Colorful Blog - Cross-Site Request Forgery (Change Admin Password)

Exploit Title :----------- : Colorful Blog - Cross-Site Request Forgery Change Admin Pass Author :------------------ : Besim Google Dork :---------- : - Date :--------------------- : 13/10/2016 Type :--------------------- : webapps Platform :---------------- : PHP Vendor Homepage :-- : - Software...

PHP Press Release Cross Site Scripting

Exploit Title : PHP Press Release - Stored Cross Site Scripting Author : Besim Google Dork : - Date : 09/10/2016 Type : webapps Platform : PHP Vendor Homepage : http://www.pagereactions.com/product.php?pku=1 Software link : http://www.pagereactions.com/downloads/phppressrelease.zip Description :...

PHP Press Release - Cross-Site Request Forgery (Add Admin)

Exploit for php platform in category web applications Exploit Title : PHP Press Release - Cross-Site Request Forgery Add Admin - Super User Author : Besim Google Dork : - Date : 09/10/2016 Type : webapps Platform : PHP Vendor Homepage : http://www.pagereactions.com/product.php?pku=1 Software link...

Simple PHP Blog 0.8.4 - Cross-Site Request Forgery (Add Admin) Vulnerability

Exploit for php platform in category web applications that will add a new user as administrator. Once exploited, the attacker can login to the admin panel http://localhost/simple/login.php using the username and the password he posted in the form. CSRF PoC Code ============= -- input type="hidden...

UBUNTU-CVE-2016-7418

The phpwddxpushelement function in ext/wddx/wddx.c in PHP before 5.6.26 and 7.x before 7.0.11 allows remote attackers to cause a denial of service invalid pointer access and out-of-bounds read or possibly have unspecified other impact via an incorrect boolean element in a wddxPacket XML document,...

Vicidial 2.11 Cross Site Scripting

Exploit Title: Vicidial 2.11 - Reflective XSS Date: 0 day Exploit Author: David Silveiro Exploit Author Github: github.com/davidsilveiro Vendor Homepage: http://vicidial.org Software Link: https://sourceforge.net/projects/astguiclient/files/astguiclient2.11rc1.zip/download Platorm: PHP Vicidial i...

modified eCommerce Shopsoftware 2.0.0.0 rev 9678 - Blind SQL Injection

Exploit for php platform in category web applications...

Advanced Electron Forum 1.0.9 - Remote File Inclusion / Cross-Site Request Forgery

Exploit for php platform in category web applications...

Idera Up.Time Monitoring Station 7.0 post2file.php Arbitrary File Upload

This module exploits an arbitrary file upload vulnerability found within the Up.Time monitoring server 7.2 and below. A malicious entity can upload a PHP file into the webroot without authentication, leading to arbitrary code execution. Although the vendor fixed Up.Time to prevent this...

WordPress 4.0 Directory Traversal Exploit 0day

Exploit for php platform in category remote exploits This is private exploit. You can buy it at http://0day.today...

bkkwebs SQL Injection Vulnerability

Exploit for php platform in category web applications + Exploit Title: bkkwebs SQL injection vulnerability + Date: 2015 15 September + Google Dork : intext:"Designed & Developed by bkkwebs.com" + Exploit Author: IranianDarkCodersTeam + Discovered By: KurDHaCK3R + Security Risk: High + Platforms:...

PHP News Script 4.0.0 - SQL Injection Vulnerability

Exploit for php platform in category web applications...

php: Incomplete Class unserialization type confusion

A flaw was discovered in the way PHP performed object unserialization. Specially crafted input processed by the unserialize function could cause a PHP application to crash or, possibly, execute arbitrary code...

ManageEngine EventLog Analyzer 10.0 Build 10001 CSRF Vulnerability

Exploit for php platform in category web applications...

PHPMoAdmin 1.1.2 Remote Code Execution

This module exploits an arbitrary PHP command execution vulnerability due to a dangerous use of eval in PHPMoAdmin. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'PHPMoAdmin 1.1.2 Remote Code...

Dimofinf 3.0 New Cookie Based Injection Exploit

Exploit for php platform in category web applications This is private exploit. You can buy it at https://0day.today...

Wordpress InfusionSoft Upload Exploit

This Metasploit module exploits an arbitrary PHP code upload in the wordpress Infusionsoft Gravity Forms plugin, versions from 1.5.3 to 1.5.10. The vulnerability allows for arbitrary file upload and remote code execution. This module requires Metasploit: http//metasploit.com/download Current...

Model Agentur Script SQL Injection Vunerability

No description provided by source. Exploit Title: Model Agentur Script SQL Injection Vunerability Platform: php Date: 05.02.2011 Author: NoNameMT Software Link: http://www.media-products.de/model-agentur-p-269.html AND http://www.media-products.de/model-agentur-v2-p-420.html Price: 19,95 � / 29,9...

MihanTools Script 1.3.3 - SQL Injection Vulnerability

No description provided by source. Exploit Title: MihanTools Script SQL Injection Vunerability Platform: php Date: 09.02.2011 Author: WHITEDEVIL Software Link: http://www.mihantools.ir/ Version: all version Tested on: Windows Sp2 Mail: [email protected] Dork: inurl:product.php?id= Powered by...

OpenX Backdoor PHP Code Execution

No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3...