ShopcartDX is prone to a remote SQL injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. An attacker can exploit this issue to manipulate SQL queries by injecting arbitrary SQL code. This may allow the attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database implementation.
Arctic Issue Tracker v2.0.0 is vulnerable to a SQL injection vulnerability. This exploit allows an attacker to gain access to the administrator account by exploiting the vulnerability in the 'filter' parameter of the 'index.php' page. The exploit sends a specially crafted HTTP request to the vulnerable server, which then returns the administrator's username and password.
EZWebAlbum is vulnerable to a remote file disclosure vulnerability. An attacker can exploit this vulnerability by sending a malicious HTTP request to the vulnerable server. The malicious request contains a parameter named 'dlfilename' which can be used to read any file on the server. This can be exploited to read sensitive files such as configuration files, source code, etc.
MojoJobs Blind SQL Injection Exploit is an exploit that allows an attacker to inject malicious SQL code into a vulnerable web application. The exploit can be used to gain access to sensitive information stored in the database, such as user credentials, or to execute arbitrary code on the server. The exploit is triggered by sending specially crafted requests to the vulnerable web application.
MojoPersonals Blind SQL Injection Exploit is a perl script that exploits a vulnerability in the MojoPersonals classifieds software. It allows an attacker to extract the MD5 hash of the admin password from the database. The exploit works by sending a specially crafted SQL query to the vulnerable script and then analyzing the response to determine the value of the MD5 hash.
This exploit is used to extract the MD5 hash of the admin password from the MojoClassifieds application. It uses a blind SQL injection vulnerability to extract the hash character by character. The exploit takes the host URL and a valid cat_a value as input and then uses a loop to extract the hash character by character.
Interact E-Learning System system has local file include vulnerability in script help/help.php. Vulnerable GET parameters 'module' and 'file'. An example of the exploit is http://[server]/[installdir]/help/help.php?module=../../../../../../../../../../../../../etc/passwd%00 and http://[server]/[installdir]/help/help.php?file=../../../../../../../../../../../../../etc/passwd.
This exploit is used to perform a blind SQL injection attack on the HRS Multi application. It takes the host, path, and key value as arguments and uses the LWP::UserAgent and Getopt::Long modules to perform the attack.
DigiLeave V1.2 is vulnerable to Blind SQL Injection. An attacker can exploit this vulnerability to gain access to the database and execute malicious SQL queries. The vulnerability exists in the info_book.asp page, where the book_id parameter is not properly sanitized before being used in a SQL query.
This exploit is a buffer overflow vulnerability in the html parser of IntelliTamper. It can be exploited by putting a properly formatted html file in a website and launching IntelliTamper against it.
Services By CQR