30 matches found
Vibro-CMS - Multiple SQL Injections
/ ------------------------------------------------------- Vibro-CMS Multiple Remote SQL Injection Vulnerabilities ------------------------------------------------------- Discovered By StAkeRathotmaildotit http://www.niclor.net/prodotti/Vibro-CMS...
Journalness <= 4.1 (last_module) Remote Code Execution exploit
Exploit for unknown platform in category web applications ============================================================== Journalness ; if$target ! /^http:/// $target = "http://".$target; if$target ! //$/ $target .= "/"; print "PHP code to evaluate? "; chomp$code=; $code = s/|new; $ua-timeout10;...
PHP 5.x COM - Safe Mode disable_functions Bypass
PHP 5.x COM - Safe Mode disablefunctions Bypass sounds good //The windows version of PHP has built in support for this extension. You do not need to //load any additional extension in order to use these functions. //You are responsible for installing support for the various COM objects that you...
PHP 5.2.4 ionCube extension safe_mode / disable_functions Bypass
Exploit for unknown platform in category local exploits ================================================================ PHP 5.2.4 ionCube extension safemode / disablefunctions Bypass ================================================================ ionCub...
PHP 5.2.4 ionCube - ioncube_read_file Safe Mode disable_functions Bypass
PHP 5.2.4 ionCube - ioncubereadfile Safe Mode disablefunctions Bypass ionCube output:"; echo $MyBootioncube; ? milw0rm.com 2007-10-11...
GuppY 4.5.16 - Remote Command Execution
126 $result.=" ."; else $result.=" ".$string$i; if strlendechexord$string$i==2 $exa.=" ".dechexord$string$i; else $exa.=" 0".dechexord$string$i; $cont++;if $cont==15 $cont=0; $result.="\r\n"; $ex...
sNews <= 1.5.30 Remote Reset Admin Pass / Command Exec Exploit
No description provided by source. ?php printr' --------------------------------------------------------------------------- sNews = 1.5.30 unauthorized access / reset admin pass / cmd exec exploit by rgod dork: "Barbecued by sNews" mail: retrog at alice dot it site: http://retrogod.altervista.org...
PHP-Update 2.7 - extract() Authentication Bypass Shell Injection
PHP-Update 2.7 - extract Authentication Bypass Shell Injection 126 $result.=" ."; else $result.=" ".$string$i; if strlendechexord$string$i==2 $exa.=" ".dechexord$string$i; else $exa.=" 0".dechexord$string$i; $cont+...
cpg_143_incl_xpl
this works regardless of any php.ini settings, you need a normal user account with upload rights in personal albums and at least one album usage: launch from Apache, fill in requested fields, then go! Sun-Tzu: "The direct and the indirect lead on to each other in turn. It is like moving in a...
malicious PHP source injection
JCC Security Advisory June 15, 2002 malicious PHP source injection Description Zeroboard is one of popular PHP web boards in Korea. When allowurlfopen = On and registerglobals = On in php.ini, Zeroboard has vulnerability because head.php contains dangerous codes. So an attacker can include any...