237 matches found
webSPELL 4.2.4 Cross Site Request Forgery / SQL Injection
Advisory ID: HTB23291 Product: webSPELL Vendor: webSPELL.org Vulnerable Versions: 4.2.4 and probably prior Tested Version: 4.2.4 Advisory Publication: January 22, 2016 without technical details Vendor Notification: January 22, 2016 Vendor Patch: February 12, 2016 Public Disclosure: February 17,...
webSPELL SQL Injection Vulnerability
webSPELL is a WEB-based content management program. A SQL injection vulnerability exists in webSPELL. Input passed to the "/cashbox.php" script via the "payid" HTTP POST parameter is not sufficiently filtered, allowing an attacker to query the application's database and execute arbitrary SQL...
SQL Injection in webSPELL
High-Tech Bridge Security Research Lab discovered two vulnerabilities in a popular CMS webSPELL developed for the needs of esport related communities. The vulnerability allows a remote authenticated attacker with cashbox access privileges to execute arbitrary SQL commands in application’s databas...
webSPELL <= 4.2.0d Local File Disclosure Exploit (.c linux)
No description provided by source. / webSPELL = 4.2.0d Local File Disclosure Exploit .c linux by Juri Gianni aka yeat - stakerathotmaildotit Description ----------- webSPELL contains one flaw that allows an attacker to disclose a local file. The issue is due to 'picture.php' script not properly...
webSPELL <= 4.01.01 Database Backup Download Vulnerability
No description provided by source. WebSPELL = 4.01.01 Accessible Database Backup Download Exploit Discovered by: Trex Visit: www.SecuritySector.org / www.UnderGround.ag Exploit: http://SITE/PATH/admin/database.php?action=write&userID=1 Solution: http://cms.webspell.org/index.php?site=files&file=1...
webSPELL <= 4.01.02 (topic) Remote SQL Injection Exploit
No description provided by source. !/usr/bin/perl use LWP::UserAgent; use Getopt::Long; if!$ARGV2 print \n \'/ ; print \n -.- ; print \n -------------------oOO------OOo-------------------; print \n | webSPELL = v4.01.02 topic Remote SQL Injection |; print \n | coded by DNX |; print \n...
webSPELL <= 4.01.02 (id) Remote Edit Topics Vulnerability
No description provided by source. +=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=+=--=--=--=--=--=-+ | webSPELL = 4.01.02 id Remote Edit Topics Vulnerability | Note | +=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=+=--=--=--=--=--=-+ | discovered by athos -...
webSPELL <= 4.2.0e (page) Remote Blind SQL Injection Exploit
No description provided by source. !/usr/bin/perl use LWP::UserAgent; use HTTP::Cookies; use Getopt::Long; '/ -.- ------------------oOO------OOo----------------- | | | / / / / | | / / / / / / / / / / / | | // // / / / // / // / // | | ///,// /./,/, // | | Security Research Division // 2oo9 |...
webSPELL 4.1.2 usergallery.php galleryID Parameter XSS
No description provided by source. source: http://www.securityfocus.com/bid/26787/info webSPELL is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browse...
Webspell wCMS-Clanscript4.01.02net<= static&static Blind SQL Injection Vulnerability
No description provided by source. ----------------------------Information------------------------------------------------ +Autor : Easy Laster +ICQ : 11-051-551 +Date : 29.09.2010 +Script : Webspell wCMS-Clanscript4.01.02net= static&static Blind SQL Injection Exploit +Price : $00,00 +Language :P...
Webspell 4.2.1 asearch.php SQL Injection Vulnerability
No description provided by source. INFORMATION +Name : webspell 4.2.1 asearch.php SQL Injection Vulnerability +Author : silent vapor +Date : 29.09.2010 +Script : webspell 4.2.1 +Price : free +Language :PHP +Discovered by silent vapor +Underground Agents +Greetz to Team-Internet,...
webSPELL <= 4.01.02 Multiple Remote SQL Injection Exploit
No description provided by source. !/usr/bin/perl use LWP::UserAgent; use Getopt::Long; if!$ARGV3 print \n \'/ ; print \n -.- ; print \n -------------------oOO------OOo--------------------; print \n | webSPELL = v4.01.02 Multiple Remote SQL Injection |; print \n | coded by DNX |; print \n...
WebSPELL <= 4.01.02 (picture.php) File Disclosure Vulnerability
No description provided by source. WebSPELL = 4.01.02 picture.php Remote File Disclosure Vulnerability Discovered by: Trex Visit: www.Trex-Online.net / www.UnderGround.ag Comment: Happy easter! / \ / \ / / / \ \ / \ /\ // / GIVE ME A CARROT OR I WILL \ \O O/ \ BLOW UP YOUR HOUSE / / ^ \ / / /...
Webspell FIRSTBORN Movie-Addon Blind SQL Injection Vulnerability
No description provided by source. ======================================================================================== | Title : Webspell FIRSTBORN Movie-Addon Blind SQL Injection Vulnerability | Author : Easy Laster | Script : Webspell FIRSTBORN Movie-Addon | Site : www.firstborn.de | Price...
Webspell dailyinput Movie Addon 4.2.x SQL Injection Vulnerability
No description provided by source. ======================================================================================== | Title : Webspell 4.2.x dailyinput Movie-Addon SQL Injection Vulnerability | Author : Easy Laster | Script : Webspell 4.2.x dailyinput Movie-Addon | Site :...
Webspell 4.x - safe_query Bypass Vulnerability
No description provided by source. INFORMATION +Name : Webspell 4.X safequery bypass Vulnerability +Author : silent vapor +Date : 29.09.2010 +Script : webspell +Price : free +Language :PHP +Discovered by silent vapor +Underground Agents +Greetz to Team-Internet, 4004-Security-Project, Easy Laster...
webSPELL <= 4.01 (title_op) Remote SQL Injection Exploit
No description provided by source. ? errorreportingEERROR; function xssinit if !extensionloaded'phpcurl' if !dl'curl.so' and !dl'phpcurl.so' and !dl'phpcurl.dll' die oo error - cannot load curl extension!; function xssheader echo...
webSPELL <= 4.01.01 (getsquad) Remote SQL Injection Exploit
No description provided by source. WebSPELL = 4.01.01 getsquad Remote SQL Injection Exploit by: Kiba EXPLOIT: http://PAGE/PATH/index.php?site=squads&getsquad=Where+1=0+Union+Select+1,1,username,1,password,1+from+PREFIXuser/ REPLACE: if the website is http://yourwebsite.de/webspell/index.php PAGE...
webSPELL 4.1.2 - 'index.php' Cross-Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/28294/info webSPELL is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the...
webSPELL 4.1.2 calendar.php Multiple Parameter XSS
No description provided by source. source: http://www.securityfocus.com/bid/26787/info webSPELL is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browse...