Micro CMS 3.5 - revert-content.php SQL Injection

Micro CMS 3.5 - revert-content.php SQL Injection not sec group http://www.notsec.com [email protected] Micro CMS 3.5 Class: SQL Injection Found: 28/08/2007 Remote: Yes Site: http://www.impliedbydesign.com/ibd-micro-cms-static-content-manager.html Download:...

Micro CMS 3.5 - 'revert-content.php' SQL Injection

not sec group http://www.notsec.com [email protected] Micro CMS 3.5 Class: SQL Injection Found: 28/08/2007 Remote: Yes Site: http://www.impliedbydesign.com/ibd-micro-cms-static-content-manager.html Download: http://www.impliedbydesign.com/apps/microcms/microcms.zip Demo site:...

2532|Gigs 1.2.1 (activateuser.php) Local File Inclusion Vulnerability

Exploit for unknown platform in category web applications ===================================================================== 2532|Gigs 1.2.1 activateuser.php Local File Inclusion Vulnerability =====================================================================...

linpha131-sql.txt

order = $REQUEST'order'; 188. 189. if$defaultorder != $REQUEST'order' 190. 191. $this-linkaddress .= '&order='.$REQUEST'order'; 192. 193. 194. else 195. 196. $this-order = $defaultorder; 197. 198. 199. 200. // 201. // set sql query string 202. // 203. function setSql$sqlbegin,$sqlwhere 204. 205...

phpbbsupanav-rfi.txt

phpBB Module SupaNav 1.0.0 linkmain.php Remote File Inclusion Vulnerability Vendor: http://www.phpbbhacks.com/download/8003 Download: http://www.phpbbhacks.com/load.php?id=8003 Founder: bd0rk Website 1: www.soh-crew.it.tt Website 2: www.school-of-hack.net Contact: bd0rkathackermail.com ICQ:...

ecms-bypass.txt

Entertainment CMS Admin Login Bypass Web: Entertainment CMS Demo : http://multimedia.mydlstore.net/ Download: http://rapidshare.com/files/39640099/enter-cms.rar Author: Kw3rLn tehlostbyteatYaHoOd0tCom Romanian Security Team Ethical Hacking - hTTp://RSTZONE.nET Vulnerable codE: $adminOK=0; if...

Entertainment CMS Admin Login Bypass

Entertainment CMS Admin Login Bypass Web: Entertainment CMS Demo : http://multimedia.mydlstore.net/ Download: http://rapidshare.com/files/39640099/enter-cms.rar Author: Kw3rLn tehlostbyteatYaHoOd0tCom Romanian Security Team Ethical Hacking - hTTp://RSTZONE.nET Vulnerable codE: $adminOK=0; if...

eTicket v.1.5.1.1 Multiple Cross-Site Scripting

eTicket v.1.5.1.1 Multiple Cross-Site Scripting Author: Attila Gerendi Darkz Date: June 29, 2007 Package: eTicket http://eticket.sourceforge.net/ Versions Affected: v.1.5.1.1 Other versions may also be affected Severity: XSS Input passed to "$SERVER'REQUESTURI'" in various scrips and includes is...

avarcade-admin.txt

AV Arcade 2.1b COOKIEavauserid Get Admin Rights Web: AV Arcade 2.1b Site : www.avscripts.net Dork : "Powered By AV Arcade" Author: Kw3rLn tehlostbyteatYaHoOd0tCom Romanian Security Team Ethical Hacking - hTTp://RSTZONE.nET Vurnerable code: admin/index.php: $sql = mysqlquery"SELECT FROM avausers...

webchat-sql.txt

webchat 0.78 Class: SQL Injection Published 28/06/2007 Remote: Yes Critical Level : Dangerous Site: http://sourceforge.net/projects/webdev-webchat/ Download: http://downloads.sourceforge.net/webdev-webchat/webchat-078.zip?modtime=1046649600&bigmirror=0 Vulnerable code: login.php...

