ThE g0bL!N

92 exploits Active since Dec 2006
EIP-2026-112458 EXPLOITDB text WRITEUP
Studio Lounge Address Book 2.5 - Authentication Bypass
CVE-2009-4671 EXPLOITDB text WORKING POC
RoomPHPlanning 1.6 - Unauthenticated Authentication Bypass via Cookie Manipulation
Login.php in RoomPHPlanning 1.6 allows remote attackers to bypass authentication and obtain administrative access by setting the room_phplanning cookie to a value associated with the admin account.
EIP-2026-111719 EXPLOITDB text WRITEUP
Recipe Script 5.0 - 'First Name' HTML Injection
CVE-2009-1658 EXPLOITDB text WORKING POC
Realty Webware Technologies Realty Web-Base 1.0 - SQL Injection via Username and Password Parameters
Multiple SQL injection vulnerabilities in admin/admin.php in Realty Webware Technologies Realty Web-Base 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) user (username) and (2) password parameters. NOTE: some of these details are obtained from third party information.
EIP-2026-112057 EXPLOITDB text WORKING POC
Simbas CMS 2.0 - Authentication Bypass
CVE-2009-1751 EXPLOITDB text WORKING POC
Realty Webware Technologies Web-Base 1.0 - SQL Injection via list_list.php id Parameter
SQL injection vulnerability in list_list.php in Realty Webware Technologies Web-Base 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
EIP-2026-111303 EXPLOITDB text WORKING POC
Pixelactivo 3.0 - Authentication Bypass
CVE-2009-2179 EXPLOITDB text WORKING POC
phpDatingClub 3.7 - SQL Injection via search.php sform[day] Parameter
SQL injection vulnerability in search.php in phpDatingClub 3.7 allows remote attackers to execute arbitrary SQL commands via the sform[day] parameter.
EIP-2026-110649 EXPLOITDB text WORKING POC
PHP Article Publisher - Arbitrary Authentication Bypass
CVE-2009-1587 EXPLOITDB text WORKING POC
PHP Site Lock 2.0 - Unauthenticated Authentication Bypass via Cookie Manipulation
index.php in PHP Site Lock 2.0 allows remote attackers to bypass authentication and obtain administrative access by setting the login_id, group_id, login_name, user_id, and user_type cookies to certain values.
CVE-2009-2774 EXPLOITDB text WORKING POC
PHP Paid 4 Mail Script - SQL Injection
SQL injection vulnerability in paidbanner.php in PHP Paid 4 Mail Script allows remote attackers to execute arbitrary SQL commands via the ID parameter.
CVE-2009-2341 EXPLOITDB text WORKING POC
Opial 1.0 - SQL Injection via albumid Parameter
SQL injection vulnerability in albumdetail.php in Opial 1.0 allows remote attackers to execute arbitrary SQL commands via the albumid parameter.
CVE-2009-1852 EXPLOITDB text WORKING POC
Graphiks MyForum 1.3 - SQL Injection via Username or Password Field
Multiple SQL injection vulnerabilities in Graphiks MyForum 1.3 allow remote attackers to execute arbitrary SQL commands via the (1) Username and (2) Password fields.
EIP-2026-109846 EXPLOITDB text WORKING POC
NC LinkList 1.3.1 - Remote Command Injection
EIP-2026-109845 EXPLOITDB text WORKING POC
NC GBook 1.0 - Remote Command Injection
CVE-2009-4198 EXPLOITDB text WORKING POC
MyMiniBill - Authenticated SQL Injection via orderid Parameter
SQL injection vulnerability in my_orders.php in MyMiniBill allows remote authenticated users to execute arbitrary SQL commands via the orderid parameter in a status action.
CVE-2009-1816 EXPLOITDB text WORKING POC
My Game Script 2.0 - SQL Injection via User Parameter
SQL injection vulnerability in admin.php in My Game Script 2.0 allows remote attackers to execute arbitrary SQL commands via the user parameter (aka the username field). NOTE: some of these details are obtained from third party information.
EIP-2026-109663 EXPLOITDB text WORKING POC
My Dealer CMS 2.0 - Authentication Bypass
EIP-2026-109614 EXPLOITDB text WORKING POC
MRCGIGUY Top Sites 1.0.0 - Insecure Cookie Handling
EIP-2026-109613 EXPLOITDB text WORKING POC
MRCGIGUY Thumbnail Gallery Post 1b - Arbitrary File Upload
CVE-2009-2639 EXPLOITDB text WORKING POC
MRCGIGUY The Ticket System 2.0 - SQL Injection
SQL injection vulnerability in admin.php in MRCGIGUY The Ticket System 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter in a viewticket action.
EIP-2026-109611 EXPLOITDB text WORKING POC
MRCGIGUY SimpLISTic SQL 2.0.0 - Insecure Cookie Handling
EIP-2026-109607 EXPLOITDB text WORKING POC
mrcgiguy freeticket - Cookie Handling / SQL Injection
EIP-2026-109427 EXPLOITDB html WORKING POC
Messages Library 2.0 - Arbitrary Administrator Account
CVE-2009-1582 EXPLOITDB text WORKING POC
Million Dollar Text Links 1.0 - Unauthenticated Privilege Escalation via Direct Admin Access
Million Dollar Text Links 1.0 does not properly restrict administrator access to admin.home.php, which allows remote attackers to bypass intended restrictions and gain privileges via a direct request to admin.home.php after visiting admin.php.