An attacker can exploit this vulnerability by sending a specially crafted SQL query to the vulnerable application. This can be done by appending the malicious SQL query to the vulnerable URL parameter. For example, an attacker can send the following request to exploit this vulnerability: www.target.com//modules.php?module=trade&function=pocategorisell&cat=0&stranica=menu&categori=-1+union+select+current_user,2/*
Net bios script is vulnerable to remote SQL injection.
AspWebCalendar 2008 is vulnerable to a remote file upload vulnerability. An attacker can upload a malicious ASP file to the web server and execute it.
User friendly Multiple website Site dynamic control system. Including a Content Management System for dynamic generation and publishing of information on Internet ? Extranet - Intranet. doITlive is an ASP powered back-end Multi-site, browser based management tool, Supporting MS Access & MS SQL databases. SQL Injection in "/default.asp" in "ID" parameter. Find Admin's password: http://[URL]/default.asp?action=USUB&ID=-1%20union%20select%20username%2b'::'%2bpassword,1%20from%20w_user%20where%20username like '%25admin%25'&TYPE=MAIL. SQL Injection in "/edit/default.asp" by cookie's parameters lead to bypass authentication (in remember user section). http://[URL]/edit/default.asp?action=USUB&ID=-1%20union%20select%20username%2b'::'%2bpassword,1%20from%20w_user%20where%20username like '%25admin%25'&TYPE=MAIL. Cross Site Scripting (XSS). Reflected XSS attack in "/edit/showmedia.asp" in "File" parameter. http://[URL]/edit/showmedia.asp?File=%22%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E
A vulnerability in MyShoutPro allows an attacker to set arbitrary cookies. An attacker can set the admin_access cookie to 1, granting them administrative access to the application.
This exploit allows an attacker to upload arbitrary files containing malicious PHP code to a vulnerable FreeCMS.us 0.2 (fckeditor) application. The vulnerable code is located in the /[path]/admin/fckeditor/editor/filemanager/upload/php/upload.php file.
Foxy is one of the most popular P2P software in Chinese users. It starts to request more memory and freeze as when '&fs=' meet some large magic point.
A vulnerability exists in ThaiQuickCart where an attacker can exploit a Local File Inclusion vulnerability by manipulating the sLanguage cookie. This vulnerability allows an attacker to read any file on the server, including the boot.ini file. An attacker can also change the boot.ini file to /etc/passwd%00 in Linux OS.
Script suffers from a not correctly verified detail id variable which is used in SQL Querys. An Attacker can easily get sensitive information from the database by injecting unexpected SQL Querys. We dont get any SQL Errors when the Injection Query appear to be false. However we have to look for content changing when we inject. Look at AND 1=1/AND 1=0. SQL Injection: http://[target]/[path]/detail.php?id=[SQL]. PoC: detail.php?id=-1%20union%20select%20USER(),2,3,4,5,@@VERSION,7,8,9,10,11,12,13,database(),15,16
Clipshare versions less than v3.0.1 are vulnerable to a remote SQL injection vulnerability. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable application. This can allow the attacker to gain access to sensitive information such as usernames and passwords stored in the database.
Services By CQR