1634 matches found
Wordpress Plugin Download (dl_id) SQL Injection Vulnerability
No description provided by source. Wordpress Plugin Download file Remote SQL Injection Vulnerability Author: BL4CK Mail: [email protected] Dork: inurl:"wp-download.php?dlid=" Example: http://localhost/path/path/path/wp-download.php?dlid=SQL SQL:...
digidomain-xss.txt
Hello i'm re-posting this message from the actual message which was on Tue-29 May 2007 becuase my old message got live example , anyway : Vulnerable : DigiDomain Version: 2.2 web : http://www.digiappz.com XSS : 1- http://site.com/lookup/lookupresult.asp?domain=XSS&tld=.com 2-...
easyclanpage-sql.txt
.-=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=-. Easy-Clanpage v2.2 gallery Remote SQL Injection Vulnerability .-=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=-. + Author: n3w7u + Mail: [email protected] + Source:...
PHP-Nuke Yellow_Pages Module - 'cid' SQL Injection
source: https://www.securityfocus.com/bid/28109/info The YellowPages module for PHP-Nuke is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the...
eazyportal-sql.txt
!/usr/bin/perl Vendor url: http://www.eazyportal.com/ by Iron - http://www.randombase.com exploit goes through $COOKIE use LWP::UserAgent; use MIME::Base64; print " EazyPortal ; if$target ! /^http:/// $target = "http://".$target; if$target ! //$/ $target .= "/"; print "User id to retrieve...
SLAED CMS 'index.php'本地文件包含漏洞
BUGTRAQ ID: 27426 CNCAN ID:CNCAN-2008012406 SLAED CMS是一款基于PHP的WEB应用程序。 SLAED CMS不正确过滤用户提交的URI数据,远程攻击者可以利用漏洞以WEB权限查看系统文件内容。 问题是由于'index.php'脚本对用户提交的'newlang'参数处理缺少充分过滤,提交本地系统文件作为包含对象,可导致以WEB权限查看系统文件内容。 SLAED CMS 2.5 Lite 厂商解决方案 目前没有详细解决方案提供: http://www.slaed.net/...
zerocms-sql.txt
| | | / | |\ \ / | / |/ | | | | |/ \ | | | |||| | | /| / / | | Zero CMS Remote Arbitrary File Upload / SQL Injections | | Version: = 1.0 Alpha Last | | Vendor: www.zero-cms.com | | Discovered by: KiNgOfThEwOrLd | | Intro: | | | | An attacker can bypass the avatar upload extension filter editing...
ZeroCMS 1.0 Alpha - Arbitrary File Upload SQL Injection
ZeroCMS 1.0 Alpha - Arbitrary File Upload SQL Injection | | | / | |\ \ / | / |/ | | | | |/ \ | | | |||| | | /| / / | | Zero CMS Remote Arbitrary File Upload / SQL Injections | | Version: = 1.0 Alpha Last | | Vendor: www.zero-cms.com | | Discovered by: KiNgOfThEwOrLd | | Intro: | | | | An...
WebSihirbazi 5.1.1 (pageid) Remote SQL Injection Vulnerability
No description provided by source. ||---------------------------------------------------------------------- | Title : websihirbazi v5.1.1 Remote Blind SQL Injection Vulnerability| ||---------------------------------------------------------------------- | AUTHOR: bypas |...
Simple HTTPD <= 1.41 (/aux) Remote Denial of Service Exploit
Exploit for unknown platform in category dos / poc ============================================================ Simple HTTPD = 1.41 /aux Remote Denial of Service Exploit ============================================================ usage: poc.py host port import socket import sys print...
patbb-rfi.txt
Link to download: http://www.php-tools.net/site.php?file=patBBCode/overview.xml Vuln file: examples\patExampleGen\bbcodeSource.php Vuln code: if !isset $GET'example' die 'No example selected.' ; $exampleId = $GET'example'; obstart; // make the example think it's still in the right place chdir '.....
patBBcode 1.0 - 'bbcodeSource.php' Remote File Inclusion
Link to download: http://www.php-tools.net/site.php?file=patBBCode/overview.xml Vuln file: examples\patExampleGen\bbcodeSource.php Vuln code: if !isset $GET'example' die 'No example selected.' ; $exampleId = $GET'example'; obstart; // make the example think it's still in the right place chdir '.....
Phpbasic basicFramework Includes.PHP远程文件包含漏洞
Phpbasic basicFramework是一款基于PHP的WEB应用程序。 Phpbasic basicFramework不正确过滤用户提交的URI数据,远程攻击者可以利用漏洞以WEB权限执行任意PHP代码。 问题是由于'includes.php'脚本对用户提交的'root'参数缺少过滤,指定远程服务器上的任意文件作为包含参数,可导致以WEB权限执行任意PHP代码。 phpbasic.com basicFramework 1.0 目前没有详细解决方案提供: http://fw.phpbasic.com/?basic=topic&id=1...
Litespeed Web Server 3.2.3 - Source Code Disclosure
| | |--.-----.| .-----.' |.---.-.----.-----.--| | | | | | -|| -- | -| || | | -| | || |||||/||| |.|||| TheDefaced.org TheDefaced Security Team Presents An 0-day. LiteSpeed Remote Mime Type Injection Discovered by:Tr3mbl3r Shouts to his kitty kats and tacos. Product: LiteSpeed/Discovered in ==3.2.3...
tikiwiki-inject.txt
TikiWiki 1.9.8 Remote PHP Injection Vulnerability Example: http://www.example.com/tikiwiki/tiki-graphformula.php?w=1&h=1&s=1&min=1&max=2&f=x.tan.phpinfo&t=png&title=...
drupal-hash.txt
Drupal = 5.2 PHP Zend Hash Vulnerability Exploitation Vector Example: http://www.example.com/drupal/?menucallbacks1callback=drupaleval&menuitemstype=-1&-312030023=1&q=1/?phpinfo;...
Drupal <= 5.2 PHP Zend Hash Vulnerability Exploitation Vector
No description provided by source. Drupal = 5.2 PHP Zend Hash Vulnerability Exploitation Vector Example: http://www.example.com/drupal/?menucallbacks1callback=drupaleval&menuitemstype=-1&-312030023=1&q=1/?phpinfo;...
Picturesolution 2.1 - config.php?path Remote File Inclusion
Picturesolution 2.1 - config.php?path Remote File Inclusion Picturesolution = v2.1 config.php path Remote File Inclusion Vulnerabilities Found By : Mogatil , http://www.hackteach.org/cc/ Posted By : Cold z3ro , http://www.hackteach.org/cc/ Exploit :...
drbguestbook-xss.txt
Oo Title: DRBGuestbook Remote XSS Vulnerability Download: http://www.hotscripts.com/jump.php?listingid=67702&jumptype=1 Author: Gokhan Contact: [email protected] | KAF KAF KAF SIN SIN SIN KAFSIN KAFSIN KAF Vuln Code: index.php XSS: http://site/guestbook/index.php?action=alert"XSS"; Tum islam...
segue-rfi.txt
?????????? ??????????????? ??????????????????? ??????????????????????? ?????????????????????????? ?????????????????????????????? ????????????????????????????????? ??????????????????????????????????? ????????????????????????????????????? ???????????????????????????????????????...