Since the application is filtering user input with preg_replace, attackers can able to bypass restriction by using HTML to Unicode encoding. So the application let's attacker perform DOM based XSS.
Exponent CMS 2.6 is vulnerable to Stored XSS, Database Credential Disclosure, and Authentication Bruteforce. An attacker can inject malicious code into the 'http://127.0.0.1:8082/expcms/text/edit/id/{id}/src/@footer' parameter to execute arbitrary code. Database credentials are disclosed in the response. An attacker can also brute force the authentication credentials using the provided python script.
phpKF-CMS is a very popular content management system for promotion, news, shopping, corporate, friends, blogs and more. It contains an endpoint that allows remote access. Necessary checks are not made in the file upload mechanism, only the file extension is checked. The file with the extension '.png' can be uploaded and the extension can be changed.
An attacker can exploit a SQL injection vulnerability in WBCE CMS version 1.5.1 to reset the administrator password. The attacker can send a specially crafted HTTP POST request to the vulnerable URL with the email address set to 'admin@domain.com' and a random value for the submit parameter. This will cause the application to send a plaintext password to the attacker's email address.
The attacker can use the CSRF PoC to change any sensitive user data (password, email, name and so on). The PoC includes a HTML form with various input fields that can be used to modify user data.
Croogo 3.0.2 is vulnerable to an unrestricted file upload vulnerability. An attacker can upload a malicious PHP script and execute it by accessing the '/uploads/(NAME).php' directory. The malicious script can be uploaded by sending a POST request to the '/admin/settings/settings/prefix/Theme' endpoint.
By accessing the vector, an attacker can determine if a username exists thanks to the message returned; it can be presented in different languages according to the configuration of VirtualUI. Common users are administrator, admin, guest... The vulnerable vector is 'https://example.com/changePassword?username=USERNAME' where 'USERNAME' need to be brute-forced.
An arbitrary file download vulnerability in Oliver v5 Library Server Versions < 8.00.008.053 via the FileServlet function allows for arbitrary file download by an attacker using unsanitized user supplied input.
An attacker can craft a malicious MHT file containing an invalid Content-Location header directive, which when opened on disk with Internet Explorer will bypass ActiveX control warnings and popup blocker privacy settings.
SQL Injection vulnerability exists in Online Thesis Archiving System 1.0 1.0. An admin account takeover exists with the payload: admin' # - admin' or '1'='1
Services By CQR