BtiTracker <= 1.4.1 (become admin) Remote SQL Injection Vulnerability

No description provided by source. BtiTracker =v1.4.1 Remote SQL Injection Exploit Discovered by: m@ge|ozz - [email protected] Vulnerabitity: Remote Sql Injection / Problem: Any user can be Administrator Website Vendor: http://www.btiteam.org Vulnerable Code accountchange.php: if isset$GETstyle...

Sisfo Kampus 2006 - dwoprn.php?f Arbitrary File Download

Sisfo Kampus 2006 - dwoprn.php?f Arbitrary File Download original File name : PUPET-SisfoKampus2006.txt date releases : September 10, 2007 Information : ========================= Advisory Name: Sisfo Kampus 2006 Local File Downloaded Vulnerability Author: k-one A.K.A PUPET Website vendor :...

Sisfo Kampus 2006 - &#039;dwoprn.php?f&#039; Arbitrary File Download

original File name : PUPET-SisfoKampus2006.txt date releases : September 10, 2007 Information : ========================= Advisory Name: Sisfo Kampus 2006 Local File Downloaded Vulnerability Author: k-one A.K.A PUPET Website vendor : http://sisfokampus.net/ Problem : All Local File can downloaded...

BtiTracker &lt;= 1.4.1 (become admin) Remote SQL Injection Vulnerability

No description provided by source. BtiTracker =v1.4.1 Remote SQL Injection Exploit Discovered by: m@ge|ozz - [email protected] Vulnerabitity: Remote Sql Injection / Problem: Any user can be Administrator Website Vendor: http://www.btiteam.org Vulnerable Code accountchange.php: if isset$GET"style"...

btitracker-sql.txt

BtiTracker =v1.4.1 Remote SQL Injection Exploit Discovered by: m@ge|ozz - [email protected] Vulnerabitity: Remote Sql Injection / Problem: Any user can be Administrator Website Vendor: http://www.btiteam.org Vulnerable Code accountchange.php: if isset$GET"style" @mysqlquery"UPDATE users SET...

BtiTracker 1.4.1 - Become Admin SQL Injection

BtiTracker =v1.4.1 Remote SQL Injection Exploit Discovered by: m@ge|ozz - [email protected] Vulnerabitity: Remote Sql Injection / Problem: Any user can be Administrator Website Vendor: http://www.btiteam.org Vulnerable Code accountchange.php: if isset$GET"style" @mysqlquery"UPDATE users SET...

FreeWebshop &lt;=2.2.2 [local file include &amp; xss]

FreeWebshop =2.2.2 severity: hight vendor site: http://www.freewebshop.org/ impact: an anonymous user can access anyfile on the remote server PoC : http://site.com/?page=../../../../../../../../../../etc/passwd00 http://site.com/index.php?page=../../../../../../../../../../etc/passwd00 xss get :...

Simpnews include file Vulnerability

original File name : PUPET-simpnews.txt date releases : july 15, 2003 Informations : ========================= Advisory Name: Simpnews include file Vulnerability Author: PUPET [email protected] Discover by: PUPET [email protected] Website vendor : http://www.boesch-it.de/ Versions : tested on V2.01 -...