Pubs Black Cat [The Fun] - 'browse.groups.php' SQL Injection

source: https://www.securityfocus.com/bid/30221/info Pubs Black Cat The Fun is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access ...

fuzzylime cms 3.01 (commrss.php) Remote Code Execution Exploit

Exploit for unknown platform in category web applications ============================================================== fuzzylime cms 3.01 commrss.php Remote Code Execution Exploit ============================================================== Conditions: None Greetz: Inphex, hEEGy and austeN...

Fuzzylime CMS 3.01 - 'commrss.php' Remote Code Execution

Conditions: None Greetz: Inphex, hEEGy and austeN Explanations Ok, so today we will go for a walk in the fuzzylime cms maze ... Finding vulns was easy, but finding a no condition vuln was quite harder ... First, we look to the code/content.php file:...

hbr-rfi.txt

HBR 1.3 hm Remote File Inclusion Vulnerability Found : Ghost Hacker R-H TeaM |, .-. .-. ,| HOME : www.Real-Hack.net | o/ \o | Email : [email protected] |/ /\ | Script : HBR 1.3 Download Script : http://www.hscripts.com/scripts/php/downloads/HBR13.zip I love the Messenger of Allah Mohammad...

psys070-sql.txt

'/ -.- ---------------------oOO------OOo-------------------- | pSys v0.7.0 Alpha chatbox.php Remote SQL Injection | | works only with magic quotes = off | | coded by DNX | -------------------------------------------------------- ! Discovered.: DNX ! Vendor.....: http://www.powie.de ! Detected...:...

pSys 0.7.0 Alpha - chatbox.php SQL Injection

pSys 0.7.0 Alpha - chatbox.php SQL Injection '/ -.- ---------------------oOO------OOo-------------------- | pSys v0.7.0 Alpha chatbox.php Remote SQL Injection | | works only with magic quotes = off | | coded by DNX | -------------------------------------------------------- ! Discovered.: DNX !...

pSys v0.7.0 Alpha (chatbox.php) Remote SQL Injection Vulnerability

Exploit for unknown platform in category web applications ================================================================== pSys v0.7.0 Alpha chatbox.php Remote SQL Injection Vulnerability ================================================================== '/ -.-...

pSys 0.7.0 Alpha - 'chatbox.php' SQL Injection

'/ -.- ---------------------oOO------OOo-------------------- | pSys v0.7.0 Alpha chatbox.php Remote SQL Injection | | works only with magic quotes = off | | coded by DNX | -------------------------------------------------------- ! Discovered.: DNX ! Vendor.....: http://www.powie.de ! Detected...:...

mcGuestbook 1.2 (lang) Remote File Inclusion Vulnerability

hi mcGuestbook 1.2 lang Remote File Inclusion Vulnerability Found : Ghost Hacker R-H TeaM |, .-. .-. ,| HOME : www.Real-Hack.net | o/ o | Email : [email protected] |/ / | Script : mcGuestbook 1.2 Download Script : http://www.phpbank.net/admin/download.php?id=155 I love the Messenger of Allah...

QRcode Perl CGI & PHP script vulnerable to denial of service attack

Overview QRcode Perl CGI & PHP script, a QR code image generation tool, contains a vulnerability that may cause excessive consumption of server resources. Upon a specific request, resources of a server could be excessively comsumed until the server becomes unable to respond to requests from...

Authentication flaw

includes/library.php in netOffice Dwins 1.3 p2 compares the demoSession variable to the 'true' string literal instead of the true boolean literal, which allows remote attackers to bypass authentication and execute arbitrary code by setting this variable to 1, as demonstrated by uploading a PHP...

OxYProject 0.85 - edithistory.php Remote Code Execution

OxYProject 0.85 - edithistory.php Remote Code Execution OxYProject 0.85 edithistory.php Remote Code Execution Vulnerability Script : http://puzzle.dl.sourceforge.net/sourceforge/oxyproject/OxYBox085uns.zip Code Vuln : Ln 24 include'oxycfg.php'; // // Editing the Chat History // $editfile =...

Softbiz Web Host Directory Script (host_id) SQL Injection Vulnerability

No description provided by source. \ /\ \ / | \ \ | / \ // / | \ | \ \ Y / | \ / / \ /| /\ / / / / / .OR.ID ECHOADV89$2008 ----------------------------------------------------------------------------------------- ECHOADV89$2008 Softbiz Web Host Directory Script searchresult.php hostid...

[ECHO_ADV_89$2008] Softbiz Web Host Directory Script (search_result.php host_id) Blind Sql Injection Vulnerability

ECHOADV89$2008 ----------------------------------------------------------------------------------------- ECHOADV89$2008 Softbiz Web Host Directory Script searchresult.php hostid Blind Sql Injection Vulnerability...

Softbiz Web Host Directory Script - 'host_id' SQL Injection

\ /\ \ / | \ \ | / \ // / | \ | \ \ Y / | \ / / \ /| /\ / / / / / .OR.ID ECHOADV89$2008 ----------------------------------------------------------------------------------------- ECHOADV89$2008 Softbiz Web Host Directory Script searchresult.php hostid Blind Sql Injection Vulnerability...

Softbiz Web Host Directory Script (host_id) SQL Injection Vulnerability

Exploit for unknown platform in category web applications ======================================================================= Softbiz Web Host Directory Script hostid SQL Injection Vulnerability ======================================================================= \ /\ \ / | \ \ | / \ // /...

Softbiz Web Host Directory Script - host_id SQL Injection

Softbiz Web Host Directory Script - hostid SQL Injection \ /\ \ / | \ \ | / \ // / | \ | \ \ Y / | \ / / \ /| /\ / / / / / .OR.ID ECHOADV89$2008 ----------------------------------------------------------------------------------------- ECHOADV89$2008 Softbiz Web Host Directory Script...

phpmyadmin -- Shared Host Information Disclosure

A phpMyAdmin security announcement report: It is possible to read the contents of any file that the web server's user can access. The exact mechanism to achieve this won't be disclosed. If a user can upload on the same host where phpMyAdmin is running a PHP script that can read files with the...

Design/Logic Flaw

admin/modifconfig.php in Blog Pixel Motion aka PixelMotion does not require admin authentication, which allows remote authenticated users to upload arbitrary PHP scripts in a ZIP archive, which is written to templateZip/ and then automatically extracted under templates/ for execution via a direct...

mole-disclose.txt

Mole v2.1.0 viewsource.php Remote File Disclosure Vulnerability Script : http://sourceforge.net/project/showfiles.php?groupid=164171 Vuln Code : Mole: Template viewer POC : /mole210/viewsource.php?dirn=include/config.inc.php /mole210/viewsource.php?fname=include/config.inc.php...