IPB Sploit is a PHP script that exploits a vulnerability in Invision Power Board (IPB) versions 2.3.4 and below. It allows an attacker to execute arbitrary code on the vulnerable server.
This exploit allows remote command execution on vulnerable systems. It uses a malicious ActiveX control to execute a command on the vulnerable system. The command in this case is 'cmd /k echo So Simple, So Lame -- Somebody should get fired.'
The vulnerability exists in YourOwnBux 3.1 and 3.2 Beta versions due to insufficient sanitization of user-supplied input in the 'user' parameter of the 'memberstats.php' script. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable script. This can allow the attacker to execute arbitrary SQL commands on the underlying database, allowing them to access sensitive information such as usernames and passwords.
Two exploits are available for this vulnerability. The first exploit is a URL that can be used to inject malicious SQL code into the vulnerable application. The second exploit is a search query that can be used to inject malicious SQL code into the vulnerable application. Both exploits can be used to gain access to the admin panel.
A vulnerability in Ultra Office ActiveX Control allows remote attackers to corrupt arbitrary files on the vulnerable system. This is due to the lack of proper validation of user-supplied input when handling the Open and Save methods. An attacker can exploit this vulnerability by enticing a victim to click a malicious link or visit a malicious website. This will cause the vulnerable ActiveX control to open and save a malicious file on the victim's system.
A remote buffer overflow vulnerability exists in Ultra Office ActiveX Control. An attacker can exploit this vulnerability by sending a specially crafted request to the vulnerable application. This can result in arbitrary code execution in the context of the application.
iFdate <= 2.0.3 is vulnerable to SQL injection. An attacker can exploit this vulnerability by sending malicious SQL queries to the application. The vulnerable parameter is 'Search Name/Nickname' in the members_search.php page. Exploit 1: ' union select 1,concat_ws(0x3a,admin_username,admin_password),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58 from ifdate_admins/* Exploit 2: ' union select 1,concat_ws(0x3a,username,password),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58 from ifdate_users/*
An attacker can access the admin data (login name + crypted password as MD5) by accessing the admins.php file located in the conf directory of the Thickbox Gallery v2 application. This can be done by accessing the URL http://localhost/[Path]/conf/admins.php. The attacker can then extract the admin username and the hash from the retrieved data.
CMME 1.12 is vulnerable to Local File Inclusion, Download Backup, Make Directory, Cross Site Scripting and Cross Site Request Forgery. Local File Inclusion can be exploited by sending a maliciously crafted HTTP request with a specially crafted parameter value. Download Backup can be exploited by sending a maliciously crafted HTTP request with a specially crafted parameter value. Make Directory can be exploited by sending a maliciously crafted HTTP request with a specially crafted parameter value. Cross Site Scripting can be exploited by sending a maliciously crafted HTTP request with a specially crafted parameter value. Cross Site Request Forgery can be exploited by sending a maliciously crafted HTTP request with a specially crafted parameter value.
This exploit allows an attacker to execute arbitrary code on a vulnerable sIMPLE php bLOG 0.5.0 installation. The attacker can send a malicious POST request to the login_cgi.php page with a valid username and password. This will set a cookie which can then be used to send a malicious POST request to the images/emoticons/sphp.php page. This will create a new file called sphp.php which contains the attacker's code. The attacker can then send a POST request to the sphp.php page with their code, which will be executed on the vulnerable server.
Services By CQR