191 matches found
phpmychat_015dev_xpl
!/usr/bin/php -q -d shortopentag=on works with magicquotesgpc=Off\r\n\r\n"; echo "dork: intext:"2000-2001 The phpHeaven Team" -sourceforge\r\n\r\n"; if $argc4 echo "Usage: php ".$argv0." host path cmd OPTIONS\r\n"; echo "host: target server ip/hostname\r\n"; echo "path: path to PHPMyChat\r\n";...
phpMyChat 0.15.0dev - SYS enter Remote Code Execution
!/usr/bin/php -q -d shortopentag=on works with magicquotesgpc=Off\r\n\r\n"; echo "dork: intext:"2000-2001 The phpHeaven Team" -sourceforge\r\n\r\n"; if $argc4 echo "Usage: php ".$argv0." host path cmd OPTIONS\r\n"; echo "host: target server ip/hostname\r\n"; echo "path: path to PHPMyChat\r\n";...
phpMyChat 0.15.0dev (SYS enter) Remote Code Execution Exploit
Exploit for unknown platform in category web applications ============================================================= phpMyChat 0.15.0dev SYS enter Remote Code Execution Exploit ============================================================= !/usr/bin/php -q -d shortopentag=on works with...
phpmychat_0145_xpl
!/usr/bin/php -q -d shortopentag=on query"INSERT INTO ".CMSGTBL." VALUES $T, '$R', 'SYS exit', '', ".time.", '', 'sprintfLEXITROM, "".specialchar$U,$Latin1,1.""'"; $kicked = 3; ... have a look to "T" argument, it is not sanitized before to be used in our INSERT query, so we can inject all the...
phpMyChat 0.15.0dev - SYS enter Remote Code Execution
phpMyChat 0.15.0dev - SYS enter Remote Code Execution !/usr/bin/php -q -d shortopentag=on works with magicquotesgpc=Off\r\n\r\n"; echo "dork: intext:"2000-2001 The phpHeaven Team" -sourceforge\r\n\r\n"; if $argc4 echo "Usage: php ".$argv0." host path cmd OPTIONS\r\n"; echo "host: target server...
phpMyChat 0.14.5 - SYS enter Remote Code Execution
!/usr/bin/php -q -d shortopentag=on query"INSERT INTO ".CMSGTBL." VALUES $T, '$R', 'SYS exit', '', ".time.", '', 'sprintfLEXITROM, "".specialchar$U,$Latin1,1.""'"; $kicked = 3; ... have a look to "T" argument, it is not sanitized before to be used in our INSERT query, so we can inject all the...
phpMyChat 0.14.5 - SYS enter Remote Code Execution
phpMyChat 0.14.5 - SYS enter Remote Code Execution !/usr/bin/php -q -d shortopentag=on query"INSERT INTO ".CMSGTBL." VALUES $T, '$R', 'SYS exit', '', ".time.", '', 'sprintfLEXITROM, "".specialchar$U,$Latin1,1.""'"; $kicked = 3; ... have a look to "T" argument, it is not sanitized before to be...
phpMyChat <= 0.14.5 (SYS enter) Remote Code Execution Exploit
Exploit for unknown platform in category web applications ============================================================= phpMyChat query"INSERT INTO ".CMSGTBL." VALUES $T, '$R', 'SYS exit', '', ".time.", '', 'sprintfLEXITROM, "".specialchar$U,$Latin1,1.""'"; $kicked = 3; ... have a look to "T"...
phpMyChat <= 0.14.5 (SYS enter) Remote Code Execution Exploit
No description provided by source. !/usr/bin/php -q -d shortopentag=on ? echo "PHPMyChat = 0.14.5 "SYS enter" remote cmmnds xctn 0day\r\n"; echo "by rgod [email protected]\r\n"; echo "site: http://retrogod.altervista.org\r\n\r\n"; echo "dork: intext:"2000-2001 The phpHeaven Team"...
[Full-disclosure] PHPMyChat Authentication Bypass
PHPMyChat Authentication Bypass ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ I won't have bothered to post this silly flaw but after seeing the google search result for inurl:phpMyChat.php3 , I thought it would be good idea to keep people informed. I. BACKGROUND phpMyChat is an easy-to-install, easy-to-use...
CVE-2005-3991
Multiple cross-site scripting XSS vulnerabilities in phpMyChat 0.14.6 allow remote attackers to inject arbitrary web script or HTML via the medium parameter to 1 startpage.css.php and 2 style.css.php; or the From parameter to userspopupL.php...
CVE-2005-3991
PHPMyChat 0.14.6 is affected by multiple XSS vulnerabilities. Attackers can inject arbitrary script/HTML via the medium parameter to start_page.css.php and style.css.php, or the From parameter to users_popupL.php. The root cause is lack of input sanitization in these parameters. Impact is remote ...
CVE-2005-3991
Multiple cross-site scripting XSS vulnerabilities in phpMyChat 0.14.6 allow remote attackers to inject arbitrary web script or HTML via the medium parameter to 1 startpage.css.php and 2 style.css.php; or the From parameter to userspopupL.php...
phpMyChat Multiple XSS vulnerabilities.
phpMyChat Multiple XSS vulnerabilities. I. BACKGROUND phpMyChat is an easy-to-install, easy-to-use multi-room chat based on PHP and a database, supporting MySQL, PostgreSQL, and ODBC. II. DESCRIPTION phpMyChat 0.14.6 startpage.css.php, style.css.php, userspopupL.php are prone to Cross-site...
phpMyChat0146.txt
phpMyChat Multiple XSS vulnerabilities. I. BACKGROUND phpMyChat is an easy-to-install, easy-to-use multi-room chat based on PHP and a database, supporting MySQL, PostgreSQL, and ODBC. II. DESCRIPTION phpMyChat 0.14.6 startpage.css.php, style.css.php, userspopupL.php are prone to Cross-site...
PHPMyChat 0.14.6 - start_page.css.php?medium Cross-Site Scripting
PHPMyChat 0.14.6 - startpage.css.php?medium Cross-Site Scripting source: https://www.securityfocus.com/bid/15679/info phpMyChat is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input. An attacker may leverage these issues t...
PHPMyChat 0.14.6 - users_popupL.php?From Cross-Site Scripting
PHPMyChat 0.14.6 - userspopupL.php?From Cross-Site Scripting source: https://www.securityfocus.com/bid/15679/info phpMyChat is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input. An attacker may leverage these issues to...
PHPMyChat 0.14.6 - style.css.php?medium Cross-Site Scripting
PHPMyChat 0.14.6 - style.css.php?medium Cross-Site Scripting source: https://www.securityfocus.com/bid/15679/info phpMyChat is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input. An attacker may leverage these issues to...
PHPMyChat 0.14.6 - 'users_popupL.php?From' Cross-Site Scripting
source: https://www.securityfocus.com/bid/15679/info phpMyChat is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting...
PHPMyChat 0.14.6 - 'start_page.css.php?medium' Cross-Site Scripting
source: https://www.securityfocus.com/bid/15679/info phpMyChat is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting...