header-logo
Suggest Exploit
explore-vulnerabilities

Explore Vulnerabilities

Version
Year

Explore all Exploits:

Hotel reservation System (city.asp city) Blind SQL Injection Vulnerability

A Blind SQL Injection vulnerability exists in Hotel reservation System (city.asp city) which allows an attacker to execute arbitrary SQL commands on the underlying database. The vulnerability is due to the application not properly sanitizing user-supplied input before using it in an SQL query. An attacker can exploit this vulnerability by sending malicious SQL queries to the application. Depending on the database type, different injections can be used. For Microsoft Access 97, 2000, the attacker can use the functions max(1) and count(*) from MSysAccessObjects. For Microsoft Access 2003, 2007, the attacker can use the functions max(1) and count(*) from MSysAccessStorage. This can allow an attacker to gain access to sensitive information from the database.

iScripts EasyIndex (produid) Remote SQL Injection

iScripts EasyIndex is prone to a remote SQL injection vulnerability. An attacker can exploit this issue to manipulate SQL queries and gain access to sensitive information that may lead to further attacks. This issue affects versions prior to iScripts EasyIndex 2.0; other versions may also be affected.

Link Bid Script 1.5 Multiple Remote SQL Injection

Link Bid Script 1.5 is vulnerable to multiple remote SQL injection attacks. An attacker can exploit this vulnerability by sending malicious SQL queries to the vulnerable application. This can be done by sending a specially crafted HTTP request to the vulnerable application. The vulnerable parameters are 'ucat' in upgrade.php and 'id' in edit.php.

CzarNews <= v1.20 (Cookie) Remote SQL Injection Exploit

This exploit allows an attacker to add a new admin with their own credentials by exploiting a SQL injection vulnerability in CzarNews version 1.20. The exploit is executed by sending a POST request to the cn_users.php page with the malicious cookie recook=' or '1=1,' or '1=1. If the exploit is successful, the attacker will be able to add a new administrator with their own credentials.

Fantastico In all Version Cpanel 11.x <= local File Include

A vulnerability exists in Fantastico in all versions of Cpanel 11.x, which allows an attacker to include a local file. To exploit this vulnerability, an attacker must first login to port 2082 and disable mod_security, safe_mode, and all disable functions. The vulnerable code is located in http://xx.com:2082/frontend/x/fantastico/includes/xml.php, which includes a file called enc_licensing_servers.php. An attacker can exploit this vulnerability by creating a directory called /includes/ and uploading a shell.php file, which is then renamed to enc_licensing_servers.php. The exploit can then be accessed via http://xxx.com:2082/frontend/x/fantastico/includes/xml.php?fantasticopath=/home/user.

Kasseler CMS 1.1.0, 1.2.0 Lite SQL Injection

Kasseler CMS versions 1.1.0 and 1.2.4 are vulnerable to SQL injection. An attacker can exploit this vulnerability by sending malicious SQL queries to the vulnerable application. This can allow the attacker to gain access to sensitive information such as user credentials, database information, and other sensitive data.

Recent Exploits: