Softbiz Web Host Directory Script (host_id) SQL Injection Vulnerability

Exploit for unknown platform in category web applications ======================================================================= Softbiz Web Host Directory Script hostid SQL Injection Vulnerability ======================================================================= \ /\ \ / | \ \ | / \ // /...

Softbiz Web Host Directory Script - host_id SQL Injection

Softbiz Web Host Directory Script - hostid SQL Injection \ /\ \ / | \ \ | / \ // / | \ | \ \ Y / | \ / / \ /| /\ / / / / / .OR.ID ECHOADV89$2008 ----------------------------------------------------------------------------------------- ECHOADV89$2008 Softbiz Web Host Directory Script...

Softbiz Web Host Directory Script - 'host_id' SQL Injection

\ /\ \ / | \ \ | / \ // / | \ | \ \ Y / | \ / / \ /| /\ / / / / / .OR.ID ECHOADV89$2008 ----------------------------------------------------------------------------------------- ECHOADV89$2008 Softbiz Web Host Directory Script searchresult.php hostid Blind Sql Injection Vulnerability...

phpmyadmin -- Shared Host Information Disclosure

A phpMyAdmin security announcement report: It is possible to read the contents of any file that the web server's user can access. The exact mechanism to achieve this won't be disclosed. If a user can upload on the same host where phpMyAdmin is running a PHP script that can read files with the...

Design/Logic Flaw

admin/modifconfig.php in Blog Pixel Motion aka PixelMotion does not require admin authentication, which allows remote authenticated users to upload arbitrary PHP scripts in a ZIP archive, which is written to templateZip/ and then automatically extracted under templates/ for execution via a direct...

mole-disclose.txt

Mole v2.1.0 viewsource.php Remote File Disclosure Vulnerability Script : http://sourceforge.net/project/showfiles.php?groupid=164171 Vuln Code : Mole: Template viewer POC : /mole210/viewsource.php?dirn=include/config.inc.php /mole210/viewsource.php?fname=include/config.inc.php...

PHP 5.x < 5.2 Multiple Vulnerabilities

According to its banner, the version of PHP 5.x installed on the remote host is older than 5.2. Such versions may be affected by several buffer overflows. To exploit these issues, an attacker would need the ability to upload an arbitrary PHP script on the remote server or to manipulate several...

PEEL CMS Admin Hash Extraction and Remote Upload Exploit

No description provided by source. !/usr/bin/php ?php /---------------------------------------------------------------\ Exploit: PEEL CMS Admin Hash Extraction and Remote Upload Credits: Charles "real" F. charlesfolathotmail.fr URL: http://realn.free.fr/ Date: 03-18-08 Targets: PEEL PREMIUM PEEL...

zKup CMS 2.0 <= 2.3 Remote Add Admin Exploit

Exploit for unknown platform in category web applications ============================================ zKup CMS 2.0 Date: 03-08-2008 Conditions: None. This exploit add a new zKup admin. / print "\n"; print " zKup CMS v2.0 \n\n"; if$argc \n eg: php zkup2adminexploit.php http://127.0.0.1/votresite/...

Dynamic photo Gallery 1.02 - albumID SQL Injection

Dynamic photo Gallery 1.02 - albumID SQL Injection Aria-Security Team http://Aria-Security.Net ---------------------------- Shoutz: Aura, imm02rtal, NULL, Kinglet And all our staff Vendor: http://www.phpwebscript.net/dynamicphotogallery/foto-gallery.php Original Link:...

Simple PHP Scripts Gallery 0.x - &#039;index.php&#039; Cross-Site Scripting

source: https://www.securityfocus.com/bid/28056/info Simple PHP Scripts 'gallery' is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an...

LightBlog 9.6 - &#039;Username&#039; Local File Inclusion

lightblog 9.6 local file inclusion vulnerability download http://www.publicwarehouse.co.uk/phpscripts/lightblog.php author muuratsalo contact muuratsaloatgmail.com exploit http://localhost/LightBlog9.6/viewmember.php?username=../../../../../../../../../../etc/passwd%00 milw0rm.com 2008-02-18...

Mix Systems CMS (parent/id) Remote SQL Injection Exploit

No description provided by source. ? echo "\n"; echo "-------------------------Mix Systems CMS--------------------------"."\n"; echo "-----------------------coded by : halkfild------------------------"."\n"; echo "----------------------------antichat.ru------------------------"."\n"; if $argc!=4...

wdcs-xss.txt

Aria-Security Team Persian Security Network httP://Aria-Security.Net --------------------------------------------- Shoutz: Aura, imm0rtal, Soot.Hackers, iM4N, A Special Thanks to my dear friend Mhp0rtal for his great help in order to find this vuln. Vendor: http://www.softwebsnepal.com Demo:...

Mix Systems CMS - &#039;parent/id&#039; SQL Injection

? echo "\n"; echo "-------------------------Mix Systems CMS--------------------------"."\n"; echo "-----------------------coded by : halkfild------------------------"."\n"; echo "----------------------------antichat.ru------------------------"."\n"; if $argc!=4 echo " Usage: php ".$argv0." host...

WordPress fGallery 'fim_rss.php' 'album' Parameter SQL Injection

The remote host is running fGallery, a third-party image gallery plugin for WordPress. The version of fGallery installed on the remote host fails to sanitize input to the 'album' parameter of the 'fimrss.php' script before using it in a database query. Regardless of PHP's 'magicquotesgpc' setting...

LulieBlog 1.0.1 - Remote Authentication Bypass

LulieBlog 1.0.1 - Remote Authentication Bypass -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- LulieBlog 1.0.1 delete id Remote Admin Bypass Vulnerability -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- bug found by ka0x contact: D.O.M TEAM 2008 we are: ka0x, an0de,...

LulieBlog 1.0.1 - Remote Authentication Bypass

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- LulieBlog 1.0.1 delete id Remote Admin Bypass Vulnerability -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- bug found by ka0x contact: D.O.M TEAM 2008 we are: ka0x, an0de, xarnuz from spain download:...

Tribisur &lt;= 2.0 Remote SQL Injection Exploit

No description provided by source. !/usr/bin/php -q ?php echo "Tribisur = 2.0 Remote SQL Injection Exploit\r\n"; echo "Coded by x0kster -x0ksterATgmailDOTcom - \r\n"; / Script Download : http://www.comscripts.com/scripts/php.tribisur-20.1211.html Bug 1 in modules/forum/liste.php : First, this...

WordPress Plugin Wp-FileManager 1.2 - Arbitrary File Upload

AUTHOR : H-T TeaM HouSSaMix ToXiC350 HOME : http://no-hack.net Script : Wordpress Plugin Wp-FileManager Download : http://downloads.wordpress.org/plugin/wp-filemanager.1.2.zip BUG : Remote File Upload Vulnerability Shell Upload Exploit | 3xpl0it4t10n : This file allowed you to upload directly a P...