A Blind SQL Injection vulnerability exists in Hotel reservation System (city.asp city) which allows an attacker to execute arbitrary SQL commands on the underlying database. The vulnerability is due to the application not properly sanitizing user-supplied input before using it in an SQL query. An attacker can exploit this vulnerability by sending malicious SQL queries to the application. Depending on the database type, different injections can be used. For Microsoft Access 97, 2000, the attacker can use the functions max(1) and count(*) from MSysAccessObjects. For Microsoft Access 2003, 2007, the attacker can use the functions max(1) and count(*) from MSysAccessStorage. This can allow an attacker to gain access to sensitive information from the database.
LinksCaffePRO is a MySQL database driven link indexing script written in PHP 4. Using the admin script, an attacker can inject malicious SQL queries in the 'idd' parameter of the 'index.php' file, allowing them to access sensitive information from the database.
iScripts EasyIndex is prone to a remote SQL injection vulnerability. An attacker can exploit this issue to manipulate SQL queries and gain access to sensitive information that may lead to further attacks. This issue affects versions prior to iScripts EasyIndex 2.0; other versions may also be affected.
Link Bid Script 1.5 is vulnerable to multiple remote SQL injection attacks. An attacker can exploit this vulnerability by sending malicious SQL queries to the vulnerable application. This can be done by sending a specially crafted HTTP request to the vulnerable application. The vulnerable parameters are 'ucat' in upgrade.php and 'id' in edit.php.
A remote SQL injection vulnerability exists in Pre Real Estate Listings search.php c parameter. An attacker can send a specially crafted HTTP request to the vulnerable application to execute arbitrary SQL commands in the back-end database.
An attacker can exploit a vulnerability in CzarNews 1.20 to gain access to a user's account. The attacker can use the URL: javascript:document.cookie="recook=' or ''=',' or ''='";void(0); to log in to the account. The attacker can also use the URL: javascript:c=document.cookie;p=c.substr(c.lastIndexOf('=')+1).split(/%../);alert("Login: " + p[0] + "nPass: " + p[1]);void(0); to get the user's login and password. If the attacker knows the username of the user, they can use the URL: javascript:document.cookie="recook=[USER],'+or+''='";void(0); to log in to the account.
This exploit tests the SMB protocol by sending a CONST::SMB_CREATE_PKT packet with the maximum allowed access mask and share access. It then parses the response to check for errors.
This exploit allows an attacker to add a new admin with their own credentials by exploiting a SQL injection vulnerability in CzarNews version 1.20. The exploit is executed by sending a POST request to the cn_users.php page with the malicious cookie recook=' or '1=1,' or '1=1. If the exploit is successful, the attacker will be able to add a new administrator with their own credentials.
A vulnerability exists in Fantastico in all versions of Cpanel 11.x, which allows an attacker to include a local file. To exploit this vulnerability, an attacker must first login to port 2082 and disable mod_security, safe_mode, and all disable functions. The vulnerable code is located in http://xx.com:2082/frontend/x/fantastico/includes/xml.php, which includes a file called enc_licensing_servers.php. An attacker can exploit this vulnerability by creating a directory called /includes/ and uploading a shell.php file, which is then renamed to enc_licensing_servers.php. The exploit can then be accessed via http://xxx.com:2082/frontend/x/fantastico/includes/xml.php?fantasticopath=/home/user.
Kasseler CMS versions 1.1.0 and 1.2.4 are vulnerable to SQL injection. An attacker can exploit this vulnerability by sending malicious SQL queries to the vulnerable application. This can allow the attacker to gain access to sensitive information such as user credentials, database information, and other sensitive data.