64 matches found
dedecms injection vulnerability affecting version 5. 3 – 5.5 Posted in php-vulnerability warning-the black bar safety net
Excerpt from: hacking notes dedecms5. 3 and 5. The 5-Series version, there is a major injection vulnerability, Please note the following offensive, only for research. Exploit this vulnerability to illegal activities, at your peril. Suppose domain name is: www. abc. com the attack steps are as...
Acute Control Panel 1.0.0 RFI / SQL Injection
Acute Control Panel 1.0.0 RFI/SQL Injection Auth Bypass + Discovered By SirGod + www.mortal-team.org + www.h4cky0u.org + Remote File Inclusion Vulnerable code in container.php ----------------------------------------------------------- -----------------------------------------------------------...
serendipity -- multiple cross site scripting vulnerabilities
Hanno Boeck reports: The installer of serendipity 1.3 has various Cross Site Scripting issues. This is considered low priority, as attack scenarios are very unlikely. Various path fields are not escaped properly, thus filling them with javascript code will lead to XSS. MySQL error messages are no...
Woltlab Burning Board 3.0.x - Blind SQL Injection
$char,BENCHMARK3000000,MD523,1"; // Edit 3000000 if the stuff doesn't work or taking long times. / Place here youre autologin cookie / $cookie = "wcfcookieHash=; wcfboardLastActivityTime=; wcfuserID=; wcfpassword=;"; $starttime = time; $connection = fsockopen$host, 80; fputs$connection, "GET:...
Eurologon CMS Multiple Remote SQL Injection Vulnerabilities
No description provided by source. --------------------------------------------------------------- / | |\ \ / | / |/ | | |/ \ | | / \ \ | \ \ | | | \ | |/ \ | | // | || | ||| /| / /\ | |||| /| / / &nb...
Pharmacy System 2.0 (index.php ID) Remote SQL Injection Vulnerability
No description provided by source. --==+================================================================================+==-- --==+ Pharmacy System v2 AND PRIOR SQL INJECTION VULNERBILITYS +==-- --==+================================================================================+==-- AUTHOR:...
Pharmacy System 2.0 - index.php?ID SQL Injection
Pharmacy System 2.0 - index.php?ID SQL Injection --==+================================================================================+==-- --==+ Pharmacy System v2 AND PRIOR SQL INJECTION VULNERBILITYS +==-- --==+================================================================================+==...
NetClassifieds (SQL/XSS/Full Path) Multiple Remote Vulnerabilities
Exploit for unknown platform in category web applications ================================================================== NetClassifieds SQL/XSS/Full Path Multiple Remote Vulnerabilities ================================================================== Application: NetClassifieds: -Free Editi...
LiveCMS 3.4 - categoria.php?cid SQL Injection
LiveCMS 3.4 - categoria.php?cid SQL Injection !/usr/bin/perl / \ / \ | | | | | | | | | | | / | | | | | | | ' / | | ' \ / \ | | | | || | || | | | \ | | | | / | , |/ /|| ||| |||| / | |/ INFO: Program Title LiveCMS = 3.4 SQL Injection, Absolute Path Disclosure, XSS Injection, Arbitrary File...
MyBulletinBoard (MyBB) 1.2.2 - CLIENT-IP SQL Injection
MyBulletinBoard MyBB 1.2.2 - CLIENT-IP SQL Injection !/usr/bin/perl LOGO Mybb = 4.1 wwork: blind sql-inj ggoogle: Powered By MyBB coded by Elekt antichat.ru Coments ОпиÑание: Работа ÑкÑплойта оÑнована на sql-инъекции в HTTPCLIENTIP...
sitex multiple vulnerabilities
global risk:critical upload vulnerability: in user profile upload an avatar with a double extension like : file.php.jpg once it's done,you gone get an error like:Fatal error: Call to undefined function imagedestroy in /. but the last extension jpg will be removed by the script, and stored in :...
v3chatIM.txt
V3 Chat Instant Messenger http://www.v3chat.com/ Affected files: /mail/index.php /mail/reply.php isonline.php online.php profile.php profileview.php search.php mycontacts.php expire.php Editing your profile: - input boxes ------------------------------------------ Mail Vulnerabilities: Full path...
Design/Logic Flaw
Aztek Forum 4.0 allows remote attackers to obtain sensitive information via a long login value in a register form, which displays the installation path in a MySQL error message...
Sql injection
Aztek Forum 4.0 allows remote attackers to obtain sensitive information via a "/" in the msg parameter to index.php, which reveals usernames and passwords in a MySQL error message, possibly due to a forced SQL error or SQL injection...
CVE-2006-1112
Aztek Forum 4.0 allows remote attackers to obtain sensitive information via a long login value in a register form, which displays the installation path in a MySQL error message...
CVE-2006-1112
Aztek Forum 4.0 allows remote attackers to obtain sensitive information via a long login value in a register form, which displays the installation path in a MySQL error message...
CVE-2006-1111
Aztek Forum 4.0 allows remote attackers to obtain sensitive information via a "/" in the msg parameter to index.php, which reveals usernames and passwords in a MySQL error message, possibly due to a forced SQL error or SQL injection...
AZTEK forums 4.0 multiple vulnerabilities (PoC)
/==========================================/ // AZTEK forums 4.0 multiple vulnerabilities PoC // Product: AZTEK forums // URL: http://www.forum-aztek.com/ // RISK: high /==========================================/ PoC 1- XSS - Post a message including the following line:...
Aztek Forum 4.00 - Cross-Site Scripting SQL Injection
Aztek Forum 4.00 - Cross-Site Scripting SQL Injection /==========================================/ // AZTEK forums 4.0 multiple vulnerabilities PoC // Product: AZTEK forums // URL: http://www.forum-aztek.com/ // RISK: high /==========================================/ PoC 1- XSS - Post a message...
Aztek Forum 4.00 (XSS/SQL) Multiple Vulnerabilities (PoC)
Exploit for unknown platform in category web applications ========================================================= Aztek Forum 4.00 XSS/SQL Multiple Vulnerabilities PoC ========================================================= /==========================================/ // AZTEK forums 4.0...