446 matches found
Machform Form Maker 2 XSS / Shell Upload / SQL Injection
Exploit Title: Machform form maker - Multiple Vulnerabilities Date: 2013 17 June Exploit Author: Yashar shahinzadeh Credit goes for: ha.cker.ir Vendor Homepage: http://www.appnitro.com Tested on: Linux & Windows, PHP 5.2.9 Affected Version : 2 Special thanks to: Mormoroth Dork1: "Powered by...
Machform Form Maker 2 - Multiple Vulnerabilities
Exploit Title: Machform form maker - Multiple Vulnerabilities Date: 2013 17 June Exploit Author: Yashar shahinzadeh Credit goes for: ha.cker.ir Vendor Homepage: http://www.appnitro.com Tested on: Linux & Windows, PHP 5.2.9 Affected Version : 2 Special thanks to: Mormoroth Dork1: "Powered by...
GLPI 0.83.8 - Multiple Vulnerabilities
GLPI v0.83.8 Multiple Error-based SQL Injection Vulnerabilities Vendor: INDEPNET Development Team Product web page: http://www.glpi-project.org Affected version: 0.83.7 and 0.83.8 Summary: GLPI, an initialism for Gestionnaire libre de parc informatique Free Management of Computer Equipment, was...
GLPI 0.83.8 SQL Injection Vulnerability
GLPI version 0.83.8 suffers from multiple error-based SQL injection vulnerabilities. Input passed via the POST parameter 'usersidassign' in '/ajax/ticketassigninformation.php' script, POST parameter 'filename' in '/front/document.form.php' script, and POST parameter 'table' in...
GLPI v0.83.8 Multiple Error-based SQL Injection Vulnerabilities
Summary GLPI, an initialism for Gestionnaire libre de parc informatique Free Management of Computer Equipment, was designed by Indepnet Association a non profit organisation in 2003. GLPI is a free asset and IT management software package, it also offers functionalities like servicedesk ITIL or...
Monkey CMS - Multiple Vulnerabilities
Exploit Title: Monkey CMS - Multiple Vulnerabilities Date: 2013 17 June Exploit Author: Yashar shahinzadeh & Mormoroth Vendor Homepage: http://www.monkeycms.com/ Tested on: Linux & Windows, PHP 5.3.10 Affected Version : All versions Contacts: http://Twitter.com/YShahinzadeh ,...
[DroidSQLi] MySQL Injection tool for Android
DroidSQLi is the first automated MySQL Injection tool for Android. It allows you to test your MySQL-based web application against SQL injection attacks. DroidSQLi supports the following injection techniques: - Time based injection - Blind injection - Error based injection - Normal injection...
PhpYellow Pro Edition XSS/SQL Injection Vulnerabilities
Exploit for php platform in category web applications 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 +...
Drupal 6.x->7.18 getimagesize() <= Multiple Vulnerabilities
This Bug in fonction ' getimagesize ' is Multiple Vulnerabilities in Drupal CMS, When you Upload NULL Image-Size the Script Can't Read the Image Content and show you some errors, The Attacker can use this bug to get some important information like SQL Info's or Disclosure the Full Path of drupal...
MyBB 1.6.9 - editpost.php?posthash Blind SQL Injection
MyBB 1.6.9 - editpost.php?posthash Blind SQL Injection MyBB...
Kordil EDms 2.2.60rc3 - SQL Injection
Kordil EDms 2.2.60rc3 - SQL Injection Exploit Title: Kordil EDMS v2.2.60rc3 SQL Injection Vulnerability Date: 12/05/2012 Exploit Author: Woody Hughes Vendor Homepage: http://sourceforge.net/projects/kordiledms/ Software Link: http://sourceforge.net/projects/kordiledms/files/latest/download Versio...
European Space Agency SQL vulnerability exploited
The European Space Agency ESA is an intergovernmental organisation dedicated to the exploration of space. Hacker going by name "SlixMe" find and exploit SQL Injection vulnerability on a sub domain of website. Hacker upload dump on his website, where he disclose the SQLi vulnerable link and Databa...
SQL Injection framework: Seringa
Seringa – SQL Injection framework Seringa Romanian for seringe is an SQL injection framework featuring high customizability and a user-friendly interface. It is completely open source. Uses the .NET 4.0 framework and Windows Presentation FoundationWPF for the GUI. With regard to design it utilize...
ApPHP MicroCMS SQL Injection Vulnerability
Exploit for php platform in category web applications 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 +...
vBulletin vBay <=1.1.9 Error-Based SQL Injection
Exploit for php platform in category web applications !/usr/bin/env python -W ignore::DeprecationWarning """ VBay input variable "type" being assigned with the datatype NOHTML. Using this data type allows malicious attacks to still be executed. At line 448, it is used within the insert into...
vBulletin vBay 11.9 SQL Injection
!/usr/bin/env python -W ignore::DeprecationWarning """ VBay input variable "type" being assigned with the datatype NOHTML. Using this data type allows malicious attacks to still be executed. At line 448, it is used within the insert into statement, without any sanitization. POC - You will need to...
vBulletin vBay 1.1.9 - Error-Based SQL Injection
vBulletin vBay 1.1.9 - Error-Based SQL Injection !/usr/bin/env python -W ignore::DeprecationWarning """ VBay input variable "type" being assigned with the datatype NOHTML. Using this data type allows malicious attacks to still be executed. At line 448, it is used within the insert into statement,...
Multiple SQL Injection vulnerabilities in ClipBucket
High-Tech Bridge Security Research Lab discovered multiple vulnerabilities in ClipBucket, which can be exploited to perform SQL Injection attacks. 1 Multiple SQL Injections in ClipBucket: CVE-2012-5849 1.1 The vulnerability exists due to improper sanitation of input in multiple parameters within...
webERP 4.08.4 SQL Injection
Exploit Title: webERP =4.08.4 WorkOrderEntry.php SQL Injection Vulnerability Date: 14/09/2012 Exploit Author: modpr0be modpr0beatspentera.com Vendor Homepage: http://www.weberp.org Software Link: http://sourceforge.net/projects/web-erp/files/ Version: 4.08.4 Tested on: Windows 2003 Standard...
Website Created By Triad SQL Injection
| | | | '| | | | ' \ / \ ' \ | | | ' | | | \ / / | | | || | | | / | | | | | | | | | || | = 5.0 AND error-based - WHERE or HAVING clause Payload: id=5' AND SELECT 8596 FROMSELECT COUNT,CONCAT0x3a6974713a,SELECT CASE WHEN 8596=8596 THEN 1 ELSE 0 END,0x3a6a6c763a,FLOORRAND02x FROM...