The EarlyImpact Productcart contains multiple vulnerabilites, which could exploited to allow an attacker to steal user credentials or mount other atta...
2004-03-04
mnGoSearch vulnerability
According to http://www.securityfocus.com/bid/9667, certain versions of mnGoSearch contain a buffer overflow vulnerability which allow an attacker to ...
2004-05-12
intitle:guestbook "advanced guestbook 2.2 pow...
Advanced Guestbook v2.2 has an SQL injection problem which allows unauthorized access. Attacker
From there, hit "Admin" then do the followi...
2004-06-25
VP-ASP Shopping Cart XSS
VP-ASP (Virtual Programming - ASP) has won awards both in the US and France. It is now in use in over 70 countries. VP-ASP can be used to build any ty...
2004-07-02
vBulletin version 3.0.1 newreply.php XSS
vBulletin is a customizable forums package for web sites. It has been written in PHP and is complimented with MySQL. While a user is previewing the po...
2004-07-12
Invision Power Board SSI.PHP SQL Injection
Invision Power Board is reported prone to an SQL injection vulnerability in its 'ssi.php' script. Due to improper filtering of user supplied...
2004-08-03
inurl:gotoURL.asp?url=
ASP Nuke is an open-source software application for running a community-based web site on a web server. By open-source, we mean the code is freely ava...
2004-08-05
"powered by antiboard"
"AntiBoard is a small and compact multi-threaded bulletin board/message board system written in PHP. It uses either MySQL or PostgreSQL as the da...
2004-08-09
inurl:comersus_message.asp
About Comercus: "Comersus is an active server pages software for running a professional store, seamlessly integrated with the rest of your web si...
2004-08-09
ext:pl inurl:cgi intitle:"FormMail *" -...
FormMail is a Perl script written by Matt Wright to send mail with sendmail from the cgi-gateway. Early version didn' have a referer check. New v...
2004-08-16
Achievo webbased project management
Achievo is a free web-based project management tool for business-environments. Achievo's is mainly used for its project management capabilities. ...
2004-08-25
"Powered by Gallery v1.4.4"
http://www.securityfocus.com/bid/10968/discussion/
"A vulnerability is reported to exist in Gallery that may allow a remote attacker to execut...
2004-09-07
"Powered by Ikonboard 3.1.1"
IkonBoard (http://www.ikonboard.com/) is a comprehensive web bulletin board system, implemented as a Perl/CGI script.
There is a flaw in the Perl c...
2004-09-07
WebAPP directory traversal
WebAPP is advertised as the internet's most feature rich, easy to run PERL based portal system. The WebAPP system has a serious reverse directory...
2004-09-10
E-market remote code execution
E-market is commercial software made by a korean company(http://www.bbs2000.co.kr). A vulnerability in this software was reported to Bugtraq. The expl...
2004-09-18
"Powered *: newtelligence" ("dasBlo...
DasBlog is reportedly susceptible to an HTML injection vulnerability in its request log. This vulnerability is due to a failure of the application to ...
2004-09-21
"Powered by DCP-Portal v5.5"
DCP-Portal is more a community system than a CMS - it nevertheless calls itsself CMS. They have never seen a real CMS. Version 5.5 is vulnerable sql i...
2004-09-21
Quicksite demopages for Typo3
TYPO3 is a free Open Source content management system for enterprise purposes on the web and in intranets, featuring a set of ready-made interfaces, f...
2004-09-21
filetype:cgi inurl:tseekdir.cgi
The Turbo Seek search engine has a vulnerability. The removed user can look at the contents of files on target. A removed user can request an URL with...
2004-09-23
filetype:php inurl:index.php inurl:"module=su...
Reportedly the PostNuke Modules Factory Subjects module is affected by a remote SQL injection vulnerability.
http://securityfocus.com/bid/11148/di...
2004-09-23
filetype:cgi inurl:pdesk.cgi
PerlDesk is a web based help desk and email management application designed to streamline support requests, with built in tracking and response loggin...
