XMB <= 1.9.6 Final basename() Remote Command Execution Exploit

No description provided by source. !/usr/bin/php -q -d shortopentag=on ? echo XMB = 1.9.6 Final basename 'langfilenew' arbitrary local inclusion / remote commands xctn\n; echo by rgod [email protected]\n; echo site: http://retrogod.altervista.org\n; echo dork: \Powered by XMB\n\n; / works...

WordPress Couponer plugin <= 1.2 - SQL Injection

No description provided by source. Exploit Title: WordPress Couponer plugin = 1.2 SQL Injection Vulnerability Date: 2011-08-31 Author: Miroslav Stampar miroslav.stamparatgmail.com @stamparm Software Link: http://downloads.wordpress.org/plugin/couponer.zip Version: 1.2 tested Note: magicquotes has...

pragmaMX Module Landkarten 2.1 - Local File Inclusion Exploit (win)

No description provided by source. !Perl pragmaMX Landkartenmodule 2.1 Local File Inclusion Exploit Vendor: http://www.pragmamx.org/Downloads-op-getit-lid-599-noJpC-.html Vulnerable Code: requireoncemodules/$modulename/inc/conf.php; Coded by bd0rk || SOH-Crew Greetz: str0ke, Diddi, seduce, TheJT,...

WordPress Evarisk plugin <= 5.1.3.6 - SQL Injection Vulnerability

No description provided by source. Exploit Title: WordPress Evarisk plugin = 5.1.3.6 SQL Injection Vulnerability Date: 2011-08-28 Author: Miroslav Stampar miroslav.stamparatgmail.com @stamparm Software Link: http://downloads.wordpress.org/plugin/evarisk.5.1.3.6.zip Version: 5.1.3.6 tested Note:...

WordPress Facebook Promotions plugin <= 1.3.3 - SQL Injection Vulnerability

No description provided by source. Exploit Title: WordPress Facebook Promotions plugin = 1.3.3 SQL Injection Vulnerability Date: 2011-08-28 Author: Miroslav Stampar miroslav.stamparatgmail.com @stamparm Software Link: http://downloads.wordpress.org/plugin/fbpromotions.1.3.3.zip Version: 1.3.3...

PHP Album <= 0.3.2.3 - Remote Command Execution Exploit

No description provided by source. !/usr/bin/php -q -d shortopentag=on ? echo PHP Album = 0.3.2.3 remote cmmnds xctn\r\n; echo by rgod [email protected]\r\n; echo site: http://retrogod.altervista.org\r\n; echo - this works with magicquotesgpc=Off & registerglobals=On\r\n; echo dork: \powered by...

Flux CMS <= 1.5.0 (loadsave.php) Remote Arbitrary File Overwrite Exploit

No description provided by source. ?php / ------------------------------------------------------------------------ Flux CMS = 1.5.0 loadsave.php Remote Arbitrary File Overwrite Exploit ------------------------------------------------------------------------ author...: EgiX mail.....:...

PhpMyLogon 2.0 - SQL Injection Vulnerability

No description provided by source. Exploit Title: PhpMyLogon SQL Injection Date: March 14, 2010 Author: Blake Software Link: http://sourceforge.net/projects/phpmylogon/files/PhpMyLogon/PhpMyLogon%202/phpmylogon2.zip/download Version: 2 Tested on: Windows XP SP3 Proof of Concept: Enter the followi...

Nucleus CMS <= 3.22 (DIR_LIBS) Arbitrary Remote Inclusion Exploit

No description provided by source. !/usr/bin/php -q -d shortopentag=on ? echo Nucleus = 3.22 arbitrary remote inclusion exploit\r\n; echo by rgod [email protected]\r\n; echo site: http://retrogod.altervista.org\r\n\r\n; echo this is called the \deadly eyes of Sun-tzu\r\n; echo dork: Copyright...

dotProject 2.1.5 - SQL Injection Vulnerability

No description provided by source. Exploit Title: dotProject 2.1.5 SQL Injection Vulnerability Google Dork: intitle:dotproject Date: 2011-12-09 Author: sherl0ck sherl0ckatalligatorteamdotorg @AlligatorTeam Software Link: http://www.dotproject.net/ Version: 2.1.5 tested Tested on: Debian GNU/Linux...

