Capexweb is a web-based backoffice client used by leading stock exchanges like Berkeley Gains and Angle Broking House. An attacker can exploit a SQL injection vulnerability by logging in with a username of x'or'x'='x and a password of x'or'x'='x.
Seotoaster v.1.9 is prone to an SQL-Injection which bypass the admin login. The exploit can be triggered by sending a crafted HTTP request to the target URL with the user input as ' or 1=1)# and any password.
This module exploits an arbitrary command execution vulnerability in PmWiki from 2.0.0 to 2.2.34. The vulnerable function is inside /scripts/pagelist.php.
This module exploits a remote stack buffer overflow vulnerability in 3S-Smart Software Solutions product CoDeSys Scada Web Server Version 1.1.9.9.
This module exploits an arbitrary command execution vulnerability in Traq 2.0 to 2.3. It's in the admincp/common.php script. This function is called in each script located into /admicp/ directory to make sure the user has admin rights, but this is a broken authorization schema due to the header() function doesn't stop the execution flow. This can be exploited by malicious users to execute admin functionality resulting for e.g. in execution of arbitrary PHP code leveraging of plugins.php functionality.
This PoC-Exploit is only for educational purpose!!! It is a directory traversal vulnerability in zFTPServer Suite 6.0.0.52. It allows an attacker to send a payload of minimum length 38 to the vulnerable server and traverse the directory structure.
Xoops 2.5.4 is vulnerable to Blind SQL Injection. An attacker can exploit this vulnerability to gain access to the administration menu. The vulnerability exists in the 'fct' parameter of the 'admin.php' script. By manipulating the 'selgroups' parameter, an attacker can inject malicious SQL code.
This vulnerability allows a malicious hacker to change password of a user and also it allows changing the website information. First, the attacker must install all optional sections during installation process. There are CSRF in all sections in this application, for example, the attacker can add news, pray for, change the password and can do all functionalities are there. The attacker can save the exploit code in a file called 'code.html' and then call it from another page using an iframe.
The Variable PID is not properly sanitized in the get request before insertion into the database query; allowing an attaacker or any user who can view poll results (supposedly all user) to use blind sql injection to extract database data and possibly compromise the whole server.
When installing FCMS_2.7.2 cms, if all optional sections are installed, an attacker can inject JavaScript code into the 'reply' field on the 'messageboard.php?thread=1' page, the 'text area' field on the 'familynews.php?addnews=yes' page, the 'pray for' field on the 'prayers.php' page, the 'name' field on the 'recipes.php?add=category' page, and the 'Event' field on the 'calendar.php?add=2011-12-2' page. Additionally, reflected XSS can be achieved on the 'calendar.php?add=2011-12-7' and 'gallery/index.php?uid' pages.
Services By CQR