207 matches found
E-php CMS SQL Injection Vulnerability
No description provided by source. Exploit Title: E-php CMS SQL Injection Vulnerability Date: 22-03-2010 Author: Th3 RDX Software Link: Version: 1.0 Tested on: Demo Site category: webapp Code : -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Gr33tz to www.Teamicw.in...
DornCMS Application 1.4 - Multiple Web Vulnerabilities
Document Title: =============== DornCMS Application v1.4 - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1113 Release Date: ============= 2013-10-14 Vulnerability Laboratory ID VL-ID: ==================================== 11...
Gnew 2013.1 - Multiple Vulnerabilities (1)
Gnew 2013.1 - Multiple Vulnerabilities 1 Gnew v2013.1 Multiple XSS And SQL Injection Vulnerabilities Vendor: Raoul Proença Product web page: http://www.gnew.fr Affected version: 2013.1 Summary: Gnew is a simple Content Management System written with PHP language and using a database server MySQL,...
phpcms_v9. 3. 2 a management module logic validation vulnerability-vulnerability warning-the black bar safety net
In the file\modules\sms\sms. php: class sms extends admin function construct $this-logdb = pcbase::loadmodel'smsreportmodel'; $this-moduledb = pcbase::loadmodel'modulemodel'; $this-memberdb = pcbase::loadmodel'membermodel'; //Get the SMS platform configuration information $siteid = getsiteid;...
PhpCmsV9 a SQL injection, the official demo can be caught-vulnerability warning-the black bar safety net
Brief description: Somewhere the filter is not made, resulting in the injection. Detailed description: After registration modify birthday, intercept data packets, to modify infobirthday infobirthday=SELECT 1 FROM select count,concatfloorrand02,substringselect concatusername,0x5f, password, 0x5f,...
PHPCMS v9 Getshell(apache parse-a vulnerability warning-the black bar safety net
Vulnerability type: file upload leads to arbitrary code execution Brief description: phpcms v9 getshell apache Detailed description: Vulnerability file: phpcms\modules\attachment\attachments.php 1. public function cropupload 2. isset$GLOBALS"HTTPRAWPOSTDATA" 3. $pic = $GLOBALS"HTTPRAWPOSTDATA"; 4...
To bypass PHPCMS patch to continue injection-vulnerability warning-the black bar safety net
Vulnerability author: I want to get a shell Submission time: 2013-01-16 Disclosure time: 2013-01-21 Vulnerability type: SQL injection vulnerability Brief description: Inadvertently looked phpcms patch, just want to spit slot. In addition PHPCMS released a patch why not in the forum thank tick it,...
yourphp cms-stored xss-vulnerability warning-the black bar safety net
yourphp is based on thinkphp framework for the development of the open source cms, there is a storage-typexssvulnerability In the demo of the cms when found this vulnerability, in order to have the power of persuasion, then using the official demo displayxssprocess, In yourphp official...
phpcms v9. 1. 1 5 sql and XSS exploits-vulnerability warning-the black bar safety net
phpcms v9. 1. 1 5 The official demo site has been updated to 9.1.16: the http://v9.demo.phpcms.cn/ XSS public function publicgetsuggestkeyword $url = $GET'url'.'& q='.$ GET'q'; echo $url; $res = @filegetcontents$url; ifCHARSET != 'gbk' $res = iconv'gbk', CHARSET, $res; echo $res; Use method:...
web@all CMS 2.0 Multiple Remote XSS Vulnerabilities
Summary web@all is a PHP content management system CMS. If you know about it,you nearly can use it to do anything. Description web@all CMS suffers from multiple stored and reflected cross-site scripting vulnerabilities. The issues are triggered when input passed via several parameters to several...
web@all CMS 2.0 (_order) SQL Injection Vulnerability
Summary web@all is a PHP content management system CMS. If you know about it,you nearly can use it to do anything. Description The application suffers from an SQL Injection vulnerability. Input passed via the GET parameter 'order' is not properly sanitised before being returned to the user or use...
phpcms 2008 admin-block.inc.php 代码执行漏洞
No description provided by source...
Breeze CMS 1.0 => Remote Code Execution Vulnerability
Exploit for php platform in category web applications Exploit Title: Breeze CMS 1.0 = Remote Code Execution Vulnerability Date: 28/6/2012 Author: GoLdM Vendor or Software Link: http://www.phpkode.com/download/p/ice.zip http://www.phpkode.com/projects/item/breeze-cms-a-php-content-manage-system/...
iBoutique eCommerce v4.0 - Multiple Web Vulnerabilities
Document Title: =============== iBoutique eCommerce v4.0 - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=594 Release Date: ============= 2012-06-08 Vulnerability Laboratory ID VL-ID: ==================================== 594...
Hero Framework 3.69 Remote Reflected Cross-Site Scripting Vulnerability
Summary Hero formerly Caribou CMS is a white label, open source PHP website content management system CMS and development platform. Description Hero suffers from a XSS vulnerability when parsing user input to the 'month' parameter via GET method. Attackers can exploit this weakness to execute...
PHPCMS 2 0 0 8 SP2 latest local file inclusion vulnerability-vulnerability warning-the black bar safety net
PHPCMS into the hardest hit. A vulnerability would allow people to storm out. 0day also often have. Nonsense not much said. Directly on the method. Take the shell method: Contains:admin/safe. inc. php file GET submitted data Will be generated under the root directory a word Encrypt the following...
Pointter PHP CMS 1.2 LFI / XSS / SQL Injection
Pointter PHP Content Management System 1.2 Multiple Vulnerabilities Vendor: PangramSoft GmbH Product web page: http://www.pointter.com Affected version: 1.2 Summary: Pointter PHP Content Management System is an advanced, fast and user friendly CMS script that can be used to build simple websites ...
PHP-CMS 1.2 / 3.0 SQL Injection
Exploit Title : content Management PHPCMS 3.0 Sql Injection Vunerability Author : ThunDEr HeaD Contact : [email protected] Date : 11-01-2011 HomePage : www.indishell.in Version : 1.2 , 3.0 Tested on : PBL Technology Vulnerability Style : PHPCMS Sql Injection Vunerability...
Pointter PHP Content Management System - Unauthorized Privilege Escalation
Pointter PHP Content Management System - Unauthorized Privilege Escalation 'Pointter PHP Content Management System' Unauthorized Privilege Escalation CVE-2010-4332 Mark Stanislav - [email protected] I. DESCRIPTION --------------------------------------- A vulnerability exists in the...
Edit-X PHP CMS - 'search_text' Cross-Site Scripting
source: https://www.securityfocus.com/bid/42442/info Edit-X PHP CMS is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the contex...