geccBBlite 2.0 - 'id' SQL Injection

!/usr/bin/perl Coded by Piker pikerdotther00tatgmaildotcom D.O.M Team piker,ka0x,an0de,xarnuz 2008 Security Researchers geccBBlite Forums SQL Injection Exploit This exploit tries to read an arbitrary file. piker@domlabs:/advisories$ perl geccBB.pl http://localhost/geccBB /etc/passwd + Prefix:...

geccBBlite 2.0 - id SQL Injection

geccBBlite 2.0 - id SQL Injection !/usr/bin/perl Coded by Piker pikerdotther00tatgmaildotcom D.O.M Team piker,ka0x,an0de,xarnuz 2008 Security Researchers geccBBlite Forums SQL Injection Exploit This exploit tries to read an arbitrary file. piker@domlabs:/advisories$ perl geccBB.pl...

Discussion Forums 2k v3.3 Multiple SQL Injection Vulnerabilities

Exploit for unknown platform in category web applications ================================================================ Discussion Forums 2k v3.3 Multiple SQL Injection Vulnerabilities ================================================================...

discforums-sql.txt

Author: !DoktOR! Date found: 30.09.08 Product: Discussion Forums 2k Version: 3.3 URL: http://developer.berlios.de/projects/df2k/ Vulnerability Class: SQL Injection Condition: magicquotesgpc = Off Exploit 1:...

Discussion Forums 2k 3.3 - Multiple SQL Injections

Author: !DoktOR! Date found: 30.09.08 Product: Discussion Forums 2k Version: 3.3 URL: http://developer.berlios.de/projects/df2k/ Vulnerability Class: SQL Injection Condition: magicquotesgpc = Off Exploit 1:...

Discussion Forums 2k 3.3 - Multiple SQL Injections

Discussion Forums 2k 3.3 - Multiple SQL Injections Author: !DoktOR! Date found: 30.09.08 Product: Discussion Forums 2k Version: 3.3 URL: http://developer.berlios.de/projects/df2k/ Vulnerability Class: SQL Injection Condition: magicquotesgpc = Off Exploit 1:...

XSS in bookmarks plugin

The bookmarking code under the url http://localhost:8080/plugins/socialbookmarking/updatebookmark.action is vulnerable to XSS attacks using the spaceKey parameter: submitting the following code will execute javascript: spaceKey=%22%3E%3Cscript%3Ealertdocument.cookie%3C/script%3E%22%3E IMPORTANT:...

XSS in bookmarks plugin

The bookmarking code under the url http://localhost:8080/plugins/socialbookmarking/updatebookmark.action is vulnerable to XSS attacks using the spaceKey parameter: submitting the following code will execute javascript: spaceKey=%22%3E%3Cscript%3Ealertdocument.cookie%3C/script%3E%22%3E IMPORTANT:...

XSS in bookmarks plugin

The bookmarking code under the url http://localhost:8080/plugins/socialbookmarking/updatebookmark.action is vulnerable to XSS attacks using the spaceKey parameter: submitting the following code will execute javascript: spaceKey=%22%3E%3Cscript%3Ealertdocument.cookie%3C/script%3E%22%3E IMPORTANT:...

Stored XSS in wiki macro search

Creating a page/comment etc with the following wiki-markup macro will render javascript on the page for anybody visiting this page search:query=alertdocument.cookie IMPORTANT: please confirm receipt of this notification! Depending on the response, we may report the vulnerability to publicly...

Stored XSS in wiki macro search

Creating a page/comment etc with the following wiki-markup macro will render javascript on the page for anybody visiting this page search:query=alertdocument.cookie IMPORTANT: please confirm receipt of this notification! Depending on the response, we may report the vulnerability to publicly...

Stored XSS in wiki macro search

Creating a page/comment etc with the following wiki-markup macro will render javascript on the page for anybody visiting this page search:query=alertdocument.cookie IMPORTANT: please confirm receipt of this notification! Depending on the response, we may report the vulnerability to publicly...

Privilege escalation: User is able to add a page to his watchlist without having the permission

Szenario: create user1 and user2 user1 has access to space1 user2 has access to space2 user1 can add a page to his watchlist by manipulating using a proxy like webscarab the postrequest to http://localhost:8080/dwr/exec/PageNotification.startWatching.dwr and replacing the id contained in paramete...

Grafitti Forums 1.0 Remote SQL Injection/HTML Injection Vulnerabilities

No description provided by source. + Grafitti Forums v1.0 Remote SQL Injection/HTML Injection + Discovered By SirGod + Greetz : E.M.I.N.E.M,Ras,Puscasmarin,ToxicBlood,HrN,kemrayz,007m,str0ke + Remote SQL Injection Vulnerabilities PoC : http://target/path/topics.php?f=SQL Example :...

graffiti-sql.txt

Grafitti Forums v1.0 Remote SQL Injection/HTML Injection + Discovered By SirGod + Greetz : E.M.I.N.E.M,Ras,Puscasmarin,ToxicBlood,HrN,kemrayz,007m,str0ke + Remote SQL Injection Vulnerabilities PoC : http://target/path/topics.php?f=SQL Example : http://127.0.0.1/topics.php?f=-1 union all select...

Unfixed XSS vulnerability at forums.zuggsoft.com

Security researcher loxaXcracker, has submitted on 17/08/2008 a cross-site-scripting XSS vulnerability affecting forums.zuggsoft.com, which at the time of submission ranked 210853 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 03/10/2008. It i...

quicksilver-sql.txt

?php / . vuln.: Quicksilver Forums 1.4.1 forums Remote SQL Injection Exploit . download: http://www.quicksilverforums.com/ . . author: irk4zatyahoo.pl . homepage: http://irk4z.wordpress.com/ . . greets: all friends ; . . this is PoC exploit / $host = $argv1; $path = $argv2; $prefix = "qsf"; // th...

Sql injection

SQL injection vulnerability in index.php in Quicksilver Forums 1.4.1 allows remote attackers to execute arbitrary SQL commands via the forums array parameter in a search action...

CVE-2008-3601

SQL injection vulnerability in index.php in Quicksilver Forums 1.4.1 allows remote attackers to execute arbitrary SQL commands via the forums array parameter in a search action...

CVE-2008-3601

SQL injection vulnerability in index.php in Quicksilver Forums 1.4.1 allows remote attackers to execute arbitrary SQL commands via the forums array parameter in a search action...