phpWebSite 0.8.2/0.8.3 - 'article.php?sid' SQL Injection

source: https://www.securityfocus.com/bid/17150/info phpWebSite is prone to multiple SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. A successful exploit could allow an attacker to...

phpWebSite 0.8.2/0.8.3 - 'friend.php?sid' SQL Injection

source: https://www.securityfocus.com/bid/17150/info phpWebSite is prone to multiple SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. A successful exploit could allow an attacker to...

phpWebsite <= SQL Injection (friend.php) & (article.php)

+phpWebsite +DaBDouB-MoSiKaR Moroccan Security Team +creetz to: Moroccan security TeamDr.E-vil,Dr.Erase,H0550N,ToM-le-Magicianfrance , ameeregypt, Esp!onLeRaVaGe, CiM TeaM, xMs3D0,|ucifer,B6,al-houda membersnabil,sn!per,Kasparovand all hackers musilm morocco and www.lezr.com +special 10x to: safa...

Sql injection

SQL injection vulnerability in topics.php in Appalachian State University phpWebSite 0.10.2 and earlier allows remote attackers to execute arbitrary SQL commands via the topic parameter...

CVE-2006-0973

SQL injection vulnerability in topics.php in Appalachian State University phpWebSite 0.10.2 and earlier allows remote attackers to execute arbitrary SQL commands via the topic parameter...

CVE-2006-0973

CVE-2006-0973 describes an SQL injection vulnerability in topics.php of the Appalachian State University phpWebSite project (version 0.10.2 and earlier). The underlying issue is that the topic parameter is used unsafely in SQL queries, allowing remote attackers to inject arbitrary SQL commands. T...

CVE-2006-0973

SQL injection vulnerability in topics.php in Appalachian State University phpWebSite 0.10.2 and earlier allows remote attackers to execute arbitrary SQL commands via the topic parameter...

phpWebSite <= 0.10.0-full (topics.php) Remote SQL Injection Exploit

No description provided by source. !/usr/bin/perl advisory sent in by SnIpErSA selfar2002athotmail.com http://www.target.com/topics.php?op=viewtopic&topic=-1%20Union%20select%20name,name,pass,name%20From%20users%20where%20uid=1 ported by str0ke milw0rm.com from x97Rangs code RST/GHC...

phpWebSite <= 0.10.0-full (topics.php) Remote SQL Injection Exploit

Exploit for unknown platform in category web applications =================================================================== phpWebSite = 0.10.0-full topics.php Remote SQL Injection Exploit =================================================================== !/usr/bin/perl advisory sent in by...

phpWebSite 0.10.0-full - topics.php SQL Injection

phpWebSite 0.10.0-full - topics.php SQL Injection !/usr/bin/perl advisory sent in by SnIpErSA selfar2002athotmail.com http://www.target.com/topics.php?op=viewtopic&topic=-1%20Union%20select%20name,name,pass,name%20From%20users%20where%20uid=1 ported by str0ke milw0rm.com from x97Rangs code RST/GH...

Ubuntu 4.10 / 5.04 : php4, php4-universe vulnerability (USN-147-1)

A remote code execution vulnerability has been discovered in the XMLRPC module of the PEAR PHP Extension and Application Repository extension of PHP. By sending specially crafted XMLRPC requests to an affected web server, a remote attacker could exploit this to execute arbitrary code with the web...

CVE-2005-4792

SQL injection vulnerability in index.php in Appalachian State University phpWebSite 0.10.1 and earlier allows remote attackers to execute arbitrary SQL commands via the module parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party...

CVE-2002-2178

Cross-site scripting XSS vulnerability in article.php module for phpWebSite 0.8.3 allows remote attackers to execute arbitrary Javascript script via the sid parameter, as demonstrated using an IMG tag...

CVE-2002-2178

CVE-2002-2178 is a cross-site scripting (XSS) vulnerability in the article.php module of phpWebSite 0.8.3. The issue allows remote attackers to execute arbitrary JavaScript by supplying a crafted sid parameter, demonstrated via an IMG tag. The available connected documents confirm the affected pr...

phpWebSite index.php Search Module SQL Injection

The remote host is running a version of phpWebSite that fails to sanitize user-supplied input to the 'module' parameter of the 'search' module before using it in database queries. An attacker may be able to exploit this issue to obtain sensitive information such as user names and password hashes ...

[Full-disclosure] Security Advisory: SQL injection in PhpWebSite &lt;= 0.10.1

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ======================================================================== phpWebSite Security Advisory [email protected] http://phpwebsite.appstate.edu Kevin Wilcox 12 October 2005...

phpWebSite <= 0.10.0 (module) SQL Injection Exploit

Exploit for unknown platform in category web applications =================================================== phpWebSite Search&\160;\w32/elseprint "... One of those days :\n"; sub showh print " User: $name\n"; print " H...

phpWebSite &lt;= 0.10.0 (module) SQL Injection Exploit

No description provided by source. !/usr/bin/perl use LWP::Simple; $serv = $ARGV0; $path = $ARGV1; $name = $ARGV2; sub usage print "\nUsage: $0 server path username \n"; print "sever - URL\n"; print "path - path to index.php\n"; print "username - name register user\n\n"; exit ; sub work print qq...

phpWebSite 0.10.0 - module SQL Injection

phpWebSite 0.10.0 - module SQL Injection !/usr/bin/perl use LWP::Simple; $serv = $ARGV0; $path = $ARGV1; $name = $ARGV2; sub usage print "\nUsage: $0 server path username \n"; print "sever - URL\n"; print "path - path to index.php\n"; print "username - name register user\n\n"; exit ; sub work pri...

phpWebSite 0.10.0 - &#039;module&#039; SQL Injection

!/usr/bin/perl use LWP::Simple; $serv = $ARGV0; $path = $ARGV1; $name = $ARGV2; sub usage print "\nUsage: $0 server path username \n"; print "sever - URL\n"; print "path - path to index.php\n"; print "username - name register user\n\n"; exit ; sub work print qq ---------------------------------...