2004-09-23
"Powered by IceWarp Software" inurl:mail
IceWarp Web Mail is reported prone to multiple input validation vulnerabilities. Few details regarding the specific vulnerabilities are known. These v...
2004-09-24
intitle:"MRTG/RRD" 1.1* (inurl:mrtg.cgi ...
The remote user can reportedly view the first string of any file on the system where script installed. This is a very old bug, but some sites never up...
2004-09-29
ReMOSitory module for Mambo
It is reported that the ReMOSitory module for Mambo is prone to an SQL injection vulnerability. This issue is due to a failure of the module to proper...
2004-10-05
intitle:"WordPress > * > Login form&quo...
WordPress is a semantic personal publishing platform.. it suffers from a possible XSS attacks.
http://www.securityfocus.com/bid/11268/info/...
2004-10-05
inurl:"comment.php?serendipity"
Serendipity is a weblog/blog system, implemented with PHP. It is standards compliant, feature rich and open source.
For an attacker it is possible to...
2004-10-05
"Powered by AJ-Fork v.167"
AJ-Fork is, as the name implies - a fork. Based on the CuteNews 1.3.1 core, the aim of the project is to improve what can be improved, and extend what...
2004-10-05
"Powered by Megabook *" inurl:guestbook....
MegaBook is a web-based guestbook that is intended to run on Unix and Linux variants. MegaBook is prone to multiple HTML injection vulnerabilities.
...
2004-10-09
"Powered by yappa-ng"
yappa-ng is a very powerful but easy to install and easy to use online PHP photo gallery for all Operating Systems (Linux/UNIX, Windows, MAC, ...), an...
2004-10-09
"Active Webcam Page" inurl:8080
Active WebCam is a shareware program for capturing and sharing the video streams from a lot of video devices.
Known bugs: directory traversal and ...
2004-10-10
"Powered by A-CART"
A-CART is an ASP shopping cart application written in VBScript. It is comprised of a number of ASP scripts and an Access database.
A security vu...
2004-10-10
"Online Store - Powered by ProductCart"
ProductCart is "an ASP shopping cart that combines sophisticated ecommerce features with time-saving store management tools and remarkable ease o...
2004-10-11
"Powered by FUDforum"
FUDforum is a forums package. It uses a combination of PHP & MySQL to create a portable solution that can run on virtually any operating system.
...
2004-10-11
"BosDates Calendar System " "powere...
"BosDates is a flexible calendar system which allows for multiple calendars, email notifications, repeating events and much more. All of which ar...
2004-10-12
intitle:"EMUMAIL - Login" "Powered ...
The failure to strip script tags in emumail.cgi allows for XSS type of attack.
Vulnerable systems:
* EMU Webmail version 5.0
* EMU Webmail v...
2004-10-12
intitle:"WebJeff - FileManager" intext:&...
WebJeff-Filemanager 1.x
DESCRIPTION:
A directory traversal vulnerability has been identified in WebJeff-Filemanager allowing malicious people t...
2004-10-13
inurl:"messageboard/Forum.asp?"
Multiple vulnerabilities have been found in GoSmart Message Board. A remote user can conduct SQL injection attack and Cross site scripting attack.
...
2004-10-15
"1999-2004 FuseTalk Inc" -site:fusetalk....
Fusetalk forums (v4) are susceptible to cross site scripting attacks that can be exploited by passing a img src with malicious javascript. ...
2004-10-16
"2003 DUware All Rights Reserved"
Multiple vulnerabilities have been identified in the software that may allow a remote attacker to carry out SQL injection and HTML injection attacks....
2004-10-16
"This page has been automatically generated b...
Plesk Server Administrator (PSA) is web based software that enables remote administration of web servers. It can be used on Linux and other systems th...
2004-10-19
inurl:ttt-webmaster.php
Turbo traffic trader Nitro v1.0 is a free, fully automated traffic trading script. Multiple vulnerabilities were found.
Vulnerability report: http:...
CoolPHP has multiple vulnerabilities:
* Cross-Site Scripting vulnerability (index.php)
* A Path Disclosure Vulnerability (index.php)
* Local file...
