190 matches found
BSQLinjector - Blind SQL Injection Exploitation Tool
BSQLinjector uses blind method to retrieve data from SQL databases. I recommend using "--test" switch to clearly see how configured payload looks like before sending it to an application. Options: --file Mandatory - File containing valid HTTP request and SQL injection point SQLINJECT...
ZenPhoto 1.4.8 - Multiple Vulnerabilities
ZenPhoto version 1.4.8 suffers from cross site scripting, remote SQL injection, and path traversal vulnerabilities. Vulnerability: SQL Injection, Reflected XSS, Path Traversal Affected Software: ZenPhoto http://www.zenphoto.org/ Affected Version: 1.4.8 probably also prior versions Patched Version...
74CMS一逻辑漏洞导致两处二次注入
简要描述: 74CMS一逻辑漏洞导致两处二次注入 详细说明: 1.首先还是注册一个企业用户,在注册的过程中用burp抓包,修改里面的username字段 username=1′,1,1001,1,user,1,1,1,1,1,1,1 — a 2.74cms本来是不允许注册带有特殊字符的用户名的,但是使用这样的方法可以绕过过滤,我们来看一下数据库。 3.我们再来看哪里对该用户进行了二次数据库操作。找了很久,看到了对很多操作都提供了日志记录的功能。writememberslog函数 function...
74cms(20141027)多处二次注入
简要描述: 看完了xfkxfk大神的 http://wooyun.org/bugs/wooyun-2010-070827 http://wooyun.org/bugs/wooyun-2014-070858 对74cms尝试了下,果然有收货。 详细说明: 1. user/company/companyajax.php elseif$act=="promotionaddsave" reportdeal$uid,2,$points; $userpoints=getuserpoints$uid;...
TinyShop二次注入一枚。
简要描述: rt TinyShop v1.0.2 详细说明: 还是 protected\controllers\simple.php文件 public function orderact ................. $address = $model-table"address"-where"id=$addressid"-find; //if!$address$this-redirect"order",false,Req::args; //if!$paymentid$this-redirect"order",false,Req::args; $data'orderno' =...
Simple e-Document 1.31 SQL Injection / XSS / CSRF Vulnerabilities
Simple e-Document version 1.31 suffers from login bypass, cross site request forgery, cross site scripting, remote shell upload, and remote SQL injection vulnerabilities. +Exploit: Simple e-document v1.31 = Sql inj,Login Bypass,XSS,Insecure Cookie Handlingprivilege escalation,Arbitrary File Uploa...
Simple e-Document 1.31 SQL Injection / XSS / CSRF / File Upload
+Exploit: Simple e-document v1.31 = Sql inj,Login Bypass,XSS,Insecure Cookie Handlingprivilege escalation,Arbitrary File Upload, Second order injections, CSRF ,Insecure logout process + Author: PuN!Sh3r + Contact: http://anti-armenia.org + version: Simple e-document v1.31 + Vendor Homepage:...
CGI Generic SQL Injection Detection (potential, 2nd order, 2nd pass)
By calling discovered CGIs with previously gathered values, SQL error messages were induced. This could be a result of transient SQL failure : However, even if the application is not vulnerable to an injection, SQL error messages often reveal the structure of the database and query information...
CGI Generic 2nd Order SQL Injection Detection (potential)
By calling discovered CGIs with previously gathered values, SQL error messages were induced. This could be a result of transient SQL failure : However, even if the application is not vulnerable to an injection, SQL error messages often reveal the structure of the database and query information...
[KAPDA::#19] - Html Injection in vBulletin 3.5.2
KAPDA New advisory Vendor: http://www.vbulletin.com Vulnerable Version: 3.5.2 prior versions also may be affected Bug: Html Injection Second order cross site scripting Exploitation: Remote with browser Description: -------------------- vBulletin is a powerful, scalable and fully customizable foru...