The 'cid' parameter in Fundraising Script-1.0 is vulnerable to SQL injection attacks. By injecting a payload like 'mysql' into the 'cid' parameter, an attacker can potentially manipulate the database and access sensitive information. This could lead to unauthorized access to donor information and bank accounts.
The 'cid' parameter in Fundraising Script-1.0 is vulnerable to SQL injection attacks. By submitting the payload ' as the cid parameter, a database error message was returned. If the database is not empty, this vulnerability could lead to unauthorized access to sensitive information such as donor's money and bank account details.
The 'id' parameter in PHP Shopping Cart-4.2 is vulnerable to SQL injection attacks. By submitting a single quote and observing a database error message, an attacker can manipulate the input to steal information from the database. This exploit allows unauthorized access to sensitive data.
The application implements an HTML5 cross-origin resource sharing (CORS) policy for this request that allows access from any domain. The application allowed access from the requested origin http://wioydcbiourl.com. Since the Vary: Origin header was not present in the response, reverse proxies and intermediate servers may cache it. This may enable an attacker to carry out cache poisoning attacks. The attacker can get some of the software resources of the victim without the victim knowing this.
The location_id parameter in Shuttle-Booking-Software v1.0 is vulnerable to SQL injection attacks. By submitting a single quote or two single quotes in the location_id parameter, an attacker can trigger a database error message or retrieve information from the database.
The `pickup_id` parameter in the Bus Reservation System version 1.1 is vulnerable to SQL injection attacks. An attacker can exploit this vulnerability to steal information from the database. The payload for exploiting the vulnerability is provided in the description.
The server appears to be vulnerable to client-side desync attacks. A POST request was sent to the path '/1692959852_473/index.php' with a second request sent as the body. The server ignored the Content-Length header and did not close the connection, leading to the smuggled request being interpreted as the next request.
Services By CQR