2004-10-19
"Powered by CubeCart"
--------------------------------------------------------
Full path disclosure and sql injection on CubeCart 2.0.1
----------------------------------...
2004-10-21
"Ideal BB Version: 0.1" -idealbb.com
Ideal BB has been a popular choice for powering web based bulletin boards and we are now proud to introduce our next generation bulletin board Ideal B...
2004-10-22
"Powered by YaPig V0.92b"
YaPiG is reported to contain an HTML injection vulnerability.
The problem is reported to present itself due to a lack of sanitization performed on c...
2004-10-25
inurl:"/site/articles.asp?idcategory="
Dwc_Articles is an ASP application designed to add Featured,
Recent and Popular News through an easy to use administration area.
Other features:...
2004-10-26
filetype:cgi inurl:nbmember.cgi
vulnerable Netbilling nbmember.cgi
Netbilling 'nbmember.cgi' script is reported prone to an information disclosure vulnerability. This is...
2004-10-26
"Powered by Coppermine Photo Gallery"
published Oct 20, 2004, updated Oct 20, 2004
vulnerable:
Coppermine Photo Gallery Coppermine Photo Gallery 1.0
Coppermine Photo Gallery Copperm...
2004-10-26
"Powered by WowBB" -site:wowbb.com
WowBB is reportedly affected by multiple input validation vulnerabilities. These issues are due to a failure of the application to properly sanitize u...
2004-10-26
"Powered by ocPortal" -demo -ocportal.co...
Reportedly ocPortal is affected by a remote file include vulnerability. This issue is due to a failure of the application to sanitize user supplied UR...
2004-10-26
inurl:"slxweb.dll"
SalesLogix is the Customer Relationship Management solution that
drives sales performance in small to medium-sized businesses through Sales, Marketi...
2004-10-26
"Powered by DMXReady Site Chassis Manager&quo...
It is reported that DMXReady Site Chassis Manager is susceptible to two remotely exploitable input validation vulnerabilities. These vulnerabilities a...
2004-10-26
"Powered by My Blog" intext:"FuzzyM...
FuzzyMonkey My Blog is vulnerable to multiple input validation vulnerabilities. These issues are caused by a failure to validate and filter user-suppl...
2004-10-26
inurl:wiki/MediaWiki
MediaWiki is reported prone to a cross-site scripting vulnerability. This issue arises due to insufficient sanitization of user-supplied data. A remot...
2004-10-26
"inurl:/site/articles.asp?idcategory="
Dwc_Articles, is an ASP application designed to add Featured, Recent and Popular News through an easy to use administration area. Other features: Desi...
2004-10-26
"Enter ip" inurl:"php-ping.php"...
It has been reported that php-ping may be prone to a remote command execution vulnerability that may allow remote attackers to execute commands on vul...
2004-10-27
intitle:welcome.to.horde
Horde Mail is web based email software, great for checking messages on the road. Several vulnerabilities were reported to Security Focus....
bugtraq id 11336
object
class Input Validation Error
cve CVE-MAP-NOMATCH
remote Yes
local No
published Oct 06, 2004
updated Oct 06, 2004
vul...
2004-11-05
inurl:"forumdisplay.php" +"Powered ...
vBulletin is reported vulnerable to a remote SQL injection vulnerability. This issue is due to a failure of the application to properly validate user-...
2004-11-13
inurl:technote inurl:main.cgi*filename=*
http://www.securityfocus.com/bid/2156/discussion/
Remote command execution vulnerability in the filename parameter....
2004-11-12
"running: Nucleus v3.1" -.nucleuscms.org...
Multiple unspecified vulnerabilities reportedly affect Nucleus CMS. A remote attacker may leverage these issues to steal cookie-based authentication c...
2004-11-12
"driven by: ASP Message Board"
Multiple unspecified vulnerabilities reportedly affect the Infusium ASP Message Board. A remote attacker may leverage these issues to steal cookie-bas...
2004-11-18
"Obtenez votre forum Aztek" -site:forum-...
