22 matches found
EUVD-2006-7056
Malware in sbrugna...
EUVD-2006-3417
Malware in sbrugna...
EUVD-2006-3159
Malware in sbrugna...
SmartSiteCMS 1.0 - Blind SQL Injection
!/usr/bin/python import sys import re from socket import class exploit: def initself,host,path,user: self.host=host self.path=path self.user=user self.reg=re.compile"" def setqueryself,n,ch: self.query="' OR ASCIISUBSTRINGSELECT password FROM users WHERE userName='"+self.user+"',"+strn+",1 =...
SmartSiteCMS 1.0 - Blind SQL Injection
SmartSiteCMS 1.0 - Blind SQL Injection !/usr/bin/python import sys import re from socket import class exploit: def initself,host,path,user: self.host=host self.path=path self.user=user self.reg=re.compile"" def setqueryself,n,ch: self.query="' OR ASCIISUBSTRINGSELECT password FROM users WHERE...
SmartSiteCMS 1.0 (articles.php var) Blind SQL Injection Exploit
No description provided by source. !/usr/bin/python import sys import re from socket import class exploit: def initself,host,path,user: self.host=host self.path=path self.user=user self.reg=re.compile"!-- END COMMENT FORM --" def setqueryself,n,ch: self.query="' OR ASCIISUBSTRINGSELECT password...
SmartSiteCMS 1.0 Blind SQL Injection
!/usr/bin/python import sys import re from socket import class exploit: def initself,host,path,user: self.host=host self.path=path self.user=user self.reg=re.compile"" def setqueryself,n,ch: self.query="' OR ASCIISUBSTRINGSELECT password FROM users WHERE userName='"+self.user+"',"+strn+",1 =...
SmartSiteCMS 1.0 (articles.php var) Blind SQL Injection Exploit
Exploit for unknown platform in category web applications =============================================================== SmartSiteCMS 1.0 articles.php var Blind SQL Injection Exploit =============================================================== !/usr/bin/python import sys import re from socket...
CVE-2006-7074
admin.php in SmartSiteCMS 1.0 allows remote attackers to bypass authentication and gain administrator privileges by setting the userName cookie...
CVE-2006-7074
CVE-2006-7074 affects SmartSiteCMS 1.0. The vulnerability is in admin.php, allowing remote attackers to bypass authentication and gain administrator privileges by setting the userName cookie. The connected documents confirm the flaw but do not provide exploitation steps, a broader impact beyond a...
CVE-2006-7074
admin.php in SmartSiteCMS 1.0 allows remote attackers to bypass authentication and gain administrator privileges by setting the userName cookie...
[Full-disclosure] SmartSiteCMS v1.0 authentication bypass
SmartSiteCMS v1.0 authentication bypass STATUS: I contacted the vendor more than 2 months ago and still no response. TECHNICAL INFO ================================================================ One of the worst cms I've ever seen regarding security, no input sanitation at all. Bypassing...
CVE-2006-3421
PHP remote file inclusion vulnerability in SmartSiteCMS 1.0 and earlier, when registerglobals is enabled, allows remote attackers to execute arbitrary PHP code via the root parameter in 1 comment.php, 2 admin/comedit.php, 3 admin/test.php, 4 admin/index.php, and 5 admin/include/incadminfoot.php, ...
CVE-2006-3421
PHP remote file inclusion vulnerability in SmartSiteCMS 1.0 and earlier, when registerglobals is enabled, allows remote attackers to execute arbitrary PHP code via the root parameter in 1 comment.php, 2 admin/comedit.php, 3 admin/test.php, 4 admin/index.php, and 5 admin/include/incadminfoot.php, ...
CVE-2006-3421
CVE-2006-3162 and CVE-2006-3421 describe PHP remote file inclusion in SmartSiteCMS 1.0 and earlier. The issues affect include/inc_foot.php (CVE-2006-3162) and, per CVE-2006-3421, additional vectors such as comment.php, admin/comedit.php, admin/test.php, admin/index.php, and admin/include/inc_admi...
SmartSiteCMS 1.0 (root) Multiple Remote File Inclusion Vulnerabilities
Exploit for unknown platform in category web applications ====================================================================== SmartSiteCMS 1.0 root Multiple Remote File Inclusion Vulnerabilities ====================================================================== smartsite cms v1.0 Multiple...
SmartSiteCMS 1.0 (root) Multiple Remote File Inclusion Vulnerabilities
No description provided by source. smartsite cms v1.0 Multiple Remote File include ------------------------------------------------- Discovered By CrAshoVeRrIdE Arabian Security Team ------------------------------------------------- site of script:www.smartsitecms.net...
CVE-2006-3162
PHP remote file inclusion vulnerability in include/incfoot.php in SmartSiteCMS 1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the root parameter...
CVE-2006-3162
CVE-2006-3162: PHP remote file inclusion in SmartSiteCMS (1.0 and earlier) via include/inc_foot.php exposes arbitrary PHP code execution by supplying a URL in the root parameter. The description in the provided documents specifies the vulnerable component and payload vector but does not include p...
CVE-2006-3162
PHP remote file inclusion vulnerability in include/incfoot.php in SmartSiteCMS 1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the root parameter...