SiteDepth CMS 3.44 - 'ShowImage.php?name' File Disclosure

Sitedepth CMS 3.44 Local File Include LFI Exploit ! Application homepage : http://www.sitedepth.com/ ! Author : H4 / Team XPK ! Contact : [email protected] ! Bug discovered : 2006-11-07 ! Bug published : 2007-06-25 --------------------------------------------------------------------- Vuln. code:...

NetClassifieds - SQL Injection Cross-Site Scripting Full Path

NetClassifieds - SQL Injection Cross-Site Scripting Full Path Application: NetClassifieds: -Free Edition -Standard Edition -Professional Edition -Premium Edition Web Site: http://www.scriptdevelopers.net/ Versions: all Platform: linux, windows Bug: multiple injection sql , xss , full path Fix...

NetClassifieds - SQL Injection / Cross-Site Scripting / Full Path

Application: NetClassifieds: -Free Edition -Standard Edition -Professional Edition -Premium Edition Web Site: http://www.scriptdevelopers.net/ Versions: all Platform: linux, windows Bug: multiple injection sql , xss , full path Fix Available: Yes...

Fuzzylime Forum 1.0 (low.php topic) Remote SQL Injection Exploit

No description provided by source. !/usr/bin/perl -w Fuzzylime Forum 1.0 SQL Injection Exploit Discovered by: Silentz Payload: Admin Username & Hash Retrieval Website: http://www.w4ck1ng.com Vulnerable Code low.php: $gettopicid = mysqlquery"SELECT FROM $tableprefixthreads WHERE...

[Full-disclosure] Windows Oday release

dear all SChannel Off-By-One Heap Corruption =================================== Discovery Date: 28th August 2006 Date reported to Microsoft: 19th March 2007 Summary: The Secure Channel SChannel library on WinXP-SP1/SP2 is vulnerable to a off-by-one heap buffer overwrite. The SChannel library...

fuzzy-sql.txt

!/usr/bin/perl -w Fuzzylime Forum 1.0 SQL Injection Exploit Discovered by: Silentz Payload: Admin Username & Hash Retrieval Website: http://www.w4ck1ng.com Vulnerable Code low.php: $gettopicid = mysqlquery"SELECT FROM $tableprefixthreads WHERE threadid='$GETtopic'"; PoC:...

Fuzzylime Forum 1.0 - low.php?topic SQL Injection

Fuzzylime Forum 1.0 - low.php?topic SQL Injection !/usr/bin/perl -w Fuzzylime Forum 1.0 SQL Injection Exploit Discovered by: Silentz Payload: Admin Username & Hash Retrieval Website: http://www.w4ck1ng.com Vulnerable Code low.php: $gettopicid = mysqlquery"SELECT FROM $tableprefixthreads WHERE...

Fuzzylime Forum 1.0 (low.php topic) Remote SQL Injection Exploit

Exploit for unknown platform in category web applications ================================================================ Fuzzylime Forum 1.0 low.php topic Remote SQL Injection Exploit ================================================================ !/usr/bin/perl -w Fuzzylime Forum 1.0 SQL...

comicsense02-sql.txt

!/usr/bin/perl -w ComicSense 0.2 SQL Injection Exploit Discovered by: s0cratex Payload: Admin Username & Hash Retrieval Website: http://www.w4ck1ng.com Original Advisory: http://seclists.org/bugtraq/2007/Jun/0063.html http://milw0rm.com/exploits/4035 Vulnerable Code index.php: $sqlQuery = "SELECT...

MiniWeb Http Server 0.8.x Remote Denial of Service Exploit

No description provided by source. MiniWeb Http Server 0.8.x Remote Denial of Service MiniWeb site http://sourceforge.net/projects/miniweb/ Author: gbr Tested running the server under Windows XP SP2 Description: The server doesn't do a sanity-check on 'Content-Length' value from POST Header,...