Websecurity - Веб безпека

В даній добірці експлоіти в веб додатках:

• MDPro 1.0.76 Remote SQL Injection Exploit (деталі)
• mxBB Module mx_glance 2.3.3 Remote File Include Vulnerability (деталі)
• phpBB Mod OpenID 0.2.0 BBStore.php Remote File Inclusion Vuln (деталі)
• actSite 1.991 Beta (base.php) Remote File Inclusion Vulnerability (деталі)
• actSite 1.56 (news.php) Local File Inclusion Vulnerability (деталі)
• php wcms XT 0.0.7 Multiple Remote File Inclusion Vulnerabilities (деталі)
• Segue CMS <= 1.8.4 index.php Remote File Inclusion Vulnerability (деталі)
• PHP-Fusion module Expanded Calendar 2.x SQL Injection Exploit (деталі)
• smbftpd 0.96 SMBDirList-function Remote Format String Exploit (деталі)
• PHP-Nuke POST crossite scripting PoC (деталі)

В даній добірці експлоіти в веб додатках:

• ActiveKB Knowledgebase 2.? (catId) Remote SQL Injection Vulnerability (деталі)
• IntegraMOD Nederland 1.4.2 Remote File Inclusion Vulnerability (деталі)
• Chupix CMS 0.2.3 (repertoire) Remote File Inclusion Vulnerability (деталі)
• lustig.cms BETA 2.5 (forum.php view) Remote File Inclusion Vulnerability (деталі)
• PhFiTo 1.3.0 (SRC_PATH) Remote File Inclusion Vulnerability (деталі)
• Zomplog <= 3.8.1 upload_files.php Arbitrary File Upload Exploit (деталі)
• Public Media Manager <= 1.3 Remote File Inclusion Vulnerability (деталі)
• Mambo Component Mambads <= 1.5 Remote SQL Injection Vulnerability (деталі)
• Tor < 0.1.2.16 ControlPort Remote Rewrite Exploit (деталі)
• Fistiq Duyuru Scripti Remote Blind SQL Injection Exploit (деталі)

В даній добірці експлоіти в веб додатках:

• PHP-Nuke addon Nuke Mobile Entartainment LFI Vulnerability (деталі)
• Wordsmith 1.1b (config.inc.php _path) Remote File Inclusion Vuln (деталі)
• DFD Cart 1.1 Multiple Remote File Inclusion Vulnerabilities (деталі)
• Xitami Web Server 2.5 (If-Modified-Since) Remote BoF Exploit (0day) (деталі)
• sk.log <= 0.5.3 (skin_url) Remote File Inclusion Vulnerability (деталі)
• Motorola Timbuktu Pro <= 8.6.5 Arbitrary File Deletion/Creation (деталі)
• Novus 1.0 (notas.asp nota_id) Remote SQL Injection Vulnerability (деталі)
• Softbiz Classifieds PLUS (id) Remote SQL Injection Vulnerability (деталі)
• FrontAccounting 1.13 Remote File Inclusion Vulnerabilities (деталі)
• NukeSentinel <= 2.5.06 SQL Injection (mysql >= 4.0.24) Exploit (деталі)

В даній добірці експлоіти в веб додатках:

• phpBB Plus <= 1.53 (phpbb_root_path) Remote File Inclusion Vuln (деталі)
• neuron news 1.0 (index.php q) Local File Inclusion Vulnerability (деталі)
• iziContents <= RC6 (RFI/LFI) Multiple Remote Vulnerabilities (деталі)
• Joomla Component com_slideshow Remote File Inclusion Vulnerability (деталі)
• CMS Made Simple 1.2 Remote Code Execution Vulnerability (деталі)
• Black Lily 2007 (products.php class) Remote SQL Injection Vulnerability (деталі)
• Clansphere 2007.4 (cat_id) Remote SQL Injection Vulnerability (деталі)
• phpFullAnnu (PFA) 6.0 Remote SQL Injection Vulnerability (деталі)
• helplink 0.1.0 (show.php file) Remote File Inclusion Vulnerability (деталі)
• Links Management Application V1.0 (lcnt) Remote BLIND SQL Injection Exploit (деталі)

В даній добірці експлоіти в веб додатках:

• KwsPHP 1.0 sondages Module Remote SQL Injection Vulnerability (деталі)
• phpsyncml <= 0.1.2 Remote File Include Vulnerabilities (деталі)
• phpBB Mod Ktauber.com StylesDemo Blind SQL Injection Exploit (деталі)
• Sun jre1.6.0_X isInstalled.dnsResolve Function Overflow PoC (деталі)
• Streamline PHP Media Server 1.0-beta4 RFI Vulnerability (деталі)
• OneCMS 2.4 (userreviews.php abc) Remote SQL Injection Exploit (деталі)
• Lighttpd <= 1.4.17 FastCGI Header Overflow Remote Exploit (деталі)
• Flip <= 3.0 Remote Password Hash Disclosure Exploit (деталі)
• Flip <= 3.0 Remote Admin Creation Exploit (деталі)
• ajclassifiedsex.html (деталі)

