The Secure Web Gateway's (SWG) block page, which is displayed when a request or response is blocked by a rule, can contain static files such as images, stylesheets or JavaScript code. These files are embedded using special URL paths. It was discovered that paths with this prefix are intercepted and directly handled by the SWG no matter on which domain they are accessed. While the paremeter 'de5fs23hu73ds' seems to be randomly generated, it is possible to guess it by bruteforcing.
Paid Memberships Pro is a WordPress plugin that is vulnerable to an unauthenticated SQL injection vulnerability. This vulnerability allows an attacker to execute arbitrary SQL commands on the target database. The vulnerability was discovered by Joshua Martinelle and was assigned CVE-2023-23488. The exploit can be tested by running a script against a WordPress instance with the Paid Membership Pro plugin. The script will tell if the target is vulnerable and generate an appropriate sqlmap command to dump the whole database or specific data like usernames and passwords.
A vulnerability in Siemens SIMATIC S7-300 CPU family could allow a remote attacker to cause a denial of service condition on the targeted system. An attacker could send a specially crafted HTTP request containing an overly long string to the targeted system. An exploit could allow the attacker to cause the system to become unresponsive, resulting in a denial of service condition.
Using Cross-Site Request Forgery (CSRF), an attacker can force a user who is currently authenticated with a web application to execute an unwanted action. The attacker can trick the user into loading a page which may send a request to perform the unwanted action in the background. In the case of Searchblox, we can use CSRF to perform actions on the admin dashboard by targeting an administrator.
A SQL injection vulnerability exists in Facebook Clone Script 1.0.5, which allows an attacker to execute arbitrary SQL commands via the 'search' parameter in a POST request to top-search.php. The payload '1' UNION SELECT NULL,group_concat(table_name,0x3C62723E,column_name),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL from information_schema.columns where table_schema=schema()#' can be used to extract information from the database.
This plugin displays advanced statistics on the index page such as latest posts with auto refresh using AJAX. An attacker can create a new thread with a malicious payload as the title, which will execute the XSS code when loaded on the index page.
Recently, I found an Arbitrary File Upload Vulnerability in 'NUUO NVRmini2' program, NVRmini2 is widely used all over the world. Vulnerable cgi: /upload.php As the code above, no any filter, so we can upload a php shell directly to the web server.
A SQL injection vulnerability was discovered in Issue Trak versions <= 7.0, and is possibly applicable up to version 9.7. The vulnerable endpoint is www.example.com/IssueTrak/IssueSearch_Process.asp, and the vulnerable parameters are Status, Priority, inp_IssueType, SubmittedBy, EnteredBy, AssignedTo, AssignedBy, NextActionBy, ClosedBy, ProjectManager, and inp_OrgID. An attacker can exploit this vulnerability by sending a malicious HTTP request containing a SQL injection payload. The SQLMap and NoSQLMap commands can be used to exploit this vulnerability.
A local buffer overflow vulnerability exists in ALFTP 5.31. By supplying a maliciously crafted input, an attacker can overwrite the SEH handler and execute arbitrary code. The vulnerability can be exploited by pasting the contents of alftp.txt in 'options->Preference->Security->New password &Confirm password'
A SQL injection vulnerability exists in Joomla! extension Full Social 1.1.0. An attacker can send a specially crafted HTTP request containing a malicious 'search_query' parameter to execute arbitrary SQL commands on the vulnerable system. The payload used was a time-based blind payload of '1%' AND SLEEP(10)%23'
Services By CQR