The vulnerability is caused due to the use of user-supplied input in the 'conf[lang]' and 'admindir' parameters in '/_conf/_php-core/common-tpl-vars.php' script without proper sanitization. This can be exploited to include arbitrary local files by passing directory traversal strings to the 'conf[lang]' parameter and to include arbitrary remote files by passing a URL to the 'admindir' parameter.
PostEcards is vulnerable to SQL Injection and Database Disclosure. An attacker can exploit this vulnerability by sending a maliciously crafted URL to the vulnerable application. This can allow the attacker to gain access to sensitive information such as usernames and passwords stored in the database. A live demo of this vulnerability can be found at http://www.melink.com/PostCards/database/postcards.mdb and http://www.melink.com/PostCards/sendcard.cfm?cid=0+union+SELECT%20null,null,username,null%20FROM%20USERS%00.
The affected file is /admin/index.php. Just go in /[path]/admin/index.php. Login with the following details: Username : ' or 1=1# Password : anything
Netref 4.0 is vulnerable to a remote SQL injection vulnerability. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable application. This request contains malicious SQL code that can be executed in the back-end database. The malicious SQL code can be used to extract sensitive information from the database, such as usernames and passwords.
PEEL Remote SQL Injection Vulnerability is a vulnerability discovered by SuB-ZeRo in 2008. It affects the website http://www.peel.fr/ and the downloader http://www.script-masters.com/home/voir_script_php_mysql-146.html. The exploit is executed by sending a malicious request to the website in the form of http://[website]/[script]/lire/index.php?rubid=1+union+select+1,@@version,3-- or http://[website]/[script]/index.php?rubid=1+union+select+1,@@version,3--. A live demo of the exploit can be found at http://demo.peel.fr/lire/index.php?rubid=1+union+select+1,@@version,3--.
This exploit allows an attacker to bypass the PHP safe_mode by uploading two files - one precompiled shared library and a php script. The attacker can then open http://victim/path/evil.php?c=arbitrarycommand to execute arbitrary commands on the target web server.
PHPmyGallery v~1.0beta2 is vulnerable to Remote File Inclusion (RFI) and Local File Inclusion (LFI) attacks. The vulnerability exists due to insufficient sanitization of user-supplied input in the 'confdir' and 'lang' parameters of the 'common-tpl-vars.php' script. An attacker can exploit this vulnerability to include arbitrary remote files and execute arbitrary code on the vulnerable system.
A vulnerability exists in PollPro v2.0 which allows an attacker to bypass authentication by entering ' or '1'='1 as the username and password.
A vulnerability in Professional Download Assistant 0.1 allows an attacker to bypass authentication by using the username 'ZoRLu' and the password ' or '.
This exploit allows for remote root command execution, changing of the web administration password and enabling of remote administration, and creating of new port forwarding rules to bypass NAT.
Services By CQR