Lucene search
K

92 matches found

seebug.org
seebug.org
added 2010/09/11 12:0 a.m.26 views

动网论坛 (DVBBS) PHP 2.0++ dispuser.php sql注入漏洞

动网(DVBBS)论坛系统是一个采用PHP和MYSQL的数据架构的高性能网站论坛解决方案。 文件dispuser.php中: if isnumeric$id //第6行 $showUserID = intval$id; else if $UserName == '' $ErrCodes = $lang'UrlArgError'; …… if empty$showUserID //第35行 $updStmt .= " WHERE UserName='$UserName' "; $stmt .= " WHERE UserName='$UserName' "; $onstat = " WHER...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2010/09/11 12:0 a.m.154 views

动网论坛 (DVBBS) PHP 2.0++ dispbbs.php sql注入漏洞

动网(DVBBS)论坛系统是一个采用PHP和MYSQL的数据架构的高性能网站论坛解决方案。 在文件dispbbs.php中: if $boardsettings55 != 0 && $TopicInfo'locktopic' == 0 && dateDiff'd',$TopicInfo'dateandtime',TIMENOW $boardsettings55 //第85行 $TopicInfo'locktopic' = 1; $setStmt = ',locktopic=1'; $db-query"UPDATE $dvtopic SET hits=CASE WHEN hits IS...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2010/07/31 12:0 a.m.21 views

BlueCMS v1.6 sp1 ad_js.php SQL注入漏洞

缺陷文件:adjs.php 漏洞成因: 12: $adid = !empty$GET'adid' ? trim$GET'adid' : ''; //根目录下其他文件都做了很好的过滤,对数字型变量几乎都用了intval做限制,唯独漏了这个文件,居然只是用了trim去除头尾空格。。 19: $ad = $db-getone"SELECT FROM ".table'ad'." WHERE adid =".$adid; //直接代入查询 BlueCMS v1.6 sp1 SEBUG临时解决办法: $adid = !empty$GET'adid' ? intval$GET'adid' : '';...

7.1AI score
Exploits0
myhack58
myhack58
added 2010/06/24 12:0 a.m.20 views

phpcms 2 0 0 7 site management system Member. php page SQL injection vulnerability-vulnerability warning-the black bar safety net

Affected version: phpcms 2 0 0 7 GBK Vulnerability description: In the member/member. php line 4, The code is as follows: 1. .............. 2. $m = $db-getone SELECT FROM . TABLEMEMBER. m , . TABLEMEMBERINFO. i WHERE m. userid=i. userid AND m. username= 3. $username 4. , CACHE ,8 6 4 0 0; 5...

7.3AI score
Exploits0
seebug.org
seebug.org
added 2010/01/08 12:0 a.m.22 views

SopCast SopCore Control ActiveX Remote Exec 0day poc

No description provided by source. Exploit Title: SopCast SopCore Control ActiveX Remote Exec 0day poc Date: 2010.01.08 Author: superli Software Link: http://download.sopcast.cn/download/SopCast.zip Version: 3.2.4 Tested on: xpsp3 ie6 Code : check the attachment...

7.1AI score
Exploits0
myhack58
myhack58
added 2009/12/27 12:0 a.m.25 views

php168v6 getshell 0day-vulnerability warning-the black bar safety net

SEBUG-Appdir:Php168 Published:2009-12-26 Affected version: php168 v6. 0 vulnerability description: The two-step first do/jsarticle. php file if! eregi"^hot|com|new|lastview|like|pic$",$type die"Type Error"; $FileName=dirnameFILE."/../ cache/jsarticlecache/"; if$type==’like’ $FileName.= floor$id/3...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2009/10/28 12:0 a.m.27 views

织梦(Dedecms) 5.1 feedback_js.php 注入漏洞

同样是在magicquotesgpc=off的情况下可用 此漏洞可拿到后台管理员的帐号和加密HASH,漏洞存在文件plus/feedbackjs.php,未过滤参数为$arcurl ...... $urlindex = 0; ifempty$arcID $row = $dlist-dsql-GetOne"Select id From @cachefeedbackurl where url='$arcurl' "; //此处$arcurl没有过滤 ifisarray$row $urlindex = $row'id';...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2009/09/10 12:0 a.m.16 views

INMATRIX Zoom Player Pro <= 6.0.0 (.MID) Integer Overflow PoC

No description provided by source. !/usr/bin/env python INMATRIX Zoom Player Pro = 6.0.0 .MID Integer Overflow PoC Found By: DrIDE Credits: Platen Tested: verified on v 5.0.2 and 6.0.0 on XP SP3 Download: http://www.inmatrix.com MIDI Structure must be accurate buff =...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2009/08/26 12:0 a.m.11 views

allomani 2007 (cat) Remote SQL Injection Vulnerability

No description provided by source. ================== NaMe: allomani 2007 = SQL Injection Vulnerability Author : NeX HackEr Contact: [email protected] ================== Script site : http://allomani.com ================== ExplOiT: UserName http://www.xxx.com/path/index.php?action=browse&cat=-1 and...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2009/08/24 12:0 a.m.24 views

