2176 matches found
phpBB多个跨站脚本执行漏洞 Exploit
No description provided by source. Janek Vind ([email protected])提供了如下测试方法: B1 - XSS in "index.php": http://localhost/phpbb208/index.php?categoryrows0catid=1 &categoryrows0cattitle=waraxescriptalertdocument.cookie;/script &categoryrows0catorder=99 B2 - XSS in "language\langenglish\langfaq.php...
phpBBHTTP应答分割攻击及跨站脚本执行漏洞 Exploit
No description provided by source. Ory Segal ([email protected])提供了如下测试方法: 跨站脚本攻击: http://SERVER/phpBB2/search.php?searchauthor='scriptalertdocument.cookie/script HTTP应答分割 REQUEST POST /phpBB2/login.php HTTP/1.0 Host: SERVER User-Agent: Mozilla/4.7 en WinNT; I Accept-Encoding: gzip...
CVE-2006-6216
SQL injection vulnerability in adminhackslist.php in the Nivisec Hacks List 1.21 and earlier phpBB module allows remote attackers to execute arbitrary SQL commands via the hackid parameter...
CVE-2006-6216
CVE-2006-6216 describes an SQL injection in admin_hacks_list.php within the Nivisec Hacks List 1.21 and earlier phpBB module. The vulnerability permits remote attackers to execute arbitrary SQL commands via the hack_id parameter. Affected software/component: Nivisec Hacks List (PHPBB module) vers...
Admin Hacks List v1.20 Remote SQL Injection Vulnerability
Admin Hacks List v1.20 Remote SQL Injection Vulnerability Download: http://www.nivisec.com Found By: the master exploit:...
Hacks List phpBB Mod <= 1.21 Remote SQL Injection Vulnerability
No description provided by source. Admin Hacks List v1.20 Remote SQL Injection Vulnerability Download: http://www.nivisec.com Found By: the master exploit:...
Hacks List phpBB Mod <= 1.21 Remote SQL Injection Vulnerability
Exploit for unknown platform in category web applications =============================================================== Hacks List phpBB Mod = 1.21 Remote SQL Injection Vulnerability =============================================================== Admin Hacks List v1.20 Remote SQL Injection...
Hacks List phpBB Mod 1.21 - SQL Injection
Admin Hacks List v1.20 Remote SQL Injection Vulnerability Download: http://www.nivisec.com Found By: the master exploit:...
Hacks List phpBB Mod 1.21 - SQL Injection
Hacks List phpBB Mod 1.21 - SQL Injection Admin Hacks List v1.20 Remote SQL Injection Vulnerability Download: http://www.nivisec.com Found By: the master exploit:...
PhpBB Module Dimension Remote File Include
=============================================================================== =Bug was found in the part of phpBB = =Dork : "Powered by Dimension" = =Expl : includes/functions.php?phpbbrootpath= = =Source Code : http://www.xs4all.nl/hkicken/plusxl20/phpbb2plusxl20272.zip = =Found by : Rendy &...
PhpBB Module Dimension Remote File Include
=============================================================================== =Bug was found in the part of phpBB = =Dork : "Powered by Dimension" = =Expl : includes/functions.php?phpbbrootpath= = =Source Code : http://www.xs4all.nl/hkicken/plusxl20/phpbb2plusxl20272.zip = =Found by : Rendy &...
All Topics phpBB模块SQL注入漏洞
All Topics是phpBB中的一个模块,允许用户在一个页面中显示所有的主题,或选择论坛主题。 远程攻击者可以利用All Topics模块中的SQL注入漏洞在论坛中执行任意代码。 Peter Nijssen All Topics 1.5 目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本: http://www.phpbbhacks.com/download/2821 http://www.example.com/alltopics.php?mode=order=ASCstart=malicious SQL...
phpBB XS bb_usage_stats.php远程文件包含漏洞
phpBB XS是一款基于PHP的论坛程序。 phpBB XS在处理用户请求时存在输入验证漏洞,远程攻击者可能利用此漏洞在服务器上以Web进程权限执行任意命令。 phpBB XS的bbusagestats/includes/bbusagestats.php脚本没有正确验证phpbbrootpath参数的输入数据,允许攻击者通过包含本地或外部资源的任意文件导致执行任意代码。成功攻击要求打开了registerglobals。bbusagestats.php中漏洞代码如下: line 24 include$phpbbrootpath...
CVE-2006-5665
PHP remote file inclusion vulnerability in admin/modulesdata.php in the phpBB module Spider Friendly 1.3.10 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbbrootpath parameter...
EUVD-2006-5650
PHP remote file inclusion vulnerability in admin/modulesdata.php in the phpBB module Spider Friendly 1.3.10 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbbrootpath parameter...
CVE-2006-5665
PHP remote file inclusion vulnerability in admin/modulesdata.php in the phpBB module Spider Friendly 1.3.10 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbbrootpath parameter...
CVE-2006-5665
This CVE concerns a PHP remote file inclusion in the phpBB module Spider Friendly 1.3.10 and earlier. The vulnerability is in admin/modules_data.php, where an attacker can cause arbitrary PHP code execution by supplying a URL in the phpbb_root_path parameter. Affected software is the Spider Frien...
Advanced Guestbook 2.3.1 - admin.php Remote File Inclusion
Advanced Guestbook 2.3.1 - admin.php Remote File Inclusion source: https://www.securityfocus.com/bid/20902/info Advanced GuestBook for phpBB is prone to a remote file-include vulnerability because the application fails to properly sanitize user-supplied input. An attacker can exploit this issue t...
phpBB User Viewed Posts Tracker模块phpbb_root_path变量远程文件包含漏洞
phpBB是一种用PHP语言实现的基于Web的开放源码论坛程序,使用较为广泛。它支持多种数据库作为后端,如Oracle、MSSQL、MySql、PostGres等等。 phpBB的User Viewed Posts Tracker模块在处理用户请求时存在输入验证漏洞,远程攻击者可能利用此漏洞在服务器上以Web进程权限执行任意命令。 phpBB的User Viewed Posts Tracker模块没有正确地验证phpbbrootpath参数的输入,允许攻击者通过包含本地或外部资源的任意文件导致执行任意PHP代码。漏洞代码如下: includeonce$phpbbrootpath...
CVE-2006-5610
PHP remote file inclusion vulnerability in player/includes/common.php in Teake Nutma Foing, as modified in Fully Modded phpBB phpbbfm 2021.4.40, allows remote attackers to execute arbitrary PHP code via a URL in the phpbbrootpath parameter...