CVE-2018-18529

ThinkPHP 3.2.4 has SQL Injection via the count parameter because the Library/Think/Db/Driver/Mysql.class.php parseKey function mishandles the key variable. NOTE: a backquote character is not required in the attack URI...

Ptag 4.0.0 - Multiple Remote File Inclusions

Ptag 4.0.0 - Multiple Remote File Inclusions Exploit Title: Ptag sqltable = ptagprefix."session"; $this - cookiename = ptagprefix."session"; //If RSS mode, switch session to non-viewed tracker. if ptagoutput == "rss" parent::construct$ptagsql, sha1""; else parent::construct$ptagsql; ? PoC...

Mynews 0_10 (Auth Bypass) SQL Injection Vulnerability

No description provided by source. 0x01 Informations: Name : Mynews 010 Download : http://prdownloads.sourceforge.net/mynews/mynewsbeta010.zip?download Vulnerability : Auth Bypass Author : x0r Contact : [email protected] Notes : Proud to be Italian 0x02 Bug: Bugged file is /path/login.php Code...

BlueBird Pre-Release - Authentication Bypass

BlueBird Pre-Release - Authentication Bypass 0x01 Informations: Name : BlueBird Pre-Release Download : http://downloads.sourceforge.net/bluebird/bluebirdpre.zip Vulnerability : Auth Bypass Author : x0r Contact : [email protected] Notes : Proud to be Italian 0x02 Bug: Bugged file is...

AuthPhp 1.0 (Auth Bypass) SQL Injection Vulnerability

Exploit for unknown platform in category web applications ===================================================== AuthPhp 1.0 Auth Bypass SQL Injection Vulnerability ===================================================== 0x01 Informations: Name : AuthPhp 1.0 Download :...

Digital WebShop 1.128 - Multiple Remote File Inclusions

Title : Digital WebShop = v1.128 Multiple Remote File Include Vulnerabilities Author : ajann Script Page : http://digitalwebshop.dyndns.org Exploit; Files rechnung.php prepend.php /Files Code,1 prepend.php Error: // include Werzeuge .. .... requireonce$PHPLIB"libdir" . "phpDB-mysql.lib"; / Mysql...