个SQL注入漏洞

BUGTRAQ ID: 29429 DVBBS是一款Aspsky.Net开发和维护的开放源码ASP Web论坛程序。 DvBBS的login.asp页面没有正确地验证用户所提交的登录请求,远程攻击者可以通过提交恶意的登录请求执行SQL注入攻击,判断有效的用户名和密码HASH。 Dvbbs 8.2 动网论坛 -------- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://www.dvbbs.net/...

6.9AI score
Exploits0
Packet Storm
Packet Storm
added 2008/05/29 12:0 a.m.29 views

dvbbs-sql.txt

name: where topsec security research group email: [email protected] Subject: dvbbs8.2access/sqlversion login.asp remote sql injection danger level: critical/High info: dvbbs is prone to multiple sql injection security flaw interrelated code to access versionexp:...

7.4AI score
Exploits0
exploitpack
exploitpack
added 2008/05/29 12:0 a.m.11 views

dvbbs 8.2 - login.asp Multiple SQL Injections

dvbbs 8.2 - login.asp Multiple SQL Injections source: https://www.securityfocus.com/bid/29429/info The 'dvbbs' program is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting these issues could all...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2008/05/29 12:0 a.m.49 views

dvbbs8.2(access/sql)version login.asp remote sql injection

name: where topsec security research group email: [email protected] Subject: dvbbs8.2access/sqlversion login.asp remote sql injection danger level: critical/High info: dvbbs is prone to multiple sql injection security flaw interrelated code to access versionexp:...

0.9AI score
Exploits0
Exploit DB
Exploit DB
added 2008/05/29 12:0 a.m.21 views

dvbbs 8.2 - 'login.asp' Multiple SQL Injections

source: https://www.securityfocus.com/bid/29429/info The 'dvbbs' program is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting these issues could allow an attacker to compromise the application,...

7.4AI score
Exploits0
NVD
NVD
added 2007/07/15 10:30 p.m.14 views

CVE-2007-3774

Dvbbs 7.1.0 SP1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for Data/Dvbbs7.mdb...

7.8CVSS6.3AI score0.0142EPSS
Exploits0References3
Cvelist
Cvelist
added 2007/07/15 10:0 p.m.21 views

CVE-2007-3774

Dvbbs 7.1.0 SP1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for Data/Dvbbs7.mdb...

6.3AI score0.0142EPSS
Exploits0References3
CVE
CVE
added 2007/07/15 10:0 p.m.59 views

CVE-2007-3774

Affected software: Dvbbs 7.1.0 SP1. Vulnerability: insufficient access control exposes sensitive data under the web root, allowing remote retrieval of the database via a direct request to Data/Dvbbs7.mdb. Exploitation details: attacker can download the database without authentication; impact is p...

7.8CVSS6.3AI score0.0142EPSS
Exploits0References3Affected Software1
securityvulns
securityvulns
added 2007/07/12 12:0 a.m.122 views

Powered By Dvbbs Version 7.1.0 Sp1 By Pass

By : Hasadya Raed Contact : [email protected] Israel -------------------------- Script : Dvbbs Version 7.1.0 Sp1 Dork : "Powered By Dvbbs Version 7.1.0 Sp1" -------------------------- Exploit : http://www.victim.com/Data/Dvbbs7.mdb...

0.6AI score
Exploits0
Packet Storm
Packet Storm
added 2007/07/12 12:0 a.m.26 views

dvbbs-mdb.txt

By : Hasadya Raed Contact : [email protected] Israel -------------------------- Script : Dvbbs Version 7.1.0 Sp1 Dork : "Powered By Dvbbs Version 7.1.0 Sp1" -------------------------- Exploit : http://www.victim.com/Data/Dvbbs7.mdb...

7.4AI score
Exploits0
seebug.org
seebug.org
added 2007/03/26 12:0 a.m.243 views

DVBBS <= 7.1.0 sp1 (BokeManage.asp) Remote SQL Injection

DVBBS是由海口动网先锋网络科技有限公司开发的网络社区软件。因为在论坛附带的博客模块当中存在着远程注入漏洞,导致恶意用户借此入侵网站 因博客模块当中的关键词处没有进行严格的处理导致注入漏洞的产生 DVBBS 7.1.0 SP1 关闭博客功能或安装的补丁 http://www.cnbct.org/BokeManage.rar...

7.1AI score
Exploits0
myhack58
myhack58
added 2006/12/17 12:0 a.m.42 views

Let you become the ASP Trojan master-vulnerability warning-the black bar safety net

Name: how to make a picture of the ASP Trojan can display pictures Built an asp file, the content of!-- of i nclude file="ating.jpg"-- 找 一 个 正常 图片 ating.jpg, insert the word Trojan,such as the ice Fox, with ultraedit to hex compiled, insert a picture, for A Run is successful, but also to...

8.1AI score
Exploits0
seebug.org
seebug.org
added 2006/10/29 12:0 a.m.26 views

动网(DVBBS)多个跨站脚本执行(CSS/XSS)漏洞

DVBBS是一款由WWW.ASPSKY.NET开发和维护的开放源码Asp论坛程序。 DVBBS中存在多个跨站脚本漏洞,攻击者可以利用这个漏洞在用户浏览器中执行任意脚本代码。 起因是没有正确的过滤用户输入。 Dvbbs Dvbbs 7.1 Sp2;Dvbbs Dvbbs 7.1 目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本: http://down.dvbbs.net/SoftView/SoftView2455.html...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2006/10/29 12:0 a.m.25 views

动网(DVBBS)存在泄露绝对路径漏洞

问题出在DvClsMain.asp的44行: CacheName = LcaseReplaceReplaceReplaceServer.MapPath"index.asp","index.asp","",":","","\\\\","" 和46行: Forumsn = ReplaceCacheName,"","" 这里把web绝对路径放进Forumsn,在以cookie的形式返回给客户,导致web绝对路径泄漏。 DVBBS 7.1.0 更新最新补丁。...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2006/10/29 12:0 a.m.59 views

动网(DVBBS)论坛权限提升漏洞

动网是通过GroupID来判断当前用户所在的组的,然后再通过组的信息判断用户的权限。动网将用户的信息先用”|||”三个竖线连起来,做为一个字符串传给iMyUserInfo,然后iMyUserInfo由”|||”分隔成一个字符串数组。用户密码验证正确后就把数组的第20个元素的值:iMyUserInfo19 赋给GroupID,GroupID只是数组对应的第20个元素的值,如果iMyUserInfo19的值为1的话,动网就以为现在登录的用户是前台管理员了。在基本资料修改时,动网只过滤了sql注入用的几个符号,没有过滤掉’|’,所以只要我们构造出正确的字符串,就可以骗过动网,成为管理员组的用户...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2006/10/29 12:0 a.m.49 views

动网(DVBBS)论坛上传文件漏洞

upfile.asp中有这样一句 formPath&yearnow&monthnow&daynow&hournow&minutenow&secondnow&ranNum&"."&fileExt...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2006/10/29 12:0 a.m.25 views

动网论坛DVBBS) logout.asp页面存在注入漏洞

logout.asp: /-------------------------------------------------------------------------- /-------------------------------------------------------------------------- 因程序当中的logout.asp页面对于 activeuser="delete from online where username='"&membername&"'"并没有做好过滤导致了问题的产生, DVBBS 请安装最新动网论坛...

7.1AI score
Exploits0
Rows per page
Query Builder