This exploit allows an attacker to inject malicious SQL commands into a vulnerable web application. It is possible to gain access to the database and extract sensitive information such as usernames and passwords.
The vulnerability exists due to insufficient sanitization of user-supplied input passed via the '1' and 'PAGES[lol]' parameters to the 'index.php' script. This can be exploited to execute arbitrary PHP code by including a remote file with a specially crafted URL.
MyPicGallery 1.0 is vulnerable to an arbitrary add-admin exploit. An attacker can exploit this vulnerability by sending a POST request to the addUser.php script with the desired username and password. This will create an admin account with the specified credentials.
This exploit allows an attacker to add an admin account to a vulnerable version of the PHP AGTC-Membership System. The attacker must provide a URL, username, and password for the new admin account. The exploit uses a POST request to the adduser.php script, which contains the userlevel. If the request is successful, the attacker will be able to log in to the new admin account.
This exploit will add a user via the admin panel, and give it a specified quota.
GNU/Gallery suffers from a remote file inclusion vulnerability in the "admin.php" file. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable server. This can allow the attacker to include arbitrary files from the server, such as the /etc/passwd file.
eCMS (all versions avalible) suffers from multiple remote vulnerabilitys. these include, Insecure Cookie Handling, SQL Injection. the version <= 0.2 allows a admin cookie to be set and grant full access to the admin area. versions => 0.2 allows a simple sql statement to be inserted into the cookie bypassing the admin login.
AlkalinePHP suffers from a insecure adminpage, since the page only handles requests the author probarly thought it was safe not to include admin checking, but when we view the source we can cleary see theres nothing to stop us making our own request. Navigating to the below url (with domain replaced of course) will add a admin account. Do not forget to replace [user] and [pass] with a actual username and password.
A vulnerability was discovered in the Ajax framework by www.zapatec.com, which allows an attacker to include a local file. This is done by manipulating the 'lang' parameter in the URL, which is not properly sanitized before being used. This can be exploited to include arbitrary files from local resources via directory traversal attacks.
A remote SQL injection vulnerability exists in TAGWORX.CMS. The vulnerability is due to improper sanitization of user-supplied input to the 'cid' and 'nid' parameters of the 'contact.php' and 'news.php' scripts. An attacker can exploit this vulnerability to inject and execute arbitrary SQL commands in the application's back-end database, potentially resulting in the disclosure of sensitive information. The attacker can also leverage this vulnerability to gain administrative access to the application.
Services By CQR