176 matches found
Discuz! member.php xss漏洞
member.php代码: if!empty$listgid && $listgid == intval$GET'listgid' //这里用的等于==而不是全等===进行的比较,且$listgid并没有初始化: $type = $adminid == 1 ? 'grouplist' : $type; else $listgid = ''; ... $multipage = multi$num, $memberperpage, $page,...
MyPHP Forum 3.0 - Edit Topics / Blind SQL Injection
/ ----------------------------------------------------------------------------------- MyPHP Forum Final = 3.0 Edit Topics/Blind SQL Injection Remote Vulnerabilities ----------------------------------------------------------------------------------- Discovered By StAkeRathotmaildotit Download On...
myphpforum-sql.txt
/ ----------------------------------------------------------------------------------- MyPHP Forum Final = 3.0 Edit Topics/Blind SQL Injection Remote Vulnerabilities ----------------------------------------------------------------------------------- Discovered By StAkeRathotmaildotit Download On...
CVE-2008-2963
CVE-2008-2963 affects MyBlog via Multiple SQL injection vulnerabilities. The issues occur in the web app’s PHP files where unsafely handled user input is used in SQL queries: the view parameter to index.php, and the id parameter to member.php and post.php. Root cause is improper input handling le...
MyPHP Forum 'faq.php' and 'member.php' Multiple SQL Injection Vulnerabilities
MyPHP Forum is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in t...
myphp-sql.txt
Name : MyPHP Forum So we can execute an sql injection thrught the bugged variable $id. PoC: http://Site/faq.php?action=view&id=-1'+union+select+1,concatusername,0x3a,password,3+from+tableprefixmember+where+uid=1/ Sql injection in member.php So $member variable isn't controlled so we can exploit i...
MyPHP Forum 3.0 (Final) - Multiple SQL Injections
Name : MyPHP Forum So we can execute an sql injection thrught the bugged variable $id. PoC: http://Site/faq.php?action=view&id=-1'+union+select+1,concatusername,0x3a,password,3+from+tableprefixmember+where+uid=1/ Sql injection in member.php So $member variable isn't controlled so we can exploit i...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in vBulletin 3.6.8 allow remote attackers to inject arbitrary web code or HTML via the 1 s parameter to index.php, and the 2 q parameter to a faq.php, b member.php, c memberlist.php, d calendar.php, e search.php, f forumdisplay.php, g...
CVE-2007-4453
Multiple cross-site scripting XSS vulnerabilities in vBulletin 3.6.8 allow remote attackers to inject arbitrary web code or HTML via the 1 s parameter to index.php, and the 2 q parameter to a faq.php, b member.php, c memberlist.php, d calendar.php, e search.php, f forumdisplay.php, g...
Sql injection
Multiple SQL injection vulnerabilities in wolioCMS allow remote attackers to execute arbitrary SQL commands via 1 the id parameter to member.php in a page action, related to a SELECT statement in common.php; and the 2 loginid parameter uid variable, and possibly the 3 pwd parameter, to...
CVE-2007-4156
Multiple SQL injection vulnerabilities in wolioCMS allow remote attackers to execute arbitrary SQL commands via 1 the id parameter to member.php in a page action, related to a SELECT statement in common.php; and the 2 loginid parameter uid variable, and possibly the 3 pwd parameter, to...
CVE-2007-4156
Multiple SQL injection vulnerabilities in wolioCMS allow remote attackers to execute arbitrary SQL commands via 1 the id parameter to member.php in a page action, related to a SELECT statement in common.php; and the 2 loginid parameter uid variable, and possibly the 3 pwd parameter, to...
FlashGameScript <= 1.7 (user) Remote SQL Injection Vulnerability
Exploit for unknown platform in category web applications ================================================================ FlashGameScript = 1.7 user Remote SQL Injection Vulnerability ================================================================ FlashGameScript = 1.7 member.php$user...
Sql injection
SQL injection vulnerability in member.php in 6ALBlog allows remote attackers to execute arbitrary SQL commands via the newsid parameter...
CVE-2007-3450
SQL injection vulnerability in member.php in 6ALBlog allows remote attackers to execute arbitrary SQL commands via the member parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...
CVE-2007-3449
SQL injection vulnerability in member.php in 6ALBlog allows remote attackers to execute arbitrary SQL commands via the newsid parameter...
Sql injection
SQL injection vulnerability in member.php in 6ALBlog allows remote attackers to execute arbitrary SQL commands via the member parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...
CVE-2007-3450
CVE-2007-3450 is a SQL injection vulnerability in the 6ALBlog project, affecting the file member.php . The flaw allows remote attackers to execute arbitrary SQL commands by supplying the attack payload in the member parameter. This vulnerability is confirmed in multiple sources (NVD/NVDA-style re...
CVE-2007-3450
SQL injection vulnerability in member.php in 6ALBlog allows remote attackers to execute arbitrary SQL commands via the member parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...
CVE-2007-3449
SQL injection vulnerability in member.php in 6ALBlog allows remote attackers to execute arbitrary SQL commands via the newsid parameter...