98 matches found
Php-Stats <= 0.1.9.1b (php-stats-options.php) admin 2 exec() eExploit
Exploit for unknown platform in category web applications ===================================================================== Php-Stats = 0.1.9.1b php-stats-options.php admin 2 exec eExploit ===================================================================== ?php printr'...
Php-Stats <= 0.1.9.1b (ip) Remote SQL Injection Exploit
No description provided by source. ?php printr' --------------------------------------------------------------------------- Php-Stats = 0.1.9.1b "ip" urldecode/ ereg / sql injection / cleat text admin pass disclosure exploit method ii by rgod mail: retrog at alice dot it site:...
PHP-Stats 0.1.9.1b - PHP-stats-options.php Command Execution
PHP-Stats 0.1.9.1b - PHP-stats-options.php Command Execution ?php printr' --------------------------------------------------------------------------- Php-Stats = 0.1.9.1b admin 2 exec exploit by rgod mail: retrog at alice dot it site: http://retrogod.altervista.org dork example:...
Php-Stats <= 0.1.9.1b (PC-REMOTE-ADDR) SQL Injection Exploit
No description provided by source. ?php printr' --------------------------------------------------------------------------- Php-Stats = 0.1.9.1b PC-REMOTE-ADDR sql injection / cleat text admin pass disclosure by rgod mail: retrog at alice dot it site: http://retrogod.altervista.org...
PHP-Stats 0.1.9.1b - 'PHP-stats-options.php' Command Execution
126...
PHP-Stats 0.1.9.1b - ip SQL Injection
PHP-Stats 0.1.9.1b - ip SQL Injection 126 $result.=" ."; else $result.=" ".$string$i; if strlendechexord$string$i==2 $exa.=" ".dechexord$string$i; else $exa.=" 0".dechexord$string$i; $cont++;if $cont==15 $cont=0; $result.="\r\n"; $exa.="\r\n"; return $exa."\r\n".$result; $proxyregex =...
PHP-Stats 0.1.9.1b - 'ip' SQL Injection
126 $result.=" ."; else $result.=" ".$string$i; if strlendechexord$string$i==2 $exa.=" ".dechexord$string$i; else $exa.=" 0".dechexord$string$i; $cont++;if $cont==15 $cont=0; $result.="\r\n"; $exa.="\r\n"; return $exa."\r\n".$result; $proxyregex = '\b\d1,3.\d...
phpStats 0.1.9 - Multiple SQL Injections
phpStats 0.1.9 - Multiple SQL Injections source: https://www.securityfocus.com/bid/23003/info Php-Stats is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an...
PHP-Stats 0.1.9.1b - PC-REMOTE-ADDR SQL Injection
PHP-Stats 0.1.9.1b - PC-REMOTE-ADDR SQL Injection 126 $result.=" ."; else $result.=" ".$string$i; if strlendechexord$string$i==2 $exa.=" ".dechexord$string$i; else $exa.=" 0".dechexord$string$i; $cont++;if $cont==15 $cont=0; $result.="\r\n"; $exa.="\r\n"; return $exa."\r\n".$result; $proxyregex =...
PHP-Stats 0.1.9.1b - 'PC-REMOTE-ADDR' SQL Injection
126 $result.=" ."; else $result.=" ".$string$i; if strlendechexord$string$i==2 $exa.=" ".dechexord$string$i; else $exa.=" 0".dechexord$string$i; $cont++;if $cont==15 $cont=0; $result.="\r\n"; $exa.="\r\n"; return $exa."\r\n".$result; $proxyregex = '\b\d1,3.\d1,3.\d1,3.\d1,3:\d1,5...
Php-Stats <= 0.1.9.1b (PC-REMOTE-ADDR) SQL Injection Exploit
No description provided by source. ?php printr' --------------------------------------------------------------------------- Php-Stats = 0.1.9.1b PC-REMOTE-ADDR sql injection / cleat text admin pass disclosure by rgod mail: retrog at alice dot it site: http://retrogod.altervista.org...
phpStats 0.1.9 - Multiple SQL Injections
source: https://www.securityfocus.com/bid/23003/info Php-Stats is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker to compromise the application,...
Php-Stats <= 0.1.9.1b (ip) Remote SQL Injection Exploit
Exploit for unknown platform in category web applications ======================================================= Php-Stats 126 $result.=" ."; else $result.=" ".$string$i; if strlendechexord$string$i==2 $exa.=" ".dechexord$string$i; else $exa.=" 0...
Php-Stats <= 0.1.9.1b (PC-REMOTE-ADDR) SQL Injection Exploit
Exploit for unknown platform in category web applications ============================================================ Php-Stats 126 $result.=" ."; else $result.=" ".$string$i; if strlendechexord$string$i==2 $exa.=" ".dechexord$string$i; else $exa.=" 0".dechexord$str...
Directory traversal
Multiple directory traversal vulnerabilities in PHP-Stats 0.1.9.1 and earlier allow remote attackers to read and possibly execute arbitrary files via a .. dot dot in the 1 optionlanguage and 2 optiontemplate parameters, and 3 possibly other parameters, to a admin.php and b other unspecified...
Authentication flaw
admin.php in PHP-Stats 0.1.9.1 and earlier allows remote attackers to bypass authentication, gain administrator privileges, and execute arbitrary PHP code by modifying the optionadminpass parameter and setting the passcookie to the MD5 hash of the specified password...
CVE-2006-1087
Direct static code injection vulnerability in the modifyconfig action in admin.php for PHP-Stats 0.1.9.1 and earlier allows remote authenticated administrators to execute arbitrary PHP code via the optionnewcompatibilitymode parameter, which is not filtered before being stored in config.php. NOTE...
Sql injection
Multiple SQL injection vulnerabilities in PHP-Stats 0.1.9.1 and earlier allow remote attackers to execute arbitrary SQL commands via 1 the optionprefix parameter in admin.php and other unspecified PHP scripts, and 2 the PCREMOTEADDR HTTP header to click.php...
CVE-2006-1088
PHP-Stats 0.1.9.1 and earlier allows remote attackers to obtain potentially sensitive information via a direct request to checktables.php, which lists the database tableprefix...
CVE-2006-1085
admin.php in PHP-Stats 0.1.9.1 and earlier allows remote attackers to bypass authentication, gain administrator privileges, and execute arbitrary PHP code by modifying the optionadminpass parameter and setting the passcookie to the MD5 hash of the specified password...