21 matches found
Guppy <= 4.5.11 (Delete Databases) Remote Denial of Service Exploit
No description provided by source. Change line 30 s/htp/http if you would like to see the logo. /str0ke ?php Guppy = 4.5.11 Remote DOS Exploit by trueend5 Computer Security Science Researchers Institute http://www.KAPDA.ir errorreporting0; inisetmaxexecutiontime,0; inisetdefaultsockettimeout, 5;...
Joomla <= 1.0.10 - (poll component) Arbitrary Add Votes Exploit
No description provided by source. ?php Joomla poll component add unlimited votes Computer Security Researchers Institute works regardless of php.ini settings by trueend5 http://www.KAPDA.ir errorreporting0; inisetmaxexecutiontime,0; inisetdefaultsockettimeout, 2; obimplicitflush 1; echo...
kapda-450.txt
Product: cutenews 1.4.5 Vendor: http://cutephp.com The Results through security analysis of cutenews 1.4.5 provided by KAPDA.ir -------------------------------------------------- Test plan: Manual penetration testing: YES Using automated tools: NO Code Auditing: YES Statistical Results from...
Joomla! Component Poll 1.0.10 - Arbitrary Add Votes
Joomla! Component Poll 1.0.10 - Arbitrary Add Votes Joomla poll component arbitrary add votes Joomla poll component arbitrary add votes by trueend5 Computer Security Researchers Institute KAPDA.ir hostname ex: www.sitename.com span class="Stil...
Joomla <=1.0.10 (poll component) Arbitrary Add Votes Exploit
Exploit for unknown platform in category web applications ============================================================ Joomla Joomla poll component arbitrary add votes Joomla poll component arbitrary add votes by trueend5 Computer Security Researchers Institute KAPDA.ir form name="form1"...
Joomla <=1.0.10 (poll component) Arbitrary Add Votes Exploit
No description provided by source. ?php Joomla poll component add unlimited votes Computer Security Researchers Institute works regardless of php.ini settings by trueend5 http://www.KAPDA.ir errorreporting0; iniset"maxexecutiontime",0; iniset"defaultsockettimeout", 2; obimplicitflush 1; echo...
Joomla! Component Poll 1.0.10 - Arbitrary Add Votes
Joomla poll component arbitrary add votes Joomla poll component arbitrary add votes by trueend5 Computer Security Researchers Institute KAPDA.ir hostname ex: www.sitename.com font color="...
advisory-355.txt
KAPDA New advisory Vendor: http://myiosoft.com Vulnerable: AjaxPortal v. 3.0 Bug: Sql Injection Authentication Bypass Exploitation: Remote with browser Description: -------------------- AjaxPortal is based on Sajax technology - an open source tool to make programming websites using the Ajax...
myNewsletter <= 1.1.2 (adminLogin.asp) Login Bypass Exploit
No description provided by source. !-- orginal advisory : http://www.kapda.ir/advisory-340.html -- htmlcenterh4KAPDA.ir --- myNewsletter = 1.1.2 Login bypass exploit/h4brchange action in source and then submit /centerform name="adminLogin" method="post"...
myNewsletter 1.1.2 - 'adminLogin.asp' Authentication Bypass
KAPDA.ir --- myNewsletter change action in source and then submit www.kapda.ir milw0rm.com 2006-06-06...
ProPublish 2.0 - catid SQL Injection
ProPublish 2.0 - catid SQL Injection ProPublish 2.0 catid Remote SQL Injection Vulnerability Thanks to soot : http://www.securityfocus.com/archive/1/435787/30/0/threaded Exploited by FarhadKey from kapda.ir Exploit :...
Guppy <= 4.5.11 (Delete Databases) Remote Denial of Service Exploit
No description provided by source. Change line 30 s/htp/http if you would like to see the logo. /str0ke ?php Guppy = 4.5.11 Remote DOS Exploit by trueend5 Computer Security Science Researchers Institute http://www.KAPDA.ir errorreporting0; iniset"maxexecutiontime",0; iniset"defaultsockettimeout",...
d2kBlog 1.0.3 (memName) Remote SQL Injection Exploit
No description provided by source. !/usr/bin/perl -w D2KBLOG SQL injection Discovered by : Farhad Koosha farhadkey at kapda.ir Exploited by : devilbox devilbox at kapda.ir member of : Kapda.ir - Security Science Researchers Institute of Iran persianhacker.net require LWP::UserAgent; require...
Noahs Classifieds <= 1.3 (lowerTemplate) Remote Code Execution
No description provided by source. ?php Noah's classifieds 1.3 Remote Code Execution by trueend5 Computer Security Researchers Institute http://www.KAPDA.ir Functions From rgod Condition:registerglobals=On errorreporting0; iniset"maxexecutiontime",0; iniset"defaultsockettimeout", 5; obimplicitflu...
kapda-22.txt
KAPDA::22 - Azbb v1.1.00 Cross Site Scripting KAPDA New advisory Vulnerable products : Azbb alert'XSS'"" NASL : -------------------- azbb1100XSS.nasl This script was written by Pedram Hayati pi3ch at kapda dot...
WebWiz Products (1.0 , <= 3.06) Login Bypass SQL Injection Exploits
Exploit for unknown platform in category web applications =================================================================== WebWiz Products 1.0 , WebWiz Scripts Login Bypass PoC - site news , journal , weekly poll - Kapda s advisory Discovery and exploit by devilbox at kapda.ir Kapda - Security...
WebWiz Products 1.0/3.06 - Authentication Bypass / SQL Injection
WebWiz Scripts Login Bypass PoC - site news , journal , weekly poll - Kapda s advisory Discovery and exploit by devilbox at kapda.ir Kapda - Security Science Researchers Institute of Iran WebWiz Login Bypass PoC - Database login - Kapda s advisory Discovery and exploit by devilbox at kapda.ir Kap...
[KAPDA::#17] - beehiveforum Script Injection
KAPDA New advisory Vendor: http://www.beehiveforum.net Vulnerable: Version 0.6.2 Bug: HTML Injection , Possible attacks with registerglobals = On Exploitation: Remote with browser Description: -------------------- Beehive Forum is a PHP-based message board system that uses a MySQL database...
ThWboard.txt
KAPDA New advisory Vendor: http://www.thwboard.de Vulnerable Version: 3 beta 2.8 Bug: HTML Injection , XSS , SQL Injection Exploitation: Remote with browser Description: -------------------- ThWboard is a freely available German PHP-based message board program that uses a MySQL database...
XSS & Path Disclosure in Chipmunk's products
Products: Chipmunk Forum , Topsites , Directory , Guestbook Versions: Tested: Last released of products Vendor: http://chipmunk-scripts.com Bug: XSS , Path Disclosure Exploitation: Remote --------------------------- Introduction: Chipmunk Forum is a small yet flexible and fully featured forum...