Next Page >>
Injection Vulnerability
..SOME CODE..
EOT;
$v8->executeString($JS, 'basic.js');
Example 2: NoSQL SSJS Injection Vulnerability (PHP + MongoDB)
*************
The MongoDB shell provides a sleep() function (see
http://api.mongodb.org/js/current/symbols/src/shell_utils.js.html) which
makes time-based detection much easier to perform.
Title:
======
Bart`s CMS - SQL Injection Vulnerability
Date:
=====
2012-01-23
-------------------------------
MOPS-2010-035: e107 BBCode Remote PHP Code Execution Vulnerability
http://php-security.org/2010/05/19/mops-2010-035-e107-bbcode-remote-php-code-execution-vulnerability/
MOPS-2010-031: e107 Usersettings loginname SQL Injection Vulnerability
(UPDATED)
http://php-security.org/2010/05/16/mops-2010-031-e107-usersettings-loginname-sql-injection-vulnerability/
MOPS-2010-030: CMSQlite mod Parameter Local File Inclusion Vulnerability
http://php-security.org/2010/05/15/mops-2010-030-cmsqlite-mod-parameter-local-file-inclusion-vulnerability/
##########################################################################
# ArticleDashBoard all version SQL Injection Vulnerability #
# Homepage: http://articledashboard.com/ #
# Download: http://www.articledashboard.com/addxpc/ArticleDashboard.zip #
# SQL Injection Found by : #
# ^ Xcross87 | xcross87.info | hcegroup.net #
# Thanks to: ^ RongChauA | reaonline.net | rongchaua.net #
# Dork : Powered by Article DashBoard #
##########################################################################
Already discovered:
http://packetstormsecurity.org/0809-exploits/ephpb2b-sql.txt cceb7b553c51129e88d5553fdcb5129d E-PHP B2B Trading Marketplace Scripts suffers from a remote SQL injection vulnerability in listings.php. Homepage: <a href="http://www.darkc0de.com/" target="ext">http://www.darkc0de.com/.</a> Authored By <a href="mailto:r45c4l[at]hotmail.com">r45c4l</a>
On Wed, Sep 10, 2008 at 03:07:37PM +0300, hussin x wrote:
> |___________________________________________________|
> |
> | E-Php B2B Trading Marketplace(cid) Remote SQL Injection Vulnerability
> |
> |___________________________________________________
Vulnerabilities in PHP Applications
-----------------------------------
MOPS-2010-020: Xinha WYSIWYG Plugin Configuration Injection
Vulnerability - http://bit.ly/bLHmuS
MOPS-2010-019: Serendipity WYSIWYG Editor Plugin Configuration Injection
Vulnerability - http://bit.ly/cdxZHX
MOPS-2010-018: EFront ask_chat chatrooms_ID SQL Injection Vulnerability
- http://bit.ly/crEATq
MOPS-2010-011: DeluxeBB newthread SQL Injection Vulnerability -
Syhunt: HFS (HTTP File Server) Username Spoofing and Log
Forging/Injection Vulnerability
Advisory-ID: 200801163
Discovery Date: 1.16.2008
Release Date: 1.23.2008
Affected Applications: HFS 1.5g to and including 2.3(Beta Build
#174); and possibly HFS version 1.5f
Non-Affected Applications: HFS 1.5e and earlier versions
Class: Log Forging/Injection, Username Spoofing
data transmitted from and to the blog, this CMS sustains continuous harmonizationof your data over time.
Abstract:
=========
Vulnerability-Lab researcher discovered a remote SQL Injection vulnerability on 11in1s CMS v1.2.1.
