1491 matches found
discforums-sql.txt
Author: !DoktOR! Date found: 30.09.08 Product: Discussion Forums 2k Version: 3.3 URL: http://developer.berlios.de/projects/df2k/ Vulnerability Class: SQL Injection Condition: magicquotesgpc = Off Exploit 1:...
Discussion Forums 2k 3.3 - Multiple SQL Injections
Author: !DoktOR! Date found: 30.09.08 Product: Discussion Forums 2k Version: 3.3 URL: http://developer.berlios.de/projects/df2k/ Vulnerability Class: SQL Injection Condition: magicquotesgpc = Off Exploit 1:...
Discussion Forums 2k 3.3 - Multiple SQL Injections
Discussion Forums 2k 3.3 - Multiple SQL Injections Author: !DoktOR! Date found: 30.09.08 Product: Discussion Forums 2k Version: 3.3 URL: http://developer.berlios.de/projects/df2k/ Vulnerability Class: SQL Injection Condition: magicquotesgpc = Off Exploit 1:...
XSS in bookmarks plugin
The bookmarking code under the url http://localhost:8080/plugins/socialbookmarking/updatebookmark.action is vulnerable to XSS attacks using the spaceKey parameter: submitting the following code will execute javascript: spaceKey=%22%3E%3Cscript%3Ealertdocument.cookie%3C/script%3E%22%3E IMPORTANT:...
XSS in bookmarks plugin
The bookmarking code under the url http://localhost:8080/plugins/socialbookmarking/updatebookmark.action is vulnerable to XSS attacks using the spaceKey parameter: submitting the following code will execute javascript: spaceKey=%22%3E%3Cscript%3Ealertdocument.cookie%3C/script%3E%22%3E IMPORTANT:...
XSS in bookmarks plugin
The bookmarking code under the url http://localhost:8080/plugins/socialbookmarking/updatebookmark.action is vulnerable to XSS attacks using the spaceKey parameter: submitting the following code will execute javascript: spaceKey=%22%3E%3Cscript%3Ealertdocument.cookie%3C/script%3E%22%3E IMPORTANT:...
Stored XSS in wiki macro search
Creating a page/comment etc with the following wiki-markup macro will render javascript on the page for anybody visiting this page search:query=alertdocument.cookie IMPORTANT: please confirm receipt of this notification! Depending on the response, we may report the vulnerability to publicly...
Stored XSS in wiki macro search
Creating a page/comment etc with the following wiki-markup macro will render javascript on the page for anybody visiting this page search:query=alertdocument.cookie IMPORTANT: please confirm receipt of this notification! Depending on the response, we may report the vulnerability to publicly...
Stored XSS in wiki macro search
Creating a page/comment etc with the following wiki-markup macro will render javascript on the page for anybody visiting this page search:query=alertdocument.cookie IMPORTANT: please confirm receipt of this notification! Depending on the response, we may report the vulnerability to publicly...
Privilege escalation: User is able to add a page to his watchlist without having the permission
Szenario: create user1 and user2 user1 has access to space1 user2 has access to space2 user1 can add a page to his watchlist by manipulating using a proxy like webscarab the postrequest to http://localhost:8080/dwr/exec/PageNotification.startWatching.dwr and replacing the id contained in paramete...
Grafitti Forums 1.0 Remote SQL Injection/HTML Injection Vulnerabilities
No description provided by source. + Grafitti Forums v1.0 Remote SQL Injection/HTML Injection + Discovered By SirGod + Greetz : E.M.I.N.E.M,Ras,Puscasmarin,ToxicBlood,HrN,kemrayz,007m,str0ke + Remote SQL Injection Vulnerabilities PoC : http://target/path/topics.php?f=SQL Example :...
graffiti-sql.txt
Grafitti Forums v1.0 Remote SQL Injection/HTML Injection + Discovered By SirGod + Greetz : E.M.I.N.E.M,Ras,Puscasmarin,ToxicBlood,HrN,kemrayz,007m,str0ke + Remote SQL Injection Vulnerabilities PoC : http://target/path/topics.php?f=SQL Example : http://127.0.0.1/topics.php?f=-1 union all select...
Unfixed XSS vulnerability at forums.zuggsoft.com
Security researcher loxaXcracker, has submitted on 17/08/2008 a cross-site-scripting XSS vulnerability affecting forums.zuggsoft.com, which at the time of submission ranked 210853 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 03/10/2008. It i...
quicksilver-sql.txt
?php / . vuln.: Quicksilver Forums 1.4.1 forums Remote SQL Injection Exploit . download: http://www.quicksilverforums.com/ . . author: irk4zatyahoo.pl . homepage: http://irk4z.wordpress.com/ . . greets: all friends ; . . this is PoC exploit / $host = $argv1; $path = $argv2; $prefix = "qsf"; // th...
Sql injection
SQL injection vulnerability in index.php in Quicksilver Forums 1.4.1 allows remote attackers to execute arbitrary SQL commands via the forums array parameter in a search action...
CVE-2008-3601
SQL injection vulnerability in index.php in Quicksilver Forums 1.4.1 allows remote attackers to execute arbitrary SQL commands via the forums array parameter in a search action...
CVE-2008-3601
SQL injection vulnerability in index.php in Quicksilver Forums 1.4.1 allows remote attackers to execute arbitrary SQL commands via the forums array parameter in a search action...
CVE-2008-3601
The CVE-2008-3601 entry documents a SQL injection vulnerability in Quicksilver Forums 1.4.1. The flaw is triggered in index.php during a search action, where the forums array parameter is used in an SQL query, allowing remote attackers to execute arbitrary SQL commands. Impact and affected compon...
Quicksilver Forums 1.4.1 forums[] Remote SQL Injection Exploit
No description provided by source. ?php / . vuln.: Quicksilver Forums 1.4.1 forums Remote SQL Injection Exploit . download: http://www.quicksilverforums.com/ . . author: irk4zatyahoo.pl . homepage: http://irk4z.wordpress.com/ . . greets: all friends ; . . this is PoC exploit / $host = $argv1; $pa...
Quicksilver Forums 1.4.1 - SQL Injection
?php / . vuln.: Quicksilver Forums 1.4.1 forums Remote SQL Injection Exploit . download: http://www.quicksilverforums.com/ . . author: irk4zatyahoo.pl . homepage: http://irk4z.wordpress.com/ . . greets: all friends ; . . this is PoC exploit / $host = $argv1; $path = $argv2; $prefix = "qsf"; // th...