Moa Gallery 1.1.0 (gallery_id) Remote SQL Injection Vulnerability

No description provided by source. ====================================================================== » Script : Moa gallery 1.1.0 galleryid Remote Sql injection vuln » Language : php » Download : http://sourceforge.net/projects/moagallery/ » Script site : http://www.moagallery.net/ »...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2009/08/24 12:0 a.m.30 views

ITechBids 8.0 (itechd.php productid) Blind SQL Injection Exploit

No description provided by source. !/usr/bin/perl use LWP::UserAgent; use Getopt::Long; if!$ARGV1 print " \n"; print " VIVA ISLAME VIVA ISLAME \n"; print " VIVA ISLAME VIVA ISLAME \n"; print " \n"; print " ITechBids v8.0 Blind SQL Injection Exploit \n"; print " \n"; print " itechd.php productid...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2009/08/18 12:0 a.m.16 views

Fotoshow PRO (category) Remote SQL Injection Vulnerability

No description provided by source. »====================================================================================================================-X » » » Fotoshow PRO™ category Remote SQL Injection Vulnerability » » » » ======= ------d-------m------ ==== ==== » » || = | |o o| |...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2009/08/18 12:0 a.m.22 views

PHP Email Manager (remove.php ID) SQL Injection Vulnerability

No description provided by source. ===========================================|- Mtrb3 hena Security-Code ===========================================|- script :- PHP Email Manager Remote SQL Injection Vulnerability...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2009/08/07 12:0 a.m.38 views

PHPCityPortal (Auth Bypass) Remote SQL Injection Vulnerability

No description provided by source. Script Name: PHPCityPortal Auth Bypass SQL Injection Vulnerability Author: CoBRa21 Mail: [email protected] Script Page: http://phpcityportal.com/ DOrk: intext:"Powered by PHPCityPortal.com" EXPLOIT Username: 'or' Password: 'or' http://localhost/path/login.p...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2009/08/06 12:0 a.m.15 views

PHP Script Forum Hoster (Topic Delete/XSS) Multiple Vulnerabilities

No description provided by source. \ \ \ / / /\ \ / /| \ / \ | \ \ //\ \ / / / / ruling the web since 9/2008 "Word is born Fight the war fuck the norm!" = "PHP Script Forum Hoster" Multiple vulnerabilities Vendor : http://www.shop-020.de Download :...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2009/08/03 12:0 a.m.16 views

Blaze HDTV Player 6.0 (.PLF File) Local Buffer Overflow Exploit (SEH)

No description provided by source. !/usr/bin/perl by hack4love [email protected] Blaze HDTV Player 6.0 .PLF File Local Buffer Overflow Exploit SEH easy Thanks for SkuLL-HacKeR and all WwW.Sec-ArT.CoM/cc team AND special THANKS FOR EL7ADRANY AND 3ASFH TEAM this work sooooooooo good Tested on:...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2009/07/22 12:0 a.m.19 views

Phorum <= 5.2.11 Permanent Cross Site Scripting Vulnerabilities

No description provided by source. //----- Advisory Program : Phorum 5.2.11 and prior Homepage : http://www.phorum.org/ Discovery : 2009/07/16 Author Contacted : 2009/07/17 Found by : CrashFr This Advisory : CrashFr //----- Application description Started in 1998, Phorum was the original PHP and...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2009/07/20 12:0 a.m.13 views

powerUpload 2.4 (Auth Bypass) Insecure Cookie Handling Vulnerability

No description provided by source. || || | || o,7 || . o7 || 4||| ow, : / / . |-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=| | | | /' \ /'\ /\ \ /'\ /\ \ | | /, \ /\/\L\ \ \ \ ,/\ /\ \ \ \ / | | //\ \ /' \ /\ //\ /'\ \ /\ \ \ \ /'\ \ | | \ \ /\ /\ \ \ \ /...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2009/07/11 12:0 a.m.9 views

Playlistmaker 1.5 (.M3U/M3L/TXT File) Local Stack Overflow PoC

No description provided by source. !/usr/bin/perl Playlistmaker v1.5 .M3U/M3L/Txt File Local Stack Overflow POC Download: http://proletsoft.freeservers.com/mmb/playlistmaker.html Welcom Back Milw0rm my $crash="\x41" x 5000 ; openmyfile,'PoC.m3u'; M3U/M3L/Txt print myfile $crash; By ThE g0bL!N...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2009/07/09 12:0 a.m.20 views

WebAsyst Shop-Script (bSQL/XSS) Multiple Remote Vulnerabilities

No description provided by source. ============================================================================================= Title : Blind SQL/XSS Multiple Remote Vulnerabilities Software : WebAsyst Shop-Script Vendor : http://www.webasyst.net Date : 03 July 2009 Indonesia Author : Vrs-hCk...

7.1AI score
Exploits0
Rows per page
Query Builder