PT-2014-86: Local File Inclusion in ShopOS

The specialists of the Positive Research center have detected a Local File Inclusion vulnerability in ShopOS. Insufficient validation of user input in the 5.php script allows remote attackers to include files located on the attacked server and thus execute a PHP code. It may result in sensitive...

PT-2014-84: Local File Inclusion in ShopOS

The specialists of the Positive Research center have detected a Local File Inclusion vulnerability in ShopOS. Insufficient validation of user input in the 2.php script allows remote attackers to include files located on the attacked server and thus execute a PHP code. It may result in sensitive...

PT-2014-82: Multiple Local File Inclusion Vulnerabilities in ShopOS

The specialists of the Positive Research center have detected multiple Local File Inclusion vulnerabilities in ShopOS. Insufficient validation of user input in the \en\lang.php script allows remote attackers to include files located on the attacked server and thus execute a PHP code. It may resul...

iScripts Multicart SQL Injection

Iscripts multicart Multiple vulnerabilities Author : i-Hmx [email protected] sec4ever.com - Vendor have been contacted since 2 years for more than 20 times and he don't give ashit @ all :/ I.Sql Injection Vulns /getProductOptionDetailsAjax.php For Table name Post productoptionid=i-Hmx'/!1337union...

iScripts AutoHoster PHP Code Injection Vulnerability

iScripts AutoHoster suffers from file disclosure, PHP code injection, file disclosure, and remote SQL injection vulnerabilities. ?php / + iScripts AutoHoster + Multiple vulnerabilities , PHP Code injection Exploit + Author : i-Hmx + email protected + sec4ever.com , 1337s.cc I.Sql Injection Vuln...

iScripts AutoHoster PHP Code Injection

?php / + iScripts AutoHoster + Multiple vulnerabilities , PHP Code injection Exploit + Author : i-Hmx + [email protected] + sec4ever.com , 1337s.cc I.Sql Injection Vuln /checktransferstatus.php Table name : submit=faris&cmbdomain=i-Hmx' /!1337union all select 0x6661726973,select distinct...

LiveZilla 'mobile/php/translation/index.php' 'g_language' Parameter Local File Inclusion

The version of LiveZilla installed on the remote web server fails to properly sanitize user-supplied input to the 'glanguage' parameter of the 'mobile/php/translation/index.php' script. A remote, unauthenticated attacker can exploit this issue to view arbitrary files or execute arbitrary PHP code...

Affiliate Network Pro 9.* PHP Code Injection Vulnerability

Affiliate Network Pro 9. To 9.3 infected with a PHP Code Injection This is private exploit. You can buy it at https://0day.today...

espcms Command Execution Vulnerability可getshell（鸡肋）

简要描述： RT 详细说明： 在后台getshell，略鸡肋 在/datacache/command.php文件 $CONFIG=Array //ICP备案 'icpbeian'='', //网站状态 'isclose'=0, //管理员Email 'adminemail'='[email protected]', //网站网址 'domain'='http://localhost/espcms/', //日志记录 'islog'=1, ………… 后台修改网站系统设置后可将代码写入command.php中 访问command.php并传参...

Discuz! 3.1 后台命令执行

简要描述： 路人甲报过的洞，只是发现了新的利用方法，随手写下 详细说明： 总的来说，就是利用计划任务来执行php代码的。实现过程如下： 测试版本：Discuz! X3.1 Release 20131122 1.全局 » 站点信息：网站第三方统计代码里面插入： 插入后，更新下缓存。 2. 门户 » HTML管理 » 设置： 设置 专题HTML存放目录:source/include/cron 3.门户 » 专题管理 » 列表 » 创建专题,新建一个专题： 专题标题,随便写，静态化名称：test ，附加内容 选上 站点尾部信息然后提交。 4. 开启刚才创建的专题，然后生成： 5.工具 » 计划...

phpBB3 Unified Convertor Framework PHP Code Injection

PhpBB3 Unified Convertor Framework suffers from a PHP Code Injection in installation path. By default it should be disabled but you can find open installation path's by dorking it or seeking for dir's. Title: phpBB3 Unified Convertor Framework PHP Code Injection Date: 12.12.13 Contact:...

CVE-2013-1349

Eval injection vulnerability in ajax.php in openSIS 4.5 through 5.2 allows remote attackers to execute arbitrary PHP code via the modname parameter...

Sql injection

Eval injection vulnerability in ajax.php in openSIS 4.5 through 5.2 allows remote attackers to execute arbitrary PHP code via the modname parameter...

CVE-2013-1349

Eval injection vulnerability in ajax.php in openSIS 4.5 through 5.2 allows remote attackers to execute arbitrary PHP code via the modname parameter...

CVE-2013-4446

The jsondecode function in plugins/contextreactionblock.inc in the Context module 6.x-2.x before 6.x-3.2 and 7.x-3.x before 7.x-3.0 for Drupal, when using a version of PHP that does not support the jsondecode function, allows remote attackers to execute arbitrary PHP code via unspecified vectors...

Design/Logic Flaw

The jsondecode function in plugins/contextreactionblock.inc in the Context module 6.x-2.x before 6.x-3.2 and 7.x-3.x before 7.x-3.0 for Drupal, when using a version of PHP that does not support the jsondecode function, allows remote attackers to execute arbitrary PHP code via unspecified vectors...

Eaton Network Shutdown Module 3.21 PHP Code Injection

Eaton Network Shutdown module versions 3.21 and below suffer from a remote PHP code injection vulnerability. This is a python exploit for a previously disclosed finding. !/usr/bin/env python Quick 'n' Dirty - Metasploit module didn't do it for me 2013 - Filip Waeytens - http://www.wsec.be Usage...

Eaton Network Shutdown Module 3.21 PHP Code Injection

!/usr/bin/env python Quick 'n' Dirty - Metasploit module didn't do it for me 2013 - Filip Waeytens - http://www.wsec.be Usage Example: $ python eaton.py 192.168.1.9 "net user" User accounts for \ ------------------------------------------------------------------------------- Guest LocalAdmin The...

Eaton Network Shutdown Module 3.21 - Remote PHP Code Injection

!/usr/bin/env python Quick 'n' Dirty - Metasploit module didn't do it for me 2013 - Filip Waeytens - http://www.wsec.be Usage Example: $ python eaton.py 192.168.1.9 "net user" User accounts for \ ------------------------------------------------------------------------------- Guest LocalAdmin The...

WordPress OptimizePress Theme File Upload

This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'uri' class Metasploit3 'WordPress OptimizePress Theme File Upload Vulnerability', 'Description' = %q This module exploits a vulnerability found...