An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable application. The attacker can use the UNION operator to combine the results of two or more SELECT statements into a single result set which is then returned to the attacker. This can be used to gain access to the application's database and potentially gain access to sensitive information.
MiaCMS is vulnerable to SQL injection. An attacker can exploit this vulnerability to gain access to the administrator account. Exploits 1, 2 and 3 can be used to gain access to the administrator account. Additionally, the administrator password is stored in plaintext in the source code of the page.
Five Star Review ( recommend.php item_id ) is vulnerable to XSS and Remote SQL Injection. User Exploite >> www.TraGet.com/recommend.php?item_id=1'+union+select+0,concat_ws(0x3a,username,passtext),0,concat_ws(0x3a,username,passtext),0,0,0,0,0,0,0+from+review_users+limit+1,1/* and Admin Exploite >> www.TraGet.com/recommend.php?item_id=1'+union+select+0,concat_ws(0x3a,username,passtext),0,concat_ws(0x3a,username,passtext),0,0,0,0,0,0,0+from+review_admin/*. XSS can be exploited by using www.TraGet.com/search/index.php?cmd=search&words= [[ XSS ]] &searchWhere=0&mode=normal.
The OneNews Beta 2 application is vulnerable to XSS and HTML injection and SQL injection. To exploit the XSS and HTML injection vulnerability, an attacker can inject malicious code into the forms while adding comments or news. To exploit the SQL injection vulnerability, an attacker can inject malicious code into the address bar.
The Local File Inclusion vulnerability allows an attacker to include a file, usually exploiting a “dynamic file inclusion” mechanisms implemented in the target application. The SQL Injection vulnerability allows an attacker to execute malicious SQL statements that control a web application’s database server. The Cross Site Request Forgery vulnerability allows an attacker to execute malicious and unauthorized actions on behalf of an authenticated user. The Cross Site Request Forgery - Change User Profile vulnerability allows an attacker to change the settings of a user profile.
EasySite v2.3 is vulnerable to Local File Inclusion and Arbitrary View Folder Contents. An attacker can exploit this vulnerability by sending maliciously crafted HTTP requests to the vulnerable server. This will allow the attacker to view the contents of the folder and the content of files view via LFI.
tinyCMS 1.1.2 is vulnerable to a Local File Inclusion vulnerability due to a lack of sanitization of user-supplied input. An attacker can exploit this vulnerability to include arbitrary local files on the server, such as the /etc/passwd file, by supplying a maliciously crafted value for the 'config[template]' parameter in a request to the 'templater.php' script.
Go to http://localhost/[Path]/adminpanel/phpmydump.php and the download will begin ( database.sql ). For XSS, http://localhost/[Path]/merchandise.php?type=[XSS] or http://localhost/[Path]/merchandise.php?type=<script>alert(document.cookie)</script>. For CSRF, if a logged in user with administrator privilegies click the following url he will be logged out http://localhost/[Path]/adminpanel/logout.php.
The vulnerability exists due to insufficient sanitization of user-supplied input passed via the 'email' and 'password' parameters to '/_login.php' script. A remote attacker can send a specially crafted request with malicious SQL statements to the vulnerable script and bypass authentication, gain access to the application with administrative privileges and execute arbitrary SQL commands in the context of the application.
The vulnerability exists due to insufficient sanitization of user-supplied input in 'id' parameter of 'print.php' script. A remote attacker can send a specially crafted request to the vulnerable script and execute arbitrary SQL commands in application's database. Successful exploitation of this vulnerability may allow an attacker to gain access to sensitive information stored in the database.
Services By CQR