This exploit uses an SQL Injection in the file admin/login.php to bypass the login, and then an SQL Injection in the admin/news.php to extract all the users info. Note: password are crypted with md5.
ScriptsEz Mini Hosting Panel is prone to a local file inclusion vulnerability. An attacker can exploit this issue to view sensitive files from remote locations on the affected computer; this may aid in further attacks. This issue affects members.php. The PoC for this vulnerability is /members.php?act=view&p=[FILE]&dir=[DIR] and the exploits are /etc/passwd/ --> /members.php?act=view&p=passwd&dir=../../../../../../../../../../../../etc/ and conf.php --> /members.php?act=view&p=conf.php&dir=/test/../../..
An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable server. The malicious request contains a specially crafted SQL query that can be used to extract sensitive information from the database, such as usernames and passwords. The malicious request can also be used to modify or delete data from the database.
This exploit will work if the target has left the load_receiver.php script un-edited. After execution, the attacker can execute arbitrary code by sending a POST request to post.php with the parameters 'pc' or 'sc'. The attacker can also use a backdoor from the paint_save.php exploit.
Cameralife 2.6.2b4 is vulnerable to a remote SQL injection and XSS attack. An attacker can exploit the vulnerability by sending a specially crafted URL to the target application. The URL contains a malicious SQL query which can be used to extract sensitive information from the database. The attacker can also inject malicious JavaScript code into the application which can be used to steal user credentials or perform other malicious activities.
A SQL injection vulnerability exists in Joomtracker XBT external bittorrent tracker, which allows an attacker to execute arbitrary SQL commands via the 'id' parameter in a 'tordetails' action to the 'index.php' script.
Gforge is vulnerable to a SQL injection vulnerability in the handle_multi_edit($skill_ids) function on /www/people/skills_utils.php. This vulnerability can be exploited by creating an account and being logged in, and then sending a specially crafted HTTP request to the editprofile.php page. This exploit should work regardless of the magic_quotes_gpc setting.
Gforge versions prior to 4.5.19 are vulnerable to multiple SQL injection vulnerabilities. An attacker can exploit these vulnerabilities to gain access to sensitive information such as user credentials, system information, etc. The vulnerabilities can be exploited regardless of the magic_quotes_gpc setting.
Kusaba <= 1.0.4 is vulnerable to Remote Code Execution. An attacker can upload a malicious image file containing PHP code to the server, which can be executed by accessing the URL of the uploaded file. This vulnerability can be exploited by sending a specially crafted HTTP POST request to the paint_save.php script.
This exploit allows an attacker to execute code under the SYSTEM account on Windows 2003. This is possible because Windows services accounts can impersonate other processes, such as IIS 6 worker processes. If an attacker can run code from an ASP .NET or classic ASP web application, they can own Windows. Additionally, if an attacker has access to a SQL Server, they can execute the exploit using xp_cmdshell. The PoC exploit can be found at http://www.argeniss.com/research/Churrasco.zip
Services By CQR