1491 matches found
Joomla! Component Kunena Forums (com_kunena) - Blind SQL Injection
Joomla! Component Kunena Forums comkunena - Blind SQL Injection 1 $url = $argv1; $r = strlenfilegetcontents$url."+and+1=1--"; echo "\nExploiting:\n"; $w = strlenfilegetcontents$url."+and+1=0--"; $t = abs100-$w/$r100; echo "Username: "; for $i=1; $i $t-1 $count = $i; $i = 30; for $j = 1; $j $t-1...
Joomla Kunena Forums SQL Injection
1 $url = $argv1; $r = strlenfilegetcontents$url."+and+1=1--"; echo "\nExploiting:\n"; $w = strlenfilegetcontents$url."+and+1=0--"; $t = abs100-$w/$r100; echo "Username: "; for $i=1; $i $t-1 $count = $i; $i = 30; for $j = 1; $j $t-1 $laenge =...
Joomla! Component Kunena Forums (com_kunena) - Blind SQL Injection
1 $url = $argv1; $r = strlenfilegetcontents$url."+and+1=1--"; echo "\nExploiting:\n"; $w = strlenfilegetcontents$url."+and+1=0--"; $t = abs100-$w/$r100; echo "Username: "; for $i=1; $i $t-1 $count = $i; $i = 30; for $j = 1; $j $t-1 $laenge =...
Snitz Forums 2000 <= 3.4.07 register.asp 'Email' Parameter SQL Injection
The remote version of Snitz Forums 2000 is vulnerable to a SQL injection attack. The domain name of the email address passed to the 'Email' parameter of 'register.asp' is not sanitized before being used in a SQL query. A remote attacker could exploit this to execute arbitrary SQL queries. Note th...
Snitz Forums 2000 Detection
Snitz Forums 2000, a free discussion forum application written in ASP, was detected on the remote host. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid40469; scriptversion"1.17"; scriptsetattributeattribute:"pluginmodificationdate", value:"2022/10/12";...
Snitz Forums 2000 'register.asp' SQL注入漏洞
Bugraq ID: 35764 Snitz Forums 2000是一款基于ASP的论坛程序。 Snitz Forums 2000不正确处理用户输入,远程攻击者可以利用漏洞获得敏感信息或对数据库进行操作。 register.asp脚本对"Email"参数缺少过滤,提交恶意SQL查询作为参数数据,可更改原来的SQL逻辑,获得敏感信息或对数据库进行操作。 Snitz Forums 2000 Snitz Forums 2000 3.4.7 目前没有解决方案提供: http://forum.snitz.com/...
CVE-2008-6872
ASPThai.NET ASPThai Forums 8.5 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for database/aspthaiForum.mdb...
Improper access control
ASPThai.NET ASPThai Forums 8.5 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for database/aspthaiForum.mdb...
CVE-2008-6872
ASPThai.NET ASPThai Forums 8.5 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for database/aspthaiForum.mdb...
CVE-2008-6872
Affected software: ASPThai.NET ASPThai Forums 8.5. The vulnerability is improper access control that lets an attacker access the webroot-stored database file database/aspthaiForum.mdb via a direct request, exposing sensitive data. This is the underlying cause: insecure storage and access control ...
Snitz Forums 2000 'register.asp' SQL Injection Vulnerability
Snitz Forums 2000 is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the...
Snitz Forums 2000 Detection
This host is running Snitz Forums 2000, an freeware interactive discussion environment. OpenVAS Vulnerability Test $Id: snitzforums2000detect.nasl 5744 2017-03-28 07:25:23Z cfi $ Snitz Forums 2000 Detection Authors: Michael Meyer Copyright: Copyright c 2009 Greenbone Networks GmbH This program is...
Snitz Forums 2000 'register.asp' SQL Injection Vulnerability
Snitz Forums 2000 is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the...
Snitz Forums 2000 Detection
This host is running Snitz Forums 2000, a freeware interactive discussion environment. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...
Grestul SQL Injection
Grestul Sql Injection By Cookie bypass Autore: x0r Email: [email protected] Site: http://w00tz0ne.org Let's Go! \admin\login.php : $username = SafeAddSlashes$POST'username'; $passcode = SafeAddSlashesmd5$POST'passcode'; $time = time; $check = SafeAddSlashes$POST'setcookie'; $query = "SELECT...
Grestul 1.x - Cookie Authentication Bypass
Grestul 1.x - Cookie Authentication Bypass Grestul Sql Injection By Cookie bypass Autore: x0r Email: [email protected] Site: http://w00tz0ne.org Let's Go! \admin\login.php : $username = SafeAddSlashes$POST'username'; $passcode = SafeAddSlashesmd5$POST'passcode'; $time = time; $check =...
Sql injection
Multiple SQL injection vulnerabilities in Discussion Forums 2k 3.3, when magicquotesgpc is disabled, allow remote attackers to execute arbitrary SQL commands via the 1 CatID parameter to a RSS1.php and b RSS2.php in misc/; and the 2 SubID parameter to c misc/RSS5.php...
CVE-2008-6100
Multiple SQL injection vulnerabilities in Discussion Forums 2k 3.3, when magicquotesgpc is disabled, allow remote attackers to execute arbitrary SQL commands via the 1 CatID parameter to a RSS1.php and b RSS2.php in misc/; and the 2 SubID parameter to c misc/RSS5.php...
CVE-2008-6100
Multiple SQL injection vulnerabilities in Discussion Forums 2k 3.3, when magicquotesgpc is disabled, allow remote attackers to execute arbitrary SQL commands via the 1 CatID parameter to a RSS1.php and b RSS2.php in misc/; and the 2 SubID parameter to c misc/RSS5.php...
CVE-2008-6100
CVE-2008-6100 documents multiple SQL injection vulnerabilities in the older system Discussion Forums 2k 3.3 when magic_quotes_gpc is disabled. The faults allow remote attackers to craft input via (1) CatID parameters to RSS1.php and RSS2.php (in misc/) and (2) SubID to RSS5.php (in misc/) to exec...