Kadimus - LFI Scan & Exploit Tool

Kadimus is a tool to check sites to lfi vulnerability , and also exploit it Features: Check all url parameters /var/log/auth.log RCE /proc/self/environ RCE php://input RCE data://text RCE Source code disclosure Multi thread scanner Command shell interface through HTTP Request Proxy support...

Password retrieve logic vulnerability summary-vulnerability warning-the black bar safety net

0x00 background description Please note these two articles: Password retrieve function there may be a problem Password retrieve function there may be issues supplemented From the above two documents the past six months, recently finishing a password to get back to the mind map, open the collectio...

Preventing Silent Data Exits a Workable Problem for Businesses

CANCUN–Businesses, especially those in the financial sector, should operate under the assumption that data exfiltration either is or will soon happen in their organization. A lot like car insurance, end users should hope for the best and prepare for the worst, according to Wells Fargo’s Steve...

WordPress Vulnerability Scanner: vane

Vane is a GPL fork of the now non-free popular wordpress vulnerability scanner WPScan. Install Vane Prerequisites Windows not supported Ruby = 1.9 RubyGems Git Debian/Ubuntu sudo apt-get install libcurl4-gnutls-dev libopenssl-ruby libxml2 libxml2-dev libxslt1-dev ruby-dev git clone...

齐博地方门户系统sql注入

简要描述： 变量未初始化导致注入 详细说明： 齐博地方门户系统 齐博的全局过滤系统中由于存在如下代码，导致传入的参数可以成为全局变量 foreach$COOKIE AS $key=$value unset$$key; foreach$POST AS $key=$value !ereg"^\A-Z+",$key && $$key=$POST$key; foreach$GET AS $key=$value !ereg"^\A-Z+",$key && $$key=$GET$key; 所以系统中如果存在未初始化的变量，容易导致注入 2shou/post.php中 180行...

CMS Papoo 6.0.0 Rev. 4701 - Persistent Cross-Site Scripting

Advisory: Persistent XSS Vulnerability in CMS Papoo Light v6 Advisory ID: SROEADV-2014-01 Author: Steffen Rösemann Affected Software: CMS Papoo Version 6.0.0 Rev. 4701 Vendor URL: http://www.papoo.de/ Vendor Status: fixed CVE-ID: - ========================== Vulnerability Description:...

Multiple vulnerabilities in MantisBT

High-Tech Bridge Security Research Lab has discovered multiple vulnerabilities in MantisBT, which can be exploited to perform Cross-Site Scripting XSS and SQL injection attacks. Improper access control vulnerability discloses database's credentials login and password in plaintext. 1 Cross-Site...

clickjacking vulnerability of the mining and use-vulnerability and early warning-the black bar safety net

0x00 introduction 1 talking about clickjacking, a lot of people actually don't know what is. Compared toXSS, clickjacking becomes more mysterious, the clouds vulnerability database inside the related vulnerability is also less than 1 0 bar. 2 sleepy Dragon before hair through a clickjacking of...

Threat Outbreak Alert RuleID8337KVR: Email Messages Distributing Malicious Software on October 1, 2014

Medium Alert ID: 35903 First Published: 2014 October 2 16:11 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages distributing malicious software. Email messages that are related to this threat RuleID8337KVR may contain the following files: Name |...

Smartcard Undocumented Commands: THC-SmartBrute

This tools finds undocumented and secret commands implemented in a smartcard. An instruction is divided into Class CLA, Instruction-Number INS and the parameters or arguments P1, P2, P3. … iterates through all the possible values of CLA and INS to find a valid combination. Furthermore it tries to...

Olat Stored Cross Site Scripting

Affected software: //demo.olat.org/ Discovered by: Provensec Website: http://www.provensec.com Type of vulnerability: Stored XSS Author: Ankit Bharathan ,Provensec labs Description: Goto personal folder open any folder and create a new document xss.tct and then edit it fill field with " Then open...

Sun Management Center 3.0/3.5 Error Message Information Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/8873/info A problem in the handling of error messages has been identified in Sun Management Center. Because of this, an attacker may be able to gain sensitive information about vulnerable hosts...

MiNBank 1.5.0 - Multiple Remote File Inclusion Vulnerability

No description provided by source. Author : By DaRkLiFe Greetz : str0ke & S.VV.A.T. Script : Micronation Banking Systemminba 1.5.0 Remote File Inclusion Vulnerabilitys Download: http://downloads.sourceforge.net/minbank/minbav0150.zip?modtime=1169500084&bigmirror=0 Exploit :...

pChart 2.1.3 - Multiple Vulnerabilities

No description provided by source. Exploit Title: pChart 2.1.3 Directory Traversal and Reflected XSS Date: 2014-01-24 Exploit Author: Balazs Makany Vendor Homepage: www.pchart.net Software Link: www.pchart.net/download Google Dork: intitle:pChart 2.x - examples intext:2.1.3 Version: 2.1.3 Tested...

Blue Dove SQL Injection Vulnerability

No description provided by source. .:. Author : HackXBack [email protected] .:. Team : Sec Attack Team .:. Home : www.sec-attack.com/vb .:. Script : Blue Dove Word Press Development .:. Bug Type : Sql Injection .:. Dork : powered by Blue Dove Web Design === Exploit ===...

Uiga Personal Portal index.php (view) SQL Injection

No description provided by source. Exploit Title: Uiga Personal Portal index.php view SQL Injection Vulnerability Date: 27-4-2010 Author: 41.w4r10r Software Link : http://www.scriptdevelopers.net/download/uigapersonalportal.zip Version: Web Application Tested on: Apcahe/Unix CVE : if exists Dork ...

Caravel CMS 3.0 Beta 1 Multiple Cross-Site Scripting Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/15939/info Caravel CMS is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage these issues to hav...

pChart 2.1.3 Cross Site Scripting / Directory Traversal

Exploit Title: pChart 2.1.3 Directory Traversal and Reflected XSS Date: 2014-01-24 Exploit Author: Balazs Makany Vendor Homepage: www.pchart.net Software Link: www.pchart.net/download Google Dork: intitle:"pChart 2.x - examples" intext:"2.1.3" Version: 2.1.3 Tested on: N/A Web Application. Tested...

PHP vulnerability discovery ideas+examples-vulnerability warning-the black bar safety net

Recent research PHP-vulnerability of the excavation, summed up some of my digging into the vulnerability, finishing some thoughts, seeking the path of the God-man complement, criticism, guidance This article all of the examples are from me the clouds on has been by the manufacturer to allow...

Mandriva Linux Security Advisory : curl (MDVSA-2013:276)

Updated curl packages fix security vulnerability : Scott Cantor discovered that curl, a file retrieval tool, would disable the CURLOPTSSLVERIFYHOST check when the CURLOPTSSLVERIFYPEER setting was disabled. This would also disable ssl certificate host name checks when it should have only disabled...