LimeSurvey (PHPSurveyor 1.91+ stable) - Blind SQL Injection

Exploit Title: LimeSurvey Blind SQL injection Date: 20/02/2012 Author: TorTukiTu - OpenSphere Version: 1.91+ build 11804 Tested on: php ckeprotectedCckeprotectedC ------------------------------------------------------------------------- TorTukiTu - Killing Tortoise ,-"""-. oo./ / \ /\ /// \...

LimeSurvey (PHPSurveyor 1.91+ stable) - Blind SQL Injection

LimeSurvey PHPSurveyor 1.91+ stable - Blind SQL Injection Exploit Title: LimeSurvey Blind SQL injection Date: 20/02/2012 Author: TorTukiTu - OpenSphere Version: 1.91+ build 11804 Tested on: php ckeprotectedCckeprotectedC -------------------------------------------------------------------------...

Cкрипт для работы со слепыми инъекциями

Скрипт для работы со слепыми инъекциями. Наверное аналогов очень много, но этот скрипт заточен под слепые инъекции, а так же я постарался включить в него все возможные функции к примеру работа с informationschema очень полезно если версия БД = 5 или вывод файла что будет применимо если версия БД ...

Scripts Feed Business Directory SQL Injection

============================================================================== Scripts Feed Business Directory SQL Injection Vulnerability ============================================================================== + My home http://hack-tech.com + Date Submitted: February 27 2010 + Founder: Cr...

Scripts Feed Business Directory - SQL Injection

Scripts Feed Business Directory - SQL Injection ============================================================================== Scripts Feed Business Directory SQL Injection Vulnerability ============================================================================== + My home http://hack-tech.com ...

sebraccms-sql.txt

Name: SebracCMS Webiste: http://www.sebrac.netsons.org/cms/ Vulnerability type: SQL Injection Author: shinmai, 2008-06-28 Description: SebracCMS contains two major SQL injection vulnerabilities: Unsanitazed POST-variables in SQL queries when logging users in. This allows login access without prop...

SebracCMS 0.4 - Multiple SQL Injections

SebracCMS 0.4 - Multiple SQL Injections Name: SebracCMS Webiste: http://www.sebrac.netsons.org/cms/ Vulnerability type: SQL Injection Author: shinmai, 2008-06-28 Description: SebracCMS contains two major SQL injection vulnerabilities: Unsanitazed POST-variables in SQL queries when logging users i...

SebracCMS <= 0.4 Multiple SQL Injection Vulnerabilities

No description provided by source. Name: SebracCMS Webiste: http://www.sebrac.netsons.org/cms/ Vulnerability type: SQL Injection Author: shinmai, 2008-06-28 Description: SebracCMS contains two major SQL injection vulnerabilities: Unsanitazed POST-variables in SQL queries when logging users in. Th...

SebracCMS <= 0.4 Multiple SQL Injection Vulnerabilities

Exploit for unknown platform in category web applications ======================================================= SebracCMS = 0.4 Multiple SQL Injection Vulnerabilities ======================================================= Name: SebracCMS Webiste: http://www.sebrac.netsons.org/cms/ Vulnerabilit...

Debian DSA-1597-2 : mt-daapd - multiple vulnerabilities

Three vulnerabilities have been discovered in the mt-daapd DAAP audio server also known as the Firefly Media Server. The Common Vulnerabilities and Exposures project identifies the following three problems : - CVE-2007-5824 Insufficient validation and bounds checking of the Authorization: HTTP...

Horde Webmail file inclusion proof of concept &amp; patch.

Horde 3.1.6 arbitrary file inclusion vulnerability, proof of concept & patch. A severe security vulnerability affects any unix distribution running version 3.1.6 of the Horde webmail client included in most popular webhosting control panels. All previous versions are also affected and it is...

Multiple vulnerabilities in civserv

Multiple vulnerabilities has been found in the extension civserv: Incorrect handling of input from GET/POST-variables, and allowing an attacker to execute XSS and/or SQL Injection attacks. Component Type: Third party extension. This extension is not part of the TYPO3 default installation Affected...

yapig-exec.txt

" The variables receives by the form POST: - integer $gid the gid of the gallery - interger $phid the phid of the image - string $tit title of the comment - string $author author name - string $mail comment authoer email - string $web comment author web - string $msg comment itself @package user ...

Flat Nuke Cross Site Scripting

Web Site: Vulnerable: FlatNuke = 2.5.6 This script is possibly vulnerable to Cross Site Scripting XSS attacks Malicious users may inject JavaScript, VBScript, ActiveX, into a vulnerable application to fool a user in order to gather data from them. Affects...

CVE-2005-2691

includes/common.php in RunCMS 1.2 and earlier calls the extract function with EXTROVERWRITE on HTTP POST variables, which allows remote attackers to overwrite arbitrary variables, possibly allowing execution of arbitrary code...

security flaw

phpvariables.c in PHP before 5.0.2 allows remote attackers to read sensitive memory contents via 1 GET, 2 POST, or 3 COOKIE GPC variables that end in an open bracket character, which causes PHP to calculate an incorrect string length...

CVE-2004-0958

phpvariables.c in PHP before 5.0.2 allows remote attackers to read sensitive memory contents via 1 GET, 2 POST, or 3 COOKIE GPC variables that end in an open bracket character, which causes PHP to calculate an incorrect string length...