Zeta Components Mail 1.8.1 - Remote Code Execution

Zeta Components Mail 1.8.1 - Remote Code Execution Vendor: Zeta Components module: Mail, returnPath-email”; If attacker assign email address like: '[email protected] -X/var/www/html/cache/exploit.php' and inject payload in mail body, sendmail will transfer log-X into...

Contrexx ShopSystem 2.2 SP3 - Blind SQL Injection

Exploit title: Contrexx Shopsystem Blind SQL Injection Exploit Exploit PoC: index.php?section=shop&productId=VALID productid and YOUR BLIND SQL CODE Exploit tested on: Debian 6, Ubuntu Linux 11.04 Exploit found and written by: Penguin Version: = [email protected] !/usr/bin/php...

webSPELL 4.01 - 'title_op' SQL Injection

x128.net oo website : www.x128.net"; function xssexploit $xsstarget = $SERVER'argv'1 . "/index.php"; $xsshttpge...