NonameCMS is vulnerable to SQL injection. The vulnerability exists due to insufficient sanitization of user-supplied input in the 'file_id' and 'kategorie' parameters of 'index.php' script. A remote attacker can send a specially crafted request to the vulnerable script and execute arbitrary SQL commands in application's database. Successful exploitation of this vulnerability may allow an attacker to gain access to sensitive information, modify data, or exploit vulnerabilities in the underlying database implementation.
The Discussion Forums 2k application is vulnerable to multiple SQL injection attacks when magic_quotes_gpc is set to Off. An attacker can exploit this vulnerability by sending malicious SQL queries to the application. The malicious queries can be sent via the 'CatID', 'id', and 'SubID' parameters in the 'RSS1.php', 'RSS2.php', and 'RSS5.php' scripts respectively.
An attacker can exploit this vulnerability by sending a crafted HTTP request to the vulnerable application. The request contains a malicious SQL query that can be used to extract sensitive information from the database.
MySQL Quick Admin version 1.5.5 and below is vulnerable to a Local File Inclusion vulnerability. This vulnerability is due to the application not properly sanitizing user-supplied input in the 'language' cookie. An attacker can exploit this vulnerability to include arbitrary files from the web server, such as the web server's '/etc/passwd' file, resulting in the disclosure of sensitive information. To exploit this vulnerability, an attacker must set the 'language' cookie to a malicious value, such as '../../../../../../../../../../etc/passwd%00; path=/', and then enter '/index.php' in the browser.
This exploit is used to gain access to the MD5 hash of the password of the user with ID 1 in the ADN Forum version 1.0b. It uses a blind SQL injection vulnerability to achieve this. The exploit is written in Perl and uses the LWP::UserAgent module to send requests to the server. It then iterates through a list of characters and sends requests with the ascii value of the character in the query. If the response is successful, it adds the character to the MD5 hash and moves on to the next character.
You can navigate and see the entries. Something like as: http://localhost/p/index.php?option=viewEntry&filename=00001. Code doesn't check the comments directory. If magic quotes are off you can do: http://localhost/p/index.php?option=viewEntry&filename=../config.php%00. config.php has the admin password.
The SaveAsPDF() method of GdPicture Pro ActiveX (gdpicture4s.ocx) allows to create / overwrite file through sFilePath argument. By using other arguments, such as sTitle, an attacker could be inject html code and execute it using the hcp:// protocol (tecnique discovered by rgod). Tested on Windows XP SP2 with IE 6/7.
A remote SQL injection vulnerability exists in the BookMarks Favourites Script. An attacker can exploit this vulnerability to inject malicious SQL queries into the application, allowing them to gain access to sensitive information stored in the database. The vulnerability is due to insufficient sanitization of user-supplied input to the 'id' parameter in the 'view_group.php' script. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing malicious SQL queries to the vulnerable script. This can result in the execution of arbitrary SQL commands, allowing the attacker to gain access to sensitive information stored in the database.
Rianxosencabos CMS 0.9 is vulnerable to a Remote Blind SQL Injection vulnerability. This vulnerability is due to the 'scripts/links.php' script not properly sanitizing user-supplied input to the 'id' parameter in the 'visita()' function. An attacker can exploit this vulnerability to inject and execute arbitrary SQL commands in the application's back-end database, allowing for the manipulation or disclosure of arbitrary data. This vulnerability can be exploited through a browser.
SG Real Estate Portal 2.0 is prone to an insecure cookie handling vulnerability. This issue is due to a failure in the application to properly validate user-supplied input. An attacker can exploit this issue to gain unauthorized access to the application.
Services By CQR