Max's Guestbook Security Vulnerabilities

CatBot v0.4.2 (PHP) - SQL Injection Vulnerability

Document Title: CatBot v0.4.2 (PHP) - SQL Injection Vulnerability References (Source): http://www.vulnerability-lab.com/get_content.php?id=1408 Release Date: 2015-01-15 Vulnerability Laboratory ID (VL-ID): 1408 Common Vulnerability Scoring System: 7.3 Product & Service Introduction: CatBot is a...

Banana Dance Wiki CMS b2.x LFI / SQL Injection

...

CatBot 0.4.2 SQL Injection Vulnerability

CatBot version 0.4.2 suffers from a remote SQL injection...

Banana Dance Wiki CMS b2.x - Multiple Web Vulnerabilities

...

CatBot 0.4.2 SQL Injection

...

Banana Dance Wiki CMS b2.x - Multiple Web Vulnerabilities

...

CatBot v0.4.2 (PHP) - SQL Injection Vulnerability

...

CatBot v0.4.2 (PHP) - SQL Injection Vulnerability

...

用友香港官网存在注入导致帐号密码泄漏

简要描述： 注入点：www.yonyou.com.hk/new/download_view.php?uid=4 详细说明： 2.数据库：db1007112_ufida中39个表 Database: db1007112_ufida [39 tables] +-------------------------+ | admin_log | | adpic | | app_cat | | app_company | | app_file | |...

lorente.ch Open Redirect vulnerability

Open Bug Bounty ID: OBB-53326 Description| Value ---|--- Affected Website:| lorente.ch Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| Open Redirect / CWE-601 CVSSv3 Score:| 3.4...

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks,...

Lazarus Guestbook v1.22 - Multiple Web Vulnerabilities

Document Title: Lazarus Guestbook v1.22 - Multiple Web Vulnerabilities References (Source): http://www.vulnerability-lab.com/get_content.php?id=1386 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2239 CVE-ID: CVE-2014-2239 Release Date: 2014-12-24 Vulnerability Laboratory ID (VL-ID):...

Lazarus Guestbook v1.22 - Multiple Web Vulnerabilities

Exploit for php platform in category web...

Lazarus Guestbook 1.22 XSS / SQL Injection

...

Lazarus Guestbook v1.22 - Multiple Web Vulnerabilities

...

Lazarus Guestbook 1.22 - Multiple Vulnerabilities

Lazarus Guestbook 1.22 - Multiple...

Lazarus Guestbook 1.22 - Multiple Vulnerabilities

...

Lazarus Guestbook v1.22 - Multiple Web Vulnerabilities

...

Persistent XSS Vulnerability in CMS Papoo Light v6.0.0 Rev. 4701

Advisory: Persistent XSS Vulnerability in CMS Papoo Light v6 Advisory ID: SROEADV-2014-01 Author: Steffen Rцsemann Affected Software: CMS Papoo Version 6.0.0 Rev. 4701 Vendor URL: http://www.papoo.de/ Vendor Status: fixed CVE-ID: - ========================== Vulnerability Description:...

Papoo CMS 6.0.0 Rev. 4701 - Stored XSS Vulnerability

Exploit for php platform in category web...

CMS Papoo 6.0.0 Rev. 4701 - Persistent Cross-Site Scripting

CMS Papoo 6.0.0 Rev. 4701 - Persistent Cross-Site...

CMS Papoo 6.0.0 Rev. 4701 - Persistent Cross-Site Scripting

...

CMS Papoo 6.0.0 Revision 4701 Cross Site Scripting

...

WordPress WP-ViperGB 1.3.10 CSRF / XSS

...

大米CMS多处XSS盲打后台

简要描述： 大米CMS多处XSS盲打后台 详细说明： 大米CMS多处XSS可以盲打后台，大米CMS后台的SQL注入一大堆，只要进了后台获取数据不成问题 第一处 文件/Web/Lib/Action/GuestbookAction.class.php public function update() { //输出gb2312码,ajax默认转的是utf-8 header("Content-type: text/html; charset=utf-8"); if(!isset($_POST['author']) or...

XAMPP 1.8.x Multiple Vulnerabilities

Exploit for multiple platform in category remote...

cmseasy csrf通过一个xss最后getshell

简要描述： 为什么我们要选择get类型的呢，因为get类型存储到数据库的时候触发时候管理员是察觉不到的，可以通过图片等进行操作，然后我们存储一个xss后门，这样一来，我们就可以加载一个远端的js，那么就各种无视token和referer了 详细说明： 开始我们先分析一段源代码： celive/admin/system.php:(line:128-142): `` if($do == 'add' and $username != '') { $password = addslashes($_REQUEST['password']); $password =...

DouPHP SQL注入一枚

简要描述： 注入 详细说明： 依然是get_ip的问题， guestbook.php:102行 ``` if ($rec == 'insert') { / 跨站请求伪造CSRF的防御 / if ($firewall->check_token($_POST['token'])) { / html安全过滤器 / $_POST = $firewall->dou_filter($_POST); $ip = $dou->get_ip(); $add_time = time(); $vcode =...

Max's Guestbook (HTML Injection/XSS) Multiple Vulnerabilities

No description provided by...

Telekorn Signkorn Guestbook 1.x index.php dir_path Parameter Remote File Inclusion

No description provided by...

PHPKIT 1.6 - Multiple Input Validation Vulnerabilities

No description provided by...

Signkorn Guestbook <= 1.3 (dir_path) Remote File Include Vulnerability

No description provided by...

@lexPHPTeam @lex Guestbook 3.12 Remote PHP File Include Vulnerability

No description provided by...

Angora Guestbook 1.5 - Local File Inclusion

No description provided by...

Telekorn Signkorn Guestbook 1.x help/de/adminhelp3.php dir_path Parameter Remote File Inclusion

No description provided by...

@lex Guestbook <= 4.0.5 - setup.php language_setup Parameter XSS

No description provided by...

GuppY 2.4 HTML Injection Vulnerability

No description provided by...

Advanced Guestbook 2.4.2 Picture.PHP Cross-Site Scripting Vulnerability

No description provided by...

gaestebuch 1.2 - Remote File Inclusion Vulnerability

No description provided by...

IBWd Guestbook 1.0 Index.PHP SQL Injection Vulnerability

No description provided by...

Winn Guestbook 2.4, Winn.ws - Cross Site Scripting Vulnerability

No description provided by...

gBook 1.4 Administrative Access Vulnerability

No description provided by...

Telekorn Signkorn Guestbook 1.x admin/log.php dir_path Parameter Remote File Inclusion

No description provided by...

CS-Guestbook 0.1 Login Credentials Information Disclosure Vulnerability

No description provided by...

My Little Homepage Products BBCode Link Tag Script Injection Vulnerability

No description provided by...

Advanced GuestBook 2.x Addentry.PHP Remote File Include Vulnerability

No description provided by...

ICQ 2003 Webfront guestbook Cross-Site Scripting Vulnerability

No description provided by...

phpGB 1.1 HTML Injection Vulnerability

No description provided by...

KMSoft Guestbook 1.0 - Database Disclosure Vulnerability

No description provided by...

FTLS GuestBook 1.1 Script Injection Vulnerability

No description provided by...