what you don't know can hurt you
Showing 26 - 50 of 100 RSS Feed


The Powerful Resource Of PHP Stream Wrappers
Posted Nov 15, 2018
Authored by Netsparker

In this article, the author explores ways to bypass protection methods using the PHP Stream Wrappers, which are responsible for handling protocol related tasks like downloading data from a web or ftp server and exposing it in a way in that it can be handled with PHP's stream related functions.

tags | paper, web, php, protocol
MD5 | a947e8c1cb30f07e7cee7d234092661e

Related Files

Posted Sep 10, 2004
Authored by bima tampan

Perl exploit that makes use of a flaw in PHP-Nuke 7.4 where an attacker can post to global home-page messages.

tags | exploit, perl, php
MD5 | d3153083e777412eb3cfd2fd6b46eb4a
Posted Sep 9, 2004
Authored by James Bercegay | Site gulftech.org

GulfTech Security Research - phpWebSite versions 0.9.3-4 and prior are susceptible to cross site scripting, SQL injection, script injection, and command execution vulnerabilities.

tags | advisory, vulnerability, xss, sql injection
MD5 | f95e3a0da2ae1ca16f755fe20a8b9f82
Posted Sep 8, 2004
Authored by Joxean Koret

phpScheduleIt 1.0.0 RC1 is susceptible to cross site scripting attacks.

tags | advisory, xss
MD5 | d15d3c0eb58484b9abaec648541b1d59
Posted Aug 26, 2004
Authored by nikyt0x | Site nikyt0x.webcindario.com

The PHP Code Snippet Library suffers from multiple cross site scripting flaws.

tags | advisory, php, xss
MD5 | aff61ed38393ebfb61960afb38496665
Posted Aug 20, 2004
Authored by Matias Neiff

phpmywebhosting 0.3.4 has a SQL injection vulnerability where an attacker can be authenticated as an admin by just using [usr= admin"-(] and [pass="asdf].

tags | advisory, sql injection
MD5 | ed3f16e9ac6ef06ba409a0b3068c9753
Posted Aug 10, 2004
Authored by Anthony Debhian

Special requests using PHP on Apache go unlogged and cause a segfault. Tested systems: Windows / Apache 1.3.31 / PHP 5.0.0, Windows / Apache 1.3.27 / PHP 4.3.3, Linux / Apache 1.3.24 / PHP 4.2.

tags | advisory, php
systems | linux, windows
MD5 | 61b2fd5728f1287bef46a27d2f1ad3f1
Posted Jul 19, 2004
Authored by Ory Segal | Site SanctumInc.com

PHPBB version 2.0.x is susceptible to an HTTP response splitting vulnerability and also a cross site scripting flaw.

tags | advisory, web, xss
MD5 | 1108084d565f032bb04ff19b50c66873
Posted Jul 14, 2004
Authored by Stefan Esser | Site security.e-matters.de

PHP memory_limit remote vulnerability allows for remote code execution on PHP servers with activated memory_limit.

tags | advisory, remote, php, code execution
advisories | CVE-2004-0594
MD5 | 4cbf9d53c4b6392a1826cd5673b6db43
Posted Jul 14, 2004
Authored by Stefan Esser | Site security.e-matters.de

PHP strip_tags() bypass vulnerability may allow for Cross-site scripting attacks launched via websites that run PHP and depend on strip_tags() for security. The attack requires a vulnerable browser such as IE, Safari, or Mozilla in order to work.

tags | advisory, php, xss, bypass
advisories | CVE-2004-0595
MD5 | 863e7ba7525c9271c3acb7416575f74b
Posted Jul 1, 2004
Authored by Nasir Simbolon | Site eagle.kecapi.com

phpMyAdmin version 2.5.7 is susceptible to allowing remote malicious users the ability to inject PHP code. Full exploit provided.

tags | exploit, remote, php
MD5 | efa2bc2daeaaf7a11623f78fae49fd53
Posted Jun 7, 2004
Authored by Daniel Fabian | Site sec-consult.com

PHP offers the function escapeshellarg() to escape arguments to shell commands in a way that makes it impossible for an attacker to execute additional commands. However due to a bug in the function, this does not work with the windows version of PHP. Versions 4.3.6 and below are susceptible.

tags | exploit, shell, php
systems | windows
MD5 | 4c2259467e77e624482ad84e2fe1c526
Posted May 11, 2004
Authored by Calum Power

phpShop versions 0.7.1 and below have a flaw where it is possible for an attacker to execute arbitrary code as the server.

tags | advisory, arbitrary
MD5 | 8133d93ec81c68a6dcb324f7ed7013a6
Posted May 7, 2004
Authored by James Bercegay | Site gulftech.org

