phPay <= 2.02 (nu_mail.inc.php) Remote mail() Injection Exploit

No description provided by source. !/usr/bin/perl Script: phPay v2.02 http://phpay.de/ Vuln File: numail.inc.php Exploit & Advisory: beford xbefordx gmail com Vulnerability: mail Injection Vuln Code: ?php if ereg"numail.inc.php", $SCRIPTNAME header"Location:./index.html"; elseif...

CVE-2006-4210

CVE-2006-4210 describes a vulnerability in nu_mail.inc.php of Andreas Kansok’s phPay 2.02/2.02.1 where, if register_globals is enabled, a remote attacker can abuse the server as an open mail relay via manipulated parameters (mail_text2, user_row[5], nu_mail_1, shop_mail). The root cause is improp...

CVE-2006-4210

numail.inc.php in Andreas Kansok phPay 2.02 and 2.02.1, when registerglobals is enabled, allows remote attackers to use the server as an open mail relay via modified mailtext2, userrow5, numail1, and shopmail parameters. NOTE: some of these details are obtained from third party information...

[SA21454] phPay Open Mail Relay Vulnerability

---------------------------------------------------------------------- Hardcore Disassembler / Reverse Engineer Wanted! Want to work with IDA and BinDiff? Want to write PoC's and Exploits? Your nationality is not important. We will get you a work permit, find an apartment, and offer a relocation...

PHPay 2.02 - nu_mail.inc.php?mail() Remote Injection

PHPay 2.02 - numail.inc.php?mail Remote Injection !/usr/bin/perl Script: phPay v2.02 http://phpay.de/ Vuln File: numail.inc.php Exploit & Advisory: beford Vulnerability: mail Injection Vuln Code: \n"; if scalar@ARGV headers\n"; print "\t : orly\n"; print "\t : folder where phpay is installed...

phPay <= 2.02 (nu_mail.inc.php) Remote mail() Injection Exploit

Exploit for unknown platform in category web applications =============================================================== phPay \n"; if scalar@ARGV headers\n"; print "\t : orly\n"; print "\t : folder where phpay is installed /phpay/ /phpayv2.02/ ..\n"; print "\t : duh\n"; print "\theaders :...

PHPay 2.02 - &#039;nu_mail.inc.php?mail()&#039; Remote Injection

!/usr/bin/perl Script: phPay v2.02 http://phpay.de/ Vuln File: numail.inc.php Exploit & Advisory: beford Vulnerability: mail Injection Vuln Code: \n"; if scalar@ARGV headers\n"; print "\t : orly\n"; print "\t : folder where phpay is installed /phpay/ /phpayv2.02/ ..\n"; print "\t : duh\n"; print...

phPay admin/phpinfo.php Information Disclosure

The remote host is running phPay, an online shop management system. This package contains multiple information leakages that could allow an attacker to obtain the physical path of the installation on the remote host or even the exact version of the components used by the remote host by using the...

[ARL03-A16] Multiple Security Issues in phPay

+/---------------- ALPER Research Labs ------/--------/+ +/---------------- Security Advisory -----/---------/+ +/---------------- ID: ARL03-A16 ----/----------/+ +/---------------- [email protected] ---/-----------/+ Advisory Information -------------------- Name : Multiple Security Issues in...

PHPay 2.2 - Multiple Full Path Disclosure Vulnerabilities

PHPay 2.2 - Multiple Full Path Disclosure Vulnerabilities source: https://www.securityfocus.com/bid/7309/info phPay has been reported prone to multiple path disclosure vulnerabilities. It has been reported that when specially crafted requests are made for many phPay pages and include files, an...

PHPay 2.2 - Cross-Site Scripting

PHPay 2.2 - Cross-Site Scripting source: https://www.securityfocus.com/bid/7310/info It has been reported that user-supplied input to phPay is not sufficiently sanitized. This lack of sanitization provides an opportunity for an attacker to launch cross-site scripting attacks. It is possible for a...

PHPay 2.2 - Cross-Site Scripting

source: https://www.securityfocus.com/bid/7310/info It has been reported that user-supplied input to phPay is not sufficiently sanitized. This lack of sanitization provides an opportunity for an attacker to launch cross-site scripting attacks. It is possible for a remote attacker to create a...

PHPay 2.2 - Multiple Full Path Disclosure Vulnerabilities

source: https://www.securityfocus.com/bid/7309/info phPay has been reported prone to multiple path disclosure vulnerabilities. It has been reported that when specially crafted requests are made for many phPay pages and include files, an error condition may be triggered. The resulting error messag...