what you don't know can hurt you
Showing 26 - 50 of 100 RSS Feed

Files

The Powerful Resource Of PHP Stream Wrappers
Posted Nov 15, 2018
Authored by Netsparker

In this article, the author explores ways to bypass protection methods using the PHP Stream Wrappers, which are responsible for handling protocol related tasks like downloading data from a web or ftp server and exposing it in a way in that it can be handled with PHP's stream related functions.

tags | paper, web, php, protocol
MD5 | a947e8c1cb30f07e7cee7d234092661e

Related Files

phpSQLnuke.pl
Posted Sep 10, 2004
Authored by bima tampan

Perl exploit that makes use of a flaw in PHP-Nuke 7.4 where an attacker can post to global home-page messages.

tags | exploit, perl, php
MD5 | d3153083e777412eb3cfd2fd6b46eb4a
phpWebSite.txt
Posted Sep 9, 2004
Authored by James Bercegay | Site gulftech.org

GulfTech Security Research - phpWebSite versions 0.9.3-4 and prior are susceptible to cross site scripting, SQL injection, script injection, and command execution vulnerabilities.

tags | advisory, vulnerability, xss, sql injection
MD5 | f95e3a0da2ae1ca16f755fe20a8b9f82
phpScheduleIt.txt
Posted Sep 8, 2004
Authored by Joxean Koret

phpScheduleIt 1.0.0 RC1 is susceptible to cross site scripting attacks.

tags | advisory, xss
MD5 | d15d3c0eb58484b9abaec648541b1d59
phpcodeXSS.txt
Posted Aug 26, 2004
Authored by nikyt0x | Site nikyt0x.webcindario.com

The PHP Code Snippet Library suffers from multiple cross site scripting flaws.

tags | advisory, php, xss
MD5 | aff61ed38393ebfb61960afb38496665
phpMyWeb.txt
Posted Aug 20, 2004
Authored by Matias Neiff

phpmywebhosting 0.3.4 has a SQL injection vulnerability where an attacker can be authenticated as an admin by just using [usr= admin"-(] and [pass="asdf].

tags | advisory, sql injection
MD5 | ed3f16e9ac6ef06ba409a0b3068c9753
phpWeird.txt
Posted Aug 10, 2004
Authored by Anthony Debhian

Special requests using PHP on Apache go unlogged and cause a segfault. Tested systems: Windows / Apache 1.3.31 / PHP 5.0.0, Windows / Apache 1.3.27 / PHP 4.3.3, Linux / Apache 1.3.24 / PHP 4.2.

tags | advisory, php
systems | linux, windows
MD5 | 61b2fd5728f1287bef46a27d2f1ad3f1
phpbbxssSplit.txt
Posted Jul 19, 2004
Authored by Ory Segal | Site SanctumInc.com

PHPBB version 2.0.x is susceptible to an HTTP response splitting vulnerability and also a cross site scripting flaw.

tags | advisory, web, xss
MD5 | 1108084d565f032bb04ff19b50c66873
php_memory_limit_remote.txt
Posted Jul 14, 2004
Authored by Stefan Esser | Site security.e-matters.de

PHP memory_limit remote vulnerability allows for remote code execution on PHP servers with activated memory_limit.

tags | advisory, remote, php, code execution
advisories | CVE-2004-0594
MD5 | 4cbf9d53c4b6392a1826cd5673b6db43
php_strip_tags_css.txt
Posted Jul 14, 2004
Authored by Stefan Esser | Site security.e-matters.de

PHP strip_tags() bypass vulnerability may allow for Cross-site scripting attacks launched via websites that run PHP and depend on strip_tags() for security. The attack requires a vulnerable browser such as IE, Safari, or Mozilla in order to work.

tags | advisory, php, xss, bypass
advisories | CVE-2004-0595
MD5 | 863e7ba7525c9271c3acb7416575f74b
phpMyAdmin257.txt
Posted Jul 1, 2004
Authored by Nasir Simbolon | Site eagle.kecapi.com

phpMyAdmin version 2.5.7 is susceptible to allowing remote malicious users the ability to inject PHP code. Full exploit provided.

tags | exploit, remote, php
MD5 | efa2bc2daeaaf7a11623f78fae49fd53
phpEscape.txt
Posted Jun 7, 2004
Authored by Daniel Fabian | Site sec-consult.com

PHP offers the function escapeshellarg() to escape arguments to shell commands in a way that makes it impossible for an attacker to execute additional commands. However due to a bug in the function, this does not work with the windows version of PHP. Versions 4.3.6 and below are susceptible.

tags | exploit, shell, php
systems | windows
MD5 | 4c2259467e77e624482ad84e2fe1c526
phpshop_29-04-04.txt
Posted May 11, 2004
Authored by Calum Power

phpShop versions 0.7.1 and below have a flaw where it is possible for an attacker to execute arbitrary code as the server.

tags | advisory, arbitrary
MD5 | 8133d93ec81c68a6dcb324f7ed7013a6
phpx326.txt
Posted May 7, 2004
Authored by James Bercegay | Site gulftech.org

