MySpace Content Zone 3.x - Arbitrary File Upload

---------------------------------------------------- +-MySpace Content Zone RFi-+ ---------------------------------------------------- Found By Don & breakerunit ---------------------------------------------------- Vuln file: /admin/uploadgames.php Fix: secure admin area Dork: "Powered by MySpace...

MonAlbum 0.87 - Arbitrary File Upload / Password Grabber

!/usr/bin/env perl use strict; use warnings; use LWP::UserAgent; use HTTP::Request::Common; use Getopt::Std; my %args, $user, $password, $sqlhost, $sqluser, $sqlpassword, $cookie, $path, $file, $upload = ; my $tmp = 'cmd1.jpg'; getopts"u:a:f:p:", %args; -a don't retrieve login and passwords, use...

MonAlbum 0.87 Upload Shell / Password Grabber Exploit

Exploit for unknown platform in category web applications ===================================================== MonAlbum 0.87 Upload Shell / Password Grabber Exploit ===================================================== !/usr/bin/env perl use strict; use warnings; use LWP::UserAgent; use...

MonAlbum 0.87 - Arbitrary File Upload Password Grabber

MonAlbum 0.87 - Arbitrary File Upload Password Grabber !/usr/bin/env perl use strict; use warnings; use LWP::UserAgent; use HTTP::Request::Common; use Getopt::Std; my %args, $user, $password, $sqlhost, $sqluser, $sqlpassword, $cookie, $path, $file, $upload = ; my $tmp = 'cmd1.jpg';...

ProfileCMS 1.0 Remote File Upload Vulnerability Shell Upload Exploit

No description provided by source. ProfileCMS v1.0 Shell Upload Exploit Demo : http://slrate.com/ You can direct upload PHP shell instead of image while creating profile at this script, For example http://slrate.com/profiles here you can direct upload shell instead of images. Dorks : "Total...

ProfileCMS 1.0 - Arbitrary File Upload

ProfileCMS v1.0 Shell Upload Exploit Demo : http://slrate.com/ You can direct upload PHP shell instead of image while creating profile at this script, For example http://slrate.com/profiles here you can direct upload shell instead of images. Dorks : "Total Generators & Widgets" "Powered By...

MKPortal 1.0/1.1 - 'admin.php' Authentication Bypass

source: https://www.securityfocus.com/bid/25515/info MKPortal is prone to an authentication-bypass vulnerability because it fails to restrict access to certain administrative functions. Attackers can exploit this issue to gain unauthorized access to the application. Versions prior to MKPortal 1.1...

Pakupaku CMS 0.4 - Arbitrary File Upload Local File Inclusion

Pakupaku CMS 0.4 - Arbitrary File Upload Local File Inclusion !/usr/bin/perl Pakupaku CMS = 0.4 Remote File Upload Vulnerability 1- PathScript/index.php?page=Uploads 2- Upload GoLd-M.php = Php Shell 3- PathScript/uploads/GoLd-M.php = Php Shell D.Script :...

CyBoards PHP Lite 1.21 - 'script_path' Remote File Inclusion

!/usr/bin/perl CyBoards PHP Lite 1.21 scriptpath Remote File Include Exploit Coded by bd0rk || SOH-Crew Usage: exploit.pl target cmd shell shell variable Greetings: str0ke, TheJT, Kacper, Lu7k, Maik Vulnerable Code: include"$scriptpath/include/defaultstyle.css"; Vendor:...

PostNuke Module phgstats 0.5 - phgdir Remote File Inclusion

PostNuke Module phgstats 0.5 - phgdir Remote File Inclusion PostNuke Module phgstats 0.5 phgdir Remote File Include Exploit Vendor: http://kent.dl.sourceforge.net/sourceforge/phgstats/phgstats0.5.zip Vulnerable Code: includeonce$phgdir . 'settings/config.inc.php'; Coded by bd0rk || SOH-Crew Usage...

