Allomani Audio and Video Library 2.7.0 - Cross-Site Request Forgery (Add Admin)

Audio & Video Library 2.7.0 XSRF Vulnerability Add Admin ==================================================================== .:. Author : AtT4CKxT3rR0r1ST [email protected] .:. Script : http://allomani.com/en/audioandvideoscript.html === Exploit ===...

Allomani News 1.0 - Cross-Site Request Forgery (Add Admin)

News 1.0 XSRF Vulnerability Add Admin ==================================================================== .:. Author : AtT4CKxT3rR0r1ST [email protected] .:. Script : http://allomani.com/en/newsscript.html === Exploit ===...

Cross-site Request Forgery (CSRF) in Plogger

High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in Plogger which could be exploited to perform cross-site request forgery attacks. 1 Cross-site request forgery CSRF vulnerability in Plogger The vulnerability exists due to insufficient validation of the request...

Tugux CMS (nid) BLIND sql injection vulnerability

=================================================================== Tugux CMS nid BLIND sql injection vulnerability =================================================================== Software: Tugux CMS Vendor: www.tugux.com Vuln Type: BLind SQL Injection Download link:...

EAFlashUpload 2.5 - Arbitrary File Upload

Exploit Title: EAFlashUpload v 2.5 File Arbitrary Upload Date: 21/03/2011 Author: Daniel Godoy Author Mail: DanielGodoyatGobiernoFederaldotcom Author Web: www.delincuentedigital.com.ar Software: EAFlashUpload v 2.5 Software Link: http://www.easyalgo.com/downloads.aspxEAFlashUpload Demo:...

Multiple Vulnerabilities in Collabtive

High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in Collabtive which could be exploited to perform cross-site scripting and cross-site request forgery attacks and gain access to sensitive information. 1 Cross-site scripting XSS vulnerability in Collabtive 1.1 The...

BMForum Myna 6.0 SQL Injection Vulnerability

Exploit for php platform in category web applications Author: Stephan Sattler Software Website: http://www.bmforum.com/ Software Link: http://www.bmforum.com/down/ Required: magic quotes = Off Vulnerability /add-on/jsviewnew.php line 20++: $length = $GET'length'; $forumid = $GET'forumid'; $num =...

MySms 1.0 - Multiple Vulnerabilities

MySms v1.0 Multiple Vulnerabilities ==================================================================== .:. Author : AtT4CKxT3rR0r1ST [email protected] === Exploit === 1Auth Bypass =============== www.site.com/MySms/admin/index.php Username: 'or'a'='a Password: 'or'a'='a 2CSRF ======= Add Admin...

Cross-site Scripting (XSS) Vulnerability in Question and Answer Forum

High-Tech Bridge SA Security Research Lab has discovered vulnerability in Question and Answer Forum WordPress plugin which could be exploited to perform cross-site scripting attacks. 1 Cross-site scripting XSS vulnerability in Question and Answer Forum The vulnerability exists due to input...

SQL Injection Vulnerabilities in WP Forum Server

High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in WP Forum Server WordPress plugin which could be exploited to perform SQL injection attacks. 1 SQL injection vulnerabilities in WP Forum Server 1.1 The vulnerability exists due to input sanitation errors in the...

Multiple Vulnerabilities in IWantOneButton WordPress Plugin

High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in IWantOneButton WordPress Plugin which could be exploited to perform cross-site scripting and SQL injection attacks. 1 Cross-site scripting XSS vulnerability in IWantOneButton WordPress Plugin The vulnerability...

PHP Link Directory Software - 'sbcat_id' SQL Injection

== |Author: BorN To K!LL - h4ck3r |Contact: [email protected] == |Script: PHP link Directory software |Version: n/a |Link: http://www.softbizsolutions.com/php-link-directory-software.php == |3xploit: path/showcats.php?sbcatid=SQL-Injection |3xample:...

PHP Link Directory 4.1.0 - Cross-Site Request Forgery (Add Admin)

PHP Link Directory 4.1.0 - Cross-Site Request Forgery Add Admin PHP Link Directory v4.1.0 CSRF Vulnerability Add Admin ==================================================================== .:. Author : AtT4CKxT3rR0r1ST [email protected] .:. Script : http://www.phplinkdirectory.com/ .:. Dork : "Powered b...

dns-update NSE Script

Attempts to perform a dynamic DNS update without authentication. Either the test or both the hostname and ip script arguments are required. Note that the test function will probably fail due to using a static zone name that is not the zone configured on your target. Script Arguments dns-update.te...

Cross-site Request Forgery (CSRF) in KaiBB

High-Tech Bridge SA Security Research Lab has discovered vulnerability in KaiBB which could be exploited to perform cross-site request forgery attacks. 1 Cross-site request forgery CSRF in KaiBB The vulnerability exists due to insufficient validation of the request origin in admin/core/account.ph...

Concrete CMS 5.4.1.1 - Cross-Site Scripting / Remote Code Execution

!/usr/bin/python Concrete CMS v5.4.1.1 xss/remote code execution exploit Download: http://www.concrete5.org/ Special Zeitgeist pre release - "Moving Forward" - 15th Jan 2011 "They must find it difficult, those who take authority as the truth instead of truth as the authority"...

Cross-site Request Forgery (CSRF) in Cambio

High-Tech Bridge SA Security Research Lab has discovered vulnerability in Cambio which could be exploited to perform cross-site request forgery attacks. 1 Cross-site request forgery CSRF in Cambio The vulnerability exists due to insufficient validation of the request origin in...

Built2Go PHP Shopping - SQL Injection

Script Name: Built2Go PHP Shopping version = 1.7 Site: http://built2go.com/ Script Demo: http://demos.built2go.com/shopping/1/ Found: Br0ly Google Dork: "Powered by Built2Go PHP Shopping" p0c: http://server.com/product.php?cat=16'%20UNION%20ALL%20SELECT%201,@@version,3/ xPloit:...

Multiple Vulnerabilities in BEdita

High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in BEdita which could be exploited to perform cross-site scripting and cross-site request forgery attacks. 1 Cross-site scripting XSS vulnerability in BEdita The vulnerability exists due to input sanitation error in...

Multiple Vulnerabilities in BLOG:CMS

High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in BLOG:CMS which could be exploited to perform cross-site scripting, script insertion and cross-site request forgery attacks. 1 Cross-site scripting XSS vulnerabilities in BLOG:CMS: CVE-2010-4749 1.1 The...