[ home ] [ contents ] [ platforms ] [ shellcode ] [ search ] [ cracker ] [ links ] [ rss ] [ archive ]

Author:

JosS

Homepage:http://www.spanish-hackers.com/


[ exploits/shellcode ]
-::DATE -::DESCRIPTION -::HITS -::AUTHOR
2009-06-24 PHPEcho CMS 2.0-rc3 (forum) XSS Cookie Stealing / Blind Vulnerability 2561 R D JosS
2009-06-24 LightOpenCMS 0.1 (smarty.php cwd) Local File Inclusion Vulnerability 2342 R D JosS
2009-04-20 Studio Lounge Address Book 2.5 (profile) Shell Upload Vulnerability 2482 R D JosS
2009-04-16 SMA-DB 0.3.13 Multiple Remote File Inclusion Vulnerabilities 2941 R D JosS
2009-02-23 pPIM 1.01 (notes.php id) Remote Command Execution Exploit 3114 R D JosS
2009-02-06 1024 CMS <= 1.4.4 Remote Command Execution with RFI (c99) Exploit 6167 R D JosS
2009-02-04 GR Blog 1.1.4 (Upload/Bypass) Multiple Remote Vulnerabilities 2566 R D JosS
2009-02-04 GR Note 0.94 beta (Auth Bypass) Remote Database Backup Vulnerability 2068 R D JosS
2009-01-05 Cybershade CMS 0.2b (index.php) Remote File Inclusion Exploit 4809 R D JosS
2008-11-25 Clean CMS 1.5 (full_txt.php id) Blind SQL Injection Exploit 2570 R D JosS
2008-11-03 pppBlog <= 0.3.11 (randompic.php) File Disclosure Vulnerability 2309 R D JosS
2008-11-02 Maran PHP Shop (prod.php cat) SQL Injection Vulnerability 2409 R D JosS
2008-11-02 Maran PHP Shop (admin.php) Insecure Cookie Handling Vulnerability 3254 R D JosS
2008-11-01 Bloggie Lite 0.0.2 Beta SQL Injection by Insecure Cookie Handling 1481 R D JosS
2008-10-23 aflog 1.01 Multiple Insecure Cookie Handling Vulnerabilies 1972 R D JosS
2008-10-21 LightBlog 9.8 (GET,POST,COOKIE) Multiple LFI Vulnerabilities 3232 R D JosS
2008-10-16 IP Reg <= 0.4 Multiple Remote SQL Injection Vulnerabilities 2496 R D JosS
2008-10-16 Kure 0.6.3 (index.php post,doc) Local File Inclusion Vulnerability 2634 R D JosS
2008-10-15 myStats (hits.php) Multiple Remote Vulnerabilities Exploit 2657 R D JosS
2008-10-15 myEvent 1.6 (viewevent.php) Remote SQL Injection Vulnerability 3039 R D JosS
2008-10-13 LokiCMS 0.3.4 (admin.php) Create Local File Inclusion Exploit 2944 R D JosS
2008-10-12 LokiCMS <= 0.3.4 (index.php page) Arbitrary Check File Exploit 2741 R D JosS
2008-10-12 My PHP Indexer 1.0 (index.php) Local File Download Vulnerability 3800 R D JosS
2008-10-09 ScriptsEz Mini Hosting Panel (members.php) LFI Vulnerability 2961 R D JosS
2008-10-09 ScriptsEz Easy Image Downloader Local File Download Vulnerability 2705 R D JosS
2008-10-05 FOSS Gallery Public <= 1.0 Arbitrary Upload / Information c99 Expoit 5035 R D JosS
2008-10-05 phpAbook <= 0.8.8b (COOKIE) Local File Inclusion Vulnerability 2332 R D JosS
2008-10-04 pPIM 1.01 (notes.php id) Local File Inclusion Vulnerability 2566 R D JosS
2008-10-01 MySQL Quick Admin <= 1.5.5 (COOKIE) Local File Inclusion Vulnerability 4101 R D JosS
2008-09-16 Hotel reservation System (city.asp city) Blind SQL Injection Vulnerability 4520 R D JosS
2008-09-15 Pre Real Estate Listings (search.php c) SQL Injection Vulnerability 3123 R D JosS
2008-09-05 WebCMS Portal Edition (index.php id) Blind SQL Injection Exploit 3303 R D JosS
2008-06-14 Pre Job Board (JobSearch.php) Remote SQL Injection Vulnerability 3229 R D JosS
2008-06-13 E-SMART CART (productsofcat.asp) Remote SQL Injection Vulnerability 3427 R D JosS
2008-06-13 PHP JOBWEBSITE PRO (JobSearch3.php) SQL Injection Vulnerability 3024 R D JosS
2008-06-10 ASPPortal Free Version (Topic_Id) Remote SQL Injection Vulnerability 3388 R D JosS
2008-06-09 Real Estate Web Site 1.0 (SQL/XSS) Multiple Remote Vulnerabilities 2723 R D JosS
2008-06-01 ComicShout 2.8 (news.php news_id) SQL Injection Vulnerability 2915 R D JosS
2008-05-31 BP Blog 6.0 (id) Remote Blind SQL Injection Vulnerability 3113 R D JosS
2008-05-16 StanWeb.CMS (default.asp id) Remote SQL Injection Exploit 4244 R D JosS
2008-05-09 SazCart <= 1.5.1 (prodid) Remote SQL Injection Exploit 3933 R D JosS
2008-05-04 Scout Portal Toolkit <= 1.4.0 (ParentId) Remote SQL Injection Exploit 3286 R D JosS
2008-04-15 Classifieds Caffe (index.php cat_id) SQL Injection Vulnerability 5138 R D JosS
2008-04-14 Koobi CMS 4.2.4/4.2.5/4.3.0 Multiple Remote SQL Injection Vulnerabilities 4093 R D JosS
2008-03-18 KAPhotoservice (album.asp) Remote SQL Injection Exploit 4925 R D JosS
2008-03-16 Mutiple Timesheets <= 5.0 Multiple Remote Vulnerabilities 4262 R D JosS
2008-03-12 EasyCalendar <= 4.0tr Multiple Remote Vulnerabilities 4344 R D JosS
2008-03-12 EasyGallery <= 5.0tr Multiple Remote Vulnerabilities 6270 R D JosS
2008-02-29 Koobi CMS 4.3.0 - 4.2.3 (categ) Remote SQL Injection Vulnerability 6501 R D JosS
2008-02-16 Simple CMS <= 1.0.3 (indexen.php area) Remote SQL Injection Exploit 4210 R D JosS
2008-01-16 Gradman <= 0.1.3 (agregar_info.php) Local File Inclusion Exploit 3882 R D JosS
2008-01-14 RichStrong CMS (showproduct.asp cat) Remote SQL Injection Exploit 4718 R D JosS
2008-01-13 Binn SBuilder (nid) Remote Blind SQL Injection Vulnerability 3671 R D JosS
2007-12-26 Blakord Portal <= Beta 1.3.A (all modules) SQL Injection Vulnerability 4007 R D JosS
2007-10-13 WWWISIS <= 7.1 (IsisScript) Local File Disclosure / XSS Vulnerabilities 6257 R D JosS

[ papers ]
-::DATE -::DESCRIPTION -::HITS -::AUTHOR
2008-10-07[spanish] f**king the Web Apps [LFI #1 - attack edition]4979DJosS



send all submissions to submit[at]milw0rm.com [gpg]
Copyright © 2004-2009 milw0rm