c512deac7f
1 new exploits Nitrotech 0.0.3a - (includes/common.php) Remote Code Execution Nitrotech 0.0.3a - Remote Code Execution Basic-CMS - 'index.php' SQL Injection Basic-CMS - SQL Injection Simple Customer 1.2 - (Authentication Bypass) SQL Injection SaturnCMS - (view) Blind SQL Injection Simple Customer 1.2 - Authentication Bypass SaturnCMS - Blind SQL Injection Free Directory Script 1.1.1 - (API_HOME_DIR) Remote File Inclusion Free Directory Script 1.1.1 - 'API_HOME_DIR' Parameter Remote File Inclusion MyTopix 1.3.0 - (notes send) SQL Injection MyTopix 1.3.0 - SQL Injection RevSense - (Authentication Bypass) SQL Injection RevSense 1.0 - Authentication Bypass AskPert - (Authentication Bypass) SQL Injection AskPert - Authentication Bypass Natterchat 1.1 - (Authentication Bypass) SQL Injection Natterchat 1.1 - Authentication Bypass Natterchat 1.12 - (Authentication Bypass) SQL Injection ToursManager - 'tourview.php tourid' Blind SQL Injection Natterchat 1.12 - Authentication Bypass ToursManager - 'tourview.php' Blind SQL Injection VCalendar - 'VCalendar.mdb' Remote Database Disclosure Joomla! Component Thyme 1.0 - (event) SQL Injection e107 Plugin ZoGo-Shop 1.15.4 - (product) SQL Injection VCalendar - Remote Database Disclosure Joomla! Component Thyme 1.0 - SQL Injection e107 Plugin ZoGo-Shop 1.15.4 - 'product' Parameter SQL Injection Vlog System 1.1 - (blog.php user) SQL Injection Vlog System 1.1 - SQL Injection Netartmedia Cars Portal 2.0 - (image.php id) SQL Injection Netartmedia Blog System - 'image.php id' SQL Injection PG Real Estate - (Authentication Bypass) SQL Injection Pilot Group PG Roommate Finder Solution - (Authentication Bypass) SQL Injection PG Job Site - (poll_view_id) Blind SQL Injection Netartmedia Cars Portal 2.0 - SQL Injection Netartmedia Blog System - SQL Injection PG Real Estate - Authentication Bypass Pilot Group PG Roommate Finder Solution - Authentication Bypass PG Job Site - Blind SQL Injection bandwebsite 1.5 - SQL Injection / Cross-Site Scripting WebStudio CMS - 'index.php pageid' Blind SQL Injection Bandwebsite 1.5 - SQL Injection / Cross-Site Scripting WebStudio CMS - Blind SQL Injection nitrotech 0.0.3a - Remote File Inclusion / SQL Injection Nitrotech 0.0.3a - Remote File Inclusion / SQL Injection WebStudio eHotel - (pageid) Blind SQL Injection WebStudio eCatalogue - (pageid) Blind SQL Injection FAQ Manager 1.2 - (categorie.php cat_id) SQL Injection WebStudio eHotel - Blind SQL Injection WebStudio eCatalogue - Blind SQL Injection FAQ Manager 1.2 - 'categorie.php' SQL Injection FAQ Manager 1.2 - (config_path) Remote File Inclusion Clean CMS 1.5 - (full_txt.php id) Blind SQL Injection FAQ Manager 1.2 - 'header.php' Remote File Inclusion Clean CMS 1.5 - Blind SQL Injection SimpleBlog 3.0 - (simpleBlog.mdb) Database Disclosure SimpleBlog 3.0 - Database Disclosure VideoGirls BiZ - 'view_snaps.php type' Blind SQL Injection Jamit Job Board 3.x - (show_emp) Blind SQL Injection WebStudio CMS - (pageid) Blind SQL Injection (mil mixup) VideoGirls BiZ - Blind SQL Injection Jamit Job Board 3.x - Blind SQL Injection My Click Counter 1.0 - Authentication Bypass ParsBlogger - 'blog.asp wr' SQL Injection ParsBlogger - 'blog.asp' SQL Injection TxtBlog 1.0 Alpha - (index.php m) Local File Inclusion TxtBlog 1.0 Alpha - Local File Inclusion Family Project 2.x - (Authentication Bypass) SQL Injection RakhiSoftware Shopping Cart - (subcategory_id) SQL Injection Family Project 2.x - Authentication Bypass RakhiSoftware Shopping Cart - SQL Injection Ocean12 Membership Manager Pro - (Authentication Bypass) SQL Injection Ocean12 Membership Manager Pro - Authentication Bypass Turnkey Arcade Script - 'id' SQL Injection (1) Turnkey Arcade Script - SQL Injection (1) Basic-CMS - 'index.php id' Blind SQL Injection Booking Centre 2.01 - (Authentication Bypass) SQL Injection Basic-CMS - Blind SQL Injection Booking Centre 2.01 - Authentication Bypass Natterchat 1.12 - (Natterchat112.mdb) Database Disclosure Natterchat 1.12 - Database Disclosure VIDEOSCRIPT.us - (Authentication Bypass) SQL Injection VIDEOSCRIPT.us - Authentication Bypass Turnkey Arcade Script - 'id' SQL Injection (2) Turnkey Arcade Script - SQL Injection (2) WEB Calendar - Remote Database Disclosure Web Calendar - Remote Database Disclosure Crossday Discuz! 2.0/3.0 - Cross-Site Scripting Discuz! 2.0/3.0 - Cross-Site Scripting 8Pixel.net SimpleBlog 2.1 - Multiple Input Validation Vulnerabilities SimpleBlog 2.1 - Multiple Input Validation Vulnerabilities
12 lines
531 B
Text
Executable file
12 lines
531 B
Text
Executable file
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
[x] Type: Admin login bypass via SQLi
|
|
[x] Vendor: http://software.friendsinwar.com/
|
|
[x] Script Name: My Click Counter
|
|
[x] Script Version: 1.0
|
|
[x] Script DL: http://software.friendsinwar.com/downloads.php?cat_id=2&file_id=15
|
|
[x] Author: AnarchyAngel AKA Adam
|
|
[x] Mail : anarchy[dot]ang31@gmail[dot]com
|
|
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
|
|
Navigate to scripts admin login page and submit ' or ''=' for username and password
|
|
it should give you access to the admin area. Enjoy >:)
|