PHPX versions 3.2.6 and below have cross site scripting, path disclosure and arbitrary command execution vulnerabilities. Full exploitation given.

tags | exploit, arbitrary, vulnerability, xss
MD5 | 5bc64564204e7b43c40dfb249c361ca4
Posted Apr 28, 2004
Authored by DarkBicho | Site darkbicho.tk

PHP-Nuke Video Gallery Module version 0.1 Beta 5 is susceptible to full path disclosure and SQL injection attacks.

tags | exploit, php, sql injection
MD5 | 54acb3d8866b74c2e6d1ec256608e9d9
Posted Apr 19, 2004
Authored by Officerrr

phpBB modified by PRzemo version 1.8 allows for arbitrary code execution due to improper filtering allowing for remote script inclusion.

tags | exploit, remote, arbitrary, code execution
MD5 | 56451f2f2af87fa042870c5de4688379
Posted Apr 18, 2004
Authored by Wang / SRR Project Group

phpBB versions 2.0.8a and below suffer from an IP spoofing vulnerability that allows a malicious user to post messages and have them be tied to forged IP addresses.

tags | advisory, spoof
MD5 | 5abb1b7af8af6d6fc4fb272d4ef2f3af
Posted Mar 30, 2004
Authored by Yanosz

PHPKIT version 1.6.03 suffers from a cross site scripting vulnerability.

tags | advisory, xss
MD5 | ea9213f4c4ba3a9d332cc7099f954461
Posted Mar 20, 2004
Authored by James Bercegay | Site gulftech.org

phpBB versions 2.0.7a and below are susceptible to cross site scripting, SQL injection, and remote command execution attacks.

tags | advisory, remote, xss, sql injection
MD5 | 8c1c502b91197f96ecae43347d872b74
Posted Mar 20, 2004
Authored by Cheng Peng Su

phpBB 2.0.6d suffers from a cross site scripting vulnerability.

tags | advisory, xss
MD5 | 8a96d182867bd1bae916a3b61e995dca
Posted Mar 17, 2004
Authored by Ryan Wray aka HelloWorld

PHPX versions 2.x through 3.2.4 fail to create a secure session management engine. A user can obtain a session by simply supplying a uid of the user in which they want to obtain the account from, and as long as their session is in the database, it will allow session hi-jacking to occur. Further-more it is concerning that the session id itself is generated by a simple auto increment field in the MySQL database, making it trivial for an attacker to steal a cookie. Full exploitation included.

tags | exploit
MD5 | 09ddcbef76dbf1843ea527f95f6e77ed
Posted Mar 15, 2004
Authored by Pokleyzz | Site scan-associates.net

phpBB versions 2.0.6 and below suffer from a SQL injection vulnerability in the search.php file. Workaround included.

tags | advisory, php, sql injection
MD5 | 7eba141ea384a599e9677a3788face6c
Posted Mar 15, 2004
Authored by James Bercegay | Site gulftech.org

phpBB versions 2.0.6d and below suffer from cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | 8f141547555e3e8b5843c2166e6132ba
Posted Feb 29, 2004
Authored by Cheng Peng Su

phpBB's ViewTopic.php script is vulnerable to a cross site scripting attack.

tags | advisory, php, xss
MD5 | cf7d999c135a18776b6c789e7da3f45c
Posted Feb 10, 2004
Authored by Pokleyzz

PHPNuke versions greater than 6.9 are susceptible to SQL injection attacks that allow a remote attacker to get an administrator's hash to achieve to administrator access.

tags | advisory, remote, sql injection
MD5 | 10409d176ded0ab738e079c21cc40ce7
Posted Feb 4, 2004
Authored by Manuel Lopez

PHPX versions 3.2.3 and below suffer from cross site scripting, code injection, and cookie hijacking flaws.

tags | advisory, xss
MD5 | 72601f3690201f010e5fd30f0d1f8566
Page 2 of 4

File Archive:

November 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    28 Files
  • 2
    Nov 2nd
    1 Files
  • 3
    Nov 3rd
    1 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    19 Files
  • 6
    Nov 6th
    65 Files
  • 7
    Nov 7th
    22 Files
  • 8
    Nov 8th
    18 Files
  • 9
    Nov 9th
    1 Files
  • 10
    Nov 10th
    1 Files
  • 11
    Nov 11th
    11 Files
  • 12
    Nov 12th
    65 Files
  • 13
    Nov 13th
    27 Files
  • 14
    Nov 14th
    22 Files
  • 15
    Nov 15th
    18 Files
  • 16
    Nov 16th
    1 Files
  • 17
    Nov 17th
    3 Files
  • 18
    Nov 18th
    22 Files
  • 19
    Nov 19th
    16 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags


packet storm

© 2019 Packet Storm. All rights reserved.

Security Services
Hosting By