Atztek Forum is a french forum system. Aztek Forum is reported prone to multiple input validation vulnerabilities. These issues may allow an attacker ...
2004-11-18
intext:("UBB.threadsâ„&A...
UBB.Threads 6.2.*-6.3.* one char bruteforce vulnerability:
http://www.k-otik.com/exploits/20041116.r57ubb.pl.php
...
2004-11-18
inurl:/SiteChassisManager/
Unknown SQL injection and XSS vulnerabilities in DMXReady Site Chassis Manager.
http://www.securityfocus.com/bid/11434/discussion/...
2004-11-18
inurl:directorypro.cgi
A security vulnerability in the product allows attackers to perform a directory traversal attack and access files that reside outside the normal HTTP ...
2004-11-18
inurl:cal_make.pl
A security vulnerability in PerlCal allows remote attackers to access files that reside outside the normally bounding HTML root directory.
http://...
2004-11-18
"Powered by PowerPortal v1.3"
PowerPortal is reported vulnerable to remote SQL injection. This issue is due to a failure of the application to properly validate user-supplied input...
2004-11-19
"powered by minibb" -site:www.minibb.net...
miniBB is reported vulnerable to remote SQL injection. This issue is due to a failure of the application to properly validate user-supplied input prio...
2004-11-29
inurl:"/cgi-bin/loadpage.cgi?user_id="
Description:
EZshopper is a full-featured shopping cart program.
loadpage.cgi of EZshopper allows Directory Traversal
http://www.securityfocu...
2004-11-30
intitle:"View Img" inurl:viewimg.php
It is reported that the 'viewing.php' script does not properly validate user-supplied input in the 'path' variable. A remote user ...
2004-12-01
+"Powered by Invision Power Board v2.0.0..2&q...
A remote SQL injection vulnerability affects Inivision Power Board. This issue is due to a failure of the application to properly validate user-suppli...
2004-12-01
+"Powered by phpBB 2.0.6..10" -phpbb.com...
phpbb is vulnerable to SQL Injection, allowing people to minipulate the query into pulling data (such as passwords). Arbituary EXEC allows an attacker...
2004-12-19
ext:php intext:"Powered by phpNewMan Version&...
PHP News Manager is a multi-platform compatible solution for managing websites and multi-user access. Features weekly poll management, gallery managem...
2005-01-02
"Powered by WordPress" -html filetype:ph...
Query: "Powered by WordPress" -html filetype:php -demo -wordpress.org -bugtraq
Background: WordPress is a blogging software which is vuln...
Citrix (http://citrix.com) is a web application that allows remote access via a client for companies, institutions, and government agencies to "p...
2005-01-30
"SquirrelMail version 1.4.4" inurl:src e...
date :Jan 30 2005
this search reveal the src/webmail.php which would allow a
crafted URL to include a remote web page. This was assigned CAN-2005-0...
2005-02-07
"IceWarp Web Mail 5.3.0" "Powered b...
IceWarp Web Mail 5.3.0
Multiple cross-site scripting and HTML injection vulnerabilities.
http://www.securityfocus.com/bid/12396/...
2005-02-09
"Powered by MercuryBoard [v1"
Exploit for MercuryBoard:
http://www.securityfocus.com/archive/1/389881/2005-02-06/2005-02-12/0
Enter the following search:
"Powered by Me...
2005-02-17
"delete entries" inurl:admin/delete.asp
As described in OSVDB article #13715:
"AspJar contains a flaw that may allow a malicious user to delete arbitrary messages. The issue is trigg...
2005-02-18
allintitle:aspjar.com guestbook
"An input validation vulnerability was reported in the ASPJar guestbook. A remote user can gain administrative access and can delete guestbook me...
2005-02-16
"powered by CubeCart 2.0"
This search reveals an alarming number of servers running versions of Brooky CubeCart that are reported to be prone to multiple vulnerabilities due to...
2005-03-20
Powered.by:.vBulletin.Version ...3.0.6
vBulletin is reported prone to an arbitrary PHP script code execution vulnerability. The issue is reported to exist due to a lack of sufficient input ...
