An attacker might be able to overwrite an existing file with arbitrary raw POST data. This proof-of-concept (PoC) tries to overwrite loadsave.php itself due to restrictions at lines 24-28.
An attacker can exploit this vulnerability by sending a specially crafted SQL query to the vulnerable application. This can be done by sending a malicious SQL query to the vulnerable parameter 'article' in the 'pilot.asp' script. An example of a malicious SQL query is '115+union+select+Name,Name,Name+from+msysobjects' or 'IIF((select%20mid(last(Name),1,1)%20from%20(select%20top%2010%20Name%20from%20MSysObjects))='a',0,'Bingo')%00'
Telephone Directory 2008 is vulnerable to SQL Injection and Reflected XSS. An attacker can exploit these vulnerabilities to gain access to the database and execute malicious scripts in the user's browser.
Real Estate Web Site 1.0 is vulnerable to multiple remote vulnerabilities. An attacker can exploit these vulnerabilities to inject malicious SQL commands and execute arbitrary JavaScript code in the browser of an unsuspecting user. The vulnerable file is location.asp. An attacker can inject malicious SQL commands by sending a specially crafted HTTP request to the vulnerable file. An attacker can also inject arbitrary JavaScript code by sending a specially crafted HTTP request to the vulnerable file.
An attacker can exploit this vulnerability by sending a crafted HTTP request with a maliciously crafted 'language' parameter to the vulnerable application. This can allow the attacker to read arbitrary files on the server.
Joomla Component News Portal version 1.0 is vulnerable to Blind SQL Injection. An attacker can exploit this vulnerability to gain access to the admin credentials of the application. The vulnerability exists due to improper sanitization of user-supplied input in the 'Itemid' parameter of the 'index.php' script. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing malicious SQL statements to the vulnerable application. Successful exploitation of this vulnerability can allow an attacker to gain access to the admin credentials of the application.
This exploit allows an attacker to inject malicious SQL commands into a vulnerable web application. It is possible to gain access to the database and extract sensitive information such as usernames and passwords.
A vulnerability exists in Joomla Component rapidrecipe which allows an attacker to inject arbitrary SQL commands via the 'recipe_id' parameter in a 'viewrecipe' action to the 'index.php' script.
This exploit allows an attacker to execute arbitrary commands on a vulnerable server running Galatolo Web Manager 1.0. The exploit works by injecting a malicious PHP script into a log file, which is then accessed by the attacker to execute arbitrary commands.
The vulnerability exists due to insufficient sanitization of user-supplied input passed to the 'bcrm_pub_root' parameter in 'clients.php' script. A remote attacker can include arbitrary files from remote resources and execute arbitrary code on the vulnerable system.
Services By CQR