webSPELL 4.01.02 - 'id' Remote Edit Topics

+=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=+=--=--=--=--=--=-+ | webSPELL = 4.01.02 id Remote Edit Topics Vulnerability | Note | +=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=+=--=--=--=--=--=-+ | discovered by athos - stakerathotmaildotit | magic quotes 0 | |...

CVE-2008-0574

Cross-site scripting XSS vulnerability in index.php in webSPELL 4.01.02 allows remote attackers to inject arbitrary web script or HTML via the sort parameter in a whoisonline action...

CVE-2008-0575

The CVE-2008-0575 entry describes a Cross-site request forgery (CSRF) vulnerability in webSPELL 4.01.02, impacting the admin/admincenter.php component. The vulnerability allows remote attackers to escalate privileges by setting the superadmin level on arbitrary accounts via an “update member” act...

CVE-2008-0574

The provided connected and main CVE docs confirm CVE-2008-0574 is an XSS vulnerability in webSPELL 4.01.02. Specifically, index.php is vulnerable via the sort parameter in the whoisonline action, enabling remote attackers to inject arbitrary web script/HTML. Impact is consistent with an XSS in wh...

CVE-2007-4028

Absolute path traversal vulnerability in index.php in Webspell 4.01.02 allows remote attackers to include and execute arbitrary local files via a full pathname in the site parameter. NOTE: some of these details are obtained from third party information...

CVE-2007-4028

Absolute path traversal vulnerability in index.php in Webspell 4.01.02 allows remote attackers to include and execute arbitrary local files via a full pathname in the site parameter. NOTE: some of these details are obtained from third party information...

Directory traversal

Directory traversal vulnerability in picture.php in WebSPELL 4.01.02 and earlier, when PHP before 4.3.0 is used, allows remote attackers to read arbitrary files via a .. dot dot in the id parameter...

CVE-2007-2368

picture.php in WebSPELL 4.01.02 and earlier allows remote attackers to read arbitrary files via the file parameter...

WebSPELL <= 4.01.02 (picture.php) File Disclosure Vulnerability

Exploit for unknown platform in category web applications =============================================================== WebSPELL = 4.01.02 picture.php File Disclosure Vulnerability =============================================================== WebSPELL = 4.01.02 picture.php Remote File...

webSPELL 4.01.02 - PHP Remote Code Execution

webSPELL 4.01.02 - PHP Remote Code Execution !/usr/bin/php URL: http://www.acid-root.new.fr/ ----------------------------------------------------------------------- Usage: $argv0 -url -file Options Params: -url For example http://victim.com/webspell/ -file The file you wanna upload c99shell.php...

webSPELL 4.01.02 - PHP Remote Code Execution

!/usr/bin/php URL: http://www.acid-root.new.fr/ ----------------------------------------------------------------------- Usage: $argv0 -url -file Options Params: -url For example http://victim.com/webspell/ -file The file you wanna upload c99shell.php... Options: -prefix Table prefix default=webs...

Sql injection

SQL injection vulnerability in printview.php in webSPELL 4.01.02 and earlier allows remote attackers to execute arbitrary SQL commands via the topic parameter, a different vector than CVE-2007-1019, CVE-2006-5388, and CVE-2006-4783...

CVE-2007-1163

Affected software/module: webSPELL 4.01.02 and earlier; vulnerable file: printview.php. Vulnerability: SQL injection via the topic parameter that allows remote attackers to execute arbitrary SQL commands. This reflects the same issue described across the CVE-2007-1163 entries, using a different v...

Sql injection

SQL injection vulnerability in news.php in webSPELL 4.01.02, when registerglobals is enabled, allows remote attackers to execute arbitrary SQL commands via the showonly parameter to index.php, a different vector than CVE-2006-5388...

CVE-2007-1019

CVE-2007-1019 is a SQL injection in the webSPELL 4.01.02 system. The vulnerability occurs in news.php when register_globals is enabled, allowing remote attackers to inject arbitrary SQL via the showonly parameter to index.php (a different vector from CVE-2006-5388). Connected sources confirm the ...

webSPELL 4.01.02 - topic SQL Injection

webSPELL 4.01.02 - topic SQL Injection !/usr/bin/perl use LWP::UserAgent; use Getopt::Long; if!$ARGV2 print "\n \'/ "; print "\n -.- "; print "\n -------------------oOO------OOo-------------------"; print "\n | webSPELL "; print "\n! Example: perl ws.pl 127.0.0.1 /webspell/ -tid 1 -uid 2 -t...

webSPELL 4.01.02 (showonly) Remote Blind SQL Injection Exploit

No description provided by source. !/usr/bin/perl use LWP::UserAgent; use Getopt::Long; if!$ARGV1 print " \'/ "; print " -.- "; print " -------------------oOO------OOo-------------------"; print " | webSPELL v4.01.02 showonly Remote SQL Injection |"; print " | works only with...

webSPELL 4.01.02 - showonly Blind SQL Injection

webSPELL 4.01.02 - showonly Blind SQL Injection !/usr/bin/perl use LWP::UserAgent; use Getopt::Long; if!$ARGV1 print "\n \'/ "; print "\n -.- "; print "\n -------------------oOO------OOo-------------------"; print "\n | webSPELL v4.01.02 showonly Remote SQL Injection |"; print "\n | works only...