SQLiteManager 1.2.4 - Remote PHP Code Injection

!/usr/bin/env python ''' Description: =============================================================== Exploit Title: SQLiteManager 0Day Remote PHP Code Injection Vulnerability Google Dork: intitle:SQLiteManager inurl:sqlite/ Date: 23/01/2013 Exploit Author: RealGame Vendor Homepage:...

phpliteadmin <= 1.9.3 Remote PHP Code Injection Vulnerability

PHP Lite Admin versions 1.9.3 and below suffer from a PHP code injection vulnerability. Exploit Title: phpliteadmin phpliteadmin.php1785: 'When you create a new database, the name you entered will be appended with the appropriate file extension .db, .db3, .sqlite, etc. if you do not include it...

WordPress Uploader 1.0.4 Shell Upload

1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 + Site : 1337day.com 0 1 + Support e-mail :...

Wordpress Themes moneymasters Arbitrary File Upload Vulnerability

Exploit for php platform in category web applications Author = Fayzoun Facebook = http://fb.me/fayzoun.no.love Facebook page = http://fb.me/fayzoun.AO Google Dork = inurl:/wp-content/themes/moneymasters Mail : email protected / email protected Exploit: "@$uploadfile",...

IceWarp Webmail raw.php Information Disclosure

The version of IceWarp installed on the remote host is affected by an information disclosure vulnerability. A remote, unauthenticated attacker may be able to view PHP configuration information via the phpinfo function by requesting the webmail/pda/controller/raw.php script. %NASLMINLEVEL 70300 C...

PHP create_function injection command execution vulnerability-vulnerability warning-the black bar safety net

In PHP use createfunctionto create an anonymous function, if not strictly to the parameters passed to the filter, the attacker can construct a special string passed to createfunctionto execute arbitrary commands. In the following code as an example: ? php //how to exp this code...

Wordpress Themes- vithy Arbitrary File Upload Vulnerability

Exploit for php platform in category web applications ------------------------------------------------------------------------------- Wordpress Themes- vithy Arbitrary File Upload Vulnerability -------------------------------------------------------------------------------- Author = Zikou-16...

ecshop csrf getshell

简要描述： 吐槽下ecshop后台安全性真的太弱了。。前台组合xss来猥琐的让管理员后台getshell 详细说明： 0x0 后台getshell 在includes/clstemplate.php fetch函数 / 处理模板文件 @access public @param string $filename @param sting $cacheid @return sring / function fetch$filename, $cacheid = '' if !$this-seterror errorreportingEALL ^ ENOTICE; $this-seterror+...

shopex front Desk ordinary users getshell vulnerabilities-vulnerability warning-the black bar safety net

Use method: First: Think of a way to find the target site's absolute path http://www.test.com/install/svinfo.php?phpinfo=true http://www.test.com/core/api/shopapi.php http://www.test.com/core/api/site/2.0/apib2b20cat.php http://www.test.com/core/api/site/2.0/apib2b20goodstype.php...

53KF企业在线平台LFI一枚

简要描述： http://chat.53kf.com/ LFI一枚 配合 http://chat.53kf.com/test.php 的phpinfo信息...导致xxoo.. 详细说明： http://chat.53kf.com/login.php/ 修改请求 Cookie: customerservicelanguage=..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd%00 结果： 加上phpinfo提供的信息： 未经授权....不进一步了。。 漏洞证明：...

LuxCal 2.7.0 XSS / LFI / Information Disclosure

Exploit for php platform in category web applications Exploit Title: LuxCal v2.7.0 Multiple Remote Vulnerabilities Date: 17/09/2012 Author: L0n3ly-H34rT Contact: email protected My Site: http://se3c.blogspot.com/ Vendor Link: http://www.luxsoft.eu/ Software Link:...

LuxCal 2.7.0 XSS / LFI / Information Disclosure

Exploit Title: LuxCal v2.7.0 Multiple Remote Vulnerabilities Date: 17/09/2012 Author: L0n3ly-H34rT Contact: [email protected] My Site: http://se3c.blogspot.com/ Vendor Link: http://www.luxsoft.eu/ Software Link: http://www.luxsoft.eu/dloader.php?file=luxcal270.zip Version: 2.7.0 Tested on:...

luxcal 2.7.0 - Multiple Vulnerabilities

Exploit Title: LuxCal v2.7.0 Multiple Remote Vulnerabilities Date: 17/09/2012 Author: L0n3ly-H34rT Contact: [email protected] My Site: http://se3c.blogspot.com/ Vendor Link: http://www.luxsoft.eu/ Software Link: http://www.luxsoft.eu/dloader.php?file=luxcal270.zip Version: 2.7.0 Tested on:...

luxcal 2.7.0 - Multiple Vulnerabilities

luxcal 2.7.0 - Multiple Vulnerabilities Exploit Title: LuxCal v2.7.0 Multiple Remote Vulnerabilities Date: 17/09/2012 Author: L0n3ly-H34rT Contact: [email protected] My Site: http://se3c.blogspot.com/ Vendor Link: http://www.luxsoft.eu/ Software Link:...

PHP source code in the unserialize function throws a vulnerability analysis-vulnerability warning-the black bar safety net

0×0 1 unserialize function concept First look at the official given explanation: unserialize on single serialized variable operation, convert back to PHP values. The return is after the conversion the value can be integer, float, string, array or object. If the passed string cannot be serialized,...

CVE-2011-5144

Open Business Management OBM 2.4.0-rc13 and earlier allows remote attackers to obtain configuration information via a direct request to test.php, which calls the phpinfo function...

CVE-2011-5144

Open Business Management OBM 2.4.0-rc13 and earlier allows remote attackers to obtain configuration information via a direct request to test.php, which calls the phpinfo function...

CVE-2011-5144

Open Business Management OBM 2.4.0-rc13 and earlier allows remote attackers to obtain configuration information via a direct request to test.php, which calls the phpinfo function...

CVE-2011-5144

Open Business Management (OBM) server vulnerability CVE-2011-5144 affects OBM 2.4.0-rc13 and earlier. A direct request to test.php triggers phpinfo(), allowing remote attackers to obtain configuration information, i.e., partial disclosure of sensitive data. This is a server-side information discl...

XdCMS takeaway, food ordering, corporate website system multiple vulnerabilities and fixes-vulnerability warning-the black bar safety net

Vulnerability file: System/modeules/member/login.php ifempty$COOKIE'memberuser'||empty$COOKIE'memberuserid' //only judge the Cookie exists 漏洞 文件 :www.xxx.com system/libs/base.class.php if empty$COOKIE'memberuser'|| empty$COOKIE'memberuserid' //only the judgment of the Cookies...