A vulnerability exists in eVision 2.0 which allows an attacker to perform Sql Injection/Remote File Upload/IG. The attacker can exploit this vulnerability by sending malicious requests to the vulnerable application. The vulnerable application is hosted on http://mesh.dl.sourceforge.net/sourceforge/e-vision/eVision-2.0.tar.gz. The attacker can use the DORK :( to find vulnerable sites. The attacker can use the Blind injection http://Site/print.php?id=1'+and+1=1/* and http://Site/style.php?template=1&module='+union+select+concat_ws(0x7c,username,pass)+from+users/* to get the username and password. The attacker can use the User http://Site/iframe.php?field=username&module=users/* and Pass http://Site/iframe.php?field=pass&module=users/* to get the username and password. The attacker can also use the http://Site/admin/phpinfo.php to get the information about the server.
Multiple Remote SQL Injection Vulnerabilities exist in phsBlog v0.1.1. An attacker can exploit these vulnerabilities to gain access to sensitive information such as usernames and passwords. The vulnerabilities exist due to insufficient sanitization of user-supplied input in the 'eid' and 'urltitle' parameters of the 'comments.php' and 'entries.php' scripts respectively. An attacker can exploit these vulnerabilities by sending a specially crafted HTTP request containing malicious SQL statements to the vulnerable scripts. Successful exploitation of these vulnerabilities can result in unauthorized access to sensitive information.
GreenCart PHP Shopping Cart is prone to a remote SQL injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. An attacker can exploit this issue to manipulate SQL queries by injecting arbitrary SQL code. This may allow the attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database implementation.
Must be authenticated as a regular user. http://host/members/mail.php?action=veiw&mail_id=-1 union select 1,2,3,concat(username,0x3a,password),5,6,7 from admin/*
Africa Be Gone version 1.0a is vulnerable to a Remote File Inclusion vulnerability. This vulnerability allows an attacker to include a remote file, usually through a malicious URL, containing arbitrary code. This code is then executed on the vulnerable server.
A vulnerability exists in PHPAuction GPL Enhanced V2.51 which allows an attacker to inject malicious SQL queries via the 'id' parameter in the 'profile.php' script. An attacker can exploit this vulnerability to gain access to the admin panel and gain access to sensitive information such as usernames and passwords.
LetterIt Newsletter Manager version 2 is vulnerable to a Local File Inclusion vulnerability. This vulnerability is due to the application failing to properly sanitize user-supplied input to the 'language' parameter of the 'wysiwyg.php' script. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing directory traversal characters to the vulnerable script. This can allow the attacker to include arbitrary local files from the web server, resulting in the disclosure of sensitive information.
This exploit is based on the vulnerable code in /include/init.inc.php, which allows an attacker to inject malicious code into the application. The vulnerable code is located at lines 263-335, which allows an attacker to inject malicious code into the application. The attacker can use the 'lang' parameter to inject malicious code into the application, which can be used to execute arbitrary code on the server.
This exploit allows an attacker to execute arbitrary commands on a vulnerable Symphony CMS version 1.7.01 (non-patched). The exploit works by bypassing the admin authorization and then uploading a malicious PHP script to the server. The attacker can then execute the script to gain access to the server.
PHPX is a web portal system, blog,Content Management System (CMS), forums, and more. Every file in phpx-3.5.16/ directory have two lines of code: one for include includes/functions.inc.php, and another to create a website object. website's constructor will call checkCookie. The function checkCookie set the user_id if PXL cookie is set and the query return an user_id, and an username. The problem is that the query doesn't check the IP address of the user that set the cookie. So, an attacker can set the cookie PXL with the value of a valid session and bypass the login.
Services By CQR