90 matches found
Multiple vulnerabilities in myPHPNuke
Здравствуйте 3APA3A! Сообщаю вам о найденных мною Security Bypass, SQL Injection и Cross-Site Scripting уязвимостях в системе myPHPNuke. Security Bypass: Для атаки на myPHPNuke 1.8.88rc2 нужно использовать POST запрос, который обойдёт защитные фильтры. Это позволит использовать для атаки...
SQL Injection vulnerability in myPHPNuke
Здравствуйте 3APA3A! Сообщаю вам о найденной мною новой SQL Injection уязвимости в системе myPHPNuke. SQL Injection: http://site/download.php?op=viewdownload&cid=-120union20select20concataid,char45,pwd20from20mpnauthors20limit200,1 Уязвимы версии до myPHPNuke 1.8.88rc2 а в последней версии систем...
CVE-2008-4088
SQL injection vulnerability in print.php in myPHPNuke MPN before 1.8.88rc2 allows remote attackers to execute arbitrary SQL commands via the sid parameter...
CVE-2008-4089
Cross-site scripting XSS vulnerability in print.php in myPHPNuke MPN before 1.8.88rc2 allows remote attackers to inject arbitrary web script or HTML via the sid parameter...
CVE-2008-4092
SQL injection vulnerability in printfeature.php in myPHPNuke MPN before 1.8.88rc2 allows remote attackers to execute arbitrary SQL commands via the artid parameter...
Sql injection
SQL injection vulnerability in printfeature.php in myPHPNuke MPN before 1.8.88rc2 allows remote attackers to execute arbitrary SQL commands via the artid parameter...
Sql injection
SQL injection vulnerability in print.php in myPHPNuke MPN before 1.8.88rc2 allows remote attackers to execute arbitrary SQL commands via the sid parameter...
CVE-2008-4088
SQL injection vulnerability in print.php in myPHPNuke MPN before 1.8.88rc2 allows remote attackers to execute arbitrary SQL commands via the sid parameter...
CVE-2008-4092
SQL injection vulnerability in printfeature.php in myPHPNuke MPN before 1.8.88rc2 allows remote attackers to execute arbitrary SQL commands via the artid parameter...
CVE-2008-4088
CVE-2008-4088 affects myPHPNuke (MPN) up to version 1.8.8_8rc2, where print.php via the sid parameter allows remote SQL injection to execute arbitrary commands. Affected: print.php in MPN; root cause: insufficient input validation. Remediation: upgrade to 1.8.8_8rc2 or later.
CVE-2008-4092
The CVE-2008-4092 issue affects myPHPNuke (MPN) before version 1.8.8_8rc2, where a SQL injection vulnerability in printfeature.php allows remote attackers to execute arbitrary SQL commands via the artid parameter. The vulnerability arises in the handling of artid, permitting exploitation without ...
CVE-2008-4089
CVE-2008-4089 affects myPHPNuke (MPN) prior to version 1.8.8_8rc2. The vulnerability is a cross-site scripting (XSS) flaw in print.php where the sid parameter can be injected with arbitrary web script or HTML. The available connected data confirms the affected component and the vulnerability clas...
myPHPNuke 'print.php' SQL注入漏洞
BUGTRAQ ID: 30942 CNCAN ID:CNCAN-2008090203 myPHPNuke是一款基于PHP的WEB应用程序。 myPHPNuke不正确处理用户提交的输入,远程攻击者可以利用漏洞进行SQL注入攻击,可能获得敏感信息或操作数据库。 问题由于'print.php'脚本对用户提交给'sid'参数缺少过滤,构建恶意SQL查询作为参数数据,可更改原来的SQL逻辑,获得敏感信息或操作数据库。 获取管理员帐号密码信息:...
myPHPNuke 'printfeature.php' SQL注入漏洞
BUGTRAQ ID: 30959 CNCAN ID:CNCAN-2008090304 myPHPNuke是一款基于PHP的WEB应用程序。 myPHPNuke不正确处理用户提交的输入,远程攻击者可以利用漏洞进行SQL注入攻击,可能获得敏感信息或操作数据库。 问题由于'printfeature.php'脚本对用户提交给'artid'参数缺少过滤,构建恶意SQL查询作为参数数据,可更改原来的SQL逻辑,获得敏感信息或操作数据库。 poc http://example.com/printfeature.php?artid=-1 union select...
Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. myPHPNuke: SQL injection...
Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. myPHPNuke: SQL injection...
SQL Injection vulnerabilities in myPHPNuke
Здравствуйте 3APA3A! Сообщаю вам о найденных мною SQL Injection уязвимостях в системе myPHPNuke. SQL Injection: Уязвимости в скрипте sections.php в параметрах artid и secid...
Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. myPHPNuke: SQL injection...
SQL Injection vulnerability in myPHPNuke
Здравствуйте 3APA3A! Сообщаю вам о найденной мною новой SQL Injection уязвимости в системе myPHPNuke. SQL Injection: http://site/printfeature.php?artid=-120union20select20null,null,aid,pwd,null,null,null,null20from20mpnauthors20limit200,1 Уязвимы версии до myPHPNuke 1.8.88rc2 а в последней версии...
myPHPNuke < 1.8.8_8rc2 (artid) SQL Injection Vulnerability
No description provided by source...