GetMyOwnArcade - search.php?query SQL Injection

GetMyOwnArcade - search.php?query SQL Injection GetMyOwnArcade search.php $query SQL-Injection Discovered By: RoXur777 August 11th 2007 Google-Dork: "Powered by GetMyOwnArcade" / $query is not being filtered before getting passed to a query. Therefore, we can inject SQL code into the SQL-Query...

GetMyOwnArcade - 'search.php?query' SQL Injection

GetMyOwnArcade search.php $query SQL-Injection Discovered By: RoXur777 August 11th 2007 Google-Dork: "Powered by GetMyOwnArcade" / $query is not being filtered before getting passed to a query. Therefore, we can inject SQL code into the SQL-Query. Using UNION-SELECT we can obtain member...

Sql injection

Multiple SQL injection vulnerabilities in wolioCMS allow remote attackers to execute arbitrary SQL commands via 1 the id parameter to member.php in a page action, related to a SELECT statement in common.php; and the 2 loginid parameter uid variable, and possibly the 3 pwd parameter, to...

php123-sql.txt

--==+================================================================================+==-- --==+ PHP123 Top Sites SQL Injection Vulnerbility +==-- --==+================================================================================+==-- AUTHOR: t0pP8uZz & xprog SITE: N/A DORK: allintext:"Browse...

[Aria-Security] Image Racer SearchResults.asp SQL INJECTION vuln.

Aria-Security Team Image Racer SearchResults.asp SQL Injection Vendor: http://www.junctionquest.com/Software.asp Example: http://www.TARGET.com/SearchResults.asp?SearchWord=SQL COMMAND&WordSearchCrit=Yes&image.x=0&image.y=0 Example : -1 'union select username,password from admin where FIND IT YOU...

aigaion-sql.txt

--==+================================================================================+==-- --==+ Aigaion = 1.3.3 SQL Injection Exploit +==-- --==+================================================================================+==-- DISCOVERED BY: Cody "CypherXero" Rester PAYLOAD: Admin username a...

Aigaion 1.3.3 - topic topic_id SQL Injection

Aigaion 1.3.3 - topic topicid SQL Injection --==+================================================================================+==-- --==+ Aigaion = 1.3.3 SQL Injection Exploit +==-- --==+================================================================================+==-- DISCOVERED BY: Cody...

Youtube Script id参数远程SQL注入漏洞

BUGTRAQ ID: 24734 Youtube Script是用PHP编写的用于播放在线视频的脚本。 Youtube Script在处理用户请求时存在输入验证漏洞，远程攻击者可能利用此漏洞控制应用系统或导致敏感信息泄露。 Youtube Script的msg.php脚本中没有正确地验证对id参数的输入，允许远程攻击者通过在提交的数据中插入SQL代码在有漏洞的站点非授权操作数据库。 Devellion Limited Youtube script 目前厂商还没有提供补丁或者升级程序，我们建议使用此软件的用户随时关注厂商的主页以获取最新版本：...

Buffer overflow

Buffer overflow in Advanced Software Production Line Vortex Library before 1.0.3 allows remote attackers to cause a denial of service listener crash via unspecified vectors related to the select I/O implementation and the file set buffer. NOTE: some of these details are obtained from third party...

CVE-2007-3046

Buffer overflow in Advanced Software Production Line Vortex Library before 1.0.3 allows remote attackers to cause a denial of service listener crash via unspecified vectors related to the select I/O implementation and the file set buffer. NOTE: some of these details are obtained from third party...

iG Shop 1.4 - page.php SQL Injection

iG Shop 1.4 - page.php SQL Injection Discovered by: gsy & kerem125 Website: www.kerem125.com Script Download: http://www.igeneric.co.uk/ig-shopping-cart.html exploit:/shop/page.php?pagetype=catalognavigate&typeid=-99%20union//select//password//from//users/...

GLSA-200705-11 : MySQL: Two Denial of Service vulnerabilities

The remote host is affected by the vulnerability described in GLSA-200705-11 MySQL: Two Denial of Service vulnerabilities mu-b discovered a NULL pointer dereference in itemcmpfunc.cc when processing certain types of SQL requests. Sec Consult also discovered another NULL pointer dereference when...

MySQL 5.0.x - Single Row SubSelect Remote Denial of Service

source: https://www.securityfocus.com/bid/22900/info MySQL is prone to a remote denial-of-service vulnerability because it fails to handle certain select statements to database metadata. An attacker can exploit this issue to crash the application, denying access to legitimate users. The attacker...

Sql injection

IBM DB2 Universal Database UDB 9.1 GA through 9.1 FP1 allows local users with table SELECT privileges to perform unauthorized UPDATE and DELETE SQL commands via unknown vectors...

XLAtunes 0.1 - album SQL Injection

XLAtunes 0.1 - album SQL Injection Critical Status:High Found By:Bl0od3r Download:http://www.scriptdungeon.com/script.php?ScriptID=2844 Greetz:all my friends fuckz:Donh4cky0u for steeling hacks of others,for his 100% noobility,for his noobass.DON your an idiot.fucka. - confkey-Password...

XLAtunes 0.1 - 'album' SQL Injection

Critical Status:High Found By:Bl0od3r Download:http://www.scriptdungeon.com/script.php?ScriptID=2844 Greetz:all my friends fuckz:Donh4cky0u for steeling hacks of others,for his 100% noobility,for his noobass.DON your an idiot.fucka. - confkey-Password confvalue-Username Table:config...

forum livre 1.0 - SQL Injection / Cross-Site Scripting

Title : Forum Livre 1.0 Multiple Remote Vulnerabilities Author : ajann Contact : : $$ : Free SQL--------------------------------------------------------- Login Before..- http://target/path//infouser.asp?user=SQL Example:...

WordPress Charset解抹SQL注入漏洞

WordPress是一款流行的网络日记程序。 WordPress处理字符集解码存在问题，远程攻击者可以利用漏洞进行SQL注入攻击，获得敏感信息。 在当PHP的mbstring扩展激活时，WordPress支持使用不同字符集解码Trackback，因为解码发送在数据库为输入数据执行选择正确的字符集之前，因此允许绕过针对SQL注入的保护。 为了演示需要，Stefan Esser建议使用UTF-7字符集来利用，因为其他的多字节字符集允许多字节序列以''结尾。...

CVE-2006-7232

sqlselect.cc in MySQL 5.0.x before 5.0.32 and 5.1.x before 5.1.14 allows remote authenticated users to cause a denial of service crash via an EXPLAIN SELECT FROM on the INFORMATIONSCHEMA table, as originally demonstrated using ORDER BY...

Acronym Mod v0.9.5 Remote SQL Injection Vulnerability

Acronym Mod v0.9.5 Remote SQL Injection Vulnerability Download: http://www.codemonkeyx.net Found By: the master exploit: http://Target/Path/admin/adminacronyms.php?mode=edit&id=-120UNION20SELECT20null,userpassword,null20FROM20phpbbusers20where20userid=2&sid=AdminHash Greetz: str0ke , Dr Max Virus...