Simple Payroll System v1.0 Login page can be bypassed with a SQLi into the username parameter. An attacker can send a malicious payload into the username field as ' or 1=1-- without double-quotes and type anything into the password field. This will allow the attacker to bypass the authentication and gain access to the system as an administrator.
Loan Management System Login page can be bypassed with a simple SQLi to the username parameter. Steps To Reproduce: 1 - Go to the login page http://localhost/audit_trail/login.php 2 - Enter the payload to username field as "admin' or '1'='1'#" without double-quotes and type anything to password field. 3 - Click on "Login" button and you are logged in as administrator.
Cmder is a software package created over absence of usable console emulator on Windows. It is based on ConEmu with major config overhaul, comes with a Monokai color scheme, amazing clink (further enhanced by clink-completions) and a custom prompt layout. A buffer overflow vulnerability exists in Cmder Console Emulator 1.3.18, which requires the execution of a .cmd file type and The created file enters the emulator, That will trigger the buffer overflow condition.
Online Employees Work From Home Attendance System/Logs in a Web App v1.0 Login page can be bypassed with a simple SQLi to the username parameter. The attacker can send a payload to the username field as 'admin' or '1'='1' without double-quotes and type anything to the password field. This will allow the attacker to bypass the authentication and gain access to the application.
Admin panel authentication can be bypassed due to a SQL injection in the login form. A curl request can be used to exploit the vulnerability, with the user_email parameter set to 'admin' OR 1=1 LIMIT 1;--+- and the user_pass parameter set to 'junk'.
The following PoCs will leak the admin username and password: Unauthenticated: http://127.0.0.1/entrance_exam/take_exam.php?id=%27+UNION+SELECT+1,username||%27;%27||password,3,4,5,6,7+FROM+admin_list; Admin: http://127.0.0.1/entrance_exam/admin/view_enrollee.php?id=1'+UNION+SELECT+1,2,3,4,5,6,password,username,9,10,11,12,13,14,15+FROM+admin_list;
By setting the parameter old_password as array, the MD5 function on it returns null, so md5($old_password) == $_SESSION['password'] since we have no session, thus bypassing the check, after that we can use SQLI and inject our custom data.
An unauthenticated admin creation vulnerability exists in Simple Online College Entrance Exam System 1.0. An attacker can send a POST request to the Actions.php page with the parameters id, fullname, username, and type to create an admin user. A proof-of-concept (PoC) to create an admin user named exploitdb and password exploitdb is provided.
Maian-Cart 3.8 is vulnerable to Remote Code Execution (RCE) due to improper input validation. An unauthenticated attacker can exploit this vulnerability by sending a crafted request to the vulnerable server. This will allow the attacker to execute arbitrary code on the vulnerable server.
django-unicorn <= 0.35.3 suffers from a stored XSS vulnerability by improperly escaping data from AJAX requests. An attacker can exploit this vulnerability by entering an XSS payload in the todo form. This will allow the attacker to execute malicious JavaScript code in the victim's browser.
Services By CQR