Report-Timeline:
================
2012-03-04: Public or Non-Public Disclosure
Title: CJWSoft ASPGuest GuestBook 'edit.asp' - SQL Injection Vulnerability
Product : CJWSoft ASPGuest GuestBook
Version : Free Version
Vendor: http://www.cjwsoft.com/aspguest/default.asp
Class: Input Validation Error
Title: Lastguru ASP GuestBook 'View.asp' - SQL Injection Vulnerability
Product : Lastguru ASP GuestBook
Version : Free Version
Vendor: http://www.LastGuru.com
Class: Input Validation Error
Title:
======
Chengdu Bureau of Commerce - SQL Injection Vulnerability
Date:
=====
2012-04-23
================= IUT-CERT =================
Title: Zigurrat CMS SQL Injection Vulnerability
Vendor: www.farsi-cms.com
Dork: Design by Tagfa Co
Type: Input.Validation.Vulnerability (SQL Injection)
Fix: N/A
SektionEins GmbH
www.sektioneins.de
-= Security Advisory =-
Advisory: MyBB Password Reset Email BCC: Injection Vulnerability
Release Date: 2010/04/13
Last Modified: 2010/04/13
Author: Stefan Esser [stefan.esser[at]sektioneins.de]
Application: MyBB <= 1.4.11
= Script : PKs Movie Database version 3.0.3
= BUG 1 : Remote SQL Injection Vulnerability
exploit => www.target.com/path/index.php?num=[SQL]
####################################################################################################
# News Manager Remote SQL Injection Vulnerability #
# © Ghost Hacker , Real Hack Back :) #
####################################################################################################
#[~] Author : Ghost Hacker #
#[~] Home page : www.Real-h.com [Real Hack Back] #
#[~] Contact Me : Ghost-r00t@Hotmail.com #
#[~] Bug : SQL Injection #
#[~] From : Kingdom Saudi Arabia #
####################
- Exploits/PoCs:
####################
+--> Exploiting The (MySQL) SQL Injection Vulnerability:
Go to the sign in page at "victim.net/ACollab/sign_in.php" and use
the following vectors for injecting
your desired SQL query, namely $Q:
- In the Username field (login POST parameter): ' or $Q or ''='
- In the Password field (password POST parameter): ') or $Q or (''='
ZDI-11-134: CA Total Defense Suite UNC Management Console RegenerateReport SQL Injection Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-11-134
April 13, 2011
-- CVE ID:
CVE-2011-1653
-- CVSS:
ZDI-11-132: CA Total Defense Suite UNC Management Console DeleteReportLayout SQL Injection Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-11-132
April 13, 2011
-- CVE ID:
CVE-2011-1653
-- CVSS:
================= IUT-CERT =================
Title: Pars CMS SQL Injection Vulnerability
Vendor: www.parscms.com
Dork: Design by Virtual Develop Co
Type: Input.Validation.Vulnerability (SQL Injection)
Fix: N/A
PHP-Nuke 8.x <= Blind SQL Injection Vulnerability
1. OVERVIEW
The administration backend of PHP-Nuke 8.x is vulnerable to Blind SQL Injection.
2. BACKGROUND
--------------------------------------------------------------------
OpenConf <= 4.11 (author/edit.php) Blind SQL Injection Vulnerability
--------------------------------------------------------------------
author...............: Egidio Romano aka EgiX
mail.................: n0b0d13s[at]gmail[dot]com
software link........: http://www.openconf.com/
affected versions....: from 4.00 to 4.11
'Andy's PHP Knowledgebase' SQL Injection Vulnerability (CVE-2011-1546)
Mark Stanislav - mark.stanislav@gmail.com
I. DESCRIPTION
---------------------------------------
A vulnerability exists in a_viewusers.php allowing for SQL injection of the 's' query parameter.
II. TESTED VERSION
ZDI-07-058: Oracle E-Business Suite SQL Injection Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-07-058.html
October 16, 2007
-- CVE ID:
CVE-2007-5766
-- Affected Vendor:
Oracle
'Free Simple Software' SQL Injection Vulnerability (CVE-2010-4298)
Mark Stanislav - mark.stanislav@gmail.com
I. DESCRIPTION
---------------------------------------
A vulnerability exists in the 'Free Simple Software' download module which allows for a 'UNION SELECT' to easily expose the application administrator's plaintext password.
II. TESTED VERSION
ZDI-11-130: CA Total Defense Suite UNC Management Console DeleteFilter SQL Injection Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-11-130
April 13, 2011
-- CVE ID:
CVE-2011-1653
-- CVSS:
- BoutikOne -
Multiples SQL Injection Vulnerability
RELEASE DATE : 13.03.2011
by Alz <cdx[dot]security[at]gmail[dot]com
[-] Google Dork: "Powered by BoutikOne"
[-> categorie.php] Var <path> :
http://[target]/categories.php?path=[sqli]
Previously discovered:
http://packetstormsecurity.org/0812-exploits/estore-sql.txt 856a5dc9cba52e892cbb54bd2e1a0a82 getaphpsite e-store suffers from a remote SQL injection vulnerability in SearchResults.php. Authored By <a href="mailto:trt-turk[at]hotmail.com">ZoRLu</a>
On Fri, Dec 11, 2009 at 05:50:54AM +0100, Salvatore Fresta aka Drosophila wrote:
> E-Store SQL Injection Vulnerability
>
> Name E-Store
> Vendor http://www.getaphpsite.com
>
##########################www.BugReport.ir########################################
#
# AmnPardaz Security Research Team
#
# Title: SphereCMS Blind SQL Injection Vulnerability
# Vendor: http://sphere.xlentprojects.se/
# Vulnerable Version: 1.1 alpha (Latest version till now)
# Exploitation: Remote with browser
# Fix: N/A
###################################################################################
ECHO_ADV_86$2007
-----------------------------------------------------------------------------------------
[ECHO_ADV_86$2007] Mambo/Joomla Component rsgallery <= 2.0 beta 5 (catid) Remote SQL Injection Vulnerability
-----------------------------------------------------------------------------------------
Author : M.Hasran Addahroni
Date : November, 30 th 2007
Location : Australia, Sydney
Web : http://advisories.echo.or.id/adv/adv86-K-159-2007.txt
##########################www.BugReport.ir########################################
#
# AmnPardaz Security Research Team
#
# Title: Ananta Gazelle SQL Injection Vulnerability
# Vendor: http://www.anantasoft.com/
# Vulnerable Version: 1.0 (Latest version till now)
# Exploitation: Remote with browser
# Fix: N/A
###################################################################################
Next Page>>
|