В даній добірці експлоіти в веб додатках:

• Joomla Component Flash Fun! 1.0 Remote File Inclusion Vuln (деталі)
• KwsPHP 1.0 Member_Space Module SQL Injection Exploit (деталі)
• KwsPHP 1.0 (login.php) Remote SQL Injection Exploit (деталі)
• Chupix CMS 0.2.3 (download.php) Remote File Disclosure Vulnerability (деталі)
• Omnistar Article Manager Software (article.php) SQL Injection Exploit (деталі)
• SimpCMS <= all (keyword) Remote SQL Injection Vulnerability (деталі)
• Joomla Component joom12Pic 1.0 Remote File Inclusion Vulnerability (деталі)
• Shop-Script FREE <= 2.0 Remote Command Execution Exploit (деталі)
• modifyform (modifyform.html) Remote File Inclusion Vulnerability (деталі)
• AJ Auction All Version (subcat.php) Remote BLIND SQL Injection Exploit (деталі)

В даній добірці експлоіти в веб додатках:

• Joomla Component joomlaradio v5 Remote File Inclusion Vulnerability (деталі)
• JetCast Server 2.0.0.4308 Remote Denial of Service Exploit (деталі)
• JBlog 1.0 (index.php id) Remote SQL Injection Exploit (деталі)
• PHP Webquest <= 2.5 (id_actividad) Remote SQL Injection Exploit (деталі)
• phpFFL 1.24 PHPFFL_FILE_ROOT Remote File Inclusion Vulnerabilities (деталі)
• Ajax File Browser 3b (settings.inc.php approot) RFI Vulnerability (деталі)
• GForge < 4.6b2 (skill_delete) Remote SQL Injection Vulnerability (деталі)
• Gelato (index.php post) Remote SQL Injection Exploit (деталі)
• KwsPHP 1.0 stats Module Remote SQL Injection Exploit (деталі)
• News-Letterman 1.1 (eintrag.php) Remote File Include Exploit (деталі)

Продовжуючи тему експлоітів для PHP, пропоную вам наступну добірку.

Цього разу есплоіти та уразливості в COM функціях в PHP 5.x, в функції zend_hash_init та функції libxmlrpc в PHP < 4.4.7 і 5.x < 5.2.2.

• PHP 5.x COM functions safe_mode and disable_function bypass (деталі)
• DoS in zend_hash_init function in PHP (деталі)
• PHP libxmlrpc buffer overflow (деталі)

В даній добірці експлоіти в веб додатках:

• Joomla Component Restaurante Remote File Upload Vulnerability (деталі)
• AuraCMS 1.5rc Multiple Remote SQL Injection Vulnerabilities (деталі)
• phpRealty 0.02 (MGR) Multiple Remote File Inclusion Vulnerabilities (деталі)
• Sisfo Kampus 2006 (dwoprn.php f) Remote File Download Vulnerability (деталі)
• AuraCMS 2.1 Remote File Attachment / LFI Vulnerabilities (деталі)
• Lighttpd <= 1.4.16 FastCGI Header Overflow Remote Exploit (деталі)
• X-Cart <= ? Multiple Remote File Inclusion Vulnerabilities (деталі)
• NuclearBB Alpha 2 (root_path) Remote File Inclusion Vulnerability (деталі)
• KwsPHP Module jeuxflash 1.0 (id) Remote SQL Injection Vulnerability (деталі)
• RPS 6.2 SQL Injection Exploit (деталі)

В даній добірці експлоіти в веб додатках:

• Webace-Linkscript 1.3 SE (start.php) Remote SQL Injection Vulnerability (деталі)
• Online Fantasy Football League (OFFL) 0.2.6 RFI Vulnerabilities (деталі)
• phpress 0.2.0 (adisplay.php lang) Local File Inclusion Vulnerability (деталі)
• Txx CMS 0.2 Multiple Remote File Inclusion Vulnerabilities (деталі)
• Sisfo Kampus 2006 (blanko.preview.php) Local File Disclosure Vuln (деталі)
• fuzzylime cms <= 3.0 Local File Inclusion Vulnerability (деталі)
• Focus/SIS <= 1.0/2.2 Remote File Inclusion Vulnerabilities (деталі)
• TLM CMS 3.2 Multiple Remote SQL Injection Vulnerabilities (деталі)
• WebED 0.8999a Multiple Remote File Inclusion Vulnerabilities (деталі)
• Docebo Multiple Cross-Site Scripting Vulnerabilities (деталі)