26 matches found
EUVD-2009-0450
Malware in sbrugna...
EUVD-2006-1484
Malware in sbrugna...
EUVD-2008-2692
Malware in sbrugna...
WebAlbum <= 2.02pl COOKIE[skin2] Remote Code Execution Exploit
No description provided by source. !/usr/bin/php -q -d shortopentag=on ? echo WebAlbum = 2.02pl $COOKIEskin2 remote cmmnds xctn \r\n; echo by rgod [email protected]\r\n; echo site: http://retrogod.altervista.org\r\n\r\n; echo - this works with magicquotesgpc=Off\r\n; echo dork: WEBalbum 2004-200...
WEBalbum 2.0 SQL Injection Vulnerability
Attacker can inject some malicious code http://127.0.0.1/webalbum/photo.php?id=SQL ======================== Demos : http://www.shutterpoint.co.uk/webalbum/photo.php?id=2869' www.escuelacardiel.com/galeria/photo.php?id=64' http://inco.nu/webalbum/photo.php?id=646'...
Sql injection
SQL injection vulnerability in photo.php in WEBalbum 2.4b allows remote attackers to execute arbitrary SQL commands via the id parameter...
CVE-2009-0446
SQL injection vulnerability in photo.php in WEBalbum 2.4b allows remote attackers to execute arbitrary SQL commands via the id parameter...
CVE-2009-0446
CVE-2009-0446 concerns a SQL injection in photo.php of WEBalbum 2.4b, allowing remote attackers to execute arbitrary SQL via the id parameter. The root cause is improper input handling in the affected script, enabling concatenation/execution of malicious queries. The NVD entry assigns a base scor...
WEBalbum 2.4b (photo.php id) Blind SQL Injection Exploit
Exploit for unknown platform in category web applications ======================================================== WEBalbum 2.4b photo.php id Blind SQL Injection Exploit ======================================================== 1 $url = $argv1; $r = strlenfilegetcontents$url."+and+1=1--"; echo...
WEBalbum 2.4b SQL Injection
xoron 1 $url = $argv1; $r = strlenfilegetcontents$url."+and+1=1--"; echo "\nExploiting:\n"; $w = strlenfilegetcontents$url."+and+1=0--"; $t = abs100-$w/$r100; echo "Username: "; for $i=1; $i $t-1 $count = $i; $i = 30; for $j = 1; $j $t-1 $laenge =...
WEBalbum 2.4b (photo.php id) Blind SQL Injection Exploit
No description provided by source. ?php iniset"maxexecutiontime",0; printr' WEBalbum v2.4b Blind SQL Injection Exploit Some webpages have a diffirint table name ---- xoron ----- [email protected] XORON c 2009 WARNING!: php xoron.php "http://www.web-album.org/PATH/photo.php?id=1" '; if $argc 1 $ur...
WEBalbum 2.4b - id Blind SQL Injection
WEBalbum 2.4b - id Blind SQL Injection xoron 1 $url = $argv1; $r = strlenfilegetcontents$url."+and+1=1--"; echo "\nExploiting:\n"; $w = strlenfilegetcontents$url."+and+1=0--"; $t = abs100-$w/$r100; echo "Username: "; for $i=1; $i $t-1 $count = $i; $i = 30; for $j = 1; $j $t-1 $laenge =...
WEBalbum 2.4b - 'id' Blind SQL Injection
xoron 1 $url = $argv1; $r = strlenfilegetcontents$url."+and+1=1--"; echo "\nExploiting:\n"; $w = strlenfilegetcontents$url."+and+1=0--"; $t = abs100-$w/$r100; echo "Username: "; for $i=1; $i $t-1 $count = $i; $i = 30; for $j = 1; $j $t-1 $laenge =...
WEBalbum Local File Include Vulnerability
The remote web server is running WEBalbum which is affected by a local file include vulnerability. SPDX-FileCopyrightText: 2008 Josh Zlatin-Amishav Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...
CVE-2008-2698
The CVE-2008-2698 entry affects WEBalbum 2.0 and earlier, with concrete details in connected sources. The vulnerability is a cross-site scripting (XSS) flaw in photo_add-c.php (the “add comment” section). It allows remote attackers to inject arbitrary web script or HTML via one of three parameter...
WEBAlbum <= 2.0 Remote Stored Cross Site Scripting Vulnerability
================================================================ WEBAlbum = 2.0 Remote Stored Cross Site Scripting Vulnerability ================================================================ AUTHOR : CWH Underground DATE : 5 June 2008 SITE : www.citec.us APPLICATION : WEBAlbum VERSION : = 2.0...
webalbum-xss.txt
================================================================ WEBAlbum XSS Vulnerabilities POST Variable: id POST Variable: category Greetz: ZeQ3uL, BAD $ectors, Snapter, Conan, Win7dos, JabAv0C...
WEBalbum skin2 Cookie Parameter Traversal Local File Inclusion
The remote host is running WEBalbum, a photo album application written in PHP. The installed version of WEBalbum fails to sanitize user input to the 'skin2' cookie in 'inc/incmain.php' before using it to include arbitrary files. An unauthenticated attacker may be able to read arbitrary local file...
CVE-2006-1480
Directory traversal vulnerability in start.php in WebAlbum 2.02 allows remote attackers to include arbitrary files and execute commands by 1 injecting code into local log files via GET commands, then 2 accessing that log via a .. dot dot sequence and a trailing null %00 byte in the skin2 COOKIE...
Directory traversal
Directory traversal vulnerability in start.php in WebAlbum 2.02 allows remote attackers to include arbitrary files and execute commands by 1 injecting code into local log files via GET commands, then 2 accessing that log via a .. dot dot sequence and a trailing null %00 byte in the skin2 COOKIE...