Pligg CMS 2.0.2 - 'load_data_for_search.php' SQL Injection

Exploit Title: Pligg CMS 2.0.2 SQL injection Date: 29-08-2015 Exploit Author: jsass Vendor Homepage: http://pligg.com Software Link: https://github.com/Pligg/pligg-cms/archive/2.0.2.zip Version: 2.0.2 Tested on: kali sana 2.0 Q8 Gray Hat Team SQLInjection File : loaddataforsearch.php $search = ne...

WordPress Plugin ACF Frontend Display 2.0.5 - Arbitrary File Upload

+---------------------------------------------------------------------------+ + Author: TUNISIAN CYBER + Title: WP Plugin Free ACF Frontend Display File Upload Vulnerability + Date: 3-07-2015 + Type: WebAPP + Download Plugin: https://downloads.wordpress.org/plugin/acf-frontend-display.2.0.5.zip +...

win32/xp sp3 Create "file.txt" 83 bytes

win32/xp sp3 Create "file.txt" 83 bytes. Shellcode exploit for win32 platform / + Author: TUNISIAN CYBER + Title: Shellcode: win32/xp sp3 Create "file.txt" 83 bytes + Date: 15-04-2015 + Type: Local Exploits + Tested on: WinXp 32bit SP3 + Friendly Sites: sec4ever.com + Twitter: @TCYB3R + Credits:...

win32/xp sp3 Create ("file.txt") - 83 bytes

/ + Author: TUNISIAN CYBER + Title: Shellcode: win32/xp sp3 Create "file.txt" 83 bytes + Date: 15-04-2015 + Type: Local Exploits + Tested on: WinXp 32bit SP3 + Friendly Sites: sec4ever.com + Twitter: @TCYB3R + Credits: steve hanna projectshellcode.com ============================= Assembly:...

BZR Player 1.03 DLL Hijacking

/ + Author: TUNISIAN CYBER + Exploit Title: BZR Player 1.03 DLL Hijacking + Date: 29-03-2015 + Type: Local Exploits + Vendor: http://bzrplayer.blazer.nu/ + Tested on: WinXp/Windows 7 Pro + Friendly Sites: sec4ever.com + Twitter: @TCYB3R + gcc -shared -o DLLNAMEchoose one from the lis below.dll...

Mini-stream Ripper v2.7.7.100 Local Buffer Overflow Exploit

Exploit for windows platform in category local exploits !/usr/bin/env python + Author: TUNISIAN CYBER + Exploit Title: Mini-sream Ripper v2.7.7.100 Local Buffer Overflow + Date: 25-03-2015 + Type: Local Exploits + Tested on: WinXp/Windows 7 Pro + Vendor:...

Easy Media Script SQL Injection Vulnerability

No description provided by source. ?php if!$argv1 die Usage : php exploit.php site Example : php exploit.php http://site.tld/PATH/ ; printr Tilte......: Easy Media Script SQL Injection Author.....: Lagripe-Dz Date.......: 27-o5-2o11 Location ..: ALGERIA HoMe ......: Sec4Ever.com & Lagripe-Dz.org...

HTML Email Creator 2.42 build 718 Buffer Overflow Exploit (SEH)

No description provided by source. .-----.--.--.--.----.----.-.---| | | | | | | | -| | | |||||| || By MadjiX Sec4ever.com Title : HTML Email Creator 2.42 build 718 - 0day buffer overflow exploit SEH author : MadjiX Dz8Hotmailcom Gr33tz : His0k4 , Bibi-info , volc4n0 version 2.3 :...

iScripts Support Desk 4.1 SQL Injection

Normal Sql postticketbeforeregistersave.php Staff table post : txtname=faris&[email protected]&prty=0&deptid=11 /!1337andselect 1 fromselect count,concatselect select select distinct concat0x7e,0x27,unhexHexcasttablename as char,0x27,0x7e from informationschema.tables where tableschema=databas...

Elastix 2.3 PHP Code Injection Vulnerability

Elastix versions prior to 2.4 php code injection exploit. ? / Exploit Title : Elastix 2.3 , Remote Command Execution Exploit Google Dork : WTF!!!! Version: Elastix All versions below 2.3 , Newer versions maybe affected as well ; Tested on: CentOS CVE : notyet Download Vuln software : elastix.org...

PBBoard 2.1.4 Authentication Bypass / Admin Add Exploit

Exploit for php platform in category web applications 14/7/2012 , Vulnerability discovered 30/7/2012 , Vendor Reported 31/7/2012 , patch released 01/8/2012 , Public disclosure engine/engine.class.php $this-CONF'adminusernamecookie' = 'PowerBBadminusername'; $this-CONF'adminpasswordcookie' =...

am4ss Support System 1.2 - PHP Code Injection

am4ss Support System 1.2 - PHP Code Injection 10/2011 , Vulnerability discovered till now , i haven't reported the vendor , why!!! The idiot backdoored it by himself + the official site is fucked up ; 19/07/2012 , Public Disclosured C:\labphp am4ss.php localhost /lab/am4ss/...

PHP Enter Code Injection

Exploit Title : Php Enter Php Code Injection Author : IrIsT.Ir & Sec4Ever.com Discovered By : L3b-r1'z Home : http://IrIsT.Ir & http://Sec4Ever.com P Blob : http://L3b-r1z.com/ Software Link : http://www.phpenter.net/ Security Risk : High Version : beta Tested on : win\XP Dork : allintext: "Power...

PHP-Pastebin Cross Site Scripting

Author : L3b-r1'z Date : 2012-April-30 Title : Php-Pastebin Stored XSS Vulnerability Email : [email protected] Site : Sec4Ever.com Google Dork : allintext: "Php-Pastebin V.2" + P0c : Add New Paste put in the Paste Name alert"L3br1z"; You Will See The Alert : Proud To Be Lebanese Thx To All My...

Easy Media Script - SQL Injection

alert0 -== Start ==- "; $t=array"dbuser "="user","dbversion"="version","dbname "="database", "UserName "="user","Password "="pass"; foreach$t as $r=$y...

Easy Media Script SQL Injection Vulnerability

Exploit for php platform in category web applications alert0 -== Start ==- "; $t=array"dbuser "="user","dbversion"="version","dbname "="database", "UserName "="user","Password "="pass"; foreach$t as $r=$y...

chillyCMS v1.2.1 Remote File Inclusion Vulnerability

Exploit for php platform in category web applications 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 +...

PHPBoost 3.0 (gallery.php) File Upload Vulnerability

Exploit for php platform in category web applications Title : PHPBoost 3.0 gallery.php File Upload Vulnerability Author : KedAns-Dz E-mail : email protected Home : HMD/AM 30008/04300 - Algeria -00213555248701 Twitter page : twitter.com/kedans platform : php Impact : Remote File Upload Tested on :...

Joomla PR Local File Inclusion

Title : Joomla Component compr Local File Inclusion Vulnerability Author : KedAns-Dz E-mail : [email protected] Home : HMD/AM 30008/04300 - Algeria -00213555248701 Twitter page : twitter.com/kedans platform : php Impact : Local File Inclusion Tested on : Windows XP sp3 FR Note : BAC 2011 Enchalla...

Movavi VideoSuite 8.0 Slideshow - '.jpg' Local Crash (PoC)

!/usr/bin/perl Title : Movavi VideoSuite 8.0 SlideShow.exe Local Crash PoC Author : KedAns-Dz E-mail : [email protected] Home : HMD/AM 30008/04300 - Algeria -00213555248701 Twitter page : twitter.com/kedans platform : Windows Impact : Crashs and Overflows in Process Tested on : Windows XP SP3...