XOOPS 2.3.1 - Multiple Local File Inclusions

Digital Security Research Group DSecRG Advisory DSECRG-08-040 Application: XOOPS Versions Affected: 2.3.1 Vendor URL: http://www.xoops.org/ Bug: Multiple Local File Include Exploits: YES Reported: 10.11.2008 Vendor response: 10.11.2008 Solution: YES Date of Public Advisory: 08.12.2008 Authors:...

XAMPP 1.6.8 (XSRF) Change Administrative Password Exploit

Exploit for unknown platform in category remote exploits ========================================================= XAMPP 1.6.8 XSRF Change Administrative Password Exploit ========================================================= XAMPP change administrative password:...

Simple Directory Listing 2 - Cross-Site Arbitrary File Upload

Simple Directory Listing 2 - Cross Site File Upload -------------------------------------------------------------------------------- / Written by Michael Brooks VUlerablity type: Cross Site File Upload. Affects: SDL 2.1 beta1 Product homepage: http://simpledirectorylisting.net/ SDL has 22+ millio...

gravitygtd-lfiexec.txt

:::::::-. ... ::::::. :::. ;;, ';, ;; ;;;;;;;, ;;; ' . ' $$, $$$$ $$$ $$$ "Y$c$$ 888,o8P'88 .d888 888 Y88 MMMMP" "YmmMMMM"" MMM YM Discovered by dun \ dunatstrcpy.pl gravity-gtd = 0.4.5 LFI/RCE Vulnerability Script: An open source list manager for tracking action items according to the principles...

WebGUI lib/WebGUI/Storage.pm远程脚本代码执行漏洞

BUGTRAQ ID: 32602 WebGUI是一个CMS（内容管理系统）软件，主要用来方便网站内容的发布与维护。 WebGUI没有正确地过滤某些邮件附件。如果用户在使用协作系统的邮件功能的话，就可以向协作系统发送包含有可执行程序（如perl程序、shell脚本或php页面）的附件；如果Web服务器设置可可执行上述类型文件，从协作系统的web视图点击文件就会执行程序。 Plain Black Software WebGUI 7.x 临时解决方法： 编辑lib/WebGUI/Storage.pm并用以下代码替换addFileFromScalar方式： sub...

bncwi-lfi.txt

:::::::-. ... ::::::. :::. ;;, ';, ;; ;;;;;;;, ;;; ' . ' $$, $$$$ $$$ $$$ "Y$c$$ 888,o8P'88 .d888 888 Y88 MMMMP" "YmmMMMM"" MMM YM Discovered by dun \ dunatstrcpy.pl BNCwi = 1.04 Local File Inclusion Vulnerability Script: "BNCwi is a Open-Source webinterface for psyBNC. With it you easily can...

Gravity GTD 0.4.5 - Local File Inclusion Remote Code Execution

Gravity GTD 0.4.5 - Local File Inclusion Remote Code Execution :::::::-. ... ::::::. :::. ;;, ';, ;; ;;;;;;;, ;;; ' . ' $$, $$$$ $$$ $$$ "Y$c$$ 888,o8P'88 .d888 888 Y88 MMMMP" "YmmMMMM"" MMM YM Discovered by dun \ dunatstrcpy.pl gravity-gtd = 0.4.5 LFI/RCE Vulnerability Script: An open source lis...

Gravity GTD <= 0.4.5 (rpc.php objectname) LFI/RCE Vulnerability

Exploit for unknown platform in category web applications =============================================================== Gravity GTD = 0.4.5 rpc.php objectname LFI/RCE Vulnerability =============================================================== :::::::-. ... ::::::. :::. ;;, ';, ;; ;;;;;;;, ;;;...

