An SQL Injection vulnerability exists in the Engineers Online Portal login form which can allow an attacker to bypass authentication. The following payload will allow you to bypass the authentication mechanism of the Engineers Online Portal login form - ' OR '1'='1';-- -
A stored XSS vulnerability exists in the Engineers Online Portal. An attacker can leverage this vulnerability in order to run javascript on the web server surfers behalf, which can lead to cookie stealing, defacement and more. The following payload will allow you to run the javascript - <script>alert("This is an XSS Give me your cookies")</script>
A stored XSS vulnerability exists in the Event management software. An attacker can leverage this vulnerability in order to run javascript on the web server surfers behalf, which can lead to cookie stealing, defacement and more.
An unauthenticated attacker can exploit a SQL injection vulnerability in Balbooa Joomla Forms Builder 2.0.6 by sending a specially crafted request. The request contains a malicious payload in the form of a JSON object, which is then used to execute arbitrary SQL commands on the vulnerable system.
This exploit is a bash script that can be used to gain a reverse shell on Apache 2.4.50 with CGI enabled. The script takes three parameters: the URL of the target, the local host IP address, and the local port. It then sends two curl requests to the target, the first of which creates a shell script in the /tmp directory, and the second of which executes the shell script.
A SQL injection vulnerability exists in Build Smart ERP 21.0817, which allows an unauthenticated attacker to execute arbitrary SQL commands via the 'eidValue' parameter in a POST request to the validateLogin.asp page. The payload ';WAITFOR DELAY '0:0:3'-- can be used to exploit this vulnerability.
Engineers Online Portal 1.0 is vulnerable to a File Upload Remote Code Execution (RCE) vulnerability. An attacker can send a maliciously crafted request to the server, which will allow them to execute arbitrary code on the server. The malicious code can be uploaded as an image file and sent to the server via a POST request. The server will then execute the code, allowing the attacker to gain access to the server.
A successful attempt would require the local user to be able to insert their code in the system root path undetected by the OS or other security applications where it could potentially be executed during application startup or reboot. If successful, the local user's code would execute with the elevated privileges of the application.
TaxoPress Version 3.0.7.1 is vulnerable to Stored Cross-Site Scripting (XSS). An authenticated user can inject malicious JavaScript payload into the 'Table Name & Descriptions' field which will be stored in the database. When the same functionality is triggered, the payload will be executed and a pop-up will be displayed.
This code will not verify if remote is Hikvision device or not. It is used to reliably detect vulnerable and/or exploitable devices. It can be used to launch and connect to SSH shell, execute command and execute blind command.
Services By CQR