unclassified NewsBoard 1.6.4 - Multiple Vulnerabilities

unclassified NewsBoard 1.6.4 - Multiple Vulnerabilities Author girex Homepage girex.altervista.org Date 31/05/2009 CMS Unclassified NewsBoard 1.6.4 and maybe lower Dork "This board is powered by the Unclassified NewsBoard software, 1.6.4" Multiple remote vulnerabilities 1 Remote SQL Injection...

Dokuwiki 2009-02-14 - TemporaryRemote File Inclusion

Dokuwiki 2009-02-14 - TemporaryRemote File Inclusion Dokuwiki 2009-02-14 Remote/Temporary File Inclusion exploit tested and working I was reading: http://www.milw0rm.com/exploits/8781 by girex quote It's not a RFI couse use of fileexists function. /quote How wrong brother! trick 1 ftp:// wrapper...

Dokuwiki 2009-02-14 - Temporary/Remote File Inclusion

Dokuwiki 2009-02-14 Remote/Temporary File Inclusion exploit tested and working I was reading: http://www.milw0rm.com/exploits/8781 by girex quote It's not a RFI couse use of fileexists function. /quote How wrong brother! trick 1 ftp:// wrapper with php 5: needs registerglobals = on allowurlfopen ...

DeluxeBB 1.3 - 'qorder' SQL Injection

Author: girex Homepage: girex.altervista.org Date: 18/03/2009 CMS: DeluxeBB 1.3 and prior site: deluxebb.com NOTE: - Works regardless of php.ini settings - This SQL injection will shows you username and md5 of ALL registered users of the site. - This PoC was written for educational purpose. Use i...

LokiCMS 0.3.3 - Remote Command Execution

Author: GiReX mySite: girex.altervista.org Date: 8/04/08 CMS: LokiCMS ; last if $cmd eq 'exit'; last if iserrorgetprint$host."includes/Config.php?cmd=$cmd"; print $resp; sub banner print "+ LokiCMS...