[ home ] [ contents ] [ platforms ] [ shellcode ] [ search ] [ cracker ] [ links ] [ rss ] [ archive ]

Author:

JosS

Homepage:http://www.spanish-hackers.com/


[ exploits/shellcode ]
-::DATE -::DESCRIPTION -::HITS -::AUTHOR
2009-06-24 PHPEcho CMS 2.0-rc3 (forum) XSS Cookie Stealing / Blind Vulnerability 2655 R D JosS
2009-06-24 LightOpenCMS 0.1 (smarty.php cwd) Local File Inclusion Vulnerability 2410 R D JosS
2009-04-20 Studio Lounge Address Book 2.5 (profile) Shell Upload Vulnerability 2557 R D JosS
2009-04-16 SMA-DB 0.3.13 Multiple Remote File Inclusion Vulnerabilities 2996 R D JosS
2009-02-23 pPIM 1.01 (notes.php id) Remote Command Execution Exploit 3182 R D JosS
2009-02-06 1024 CMS <= 1.4.4 Remote Command Execution with RFI (c99) Exploit 6290 R D JosS
2009-02-04 GR Blog 1.1.4 (Upload/Bypass) Multiple Remote Vulnerabilities 2615 R D JosS
2009-02-04 GR Note 0.94 beta (Auth Bypass) Remote Database Backup Vulnerability 2107 R D JosS
2009-01-05 Cybershade CMS 0.2b (index.php) Remote File Inclusion Exploit 4881 R D JosS
2008-11-25 Clean CMS 1.5 (full_txt.php id) Blind SQL Injection Exploit 2615 R D JosS
2008-11-03 pppBlog <= 0.3.11 (randompic.php) File Disclosure Vulnerability 2350 R D JosS
2008-11-02 Maran PHP Shop (prod.php cat) SQL Injection Vulnerability 2455 R D JosS
2008-11-02 Maran PHP Shop (admin.php) Insecure Cookie Handling Vulnerability 3322 R D JosS
2008-11-01 Bloggie Lite 0.0.2 Beta SQL Injection by Insecure Cookie Handling 1527 R D JosS
2008-10-23 aflog 1.01 Multiple Insecure Cookie Handling Vulnerabilies 2010 R D JosS
2008-10-21 LightBlog 9.8 (GET,POST,COOKIE) Multiple LFI Vulnerabilities 3272 R D JosS
2008-10-16 IP Reg <= 0.4 Multiple Remote SQL Injection Vulnerabilities 2524 R D JosS
2008-10-16 Kure 0.6.3 (index.php post,doc) Local File Inclusion Vulnerability 2666 R D JosS
2008-10-15 myStats (hits.php) Multiple Remote Vulnerabilities Exploit 2695 R D JosS
2008-10-15 myEvent 1.6 (viewevent.php) Remote SQL Injection Vulnerability 3076 R D JosS
2008-10-13 LokiCMS 0.3.4 (admin.php) Create Local File Inclusion Exploit 2986 R D JosS
2008-10-12 LokiCMS <= 0.3.4 (index.php page) Arbitrary Check File Exploit 2778 R D JosS
2008-10-12 My PHP Indexer 1.0 (index.php) Local File Download Vulnerability 3856 R D JosS
2008-10-09 ScriptsEz Mini Hosting Panel (members.php) LFI Vulnerability 3006 R D JosS
2008-10-09 ScriptsEz Easy Image Downloader Local File Download Vulnerability 2733 R D JosS
2008-10-05 FOSS Gallery Public <= 1.0 Arbitrary Upload / Information c99 Expoit 5129 R D JosS
2008-10-05 phpAbook <= 0.8.8b (COOKIE) Local File Inclusion Vulnerability 2367 R D JosS
2008-10-04 pPIM 1.01 (notes.php id) Local File Inclusion Vulnerability 2600 R D JosS
2008-10-01 MySQL Quick Admin <= 1.5.5 (COOKIE) Local File Inclusion Vulnerability 4150 R D JosS
2008-09-16 Hotel reservation System (city.asp city) Blind SQL Injection Vulnerability 4569 R D JosS
2008-09-15 Pre Real Estate Listings (search.php c) SQL Injection Vulnerability 3169 R D JosS
2008-09-05 WebCMS Portal Edition (index.php id) Blind SQL Injection Exploit 3344 R D JosS
2008-06-14 Pre Job Board (JobSearch.php) Remote SQL Injection Vulnerability 3267 R D JosS
2008-06-13 E-SMART CART (productsofcat.asp) Remote SQL Injection Vulnerability 3468 R D JosS
2008-06-13 PHP JOBWEBSITE PRO (JobSearch3.php) SQL Injection Vulnerability 3057 R D JosS
2008-06-10 ASPPortal Free Version (Topic_Id) Remote SQL Injection Vulnerability 3431 R D JosS
2008-06-09 Real Estate Web Site 1.0 (SQL/XSS) Multiple Remote Vulnerabilities 2751 R D JosS
2008-06-01 ComicShout 2.8 (news.php news_id) SQL Injection Vulnerability 2944 R D JosS
2008-05-31 BP Blog 6.0 (id) Remote Blind SQL Injection Vulnerability 3149 R D JosS
2008-05-16 StanWeb.CMS (default.asp id) Remote SQL Injection Exploit 4281 R D JosS
2008-05-09 SazCart <= 1.5.1 (prodid) Remote SQL Injection Exploit 4004 R D JosS
2008-05-04 Scout Portal Toolkit <= 1.4.0 (ParentId) Remote SQL Injection Exploit 3325 R D JosS
2008-04-15 Classifieds Caffe (index.php cat_id) SQL Injection Vulnerability 5177 R D JosS
2008-04-14 Koobi CMS 4.2.4/4.2.5/4.3.0 Multiple Remote SQL Injection Vulnerabilities 4142 R D JosS
2008-03-18 KAPhotoservice (album.asp) Remote SQL Injection Exploit 4997 R D JosS
2008-03-16 Mutiple Timesheets <= 5.0 Multiple Remote Vulnerabilities 4309 R D JosS
2008-03-12 EasyCalendar <= 4.0tr Multiple Remote Vulnerabilities 4391 R D JosS
2008-03-12 EasyGallery <= 5.0tr Multiple Remote Vulnerabilities 6316 R D JosS
2008-02-29 Koobi CMS 4.3.0 - 4.2.3 (categ) Remote SQL Injection Vulnerability 6547 R D JosS
2008-02-16 Simple CMS <= 1.0.3 (indexen.php area) Remote SQL Injection Exploit 4239 R D JosS
2008-01-16 Gradman <= 0.1.3 (agregar_info.php) Local File Inclusion Exploit 3917 R D JosS
2008-01-14 RichStrong CMS (showproduct.asp cat) Remote SQL Injection Exploit 4779 R D JosS
2008-01-13 Binn SBuilder (nid) Remote Blind SQL Injection Vulnerability 3705 R D JosS
2007-12-26 Blakord Portal <= Beta 1.3.A (all modules) SQL Injection Vulnerability 4043 R D JosS
2007-10-13 WWWISIS <= 7.1 (IsisScript) Local File Disclosure / XSS Vulnerabilities 6313 R D JosS

[ papers ]
-::DATE -::DESCRIPTION -::HITS -::AUTHOR
2008-10-07[spanish] f**king the Web Apps [LFI #1 - attack edition]5068DJosS



send all submissions to submit[at]milw0rm.com [gpg]
Copyright © 2004-2009 milw0rm