2005-03-20
filetype:php intitle:"paNews v2.0b4"
PaNews is reported prone to a remote PHP script code execution vulnerability. It is reported that PHP script code may be injected into the PaNews soft...
2005-03-29
"Powered by Coppermine Photo Gallery" ( ...
Reportedly Coppermine Photo Gallery is prone to multiple input validation vulnerabilities, some of which may lead to arbitrary command execution. Thes...
2005-04-12
powered.by.instaBoard.version.1.3
InstaBoard is a coldfusion forum solution. In its version 1.3 it is vulnerable to SQL Injection.
Bugtraq ID 7338...
2005-04-04
intext:"Powered by phpBB 2.0.13" inurl:&...
phpBB 2.0.13 with installed Calendar Pro MOD are vulnerable to SQL injection attacks. An attacker can download the MD5 hashes from the account databse...
2005-05-07
intitle:"myBloggie 2.1.1..2 - by myWebland&qu...
myBloggie is affected by multiple vulnerabilities.
http://www.securityfocus.com/bid/13507...
2005-05-14
intitle:"osTicket :: Support Ticket System&qu...
osTicket is a widely-used open source support ticket system. It is a lightweight support ticket tool written mainly using PHP scripting language. Ther...
2005-05-30
inurl:sphpblog intext:"Powered by Simple PHP ...
Simple PHP Blog is vulnerable to mutiple attacks:
Vulnerabilities:
~~~~~~~~~~~~~~~~
A. Full Path disclosures
B. XSS in search.php
C. Critical I...
2005-06-03
intitle:"PowerDownload" ("PowerDown...
The PowerDownload program (version 3.0.2 and 3.0.3) contains a serious vulnerability. Vulnerability discovery: SoulBlack - Security Research (http://s...
2005-06-03
"portailphp v1.3" inurl:"index.php?...
Vulnerability has been found in parameter "id". If this variable
Any value it is possible to replace it with a sign ' is transferred
...
2005-06-03
+intext:"powered by MyBulletinBoard"
MyBB is a powerful, efficient and free forum package developed in PHP and MySQL. There is an SQL Injection Exploit available for MyBulletinBoard (MyBB...
2005-06-10
intext:"Powered by flatnuke-2.5.3" +&quo...
Description of Vulnerabilities
Multiple vulnerabilities in FlatNuke have been reported, which can be exploited by remote users to trigger denial of...
2005-06-21
intext:"Powered By: Snitz Forums 2000 Version...
Snitz Forum 2000 v 3.4.03 and older is vulnerable to many things including XSS. See http://www.gulftech.org/?node=research&article_id=00012-061620...
2005-06-24
inurl:"/login.asp?folder=" "Powered...
i-Gallery 3.3 (and possibly older) is vulnerable to many things, including /../ traversals.
http://www.packetstormsecurity.org/0506-exploits/igallery...
2005-06-24
intext:"Calendar Program ÂÂ&cop...
This search finds all pages that allow you to add events in Mark Kruse's CalendarScript. This script seems to be VERY vulnerable to HTML injectio...
2005-07-08
"powered by PhpBB 2.0.15" -site:phpbb.co...
Another php vulnerabilty, as seen here http://www.frsirt.com/exploits/20050704.phpbbSecureD.pl.php
phpBB 2.0.15 Viewtopic.PHP Remote Code Execution...
2005-08-10
intitle:"blog torrent upload"
Blog Torrent is free, open-source software that provides a way to share large files on your website.
vulnerability: free access to the password fil...
phpLDAPadmin 0.9.6 - 0.9.7/alpha5 (possibly prior versions) system disclosure,remote code execution, cross site scripting
software:
author site: h...
2005-08-30
intitle:guestbook inurl:guestbook "powered by...
Advanced Guestbook is prone to an HTML injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied i...
2005-08-30
"Powered by FUDForum 2.7" -site:fudforum...
FUDforum is prone to a remote arbitrary PHP file upload vulnerability.
An attacker can merge an image file with a script file and upload it to an a...
