Websecurity - Веб безпека

В даній добірці експлоіти в веб додатках:

• YourFreeWorld Forced Matrix Script (id) SQL Injection Vulnerability (деталі)
• YourFreeWorld Autoresponder Hosting (id) SQL Injection Vulnerability (деталі)
• YourFreeWorld Blog Blaster (id) Remote SQL Injection Vulnerability (деталі)
• YourFreeWorld Banner Management (id) SQL Injection Vulnerability (деталі)
• YourFreeWorld Downline Builder (id) Remote SQL Injection Vulnerability (деталі)
• Maran PHP Shop (prod.php cat) SQL Injection Vulnerability (деталі)
• Downline Goldmine newdownlinebuilder (tr.php id) SQL Injection Vuln (деталі)
• Downline Goldmine paidversion (tr.php id) SQL Injection Vulnerability (деталі)
• Downline Goldmine Category Addon (id) SQL Injection Vulnerability (деталі)
• Downline Goldmine Builder (tr.php id) Remote SQL Injection Vulnerability (деталі)
• NetRisk <= 2.0 (XSS/SQL Injection) Remote Vulnerabilities (деталі)
• Apartment Search Script (RFU/XSS) Multiple Remote Vulnerabilities (деталі)
• Joovili 3.1.4 Insecure Cookie Handling Vulnerability (деталі)
• Apoll 0.7b (SQL Injection) Remote Auth Bypass Vulnerability (деталі)
• Exploits solidDB <= 06.00.1018 multiple vulnerabilities (деталі)

Нещодавно були виявлені уразливості в Invision Power Board (для бета версії IPB 3). Це Persistent XSS та Full path disclosure уразливості. Для яких був оприлюднений експлоіт.

Уразливий Invision Power Board 3.0.0b5 та попередні 3.0.x версії.

• Invision Power Board 3.0.0b5 Active XSS & Path Disclosure Vulns (деталі)

В даній добірці експлоіти в веб додатках:

• SFS EZ Software (id) Remote SQL Injection Vulnerability (деталі)
• SFS EZ Hot or Not (phid) Remote SQL Injection Vulnerability (деталі)
• AJ ARTICLE (featured_article.php mode) SQL injection Vulnerability (деталі)
• FTP Now 2.6 Server Response Remote Crash PoC (деталі)
• Bloggie Lite 0.0.2 Beta SQL Injection by Insecure Cookie Handling (деталі)
• SFS EZ Gaming Cheats (id) Remote SQL Injection vulnerability (деталі)
• SFS EZ Pub Site (directory.php cat) SQL Injection Vulnerability (деталі)
• SFS EZ Webstore (where) Remote SQL Injection Vulnerability (деталі)
• YourFreeWorld Classifieds Blaster (id) SQL Injection Vulnerability (деталі)
• YourFreeWorld Reminder Service (id) SQL Injection Vulnerability (деталі)
• YourFreeWorld Scrolling Text Ads (id) SQL Injection Vulnerability (деталі)
• YourFreeWorld Viral Marketing (id) SQL Injection Vulnerability (деталі)
• YourFreeWorld Short Url & Url Tracker (id) SQL Injection Vuln (деталі)
• Maran PHP Shop (admin.php) Insecure Cookie Handling Vulnerability (деталі)
• EasyNews-40tr Multiple Remote Vulnerabilities (SQL Injection Exploit/XSS/LFI) (деталі)

В даній добірці експлоіти в веб додатках:

• SFS EZ Link Directory (cat_id) Remote SQL Injection Vulnerability (деталі)
• SFS EZ Home Business Directory (cat_id) SQL Injection Vulnerability (деталі)
• SFS EZ Gaming Directory (cat_id) Remote SQL Injection Vulnerability (деталі)
• SFS EZ Hosting Directory (cat_id) Remote SQL Injection Vulnerability (деталі)
• Absolute Newsletter 6.1 Insecure Cookie Handling Vulnerability (деталі)
• GE Fanuc Real Time Information Portal 2.6 writeFile() API Exploit (meta) (деталі)
• SFS EZ Top Sites (topsite.php ts) Remote SQL Injection Vulnerability (деталі)
• SFS EZ Career (content.php topic) SQL Injection Vulnerability (деталі)
• SFS EZ Auction (viewfaqs.php cat) Blind SQL Injection Vulnerability (деталі)
• Article Publisher PRO (userid) Remote SQL Injection Exploit (деталі)
• ModernBill <= 4.4.x XSS / Remote File Inclusion Vulnerability (деталі)
• GO4I.NET ASP Forum 1.0 (forum.asp iFor) SQL Injection Vulnerability (деталі)
• Article Publisher PRO 1.5 Insecure Cookie Handling Vulnerability (деталі)
• Joomla Component Flash Tree Gallery 1.0 RFI Vulnerability (деталі)
• AuraCMS 2.x (user.php) - Security Code Bypass & Add Administrator Exploit (деталі)

