tailieunhanh - Google hacking for penetration tester - part 26

Locating Exploits and Finding Targets • Chapter 6 251 Table continued Vulnerable Web Application Examples from the GHDB Google Query “Powered by CuteNews” “Powered by GTChat ”+ ”User Login”+”Remember my login information” intitle:”WEB//NEWS Personal Newsmanagement” intext:” © 2002-2004 by Christian Scheb— ”+”Version “+ ”Login” “Mimicboard2 086”+”2000 Nobutaka Makino”+”password”+ ”message” inurl:page=1 “Maintained with Subscribe Me ”+”Professional” inurl:”” “Powered by autolinks pro ” inurl: “CosmoShop by Zaunz Publishing” inurl:”cgi-bin/cosmoshop/” * “Powered by Woltlab Burning Board” -”” -”” -”” -”” intitle:”PHP TopSites FREE Remote Admin” Powered by PHP-Fusion © 2003-2005. Vulnerability. | Locating Exploits and Finding Targets Chapter 6 251 Table continued Vulnerable Web Application Examples from the GHDB Google Query Vulnerability Description Powered by CuteNews Powered by GTChat User Login Remember my login information intitle WEB NEWS Personal Newsmanagement intext   2002-2004 by Christian Scheb Version Login Mimicboard2 086 2000 Nobutaka Makino password message inurl page 1 Maintained with Subscribe Me Professional inurl Powered by autolinks pro inurl CosmoShop by Zaunz Publishing inurl cgi-bin cosmoshop - Powered by Woltlab Burning Board - - - - intitle PHP TopSites FREE Remote Admin Powered by PHP-Fusion   2003-2005. Powered By lucidCMS CuteNews and possibly prior versions allows remote code execution. GTChat contains a remote denial of service vulnerability. WEB NEWS is prone to multiple SQL injection vulnerabilities. Mimicboard2 v086 is prone to multiple HTML injection vulnerabilities. Subscribe Me Pro is prone to a directory traversal vulnerability. AutoLinksPro contains a remote PHP File include vulnerability. Cosmoshop versions and are vulnerable to SQL injection and cleartext password enumeration. Woltlab Burning Board versions and are vulnerable to SQL injection. Certain versions of PHP TopSites discloses configuration data to remote users. PHP-Fusion is prone to SQL Injection and administrative credentials disclosure. News generated by Utopia News Pro Powered By Utopia News Pro Lucid CMS has SQL injection and login bypass vulnerabilities. Utopia News Pro and prior versions contain SQL Injection and xSs vulnerabilities. intitle Mantis Welcome to the Mantis versions or less contain XSS bugtracker and .

TỪ KHÓA LIÊN QUAN