JAMM CMS is vulnerable to Blind SQL Injection. An attacker can exploit this vulnerability to gain access to the database and extract sensitive information. The vulnerability exists due to insufficient sanitization of user-supplied input in the 'id' parameter of the 'index.php' script. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing malicious SQL statements to the vulnerable script. This can allow the attacker to gain access to the database and extract sensitive information.
Pooya site builder (psb) is an easy to use database driven web content management and security management system. It allows you to create, edit & web content instantly using just a browser, psb provides all essential feature you need for running your own business websites (you can even use it for large websites, without the complexity of unused functions). SQL Injection in "/utils/getXsl.aspx" in "xslIdn" parameter, "/utils/getXml.aspx" in "part" parameter and "/utils/getXls.aspx" in "part" parameter. Use Internet Explorer (IE) for best result. ' used to bypass any SQL Injection denier.
MycroCMS 0.5 is vulnerable to a Remote Blind SQL Injection vulnerability. This vulnerability can be exploited by an attacker to gain access to the database and extract sensitive information. The vulnerability exists due to insufficient sanitization of user-supplied input in the 'entry_id' parameter. An attacker can send a malicious SQL query to the vulnerable parameter and gain access to the database. The exploit requires the 'magic_quotes_gpc' to be disabled.
IPTBB 0.5.6 have Vulnerability to escalate user's privilege to administartor's privilege. That Vulnerable in 'User Control Panel - Change Email' (http://[Target]/[iptbb_path]/index.php?act=usercp&p=email) and you can injection code into form,This action will give your account can use Admin Control Panel (http://[Target]/[iptbb_path]/admincp.php) with Administrative's Privilege.
eFiction 3.0 is prone to a remote SQL injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. An attacker can exploit this issue to manipulate SQL queries and gain access to unauthorized information. This issue affects the 'toplists.php' script when 'list' parameter is supplied. An attacker can exploit this issue to manipulate SQL queries and gain access to unauthorized information. This issue affects the 'toplists.php' script when 'list' parameter is supplied.
FOG Forum 0.8.1 is vulnerable to Local File Inclusion (LFI) attacks. An attacker can exploit this vulnerability by sending maliciously crafted POST requests to the vulnerable application. The attacker can use a web proxy such as WebScarab to intercept and edit the POST request data. The vulnerable files/paths are http://[Target]/[Path]/index.php. The attacker can send maliciously crafted POST requests with the parameters fog_skin, fog_lang, fog_pseudo, fog_password, fog_cook, fog_action, fog_userid, fog_path, fog_posted, fog_pseudo, fog_password, and fog_cook. This will allow the attacker to read local files such as boot.ini.
This exploit is a SQL injection vulnerability in the view.topics.php file of Yuhhu 2008 SuperStar. It allows an attacker to extract sensitive information from the database such as admin username, password, type and ID.
An attacker can exploit this vulnerability by sending a crafted HTTP request with a maliciously crafted 'modulo' parameter. For Windows, the attacker can send a request like http://[Target]/[tntforum_path]/index.php?modulo=../../../../../../../../boot.ini%00 and for Linux, the attacker can send a request like http://localhost/tntforum/index.php?modulo=../../../../../../../../etc/passwd%00
An attacker can exploit a SQL injection vulnerability in AspNews by sending a specially crafted HTTP request to viewnews.asp with a malicious SQL statement in the newsID parameter. This can be done either by directly injecting the malicious SQL statement or by blind injection.
The problem is that the script's owner doesnt request a Login page for the DANGEROUS file setupdownload.asp where we can RESET the admin's access and change the admin's informations for whatever we want!
Services By CQR