PHPX versions 3.2.6 and below have cross site scripting, path disclosure and arbitrary command execution vulnerabilities. Full exploitation given.

tags | exploit, arbitrary, vulnerability, xss
MD5 | 5bc64564204e7b43c40dfb249c361ca4
phpnukeVideo.txt
Posted Apr 28, 2004
Authored by DarkBicho | Site darkbicho.tk

PHP-Nuke Video Gallery Module version 0.1 Beta 5 is susceptible to full path disclosure and SQL injection attacks.

tags | exploit, php, sql injection
MD5 | 54acb3d8866b74c2e6d1ec256608e9d9
phpBBmod.txt
Posted Apr 19, 2004
Authored by Officerrr

phpBB modified by PRzemo version 1.8 allows for arbitrary code execution due to improper filtering allowing for remote script inclusion.

tags | exploit, remote, arbitrary, code execution
MD5 | 56451f2f2af87fa042870c5de4688379
phpBB208a.txt
Posted Apr 18, 2004
Authored by Wang / SRR Project Group

phpBB versions 2.0.8a and below suffer from an IP spoofing vulnerability that allows a malicious user to post messages and have them be tied to forged IP addresses.

tags | advisory, spoof
MD5 | 5abb1b7af8af6d6fc4fb272d4ef2f3af
phpkit.txt
Posted Mar 30, 2004
Authored by Yanosz

PHPKIT version 1.6.03 suffers from a cross site scripting vulnerability.

tags | advisory, xss
MD5 | ea9213f4c4ba3a9d332cc7099f954461
phpBB207a.txt
Posted Mar 20, 2004
Authored by James Bercegay | Site gulftech.org

phpBB versions 2.0.7a and below are susceptible to cross site scripting, SQL injection, and remote command execution attacks.

tags | advisory, remote, xss, sql injection
MD5 | 8c1c502b91197f96ecae43347d872b74
phpbbprofile.txt
Posted Mar 20, 2004
Authored by Cheng Peng Su

phpBB 2.0.6d suffers from a cross site scripting vulnerability.

tags | advisory, xss
MD5 | 8a96d182867bd1bae916a3b61e995dca
phpx324.txt
Posted Mar 17, 2004
Authored by Ryan Wray aka HelloWorld

PHPX versions 2.x through 3.2.4 fail to create a secure session management engine. A user can obtain a session by simply supplying a uid of the user in which they want to obtain the account from, and as long as their session is in the database, it will allow session hi-jacking to occur. Further-more it is concerning that the session id itself is generated by a simple auto increment field in the MySQL database, making it trivial for an attacker to steal a cookie. Full exploitation included.

tags | exploit
MD5 | 09ddcbef76dbf1843ea527f95f6e77ed
phpBB206a.txt
Posted Mar 15, 2004
Authored by Pokleyzz | Site scan-associates.net

phpBB versions 2.0.6 and below suffer from a SQL injection vulnerability in the search.php file. Workaround included.

tags | advisory, php, sql injection
MD5 | 7eba141ea384a599e9677a3788face6c
phpBBXSS206d.txt
Posted Mar 15, 2004
Authored by James Bercegay | Site gulftech.org

phpBB versions 2.0.6d and below suffer from cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | 8f141547555e3e8b5843c2166e6132ba
phpBBXSS.txt
Posted Feb 29, 2004
Authored by Cheng Peng Su

phpBB's ViewTopic.php script is vulnerable to a cross site scripting attack.

tags | advisory, php, xss
MD5 | cf7d999c135a18776b6c789e7da3f45c
phpnukeSQL.txt
Posted Feb 10, 2004
Authored by Pokleyzz

PHPNuke versions greater than 6.9 are susceptible to SQL injection attacks that allow a remote attacker to get an administrator's hash to achieve to administrator access.

tags | advisory, remote, sql injection
MD5 | 10409d176ded0ab738e079c21cc40ce7
PHPXportal.txt
Posted Feb 4, 2004
Authored by Manuel Lopez

PHPX versions 3.2.3 and below suffer from cross site scripting, code injection, and cookie hijacking flaws.

tags | advisory, xss
MD5 | 72601f3690201f010e5fd30f0d1f8566
Page 2 of 4
Back1234Next

File Archive:

April 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    21 Files
  • 2
    Apr 2nd
    35 Files
  • 3
    Apr 3rd
    21 Files
  • 4
    Apr 4th
    16 Files
  • 5
    Apr 5th
    15 Files
  • 6
    Apr 6th
    1 Files
  • 7
    Apr 7th
    2 Files
  • 8
    Apr 8th
    23 Files
  • 9
    Apr 9th
    19 Files
  • 10
    Apr 10th
    15 Files
  • 11
    Apr 11th
    14 Files
  • 12
    Apr 12th
    11 Files
  • 13
    Apr 13th
    2 Files
  • 14
    Apr 14th
    5 Files
  • 15
    Apr 15th
    14 Files
  • 16
    Apr 16th
    19 Files
  • 17
    Apr 17th
    19 Files
  • 18
    Apr 18th
    8 Files
  • 19
    Apr 19th
    0 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    0 Files
  • 23
    Apr 23rd
    0 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close