2005-09-04
inurl:chitchat.php "choose graphic"
rgod advises:
Cyber-Cats ChitCHat 2.0 permit cross site scripting attacks, let users launch exploits from, let remote users obtain informations on ...
2005-09-05
"Calendar programming by AppIdeas.com" f...
phpCommunityCalendar 4.0.3 (possibly prior versions) sql injection / login bypass / cross site scripting This search does not narrow to vulnerable ver...
2005-09-05
"Powered by MD-Pro" | "made with MD...
MAXdev MD-Pro 1.0.73 (possibly prior versions) remote code execution
/ cross site scripting / path disclosure
. This search does not find vulnerable...
2005-09-07
"Software PBLang" 4.65 filetype:php
my advisory:
[quote]
PBLang 4.65 (possibly prior versions) remote code execution / administrative
credentials disclosure / system information dis...
2005-09-08
"Powered by and copyright class-1" 0.24...
class-1 Forum Software v 0.24.4 Remote code execution
software:
site: http://www.class1web.co.uk/software
description:
class-1 Forum Softw...
Land Down Under is prone to an HTML injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied inpu...
2005-09-13
"powered by Gallery v" "[slideshow]...
There is a script injection vuln for all versions.
http://www.securityfocus.com/bid/14668...
2005-09-13
intitle:guestbook inurl:guestbook "powered by...
Advanced Guestbook is prone to an HTML injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied i...
WEB//NEWS 1.4 is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-suppl...
2005-09-23
"Mimicboard2 086"+"2000 Nobutaka Ma...
Mimicboard2 is prone to multiple HTML injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-suppli...
2005-09-25
"Maintained with Subscribe Me 2.044.09p"...
Subscribe Me Pro 2.0.44.09p is prone to a directory traversal vulnerability. This is due to a lack of proper sanitization of user-supplied input.
...
2005-09-25
"Powered by autolinks pro 2.1" inurl:reg...
AutoLinksPro is a linking solution. AutoLinksPro link exchange software was built for the search engines to help improve your search engine rankings, ...
2005-09-25
"CosmoShop by Zaunz Publishing" inurl:&q...
cosmoshop is a comercial shop system written as a CGI.
vulnerabilities:
sql injection, passwords saved in cleartext, view any file
http://www.sec...
2005-09-25
"Powered by Woltlab Burning Board" -&quo...
It's an exact replica of vbulletin but it is free.
SQL-Injection Exploit:
http://www.governmentsecurity.org/archive/t14850.html...
2005-09-25
intitle:"PHP TopSites FREE Remote Admin"
PHP TopSites is a PHP/MySQL-based customizable TopList script. Main features include: Easy configuration config file; MySQL database backend; unlimite...
Lucid CMS 1.0.11 SQL Injection /Login bypass
this is the dork for ther version I tested:
"Powered By: lucidCMS 1.0.11"
advisory/poc e...
2005-10-03
intitle:Mantis "Welcome to the bugtracker&quo...
cross site scripting and sql injection vunerabilities were discovered in Mantis versions 0.19.2 or less. Mantis is a web-based bugtracking system writ...
Gtchat install file.
You can disable the chat program or change the language without a admin username or password. You can also point the chatroom in...
2006-02-26
intitle:"4images - Image Gallery Management S...
Find web app: 4Images = 1.7.1
This web app is vulenrable to remote code execution exploit.
The url of exploit is this: http://milw0rm.com/id.php?id=...
2006-02-12
(intitle:"metaframe XP Login")|(intitle:...
Once you input any username, you'll get an error message. Try putting a script with some other fun commands in it. Just send some info off to be ...
2006-03-06
"Powered by Simplog"
Searches for simplog which has directory traversal and XSS velnerabilites in version <= 1.0.2
http://notlegal.ws/simplogsploit.txt
http://retr...
2006-03-13
"powered by sblog" +"version 0.7&qu...
please go here for a writeup on the vulnerability.
HTML injection.
http://www.securityfocus.com/bid/17044...
