pHNews <= alpha 1 (templates_dir) Remote Code Execution Exploit

No description provided by source. !/usr/bin/php -q -d shortopentag=on ? $devilteam = ::::::::: :::::::::: ::: ::: ::::::::::: ::: :+: :+: :+: :+: :+: :+: :+: +:+ +:+ +:+ +:+ +:+ +:+ +:+ ++ +:+ +++:++ ++ +:+ ++ ++ ++ ++ ++ ++ ++ ++ ++ + + + +++ + + ::::::::::: :::::::::: ::: :::: :::: :+: :+: :+:...

CVE-2009-0866

pHNews Alpha 1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for extra/genbackup.php...

CVE-2009-0866

CVE-2009-0866 affects pHNews Alpha 1. The issue is improper access control that allows a remote attacker to download the database by requesting extra/genbackup.php, placing sensitive data under the web root at risk. The root cause is insufficient access restrictions on stored data. Public details...

pHNews Alpha 1 (genbackup.php) Database Disclosure Vulnerability

No description provided by source. 0x01 Informations: Name : pHNews Alpha 1 Download : http://www.hotscripts.com/listings/jump/download/50111/ Vulnerability : Db Discloure Author : x0r Contact : [email protected] Notes : Proud to be Italian 0x02 Bug: Bugged file is /path/extra/genbackup.php 0x...

pHNews Alpha 1 (header.php mod) SQL Injection Vulnerability

No description provided by source. 0x01 Informations: Name : pHNews Alpha 1 Download : http://www.hotscripts.com/listings/jump/download/50111/ Vulnerability : Sql Injection Author : x0r Contact : [email protected] Notes : Proud to be Italian 0x02 Bug: Bugged file is /path/header.php Code $mod ...

pHNews Alpha 1 SQL Injection

0x01 Informations: Name : pHNews Alpha 1 Download : http://www.hotscripts.com/listings/jump/download/50111/ Vulnerability : Sql Injection Author : x0r Contact : [email protected] Notes : Proud to be Italian 0x02 Bug: Bugged file is /path/header.php Code $mod = $GET"mod"; // If no mod is select...

pHNews Alpha 1 - genbackup.php Database Disclosure

pHNews Alpha 1 - genbackup.php Database Disclosure 0x01 Informations: Name : pHNews Alpha 1 Download : http://www.hotscripts.com/listings/jump/download/50111/ Vulnerability : Db Discloure Author : x0r Contact : [email protected] Notes : Proud to be Italian 0x02 Bug: Bugged file is...

pHNews Alpha 1 Database Disclosure

0x01 Informations: Name : pHNews Alpha 1 Download : http://www.hotscripts.com/listings/jump/download/50111/ Vulnerability : Db Discloure Author : x0r Contact : [email protected] Notes : Proud to be Italian 0x02 Bug: Bugged file is /path/extra/genbackup.php 0x03 Exploit: Exploit:...

pHNews Alpha 1 - mod SQL Injection

pHNews Alpha 1 - mod SQL Injection 0x01 Informations: Name : pHNews Alpha 1 Download : http://www.hotscripts.com/listings/jump/download/50111/ Vulnerability : Sql Injection Author : x0r Contact : [email protected] Notes : Proud to be Italian 0x02 Bug: Bugged file is /path/header.php Code $mod ...

pHNews Alpha 1 - &#039;mod&#039; SQL Injection

0x01 Informations: Name : pHNews Alpha 1 Download : http://www.hotscripts.com/listings/jump/download/50111/ Vulnerability : Sql Injection Author : x0r Contact : [email protected] Notes : Proud to be Italian 0x02 Bug: Bugged file is /path/header.php Code $mod = $GET"mod"; // If no mod is select...

pHNews Alpha 1 - &#039;genbackup.php&#039; Database Disclosure

0x01 Informations: Name : pHNews Alpha 1 Download : http://www.hotscripts.com/listings/jump/download/50111/ Vulnerability : Db Discloure Author : x0r Contact : [email protected] Notes : Proud to be Italian 0x02 Bug: Bugged file is /path/extra/genbackup.php 0x03 Exploit: Exploit:...

pHNews Alpha 1 (header.php mod) SQL Injection Vulnerability

Exploit for unknown platform in category web applications =========================================================== pHNews Alpha 1 header.php mod SQL Injection Vulnerability =========================================================== 0x01 Informations: Name : pHNews Alpha 1 Download :...

pHNews Alpha 1 (genbackup.php) Database Disclosure Vulnerability

Exploit for unknown platform in category web applications ================================================================ pHNews Alpha 1 genbackup.php Database Disclosure Vulnerability ================================================================ 0x01 Informations: Name : pHNews Alpha 1...

phnews-lfi.txt

┌┌───────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An Unimaginable crack.... ────┐...

pHNews CMS Multiple Local File Inclusion Vulnerabilities

No description provided by source. ┌┌───────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rise...

pHNews CMS Alpha 1 - Local File Inclusion

pHNews CMS Alpha 1 - Local File Inclusion ??????????????????????????????????????????????????????????????????????????????? ?? C r a C k E r ?? ?? T H E C R A C K O F E T E R N A L M I G H T ?? ?????????????????????????????????????????????????????????????????????????????? ????? From The Ashes and...

pHNews CMS Alpha 1 - Local File Inclusion

??????????????????????????????????????????????????????????????????????????????? ?? C r a C k E r ?? ?? T H E C R A C K O F E T E R N A L M I G H T ?? ?????????????????????????????????????????????????????????????????????????????? ????? From The Ashes and Dust Rises An Unimaginable crack.... ?????...

pHNews CMS Multiple Local File Inclusion Vulnerabilities

Exploit for unknown platform in category web applications ======================================================== pHNews CMS Multiple Local File Inclusion Vulnerabilities ========================================================...

pHNews Comments.PHP本地文件包含漏洞

pHNews是一款基于PHP的WEB应用程序。 pHNews不正确过滤用户提交的URI数据，远程攻击者可以利用漏洞以WEB进程权限查看系统文件内容。 问题是由于'Comments.PHP'脚本对用户提交的'templatesdir'参数缺少过滤，提交包含多个"../"字符作为参数数据，可绕过WEB ROOT限制，以WEB进程权限查看系统文件内容。 pHMicroboard pHNews alpha 1 http://www.phnews.org/ http://www.example.com/path/modules/comments.php?templatesdir=LFI...

pHNews <= alpha 1 (templates_dir) Remote Code Execution Exploit

Exploit for unknown platform in category web applications =============================================================== pHNews = alpha 1 templatesdir Remote Code Execution Exploit =============================================================== !/usr/bin/php -q -d shortopentag=on ? $devilteam = ...