DataLife Engine preview.php PHP Code Injection

No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3...

4images 1.7.6 - 9 - CSRF Inject PHP Code

No description provided by source. !/usr/bin/perl Title : 4images 1.7.6 9 Csrf inject php code Author : Or4nG.M4n Version : 1.7.6 9 Homepage : http://www.4homepages.de/ Dork : Powered by 4images video : http://youtu.be/NYFzC9hH54 Thnks+----------------------------------+ | xSs m4n i-Hmx h311c0d3...

Docebo LMS <= 4.0.4 - (messages) Remote Code Execution

No description provided by source. ?php / Docebo LMS = v4.0.4 messages remote code execution exploit vendor: http://www.docebo.com/ software link: http://www.docebo.com/community/doceboCms/ author: mrme::rwx kru email: steventhomasseeley!gmail!com We must become the change we want to see in the...

LinPHA 0.9.x/1.0 forth_stage_install.php language Variable POST Method Local File Inclusion

No description provided by source. source: http://www.securityfocus.com/bid/16592/info LinPHA is prone to multiple local file-inclusion and PHP code-injection vulnerabilities. The local file-inclusion issues are due to insecure use of the 'includeonce' PHP function in multiple scripts. The PHP...

Cuppa CMS (alertConfigField.php, urlConfig param) - Remote/Local File Inclusion

No description provided by source. Exploit Title : Cuppa CMS File Inclusion Date : 4 June 2013 Exploit Author : CWH Underground Site : www.2600.in.th Vendor Homepage : http://www.cuppacms.com/ Software Link : http://jaist.dl.sourceforge.net/project/cuppacms/cuppacms.zip Version : Beta Tested on :...

WeBid <= 1.0.2 (converter.php) Remote Code Execution Exploit

No description provided by source. ?php / ------------------------------------------------------------ WeBid = 1.0.2 converter.php Remote Code Execution Exploit ------------------------------------------------------------ author...: EgiX mail.....: n0b0d13satgmaildotcom link.....:...

Active Collab "chat module" <= 2.3.8 - Remote PHP Code Injection Exploit

No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3...

LokiCMS <= 0.3.3 - Remote Command Execution Exploit

No description provided by source. Author: GiReX mySite: girex.altervista.org Date: 8/04/08 CMS: LokiCMS = 0.3.3 Site: lokicms.com Bug: PHP Code Injection Exploit: Remote Command Execution Vuln Code: admin.php if $GET'default' != '' // User want's to set the default page writeconfig$cpassword,...

PmWiki <= 2.2.34 (pagelist) Remote PHP Code Injection Exploit

No description provided by source. ?php / ------------------------------------------------------------- PmWiki = 2.2.34 pagelist Remote PHP Code Injection Exploit ------------------------------------------------------------- author...............: Egidio Romano aka EgiX mail.................:...

swDesk Multiple Vulnerabilities

No description provided by source. Title : swDesk Multi Vulnerability Author : Red Security TEAM Date : 01/02/2012 Risk : High Vendor : http://www.swdesk.com/ Tested On : Apache Contact : Info 4t RedSecurity d0t COM Home : http://RedSecurity.COM Exploit : I. Arbitrary File Upload Vulnerability 1...

Sharetronix <= 3.1.1 Two PHP Code Injection Vulnerabilities

Sharetronix 3.1.1.3, 3.1.1, and earlier allows remote attackers to execute arbitrary PHP code via the 1 activitiestext parameter to services/activities/set or 2 commentstext parameter to services/comments/set, which is not properly handled when executing the pregreplace function with the e...

bloofoxCMS 0.5.0 CSRF / PHP Code Injection

!/usr/bin/perl Title : bloofoxCMS V0.5.0 - Csrf inject php code Author : AtT4CKxT3rR0r1ST Contact : [email protected] , [email protected] Home : http://www.iphobos.com/blog/ Script : http://www.bloofox.com/download.21.html Version : 0.5.0 Dork : "Powered by bloofoxCMS" Vulnerability In Languag...

iScripts AutoHoster PHP Code Injection Vulnerability

iScripts AutoHoster suffers from file disclosure, PHP code injection, file disclosure, and remote SQL injection vulnerabilities. ?php / + iScripts AutoHoster + Multiple vulnerabilities , PHP Code injection Exploit + Author : i-Hmx + email protected + sec4ever.com , 1337s.cc I.Sql Injection Vuln...

iScripts AutoHoster PHP Code Injection

?php / + iScripts AutoHoster + Multiple vulnerabilities , PHP Code injection Exploit + Author : i-Hmx + [email protected] + sec4ever.com , 1337s.cc I.Sql Injection Vuln /checktransferstatus.php Table name : submit=faris&cmbdomain=i-Hmx' /!1337union all select 0x6661726973,select distinct...

Affiliate Network Pro 9.* PHP Code Injection Vulnerability

Affiliate Network Pro 9. To 9.3 infected with a PHP Code Injection This is private exploit. You can buy it at https://0day.today...

phpBB3 Unified Convertor Framework PHP Code Injection

PhpBB3 Unified Convertor Framework suffers from a PHP Code Injection in installation path. By default it should be disabled but you can find open installation path's by dorking it or seeking for dir's. Title: phpBB3 Unified Convertor Framework PHP Code Injection Date: 12.12.13 Contact:...

Eaton Network Shutdown Module 3.21 PHP Code Injection

Eaton Network Shutdown module versions 3.21 and below suffer from a remote PHP code injection vulnerability. This is a python exploit for a previously disclosed finding. !/usr/bin/env python Quick 'n' Dirty - Metasploit module didn't do it for me 2013 - Filip Waeytens - http://www.wsec.be Usage...

Eaton Network Shutdown Module 3.21 PHP Code Injection

!/usr/bin/env python Quick 'n' Dirty - Metasploit module didn't do it for me 2013 - Filip Waeytens - http://www.wsec.be Usage Example: $ python eaton.py 192.168.1.9 "net user" User accounts for \ ------------------------------------------------------------------------------- Guest LocalAdmin The...

Eaton Network Shutdown Module 3.21 - Remote PHP Code Injection

!/usr/bin/env python Quick 'n' Dirty - Metasploit module didn't do it for me 2013 - Filip Waeytens - http://www.wsec.be Usage Example: $ python eaton.py 192.168.1.9 "net user" User accounts for \ ------------------------------------------------------------------------------- Guest LocalAdmin The...

MyBB 1.6.11 - Remote Code Execution

MyBB 1.6.11 - Remote Code Execution input'info' as $key = $info $info = strreplace"\", "\\", $info; $info = strreplace'$', '$', $info; $newlanginfo$key = strreplace""", '"', $info; and Line 69: $langinfo'admin' = $newlanginfo'admin'; You can see that some chars are being replaced , however...