IP.Board Add-on IP.Gallery 4.2.1 Cross Site Scripting

Exploit Title: IP.Board 3.3.0 Cross Site Scripting Date: 27.03.2012 Author: Sony and Flexxpoint Software Link: http://community.invisionpower.com/ Web Browser : Mozilla Firefox Blog Flexxpoint: http://flexxpoint.blogspot.com/ Blog Sony: http://st2tea.blogspot.com Site : http://insecurity.ro PoC:...

JavaBB 0.99 Cross Site Scripting

Exploit Title: JavaBB 0.99 Cross Site Scripting Date: 18.03.2012 Author: Sony Software Link: http://www.javabb.org/ Web Browser : Mozilla Firefox Site : http://insecurity.ro PoC: http://st2tea.blogspot.com/2012/03/javabb-099-cross-site-scripting.html...

LivePerson Cross Site Scripting

Exploit Title: LivePerson Cross Site Scripting Date: 15.03.2012 Author: Sony Software Link: http://liveperson.com/ Google Dorks: inurl:/window/top.asp?site= or inurl:/window/main.asp?site= Web Browser : Mozilla Firefox Site : http://insecurity.ro PoC:...

Volusion Chat Cross Site Scripting

Exploit Title: Volusion Chat Cross Site Scripting Date: 15.03.2012 Author: Sony Software Link: http://www.volusion.com/ Google Dorks: inurl:livechat.aspx?ID= intext:volusion or intext:powered by volusion Web Browser : Mozilla Firefox Blog : http://st2tea.blogspot.com PoC:...

LiveHelpNow Chat Cross Site Scripting

Exploit Title: LiveHelpNow Chat Cross Site Scripting Date: 21.02.2012 Author: Sony Software Link: http://www.livehelpnow.net/ Web Browser : Mozilla Firefox Blog : http://st2tea.blogspot.com PoC: http://st2tea.blogspot.com/2012/02/livehelpnow-chat-cross-site-scripting.html...

AtWiki Cross Site Scripting

Exploit Title: @Wiki Cross Site Scripting Date: 16.02.2012 Author: Sony Software Link: http://atwiki.com/ Web Browser : Mozilla Firefox Blog : http://st2tea.blogspot.com PoC: http://st2tea.blogspot.com/2012/02/wiki-cross-site-scripting.html...

JaWiki Cross Site Scripting

Exploit Title: JaWiki Cross Site Scripting Date: 16.02.2012 Author: Sony Software Link: http://sourceforge.net/projects/jawiki/ Web Browser : Mozilla Firefox Blog : http://st2tea.blogspot.com PoC: http://st2tea.blogspot.com/2012/02/jawiki-cross-site-scripting.html...

SMW+ 1.5.6 Cross Site Scripting

Exploit Title: SMW+ 1.5.6 Cross Site Scripting Date: 9.02.2012 Author: Sony Software Link:http://www.smwplus.com/index.php/SemanticMediaWikiPlus Web Browser : Mozilla Firefox Blog : http://st2tea.blogspot.com PoC: http://st2tea.blogspot.com/2012/02/smw-enterprise-wiki-156-cross-site.html...

ProWiki Cross Site Scripting

Exploit Title: ProWiki Cross Site Scripting Date: 9.02.2012 Author: Sony Software Link: http://www.prowiki.org/ Web Browser : Mozilla Firefox Blog : http://st2tea.blogspot.com PoC: http://st2tea.blogspot.com/2012/02/prowiki-cross-site-scripting.html...

RabbitWiki Cross Site Scripting

Exploit Title: RabbitWiki Cross Site Scripting Date: 9.02.2012 Author: Sony Software Link: http://www.rustyspigot.com/webmasters/s/RabbitWiki/ Web Browser : Mozilla Firefox Blog : http://st2tea.blogspot.com PoC: http://st2tea.blogspot.com/2012/02/rabbitwiki-cross-site-scripting.html...

SeedWiki Cross Site Scripting

Exploit Title: SeedWiki Cross Site Scripting Date: 8.02.2012 Author: Sony Software Link: http://www.seedwiki.com/ Web Browser : Mozilla Firefox Blog : http://st2tea.blogspot.com PoC: http://st2tea.blogspot.com/2012/02/seedwiki-cross-site-scripting.html...

Snipsnap Cross Site Scripting

Exploit Title: Snipsnap "search" Cross Site Scripting Date: 8.02.2012 Author: Sony Software Link: http://snipsnap.org/space/start Google Dorks: inurl:/space/start intext:snipsnap Web Browser : Mozilla Firefox Blog : http://st2tea.blogspot.com PoC:...

Brainkeeper Enterprise Wiki Cross Site Scripting

Exploit Title: Brainkeeper Enterprise Wiki "search.php" Cross Site Scripting Date: 6.02.2012 Author: Sony Software Link: http://www.brainkeeper.com Web Browser : Mozilla Firefox Blog : http://st2tea.blogspot.com PoC: http://st2tea.blogspot.com/2012/02/brainkeeper-enterprise-wiki-searchphp.html...

LibAnswers Springshare Library Cross Site Scripting

Exploit Title: LibAnswers Springshare Library Cross Site Scripting Date: 6.02.2012 Author: Sony Software Link: http://www.springshare.com/libanswers/ Google Dorks: browse.php?tid= intext:Powered by Springshare Web Browser: Mozilla Firefox Blog: http://st2tea.blogspot.com PoC:...

ScholarGuides Springshare Cross Site Scripting

Exploit Title: ScholarGuides Springshare Cross Site Scripting Date: 6.02.2012 Author: Sony Software Link: http://www.springshare.com/ Web Browser : Mozilla Firefox Blog : http://st2tea.blogspot.com PoC: http://st2tea.blogspot.com/2012/02/scholarguides-springshare-cross-site.html...

ESET Nod32 Romania Hacked !

Today guy from InSecurity.Ro named sway1990 found again a critical vulnerability MySQL Injection in their website. Some extracted informations: Version – 5.1.41-3ubuntu12.10 Main DB – c1eset HostName – web.axelsoft.ro User – c1eset@localhost DataBases: informationschema c1eset Tables of main db:...

BtiTracker 1.3.x 1.4.x - SQL Injection

BtiTracker 1.3.x 1.4.x - SQL Injection !/usr/bin/env python xpl0it /\ \ /\ \ /\ \ //\ / \ ,\L\ /\ \ ,\ \ \ \ /' /\ \ /'\ /'/\ /\ /'/\ \ \ / /\ /\ \ \ /\ /\ /\ \L\ /\ //\ /\ \ \ \ \ / \ \ \ \ \ \ \ \ /\ \ \ \ \ \\ /\ \ \ \ \/ \ //////////// // // //// // ...

BtiTracker 1.3.x < 1.4.x - SQL Injection

!/usr/bin/env python xpl0it /\ \ /\ \ /\ \ //\ / \ ,\L\ /\ \ ,\ \ \ \ /' /\ \ /'\ /'/\ /\ /'/\ \ \ / /\ /\ \ \ /\ /\ /\ \L\ /\ //\ /\ \ \ \ \ / \ \ \ \ \ \ \ \ /\ \ \ \ \ \\ /\ \ \ \ \/ \ //////////// // // //// // \ // www.insecurity.ro // BtiTracker...

FanUpdate 2.2.1 - 'show-cat.php' SQL Injection

Author : InSecurity Romania Website : https://insecurity.ro Vulnerable script : FanUpdate 2.2.1 - Explanation See show-cat.php file ----------------------------------------------------------------------------------------------- if !isset$listingid exit; requireonce'blog-config.php';...