Click N Print Coupons 2006.01 - 'key' SQL Injection

!/usr/bin/perl Script Name: Click N' Print Coupons : "; $dir = ; chop $dir; if $dir = /exit/ print "-- Exploit FailedYou Are Exited \n"; exit; if $dir = /// else print "-- Exploit FailedNo DIR \n"; exit; print "User : "; $ID = ; chop $ID; if $ID = /exit/ print "-- Exploit FailedYou Are Exited \n"...

Google advanced techniques—GooGle Hack-vulnerability warning-the black bar safety net

google hacking is actually not anything new,at the time did not pay attention to this technology,think of webshell or something,and without too much practical use. google hacking is not so simple... Commonly used google keyword: foo1 foo2 which is associated, such as search xx company xx beauty...

CVE-2006-0727

CVE-2006-0727 describes a SQL injection in mstrack.php of MusOX DF MSAnalysis (DFMSA), used with CPG-Nuke Dragonfly CMS. An attacker can trigger path disclosure via a SQL syntax error and may be able to execute arbitrary SQL commands. The affected software is MusOX DF MSAnalysis as used in Dragon...

CVE-2005-4346

Invalid SQL syntax error in blog.php in phpBB Blog 2.2.2 and earlier allows remote attackers to obtain the full path of the application via an invalid permalink parameter to index.php, which produces an invalid SQL query that leaks the full pathname in a SQL syntax error message. NOTE: this was...

CVE-2005-4346

Invalid SQL syntax error in blog.php in phpBB Blog 2.2.2 and earlier allows remote attackers to obtain the full path of the application via an invalid permalink parameter to index.php, which produces an invalid SQL query that leaks the full pathname in a SQL syntax error message. NOTE: this was...

CVE-2005-4346

phpBB Blog 2.2.2 and earlier: A function in blog.php causes an invalid SQL query when the permalink parameter to index.php is cleansed to empty (non-digit chars stripped), leading to a SQL syntax error that leaks the full application pathname. This is not a true SQL injection in practice, but the...

phpWebThings144-2.txt

Vulnerable: phpWebThings 1.4.4 website : http://phpwebthings.org The bug in download.php ThE Exploit : http://www.target.com/download.php?file=|SQL ThE Error: You have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for the right syntax to use near 'ord...

SQL In Invision Gallery 2.0.3

Credit: By aLMaSTeR HaCKeR [email protected] Vulnerable: Invision Gallery 2.0.3 EXPLIOT: http://www.site.com/index.php?automodule=gallery&cmd=sc&cat=26&sortkey=date&orderkey=DESC&prunekey=30&st=|aLMaSTeR The Error: mySQL query error: SELECT i., m.membersdisplayname AS name, m.id AS mid, r.id a...

Dragonfly Shopping Cart Multiple vulnerabilities

Dcrab 's Security Advisory http://icis.digitalparadox.org/dcrab http://www.hackerscenter.com/ Get Dcrab's Services to audit your Web servers, scripts, networks, etc or even code them. Learn more at http://www.dbtech.org Severity: High Title: Dragonfly Shopping Cart Multiple vulnerabilities Date:...

sfgate-info.txt

Vendor: http://ls6-www.cs.uni-dortmund.de/ir/projects/SFgate/index.html Action: attempted to notify vendor with no response. Description: SFGATE gives sensitive information by allowing one to view a few lines of text from a file via an error message. It looks like a good attempt was made at...