VisoHotlink "mosConfig_absolute_path"远程文件包含漏洞

VisoHotlink是一款基于PHP的WEB应用程序。 VisoHotlink不正确过滤用户提交的输入，远程攻击者可以利用漏洞以WEB权限执行任意命令。 问题是'includes/functions.visohotlink.php'脚本对用户提交的'"mosConfigabsolutepath"'参数缺少过滤，指定远程服务器上的文件作为包含参数，可导致以WEB权限执行任意命令。 VisoHotlink 1.x 目前没有解决方案提供： http://www.easy-script.com/compt.php?id=3312 !/usr/bin/perl VisoHotlink 1.0...

Axiom Photo Gallery Template.PHP远程文件包含漏洞

Axiom Photo Gallery是一款基于PHP的WEB应用程序。 Axiom Photo Gallery不正确过滤用户提交的输入，远程攻击者可以利用漏洞以WEB权限执行任意命令。 问题是'Template.PHP'脚本对用户提交的'sphppath'参数缺少过滤，指定远程服务器上的文件作为包含参数，可导致以WEB权限执行任意命令。 Axiom Axiom Photo Gallery 8.6 目前没有解决方案提供： http://superb-west.dl.sourceforge.net/sourceforge/axiompng/...

L2J Statistik Script <= 0.09 (index.php page) Local File Include Exploit

No description provided by source. ? print ' | \ | \ \ / | | | | | | | \ \ \ / \ \ | \ \ / \ | \ | | | / \ | \ \ \ / / | | | | | | | | | | ||/ // |./ |/\ ./ |/ ||...

mkportalfun.txt

MkPortal "All Guests are Admin" Exploit Vulnerability discovered and exploited by: Demential Web: http://headburn.altervista.org E-mail: infoatburnheaddotit Mkportal website: http://www.mkportal.it Start Macromedia Flash and create an swf file with this code: var idg:Number = 9; var p13:Number = ...

Ultimate PHP Board <= 2.0b1 (chat/login.php) Code Execution Exploit

No description provided by source. !/usr/bin/perl +------------------------------------------------------------------------------------------- + Ultimate PHP Board = 2.0b1 chat/login.php Remote Code Execution Vulnerability...

Joomla! Component MosReporter 0.9.3 - Remote File Inclusion

!/usr/bin/perl MosReporter Joomla Component Remote File Inclusion Exploit Download Script http://mamboxchange.com/tracker/download.php/196/805/1010/119/reportermambelfish.zip Bug Found & coded By CrackersChild [email protected] Kullanimi perl cra.pl perl cra http://site.com/...

net2ftp: a web based FTP client :) <= Remote File Inclusion

+-------------------------------------------------------------------- + + net2ftp: a web based FTP client : = Remote File Inclusion + +-------------------------------------------------------------------- + + Affected Software .: net2ftp: a web based FTP client + Venedor ...........:...

E-Vision CMS Multible Remote injections

Hello,, E-Vision CMS Multible Remote injections SQL and File upload Discovered By : HACKERS PAL Copy rights : HACKERS PAL Website : http://www.soqor.net Email Address : [email protected] upload any file admin/ximage.php this file is used to upload files and it does not check the permission This...

Limbo - Lite Mambo CMS Multiple Vulnerabilities

Hello Title : Limbo - Lite Mambo CMS Multiple Vulnerabilities Remote File including - Full path - make php shell - and create folder with 0777 permissions Discovered by : HACKERS PAL Copyrights : HACKERS PAL Website : WwW.SoQoR.NeT Email : [email protected] // Remote File Including...

Limbo com_fm Component sql.php classes_dir Parameter Remote File Inclusion

The remote host is running Limbo CMS, a content-management system written in PHP. The 'comfm' component of the version of Limbo installed on the remote host allows an unauthenticated, remote attacker to copy arbitrary files, possibly taken from a third-party host, into the web document directory...