EQdkp <= 1.3.2 (listmembers.php rank) Remote SQL Injection Exploit

No description provided by source. !/usr/bin/perl -w EQdkp = 1.3.2 SQL Injection Exploit Discovered by: Silentz Payload: Admin Username & Hash Retrieval Website: http://www.w4ck1ng.com Vulnerable Code listmembers.php: $sql = 'SELECT m., m.memberearned-m.memberspent+m.memberadjustment AS...

Azucar CMS <= 1.3 (admin/index_sitios.php) File Inclusion Vulnerability

No description provided by source. +------------------------------------------------------------------------------------------- + Azucar CMS = 1.3 VIEW Remote File Include Vulnerability +------------------------------------------------------------------------------------------- + Affected Softwar...

Simpli Easy (AFC Simple) Newsletter <= 4.2 XSS/Information Leakage

No description provided by source. Simpli Easy AFC Simple Newsletter = 4.2 XSS/Information Leakage Date: 30.10.2010 Author: p0deje | http://p0deje.blogspot.com Software Link: http://scubadivingcalculators.com/simpli-easy-newsletter.php Version: = 4.2 1. Cross-site Scripting Vulnerable code: cp.ph...

php recommend <= 1.3 (ab/rfi/ci) Multiple Vulnerabilities

No description provided by source. Php Recommend =1.3 Authentication Bypass/Remote File Include/Code Injection Exploits Author: scriptjunkie scriptjunkie.1 nospam googlemail nospam com Condition: RFI: allowurlfopen = On code injection: magicquotesgpc = Off Exploits: Authentication Bypass: change...

mySeatXT 0.2134 - SQL Injection

No description provided by source. + Exploit: mySeatXT 0.2134 + Author: vinicius777 + Contact: vinicius777 AT gmail @vinicius777 + Vendor Homepage: http://sourceforge.net/projects/myseat 1 Sql Injection PoC: http://localhost/mySeatXT/web/ajax/autocompleteres.php?term=99' 'SQL INJECT' Vulnerable...

Wordpress Livesig Plugin 0.4 - Remote File Inclusion

No description provided by source. Exploit Title: Livesig Wordpress plugin RFI Google Dork: inurl:wp-content/plugins/livesig Date: 09/19/2011 Author: Ben Schmidt supernothing AT spareclockcycles.org @supernothing Software Link: http://wordpress.org/extend/plugins/livesig/download/ Version: 0.4...

WordPress Tweet Old Post plugin <= 3.2.5 - SQL Injection Vulnerability

No description provided by source. Exploit Title: WordPress Tweet Old Post plugin = 3.2.5 SQL Injection Vulnerability Date: 2011-09-05 Author: sherl0ck sherl0ck at alligatorteam dot org Software Link: http://downloads.wordpress.org/plugin/tweet-old-post.zip Version: 3.2.5 tested --------------- P...

Arab Portal <= 2.2 (mod.php module) Local File Inclusion Vulnerability

No description provided by source. || || | || o,7 || . o7 || q||| o\, : / / . /QQQQQQQQQQQQQQQQQQQ\ /QQQ/\QQQ\ /QQQQQ/ \QQQQQQ\ /QQQQ/ QQQQ\ /QQQQ/ \QQQQ\ |QQQQ/ By Qabandi \QQQQ| |QQQQ| |QQQQ| |QQQQ| From Kuwait, PEACE... |QQQQ| |QQQQ| |QQQQ| |QQQQ\ iqaahotmail.fr /QQQQ| \QQQQ\ /QQQQ/ \QQQQ...

IRSR <= 0.2 (_sysSessionPath) Remote File Include Vulnerability

No description provided by source. / + + - - - DEVIL TEAM THE BEST POLISH TEAM - - + + + - IRSR - Invisionix Roaming System Remote = 0.2 sysSessionPath Remote File Include Vulnerabilities + + + - Script name: IRSR - Invisionix Roaming System Remote v. 0.2 - Script site: http://www.invisionix.org ...

Unclassified NewsBoard <= 1.6.1 patch 1 Arbitrary Local Inclusion Exploit

No description provided by source. !/usr/bin/php -q -d shortopentag=on ? echo Unclassified NewsBoard = 1.6.1 patch 1 ABBCConfigsmileset arbitrary\r\n; echo local inclusion\r\n; echo by rgod [email protected]\r\n; echo site: http://retrogod.altervista.org\r\n\r\n; echo works with registerglobals ...