PHPWEB search/index.php SQL注入漏洞

0x01 框架介绍 PHPWEB智能网站管理系统是一款具有可视化管理和模块化网站功能的网站管理软件。可视化的鼠标拖曳排版，自由插入、拖动和叠放插件，所见即所得，让网站制作如同搭积木般便捷易玩；各种插件、边框、菜单可灵活组合和任意摆放，摆脱页面框架的束缚，尽享创意的乐趣；灵活的管理权限和会员权限配置、强大的网站互动功能，让DIY制作的网站毫不逊色于专业开发；模块化的网站功能，十多种常用网站模块和不断增加的专业功能模块可供选用，可根据需要安装卸载模块，即可用于简单的企业展示网站，又可用于开发各种专业网站。 官方主页：www.phpweb.net/ Dork:...

Wbb3 - Blind SQL Injection Vulnerability

No description provided by source. !/usr/bin/perl -w use strict; use LWP::Simple; $| = 1; print q ----------------------------------------------- Wbb3 Blind Sql Injection Injection in Announce Plugin Kleinanzeigen Markt Coded By Molli use: ano.pl url user id Announce Catid Google:...

CVE-2007-6374

Multiple cross-site scripting XSS vulnerabilities in Bitweaver 2.0.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the PATHINFO to 1 users/register.php or 2 search/index.php, or an editcomments action in 3 wiki/index.php or 4 forums/index.php. NOTE: the error...

CVE-2007-6375

CVE-2007-6375 affects Bitweaver 2.0.0 and earlier. The vulnerability comprises multiple SQL injection flaws that allow remote attackers to execute arbitrary SQL commands via (1) the sort_mode parameter to wiki/list_pages.php and (2) the highlight parameter to search/index.php. A report also menti...

CVE-2007-6374

CVE-2007-6374 concerns multiple XSS flaws in Bitweaver 2.0.0 and earlier, exploitable via PATH_INFO in four endpoints: /users/register.php, /search/index.php, /wiki/index.php (editcomments action), and /forums/index.php. The vulnerability allows remote attackers to inject arbitrary script or HTML...

CVE-2007-6374

Multiple cross-site scripting XSS vulnerabilities in Bitweaver 2.0.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the PATHINFO to 1 users/register.php or 2 search/index.php, or an editcomments action in 3 wiki/index.php or 4 forums/index.php. NOTE: the error...