Lucene search
K

190 matches found

Kitploit
Kitploit
added 2016/01/12 10:2 p.m.200 views

BSQLinjector - Blind SQL Injection Exploitation Tool

BSQLinjector uses blind method to retrieve data from SQL databases. I recommend using "--test" switch to clearly see how configured payload looks like before sending it to an application. Options: --file Mandatory - File containing valid HTTP request and SQL injection point SQLINJECT...

10AI score
Exploits0References1
0day.today
0day.today
added 2015/07/11 12:0 a.m.27 views

ZenPhoto 1.4.8 - Multiple Vulnerabilities

ZenPhoto version 1.4.8 suffers from cross site scripting, remote SQL injection, and path traversal vulnerabilities. Vulnerability: SQL Injection, Reflected XSS, Path Traversal Affected Software: ZenPhoto http://www.zenphoto.org/ Affected Version: 1.4.8 probably also prior versions Patched Version...

7.6AI score
Exploits0
seebug.org
seebug.org
added 2015/05/18 12:0 a.m.29 views

74CMS一逻辑漏洞导致两处二次注入

简要描述: 74CMS一逻辑漏洞导致两处二次注入 详细说明: 1.首先还是注册一个企业用户,在注册的过程中用burp抓包,修改里面的username字段 username=1′,1,1001,1,user,1,1,1,1,1,1,1 — a 2.74cms本来是不允许注册带有特殊字符的用户名的,但是使用这样的方法可以绕过过滤,我们来看一下数据库。 3.我们再来看哪里对该用户进行了二次数据库操作。找了很久,看到了对很多操作都提供了日志记录的功能。writememberslog函数 function...

7AI score
Exploits0
seebug.org
seebug.org
added 2014/11/05 12:0 a.m.19 views

74cms(20141027)多处二次注入

简要描述: 看完了xfkxfk大神的 http://wooyun.org/bugs/wooyun-2010-070827 http://wooyun.org/bugs/wooyun-2014-070858 对74cms尝试了下,果然有收货。 详细说明: 1. user/company/companyajax.php elseif$act=="promotionaddsave" reportdeal$uid,2,$points; $userpoints=getuserpoints$uid;...

7AI score
Exploits0
seebug.org
seebug.org
added 2014/07/09 12:0 a.m.48 views

TinyShop二次注入一枚。

简要描述: rt TinyShop v1.0.2 详细说明: 还是 protected\controllers\simple.php文件 public function orderact ................. $address = $model-table"address"-where"id=$addressid"-find; //if!$address$this-redirect"order",false,Req::args; //if!$paymentid$this-redirect"order",false,Req::args; $data'orderno' =...

7.1AI score
Exploits0
0day.today
0day.today
added 2014/01/28 12:0 a.m.26 views

Simple e-Document 1.31 SQL Injection / XSS / CSRF Vulnerabilities

Simple e-Document version 1.31 suffers from login bypass, cross site request forgery, cross site scripting, remote shell upload, and remote SQL injection vulnerabilities. +Exploit: Simple e-document v1.31 = Sql inj,Login Bypass,XSS,Insecure Cookie Handlingprivilege escalation,Arbitrary File Uploa...

8.2AI score
Exploits0
Packet Storm
Packet Storm
added 2014/01/26 12:0 a.m.38 views

Simple e-Document 1.31 SQL Injection / XSS / CSRF / File Upload

+Exploit: Simple e-document v1.31 = Sql inj,Login Bypass,XSS,Insecure Cookie Handlingprivilege escalation,Arbitrary File Upload, Second order injections, CSRF ,Insecure logout process + Author: PuN!Sh3r + Contact: http://anti-armenia.org + version: Simple e-document v1.31 + Vendor Homepage:...

0.6AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2010/08/30 12:0 a.m.171 views

CGI Generic SQL Injection Detection (potential, 2nd order, 2nd pass)

By calling discovered CGIs with previously gathered values, SQL error messages were induced. This could be a result of transient SQL failure : However, even if the application is not vulnerable to an injection, SQL error messages often reveal the structure of the database and query information...

5.9AI score
Exploits0References10
Tenable Nessus
Tenable Nessus
added 2010/08/30 12:0 a.m.84 views

CGI Generic 2nd Order SQL Injection Detection (potential)

By calling discovered CGIs with previously gathered values, SQL error messages were induced. This could be a result of transient SQL failure : However, even if the application is not vulnerable to an injection, SQL error messages often reveal the structure of the database and query information...

5.9AI score
Exploits0References9
securityvulns
securityvulns
added 2006/01/03 12:0 a.m.32 views

[KAPDA::#19] - Html Injection in vBulletin 3.5.2

KAPDA New advisory Vendor: http://www.vbulletin.com Vulnerable Version: 3.5.2 prior versions also may be affected Bug: Html Injection Second order cross site scripting Exploitation: Remote with browser Description: -------------------- vBulletin is a powerful, scalable and fully customizable foru...

6.3AI score
Exploits0
Rows per page
Query Builder