2006-03-18
"Thank You for using WPCeasy"
There is a SQL injection vulnerability in WPC.easy, resulting in full admin access to any remote attacker. Vendor was notified.
http://www.securit...
2006-02-08
"Powered by Loudblog"
this dork is for the LoudBlog <= 0.4 arbitrary remote inclusion vulnerability
advisory & poc exploit:
http://retrogod.altervista.org/loud...
2006-02-08
"This website engine code is copyright" ...
Clever Copy <= 3.0 SQL injection
dork: "This website engine code is copyright" "2005 by Clever Copy"
advisory and poc e...
2006-02-08
intitle:"b2evo installer" intext:"I...
this page lets you to know some interesting info on target machine, database name, username...
it lets you to see phpinfo() and, if you know databas...
2006-02-09
"index of" intext:fckeditor inurl:fckedi...
"index of" intext:fckeditor inurl:fckeditor
this dork is for FCKEditor script
through
editor/filemanager/browser/default/connectors...
2006-02-09
"powered by runcms" -runcms.com -runcms....
"powered by runcms" -runcms.com -runcms.org
all versions <=1.2 are vulnerable to an arbitrary remote inclusion,
this is more specif...
2006-02-13
("This Dragonflyâ„Â...
exploit and short explaination:
http://retrogod.altervista.org/dragonfly9.0.6.1_incl_xpl.html...
2006-02-13
inurl:docmgr | intitle:"DocMGR" "en...
exploit and short explaination:
http://retrogod.altervista.org/docmgr_0542_incl_xpl.html...
2006-02-13
(intitle:"Flyspray setup"|"powered ...
exploiting a bug in EGS Enterprise Groupware System 1.0 rc4, I found this dork:
(intitle:"Flyspray setup"|"powered by flyspray 0.9....
2006-02-13
intext:"LinPHA Version" intext:"Hav...
this is for Linpha <=1.0 arbitrary local inclusion:
http://retrogod.altervista.org/linpha_10_local.html
intext:"LinPHA Version" in...
dork:
inurl:tmssql.php ext:php mssql pear adodb -cvs -akbk
a remote user can execute an arbitrary function (without arguments) example:
htt...
2006-04-15
"powered by php photo album" | inurl:&qu...
dork:
"powered by php photo album" | inurl:"main.php?cmd=album" -demo2 -pitanje
poc:
if register_globals = On & m...
2006-04-25
"powered by active php bookmarks" | inur...
Active PHP Bookmarks, a web based bookmark manager, was originally developed by Brandon Stone. Due to lack of time he has withdrawn himself from the p...
2006-04-25
inurl:resetcore.php ext:php
e107 is a content management system written in php and using the popular open source mySQL database system for content storage. It's completely f...
2006-04-25
"This script was created by Php-ZeroNet"...
Php-ZeroNet is a script comprised of php allowing webmasters to start a online community. Php-ZeroNet features Content Management, News posting, User ...
this is a bit different from the previous one in GHDB, it searches for Wordpress 2.x sites where user registration is enabled, a user can inject a car...
2006-06-02
"powered by ubbthreads"
forums powered by ubbthreads are vulnerable to file inclusion.
You can get more results with yahoo search.
http://site.com/ubbthredspath//ubbt.inc...
2006-08-13
"Powered by sendcard - an advanced PHP e-card...
this is for Sendcard remote commands execution,
advisory/ poc exploit:
http://retrogod.altervista.org/sendcard_340_xpl.html...
2006-08-13
"powered by xmb"
this is for XMB <=1.9.6 Final remote commands execution and sql injection, adivories/poc exploits:
http://retrogod.altervista.org/xmb_196_cnd_xp...
2006-08-13
"powered by minibb forum software"
This dork is for minibb forum software arbitrary remote inclusion. this is about the unset() issue found by S. Esser:
http://www.hardened-php.net/...
2006-08-13
inurl:eStore/index.cgi?
this is for eStore directory traversal, example exploit:
http://[target]/[path]/eStore/index.cgi?page=../../../../../../../../etc/passwd ...