BNCwi 1.04 - Local File Inclusion

BNCwi 1.04 - Local File Inclusion :::::::-. ... ::::::. :::. ;;, ';, ;; ;;;;;;;, ;;; ' . ' $$, $$$$ $$$ $$$ "Y$c$$ 888,o8P'88 .d888 888 Y88 MMMMP" "YmmMMMM"" MMM YM Discovered by dun \ dunatstrcpy.pl BNCwi = 1.04 Local File Inclusion Vulnerability Script: "BNCwi is a Open-Source webinterface for...

Check New 4.52 (findoffice.php search) Remote SQL Injection Exploit

No description provided by source. !/usr/bin/perl -w ===================================================================== Check New 4.52 findoffice.php search Remote SQL Injection Exploit =====================================================================...

BNCwi <= 1.04 Local File Inclusion Vulnerability

Exploit for unknown platform in category web applications ================================================ BNCwi = 1.04 Local File Inclusion Vulnerability ================================================ :::::::-. ... ::::::. :::. ;;, ';, ;; ;;;;;;;, ;;; ' . ' $$, $$$$ $$$ $$$ "Y$c$$ 888,o8P'88...

checknew-sql.txt

!/usr/bin/perl -w ===================================================================== Check New 4.52 findoffice.php search Remote SQL Injection Exploit ===================================================================== ,--^----------,--------,-----,-------^--, | ||||||||| --------' | O .. CW...

AssoCIateD 1.4.4 Remote Cross Site Scripting Vulnerability

============================================================== AssoCIateD 1.4.4 Remote Cross Site Scripting Vulnerability ============================================================== ,--^----------,--------,-----,-------^--, | ||||||||| --------' | O .. CWH Underground Hacking Team...

KTP Computer Customer Database CMS 1.0 - Blind SQL Injection

================================================ KTPCCD CMS Blind SQL Injection Vulnerability ================================================ ,--^----------,--------,-----,-------^--, | ||||||||| --------' | O .. CWH Underground Hacking Team .. +---------------------------^----------| ,-------, ...

ktpccd-lfi.txt

!/usr/bin/perl -w ====================================== KTPCCD Local File Inclusion Exploit ====================================== ,--^----------,--------,-----,-------^--, | ||||||||| --------' | O .. CWH Underground Hacking Team .. +---------------------------^----------| ,-------, | / XXXXXX...

txtblog-lfi.txt

============================================================ TxtBlog index.php m Local File Inclusion Vulnerability ============================================================ ,--^----------,--------,-----,-------^--, | ||||||||| --------' | O .. CWH Underground Hacking Team...

All Club CMS &lt;= 0.0.2 Remote DB Config Retrieve Exploit

No description provided by source. !/usr/bin/perl =about All Club CMS = 0.0.2 Remote DB Config Retrieve Exploit ------------------------------------------------------- by athos - stakerathotmaildotit download on http://sourceforge.net ------------------------------------------------------- Usage:...

allclubcms-dbretrieve.txt

!/usr/bin/perl =about All Club CMS 'Lynx textmode', timeout = 5, or die $!; my $send = $http-get"http://$host/$path/accms.dat"; if$send-issuccess print STDOUT $send-content; exit; else print STDERR $send-statusline; exit; if$mode = /default/i $data9 = s/\s/\0/; password $data8 = s/DBPASS/\0/;...

All Club CMS 0.0.2 - Remote Database Configuration Retrieve

All Club CMS 0.0.2 - Remote Database Configuration Retrieve !/usr/bin/perl =about All Club CMS 'Lynx textmode', timeout = 5, or die $!; my $send = $http-get"http://$host/$path/accms.dat"; if$send-issuccess print STDOUT $send-content; exit; else print STDERR $send-statusline; exit; if$mode =...

All Club CMS 0.0.2 - Remote Database Configuration Retrieve

!/usr/bin/perl =about All Club CMS 'Lynx textmode', timeout = 5, or die $!; my $send = $http-get"http://$host/$path/accms.dat"; if$send-issuccess print STDOUT $send-content; exit; else print STDERR $send-statusline; exit; if$mode = /default/i $data9 = s/\s/\0/; password $data8 = s/DBPASS/\0/;...