MiniWeb (Build 300) Arbitrary File Upload

This module exploits a vulnerability in MiniWeb HTTP server build 300. The software contains a file upload vulnerability that allows an unauthenticated remote attacker to write arbitrary files to the file system. Code execution can be achieved by first uploading the payload to the remote machine ...

MiniWeb HTTP Server 300 - Crash (PoC)

MiniWeb HTTP server build 300, built on Feb 28 2013 by Stanley Huang http://sourceforge.net/projects/miniweb/files/miniweb/0.8/miniweb-win32-20130309.zip/download Heap corruption PoC - remote DoS Tested on Win7 SP1 RUS x dmnt 2013 import socket print 'Mini Web HTTP Server remote DoS exploit by...

MiniWeb HTTP Server 300 - Crash (PoC)

MiniWeb HTTP Server 300 - Crash PoC MiniWeb HTTP server build 300, built on Feb 28 2013 by Stanley Huang http://sourceforge.net/projects/miniweb/files/miniweb/0.8/miniweb-win32-20130309.zip/download Heap corruption PoC - remote DoS Tested on Win7 SP1 RUS x dmnt 2013 import socket print 'Mini Web...

MiniWeb Arbitrary File Upload and Directory Traversal Vulnerabilities

This host is installed with MiniWeb and is prone to file upload and directory traversal vulnerabilities. OpenVAS Vulnerability Test $Id: gbminiwebfileuploadndirtravvuln.nasl 6093 2017-05-10 09:03:18Z teissa $ MiniWeb Arbitrary File Upload and Directory Traversal Vulnerabilities Authors: Thanga...

MiniWeb File Upload / Directory Traversal

============================================================================================ Vulnerable Software: MiniWeb build 300, built on Feb 28 2013 Official Site: http://miniweb.sourceforge.net/ Vulns: Remote arbitrary file upload,Directory traversal. Tested Software/version: MiniWeb build...

MiniWeb Content-Length Denial Of Service

!/usr/bin/env python miniweb Content-Length DoS PoC Not a 0day, sadly. aluigi found this ages back, I independantly rediscovered it fuzzing and noticed it was still unpatched. Oh well, better disclose so! vuln version at code.google.com/p/miniweb/ affects WinCC also : Oh, them SCADA... Massive...

MiniWeb Content-Length Denial Of Service

Exploit for windows platform in category dos / poc !/usr/bin/env python miniweb Content-Length DoS PoC Not a 0day, sadly. aluigi found this ages back, I independantly rediscovered it fuzzing and noticed it was still unpatched. Oh well, better disclose so! vuln version at code.google.com/p/miniweb...

Miniweb 2.0 Business Portal / Social Networking Platform SQL Injection

Author: L0rd CrusAd3r aka VSN [email protected] Exploit Title:Miniweb 2.0 Business Portal and Social Networking Platform SQL Injection Vulnerability Vendor url:http://www.miniweb2.com/ Version:2.0 Price:250$ Published: 2010-06-10 Greetz to:Sid3^effects, MaYur, M4n0j, Dark Blue,...

Miniweb 2.0 Business Portal and Social Networking Platform SQL Injection

Exploit for php platform in category web applications ====================================================================================== Miniweb 2.0 Business Portal and Social Networking Platform SQL Injection Vulnerability...

Miniweb 2.0 Business Portal and Social Networking Platform - SQL Injection

Miniweb 2.0 Business Portal and Social Networking Platform - SQL Injection Author: L0rd CrusAd3r aka VSN [email protected] Exploit Title:Miniweb 2.0 Business Portal and Social Networking Platform SQL Injection Vulnerability Vendor url:http://www.miniweb2.com/ Version:2.0 Price:250$ Published:...

Miniweb 2.0 Business Portal and Social Networking Platform - SQL Injection

Author: L0rd CrusAd3r aka VSN [email protected] Exploit Title:Miniweb 2.0 Business Portal and Social Networking Platform SQL Injection Vulnerability Vendor url:http://www.miniweb2.com/ Version:2.0 Price:250$ Published: 2010-06-10 Greetz to:Sid3^effects, MaYur, M4n0j, Dark Blue,...

Cross site scripting

Cross-site scripting XSS vulnerability in the Survey Pro module for Miniweb 2.0 allows remote attackers to inject arbitrary web script or HTML via the PATHINFO to index.php...

CVE-2009-4551

SQL injection vulnerability in the Survey Pro module for Miniweb 2.0 allows remote attackers to execute arbitrary SQL commands via the campaignid parameter in a results action to index.php...

CVE-2009-4552

Cross-site scripting XSS vulnerability in the Survey Pro module for Miniweb 2.0 allows remote attackers to inject arbitrary web script or HTML via the PATHINFO to index.php...

CVE-2009-4551

SQL injection vulnerability in the Survey Pro module for Miniweb 2.0 allows remote attackers to execute arbitrary SQL commands via the campaign_id parameter in a results action to index.php. Affected software: Miniweb 2.0, Survey Pro module. Impact as per NVD: base score 7.5 (HIGH). Exploitation ...

CVE-2009-4552

CVE-2009-4552 is an XSS vulnerability in the Miniweb 2.0 Survey Pro module. It allows remote attackers to inject arbitrary script/HTML via PATH_INFO to index.php. Affected: Miniweb 2.0 (Survey Pro). Root cause: unsanitized PATH_INFO input leading to reflected script execution. Impact: client-side...

CVE-2009-4551

SQL injection vulnerability in the Survey Pro module for Miniweb 2.0 allows remote attackers to execute arbitrary SQL commands via the campaignid parameter in a results action to index.php...

CVE-2009-4552

Cross-site scripting XSS vulnerability in the Survey Pro module for Miniweb 2.0 allows remote attackers to inject arbitrary web script or HTML via the PATHINFO to index.php...

Miniweb 2.0 Full Path Disclosure

Miniweb 2.0 Full Path Disclosure Name Miniweb 2.0 Vendor http://www.miniweb2.com Author Salvatore Fresta aka Drosophila Website http://www.salvatorefresta.net Contact salvatorefresta at gmail dot com Date 2009-12-12 X. INDEX I. ABOUT THE APPLICATION II. DESCRIPTION III. ANALYSIS IV. SAMPLE CODE V...

Miniweb 2.0 Full Path Disclosure

No description provided by source. Miniweb 2.0 Full Path Disclosure Name Miniweb 2.0 Vendor http://www.miniweb2.com Author Salvatore Fresta aka Drosophila Website http://www.salvatorefresta.net Contact salvatorefresta at gmail dot com Date 2009-12-12 X. INDEX I. ABOUT THE APPLICATION II...