В даній добірці експлоіти в веб додатках:

• Absolute Live Support 5.1 Insecure Cookie Handling Vulnerability (деталі)
• Absolute Form Processor 4.0 Insecure Cookie Handling Vulnerability (деталі)
• Absolute Banner Manager Insecure Cookie Handling Vulnerability (деталі)
• Absolute Content Rotator 6.0 Insecure Cookie Handling Vulnerability (деталі)
• Tribiq CMS 5.0.10a Local File Inclusion Vulnerability (win) (деталі)
• Cybershade CMS 0.2b Remote File Inclusion Vulnerability (деталі)
• Tribiq CMS 5.0.9a (beta) Insecure Cookie Handling Vulnerability (деталі)
• e107 Plugin lyrics_menu (lyrics_song.php l_id) SQL Injection Vulnerability (деталі)
• SFS EZ Gaming Directory (directory.php id) SQL Injection Vulnerability (деталі)
• SFS EZ Webring (cat) Remote SQL Injection Vulnerability (деталі)
• Article Publisher PRO 1.5 (SQL Injection) Auth Bypass Vulnerability (деталі)
• SFS EZ Affiliate (cat_id) Remote SQL Injection Vulnerability (деталі)
• SFS EZ BIZ PRO (track.php id) Remote SQL Injection Vulnerability (деталі)
• Adult Banner Exchange Website (targetid) SQL Injection Vulnerability (деталі)
• Nuked-Klan <= 1.7.6 Multiple Vulnerabilities Exploit (деталі)

В даній добірці експлоіти в веб додатках:

• MyKtools 2.4 Arbitrary Database Backup Vulnerability (деталі)
• Aiocp 1.4 (poll_id) Remote SQL Injection Vulnerability (деталі)
• H2O-CMS <= 3.4 Remote Command Execution Exploit (mq = off) (деталі)
• WebCards <= 1.3 Remote SQL Injection Vulnerability (деталі)
• Mambo Component SimpleBoard <= 1.0.1 Arbitrary File Upload Exploit (деталі)
• 7Shop <= 1.1 Remote Arbitrary File Upload Exploit (деталі)
• e107 Plugin fm pro v1 (FD/Upload/DT) Multiple Remote Vulnerabilities (деталі)
• Sepal SPBOARD 4.5 (board.cgi) Remote Command Exec Vulnerability (деталі)
• PacketTrap TFTPD 2.2.5459.0 Remote Denial of Service Exploit (деталі)
• H2O-CMS <= 3.4 Insecure Cookie Handling Vulnerability (деталі)
• Venalsur on-line Booking Centre (OfertaID) XSS/SQL Injection Vulns (деталі)
• Harlandscripts Pro Traffic One (mypage.php) SQL Injection Vulnerability (деталі)
• Pro Traffic One (poll_results.php id) Remote SQL Injection Vulnerability (деталі)
• MyPHP Forum <= 3.0 Edit Topics/Blind SQL Injection Vulnerabilities (деталі)
• Absolute Control Panel XE 1.5 Insecure Cookie Handling Vulnerability (деталі)

В даній добірці експлоіти в веб додатках:

• Ads Pro (dhtml.pl page) Remote Command Execution Exploit (деталі)
• MyForum 1.3 (lecture.php id) Remote SQL Injection Exploit (деталі)
• SFS Ez Forum (forum.php id) SQL Injection Vulnerability (деталі)
• MyKtools 2.4 (langage) Local File Inclusion Vulnerability (деталі)
• e107 Plugin alternate_profiles (id) SQL Injection Vulnerability (деталі)
• TlAds v1 Remote Insecure Cookie Handling Vulnerability (деталі)
• Persia BME E-Catalogue Remote SQL Injection Vulnerability (деталі)
• MyForum 1.3 (padmin) Local File Inclusion Vulnerability (деталі)
• Questcms (XSS/Directory Traversal/SQL) Multiple Remote Vulnerabilities (деталі)
• e107 Plugin EasyShop (category_id) Blind SQL Injection Exploit (деталі)
• TlGuestBook 1.2 Insecure Cookie Handling Vulnerability (деталі)
• Agares ThemeSiteScript 1.0 (loadadminpage) RFI Vulnerability (деталі)
• PersianBB (iranian_music.php id) Remote SQL Injection Vulnerability (деталі)
• MyForum 1.3 Insecure Cookie Handling Vulnerability (деталі)
• e107 Plugin BLOG Engine 2.1.4 Remote SQL Injection Vulnerability (деталі)

