209 matches found
phpList 2.10.2 - 'GLOBALS[]' Remote Code Execution
!/usr/bin/php -q -d shortopentag=on this works against registerglobals=On \r\n"; echo "a dork: inurl:"lists/?p=subscribe" | inurl:"lists/index.php?p=subscribe"\r\n"; echo " -ubbi phplist\r\n\r\n"; if $argc4 echo "Usage: php ".$argv0." host path cmd OPTIONS\r\n"; echo "host: target server...
phpMyChat 0.15.0dev - SYS enter Remote Code Execution
phpMyChat 0.15.0dev - SYS enter Remote Code Execution !/usr/bin/php -q -d shortopentag=on works with magicquotesgpc=Off\r\n\r\n"; echo "dork: intext:"2000-2001 The phpHeaven Team" -sourceforge\r\n\r\n"; if $argc4 echo "Usage: php ".$argv0." host path cmd OPTIONS\r\n"; echo "host: target server...
CVE-2005-4700
TellMe 1.2 and earlier, when the Server oServer and HEAD oHead options are enabled, allows remote attackers to obtain sensitive information via an invalid qHost parameter, which reveals the full pathname of the application in an fsockopen error message...
PBLang <= 4.65 Remote Command Execution Exploit (2)
No description provided by source. ?php | | | PBLang = 4.65 remote commands exec exploit | | tested on 4.65 | | coded by Pengo 2005 RST/GHC | | http://rst.void.ru | | http://ghc.ru | | | WARNING! This exploit is successfully work when magicquotesrpc off = D:\httpd\phpphp.exe ..\www\r57pblang465.p...
UBB Threads < 6.5.2 Beta (mailthread.php) SQL Injection Exploit
Exploit for unknown platform in category web applications =============================================================== UBB Threads Alphaprogrammer , Oilkarchack , TheCephaleX , Str0ke And Iranian Hacking & Security Teams : IHS TeaM , alphaST , Shabgard Security Team , Emperor Hacking Team ,...
Claroline e-Learning <= 1.6 Remote Hash SQL Injection Exploit
No description provided by source. ?php T r a p - S e t U n d e r g r o u n d H a c k i n g T e a m Vulnerable: Claroline E-Learning Application Exploit By : MHp0rtal Discovered By: Sieg Fried Gr33tz To == Alphaprogrammer , Oilkarchack , DrCephaleX , Str0ke And Iranian Hacking & Security Teams :...
Invision Power Board 1.3.1 - 'login.php' SQL Injection
?php / = 1.3.1 Final /str0ke / $server = "SERVER"; $port = 80; $file = "PATH"; $target = 81; / User id and password used to fake-logon are not important. '10' is a random number. / $id = 10; $pass = ""; $hex = "0123456789abcdef"; for$i = 1; $i = 32; $i++ $idx = 0; $found = false; while !$found...
Fusionphp Fusion News 3.33.6 - X-Forworded-For PHP Script Code Injection
Fusionphp Fusion News 3.33.6 - X-Forworded-For PHP Script Code Injection source: https://www.securityfocus.com/bid/13661/info FusionPHP Fusion News is prone to a remote PHP code injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. Th...
Fusion News v3.6.1 - remote shell exploit
? $copyr = " !!! PRIVATE !!! PRIVATE !!! PRIVATE !!! PRIVATE !!! PRIVATE !!! oooo...oooo.oooooooo8.ooooooooooo .8888o..88.888........88..888..88 .88.888o88..888oooooo.....888 .88...8888.........888....888 o88o....88.o88oooo888....o888o Network security team nst.void.ru Title: Fusion News v3.6.1...