CPCommerce 1.2.6 - URL Rewrite Input Variable Overwrite / Authentication Bypass

Author: girex Homepage: girex.altervista.org CMS: cpCommerce 1.2.6 Site: http://cpcommerce.cpradio.org/ Bug: URL Rewrite - Input variables overwrite PoC: Auth bypass - Shell upload Note: Works regardless php.ini settings Vendor informed: 23/11/08 cpCommerce 1.2.7 released: 30/11/08 Public advisor...

cpCommerce 1.2.6 (URL Rewrite) Input variable overwrite / Auth bypass

Exploit for unknown platform in category web applications ===================================================================== cpCommerce 1.2.6 URL Rewrite Input variable overwrite / Auth bypass ===================================================================== Author: girex CMS: cpCommerce...

Quicksilver Forums <= 1.4.2 RCE Exploit (windows only)

No description provided by source. Author: GiReX Homepage: girex.altervista.org Date: 24/11/2008 CMS: Quicksilver Forums = 1.4.2 Site: http://www.quicksilverforums.com/ Bug: Local File Inclusion Exploit: Remote Command Execution Note: Works with windows servers only Works regardless php.ini...

Quicksilver Forums <= 1.4.2 RCE Exploit (windows only)

Exploit for unknown platform in category web applications ====================================================== Quicksilver Forums get'lang' $lang = $this-get'lang'; if strstr$lang, '/' || !fileexists$path . 'languages/' . $lang . '.php' $lang = 'en'; include $path . 'languages/' . $lang . '.php...

netrisk2-sqlxss.txt

----------------------------------------------------------------- NetRisk javascript Remote SQL Injection index.php?p=profile&id=1+union+all+select+0,0,concatlogin,0x3a,password,0,0,0,0,0,0,0,0,0,0,0,0+from+netriskusers+where+id=1/...

vibrocms-sql.txt

/ ------------------------------------------------------- Vibro-CMS Multiple Remote SQL Injection Vulnerabilities ------------------------------------------------------- Discovered By StAkeRathotmaildotit http://www.niclor.net/prodotti/Vibro-CMS...

Vibro-CMS - Multiple SQL Injections

/ ------------------------------------------------------- Vibro-CMS Multiple Remote SQL Injection Vulnerabilities ------------------------------------------------------- Discovered By StAkeRathotmaildotit http://www.niclor.net/prodotti/Vibro-CMS...

NetRisk 2.0 - Cross-Site Scripting / SQL Injection

----------------------------------------------------------------- NetRisk javascript Remote SQL Injection index.php?p=profile&id=1+union+all+select+0,0,concatlogin,0x3a,password,0,0,0,0,0,0,0,0,0,0,0,0+from+netriskusers+where+id=1/...

webnews-sql.txt

HACKATTACK Advisory 20081016WEB//NEWS SQL Injection and Cookie Manipulation Details ======= Product: WEB//NEWS Security-Risk: high Remote-Exploit: yes Vendor-URL: http://www.stylemotion.de/ Vendor-Status: informed Advisory-Status: published Credits ============ Discovered by: David Vieira-Kurz...

Crux Gallery &lt;= 1.32 (index.php theme) Local File Inclusion Vulnerability

No description provided by source. +=========================================================+ +=========================================================+ ? Crux Gallery = 1.32 Local File Inclusion Vulnerability ? Discovered On: 01/10/2008 PHP.ini MagicQuotesGpc = Off...

Crux Gallery 1.32 - theme Local File Inclusion

Crux Gallery 1.32 - theme Local File Inclusion +=========================================================+ +=========================================================+ ? Crux Gallery Osirys and darkjoker 14. $m = $GET'm'; 15. $p = $GET'p'; 16. $dir = $GET'dir'; 17. requireonce"main.php"; 18...

Crux Gallery <= 1.32 (index.php theme) Local File Inclusion Vulnerability

Exploit for unknown platform in category web applications ========================================================================= Crux Gallery Osirys and darkjoker 14. $m = $GET'm'; 15. $p = $GET'p'; 16. $dir = $GET'dir'; 17. requireonce"main.php"; 18. requireonce"themes/".$theme."/theme.php";...

Crux Gallery 1.32 - &#039;theme&#039; Local File Inclusion

+=========================================================+ +=========================================================+ ? Crux Gallery Osirys and darkjoker 14. $m = $GET'm'; 15. $p = $GET'p'; 16. $dir = $GET'dir'; 17. requireonce"main.php"; 18. requireonce"themes/".$theme."/theme.php"; $theme isn...

cruxgallery-lfi.txt

+=========================================================+ +=========================================================+ ? Crux Gallery Osirys and darkjoker 14. $m = $GET'm'; 15. $p = $GET'p'; 16. $dir = $GET'dir'; 17. requireonce"main.php"; 18. requireonce"themes/".$theme."/theme.php"; $theme isn...

Pluck 4.5.3 (update.php) Remote File Corruption Exploit

Exploit for unknown platform in category web applications ======================================================= Pluck 4.5.3 update.php Remote File Corruption Exploit ======================================================= "; copy"data/title.dat", "data/settings/title.dat";...

Attachmax Dolphin &lt;= 2.1.0 Multiple Remote Vulnerabilities

No description provided by source. \ /\ \ / | \ \ | / \ // / | \ | \ \ Y / | \ / / \ /| /\ / / / / / .OR.ID ECHOADV101$2008 ----------------------------------------------------------------------------------------- ECHOADV101$2008 Attachmax Dolphin = 2.1.0 Multiple Vulnerability...

Attachmax Dolphin 2.1.0 - Multiple Vulnerabilities

Attachmax Dolphin 2.1.0 - Multiple Vulnerabilities \ /\ \ / | \ \ | / \ // / | \ | \ \ Y / | \ / / \ /| /\ / / / / / .OR.ID ECHOADV101$2008 ----------------------------------------------------------------------------------------- ECHOADV101$2008 Attachmax Dolphin = 2.1.0 Multiple...

Attachmax Dolphin <= 2.1.0 Multiple Remote Vulnerabilities

Exploit for unknown platform in category web applications ========================================================== Attachmax Dolphin = 2.1.0 Multiple Remote Vulnerabilities ==========================================================...

Attachmax Dolphin 2.1.0 - Multiple Vulnerabilities

\ /\ \ / | \ \ | / \ // / | \ | \ \ Y / | \ / / \ /| /\ / / / / / .OR.ID ECHOADV101$2008 ----------------------------------------------------------------------------------------- ECHOADV101$2008 Attachmax Dolphin = 2.1.0 Multiple Vulnerability...

[ECHO_ADV_100$2008] Comdev Web Blogger &lt;= 4.1.3 &#40;arcmonth&#41; Sql Injection Vulnerability

.OR.ID ECHOADV100$2008 ----------------------------------------------------------------------------------------- ECHOADV100$2008 Comdev Web Blogger = 4.1.3 arcmonth Sql Injection Vulnerability ----------------------------------------------------------------------------------------- Author :...