В даній добірці експлоіти в веб додатках:

• aflog 1.01 Multiple Insecure Cookie Handling Vulnerabilies (деталі)
• WebSVN <= 2.0 (XSS/FH/CE) Multiple Remote Vulnerabilities (деталі)
• Joomla Component Kbase 1.0 Remote SQL Injection Vulnerability (деталі)
• Joomla Component Archaic Binary Gallery Directory Traversal Vuln (деталі)
• SiteEngine 5.x Multiple Remote Vulnerabilities (деталі)
• Aj RSS Reader (EditUrl.php url) SQL Injection Vulnerability (деталі)
• NEPT Image Uploader 1.0 Arbitrary Shell Upload Vulnerability (деталі)
• BuzzyWall 1.3.1 (download id) Remote File Disclosure Vulnerability (деталі)
• vicFTP 5.0 (LIST) Remote Denial of Service Exploit (деталі)
• PHPdaily (SQL/XSS/LFD) Multiple Remote Vulnerabilities (деталі)
• PumpKIN TFTP Server 2.7.2.0 Denial of Service Exploit (meta) (деталі)
• Kasra CMS (index.php) Multiple SQL Injection Vulnerabilities (деталі)
• Tlnews 2.2 Insecure Cookie Handling Vulnerability (деталі)
• PozScripts Classified Auctions (gotourl.php id) SQL Injection Vuln (деталі)
• ZyXel gateways vulnerability research (деталі)

В даній добірці експлоіти в веб додатках:

• Iamma Simple Gallery 1.0/2.0 Arbitrary File Upload Vulnerability (деталі)
• txtshop 1.0b (language) Local File Inclusion Vulnerability (win only) (деталі)
• SilverSHielD 1.0.2.34 (opendir) Denial of Service Exploit (деталі)
• CSPartner 1.0 (Delete All Users/SQL Injection) Remote Exploit (деталі)
• freeSSHd 1.2.1 sftp realpath Remote Buffer Overflow PoC (auth) (деталі)
• YDC (kdlist.php cat) Remote SQL Injection Vulnerability (деталі)
• DorsaCms (ShowPage.aspx) Remote SQL Injection Vulnerability (деталі)
• Joomla Component ionFiles 4.4.2 File Disclosure Vulnerability (деталі)
• LoudBlog <= 0.8.0a (ajax.php) SQL Injection Vulnerability (auth) (деталі)
• phpcrs <= 2.06 (importFunction) Local File Inclusion Vulnerability (деталі)
• Joomla Component RWCards 3.0.11 Local File Inclusion Vulnerability (деталі)
• miniPortail <= 2.2 (XSS/LFI) Remote Vulnerabilities (деталі)
• MindDezign Photo Gallery 2.2 Arbitrary Add Admin Exploit (деталі)
• MindDezign Photo Gallery 2.2 (index.php id) SQL Injection Vulnerability (деталі)
• KAPhotoservice - Remote SQL Injection Exploit (деталі)

В даній добірці експлоіти в веб додатках:

• Fast Click SQL 1.1.7 Lite (init.php) Remote File Inclusion Vulnerability (деталі)
• yappa-ng <= 2.3.3-beta0 (album) Local File Inclusion Vulnerability (деталі)
• e107 <= 0.7.13 (user_hidden_fields) Remote Blind SQL Injection Exploit (деталі)
• WBB Plugin rGallery 1.09 (itemID) Blind SQL Injection Exploit (деталі)
• Vivvo CMS <= 3.4 Multiple Vulnerabilities Destroyer Exploit (деталі)
• Joomla Component Nice Talk (tagid) SQL Injection Vulnerability (деталі)
• Joomla Component ds-syndicate (feed_id) SQL Injection Vulnerability (деталі)
• XOOPS Module makale Remote SQL Injection Vulnerability (деталі)
• Wysi Wiki Wyg 1.0 (LFI/XSS/PHPInfo) Remote Vulnerabilities (деталі)
• Limbo CMS (Private Messaging Component) SQL Injection Vulnerability (деталі)
• LightBlog 9.8 (GET,POST,COOKIE) Multiple LFI Vulnerabilities (деталі)
• freeSSHd 1.2.1 sftp rename Remote Crash Exploit (деталі)
• ShopMaker 1.0 (product.php id) Remote SQL Injection Vulnerability (деталі)
• Joomla Component Daily Message 1.0.3 (id) SQL Injection Vuln (деталі)
• Exploits PEEL CMS Admin Hash Extraction and Remote Upload (деталі)