An attacker can exploit a SQL injection vulnerability in Mambo Component n-gallery to gain access to the username and password of the administrator. The vulnerability exists due to insufficient sanitization of user-supplied input in the 'flokkur' parameter of the 'index.php' script. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing malicious SQL statements to the vulnerable script. This will allow the attacker to gain access to the username and password of the administrator.
My final contribution, DA WORLD'S FIRST ANIMATED EXPLOIT!, is the foundation for the next generation of OpenBSD exploits, crafted to burn Theo's eyes and make him spend countless hours not only exercising his supreme reversing skills but also delay his already deadly slow patch release timing. Hopefully every fucktard out there willing to release an exploit for one of the many OpenBSD locally exploitable issues, will give this insanely advanced code a good use. Make sure you include some sanity checks (ie. if uid == 0 and hostname == cvs.openbsd.org make it do something creative like updating their index.html once in a while).
pSys is a module based PHP Script with a vulnerability in the chatbox.php file near line 42. An attacker can exploit this vulnerability by sending a malicious request to the server with the showid parameter. This will allow the attacker to execute arbitrary SQL commands on the server.
AShop Deluxe shopping cart software automates the processing of online orders and payments. It is a shopping cart plus an array of specialized tools to support various types of products and selling styles. The system automates redundant tasks, organizes data, and simplifies the daily operations of an online store. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable application. This can allow the attacker to execute arbitrary SQL commands and gain access to sensitive data in the back-end database.
myBloggie (http://mywebland.com/mybloggie/) is considered one of the most simple, user-friendliest yet packed with features Weblog system available to date. Built using PHP & mySQL, web most popular scripting language & database system enable myBloggie to be installed in any webservers. A security problem in the product allows attackers to commit SQL injection.
Catviz 0.4.0 beta1 suffers from some not correctly verified variables which are used in SQL Querys. An Attacker can easily get sensitive information from the database by injecting unexpected SQL Querys. The vulnerable URLs are: http://[target]/[path]/index.php?module=news&news_op=form&form_name=article&form_action=show&foreign_key_value=[SQL] and http://[target]/[path]/index.php?webpages_form=webpage_multi_edit&webpage=[SQL]. The PoC is: index.php?module=news&news_op=form&form_name=article&form_action=show&foreign_key_value=10 union select 1,2,3,4,5,6,7,8,9,concat(username,0x3a,password),11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32 from mod_users/* and index.php?webpages_form=webpage_multi_edit&webpage=26 and%201=1 and index.php?webpages_form=webpage_multi_edit&webpage=26 and%201=0.
The 't' argument is passed to the load_template() function without checks, which is then passed to the file() function, allowing for directory traversal attacks and the viewing of the configuration file (pv_cfg_settings.php) which contains the admin credentials.
products.php?cat=-1%20union%20select%201,2,3,4,concat_ws(0x3a,user_name, user_password),6%20from%20users/* OR /gr/products.php?cat=-1%20union%20select%201,2,3,4,concat_ws(0x3a,user_name, user_password),6%20from%20users/*
This Exploit will Add user to Administrator's Privilege.
A buffer overflow vulnerability occurs when a program attempts to write more data to a fixed length block of memory, or buffer, than the buffer is allocated to hold. This can be exploited by an attacker to overwrite data in memory, which can potentially result in arbitrary code execution.
Services By CQR