dokeos180-sql.txt

!/usr/bin/perl -w Dokeos alertdocument.cookie Also, the amount of XSS vulnerabilites in this application is truely unbelievable...

mlf17-sql.txt

!/usr/bin/perl -w My Little Forum = 1.7 SQL Injection Exploit Discovered by: Silentz Payload: Admin Username & Hash Retrieval Website: http://www.w4ck1ng.com Vulnerable Code user.php: if isset$GET'id' $id = $GET'id'; switch $action case "get userdata": if empty$id $id = $userid; else $result =...

My Little Forum 1.7 - user.php?id SQL Injection

My Little Forum 1.7 - user.php?id SQL Injection !/usr/bin/perl -w My Little Forum = 1.7 SQL Injection Exploit Discovered by: Silentz Payload: Admin Username & Hash Retrieval Website: http://www.w4ck1ng.com Vulnerable Code user.php: if isset$GET'id' $id = $GET'id'; switch $action case "get...

Dokeos <= 1.6.5 (courseLog.php scormcontopen) SQL Injection Exploit

No description provided by source. !/usr/bin/perl -w Dokeos = 1.6.5 SQL Injection Exploit Discovered by: Silentz Payload: Admin Username & Hash Retrieval Website: http://www.w4ck1ng.com Vulnerable Code courseLog.php: if $GET'scormcontopen' includeonceapigetlibrarypath.'/database.lib.php';...

Dokeos <= 1.6.5 (courseLog.php scormcontopen) SQL Injection Exploit

Exploit for unknown platform in category web applications =================================================================== Dokeos = 1.6.5 courseLog.php scormcontopen SQL Injection Exploit =================================================================== !/usr/bin/perl -w Dokeos = 1.6.5 SQL...

Dokeos 1.8.0 - my_progress.php?course SQL Injection

Dokeos 1.8.0 - myprogress.php?course SQL Injection !/usr/bin/perl -w Dokeos = 1.8.0 SQL Injection Exploit Discovered by: Silentz Payload: Admin Username & Hash Retrieval Website: http://www.w4ck1ng.com Vulnerable Code myprogress.php: ifisset$GET'course' $sqlInfosCourse = "SELECT course.code,...

NavBoard 2.6.0 - Remote Code Execution

NavBoard 2.6.0 - Remote Code Execution "; print ""; print ""; print "Main forum settings"; print ""; print "Board Title"; print ""; print ""; print ""; print "Admin email address blank will not display"; print ""; print "input type=tex...

BtiTracker &lt;= 1.4.1 (become admin) Remote SQL Injection Vulnerability

No description provided by source. BtiTracker =v1.4.1 Remote SQL Injection Exploit Discovered by: m@ge|ozz - [email protected] Vulnerabitity: Remote Sql Injection / Problem: Any user can be Administrator Website Vendor: http://www.btiteam.org Vulnerable Code accountchange.php: if isset$GET"style"...

Dokeos 1.8.0 - &#039;my_progress.php?course&#039; SQL Injection

!/usr/bin/perl -w Dokeos = 1.8.0 SQL Injection Exploit Discovered by: Silentz Payload: Admin Username & Hash Retrieval Website: http://www.w4ck1ng.com Vulnerable Code myprogress.php: ifisset$GET'course' $sqlInfosCourse = "SELECT course.code, course.title,course.dbname,CONCATuser.firstname,'...

Dokeos <= 1.8.0 (my_progress.php course) Remote SQL Injection Exploit

Exploit for unknown platform in category web applications ===================================================================== Dokeos = 1.8.0 myprogress.php course Remote SQL Injection Exploit ===================================================================== !/usr/bin/perl -w Dokeos = 1.8.0...

btitracker-sql.txt

BtiTracker =v1.4.1 Remote SQL Injection Exploit Discovered by: m@ge|ozz - [email protected] Vulnerabitity: Remote Sql Injection / Problem: Any user can be Administrator Website Vendor: http://www.btiteam.org Vulnerable Code accountchange.php: if isset$GET"style" @mysqlquery"UPDATE users SET...

faqengine-sql.txt

!/usr/bin/perl -w FAQEngine = v4.16.03 SQL Injection Exploit Discovered by: Silentz Payload: Admin Username & Hash Retrieval Website: http://www.w4ck1ng.com Vulnerable Code question.php: $sql = "select from ".$tableprefix."questions where publish=1 and questionref=$questionref order by enterdate...

FAQEngine &lt;= 4.16.03 (question.php questionref) SQL Injection Exploit

No description provided by source. !/usr/bin/perl -w FAQEngine = v4.16.03 SQL Injection Exploit Discovered by: Silentz Payload: Admin Username & Hash Retrieval Website: http://www.w4ck1ng.com Vulnerable Code question.php: $sql = "select from ".$tableprefix."questions where publish=1 and...

RedLevel Advisory #015 - Redoable 1.2 Cross-Site Scripting Vulnerability &#40;patch included&#41;

note to editors: this patch resolves this vulnerability: http://redlevel.org/wp-content/uploads/patch.zip !-- Redoable 1.2 - Cross-Site Scripting Vulnerability --------------- Vulnerable Code --------------- header.php line 6: ... elseif issearch ? Search for ?php echo $s ... searchloop.php line...

FAQEngine 4.16.03 - question.php?questionref SQL Injection

FAQEngine 4.16.03 - question.php?questionref SQL Injection !/usr/bin/perl -w FAQEngine = v4.16.03 SQL Injection Exploit Discovered by: Silentz Payload: Admin Username & Hash Retrieval Website: http://www.w4ck1ng.com Vulnerable Code question.php: $sql = "select from ".$tableprefix."questions where...

SimpNews 2.40.01 - newnr SQL Injection

SimpNews 2.40.01 - newnr SQL Injection !/usr/bin/perl -w SimpNews = 2.40.01 SQL Injection Exploit Discovered by: Silentz Payload: Admin Username & Hash Retrieval Website: http://www.w4ck1ng.com Vulnerable Code print.php: $sql = "select from ".$tableprefix."data where newsnr=$newsnr"; PoC:...

TutorialCMS &lt;= 1.00 (search.php search) SQL Injection Exploit

No description provided by source. !/usr/bin/perl -w TutorialCMS = 1.00 SQL Injection Exploit Discovered by: Silentz Payload: Admin Username & Hash Retrieval Website: http://www.w4ck1ng.com Vulnerable Code search.php: $search = $REQUEST'search'; $sql = "SELECT FROM tutorials WHERE title LIKE...

Monalbum 0.8.7 Remote Code Execution Exploit

Exploit for unknown platform in category web applications ============================================ Monalbum 0.8.7 Remote Code Execution Exploit ============================================ "; if isset$mod //submit $fichier = "../conf/config.inc.php"; $fd = fopen$fichier, "w"; $gcfgBase =...

TaskDriver <= 1.2 Login Bypass/SQL Injection Exploit

Exploit for unknown platform in category web applications ==================================================== TaskDriver = 1.2 Login Bypass/SQL Injection Exploit ==================================================== !/usr/bin/perl -w TaskDriver = 1.2 Login Bypass/SQL Injection Exploit Discovered...

TaskDriver 1.2 - Authentication Bypass SQL Injection

TaskDriver 1.2 - Authentication Bypass SQL Injection !/usr/bin/perl -w TaskDriver = 1.2 Login Bypass/SQL Injection Exploit Discovered by: Silentz Payload: Login Bypass & Admin Username & Hash Retrieval Website: http://www.w4ck1ng.com Vulnerable Code login.php: $sql = "SELECT FROM $userstable WHER...