Rgboard 3.0.x is vulnerable to Remote File Include and XSS. The vulnerable code is located in the file include/bbs.lib.inc.php, line 22. The exploit is to send a malicious URL to the vulnerable parameter site_path. Almost every field is vulnerable to XSS, example rg_search.php.
Internet Explorer is prone to a Cross-Zone Scripting vulnerability in its “Print Table of Links” feature. This feature allows users to add to a printed web page an appendix which contains a table of all the links in that webpage. An attacker can easily add a specially crafted link to a webpage (e.g. at his own website, comments in blogs, social networks, Wikipedia, etc.), so whenever a user will print this webpage with this feature enabled, the attacker will be able to run arbitrary code on the user’s machine (i.e. in order to take control over the machine).
Internet Photoshow SE, suffers from insecure cookie handling, This allows the remote attacker to gain arbitrary access to the admin area by crafting a admin cookie. The following javascript code will craft a admin cookie, and make it available to access /admin.php: javascript:document.cookie = "login_admin=true; path=/"; Visit the affected domain and paste the above javascript into your browser, once excuted visit the affected sites "/admin.php" and you will have access to admin. Its also possible to shell the site by uploading your shell through the file upload.
ActiveKB suffers from an insecure cookie, when the admin details are checked the script creates a cookie, to let the script know in future the user is already been checked and is admin. The thing is that, the cookie only contains a 'true' value. So this allows the remote attacker to craft a cookie (which the script didnt create of course) and gain access to the admin area. Pasting the below javascript code into your browser, will create a cookie then you have access to /admin/
AS-GasTracker 1.0.0 suffers from Insecure Cookie Handling, when a admin cookie is created its set to 'TRUE' if user is admin and 'FALSE' if it isnt. So all we need to do is create a cookie that resembles the one AS-GasTracker uses. The cookie name being 'gastracker_admin'. The javascript code below will create a cookie on the domain its ran on, so simply type the javascript below into Firefox/Netscape, then visit /admin/
Feedback and Rating Script suffers from a insecure mysql query, this allows the remote attacker to inject mysql code/querys into the script, the below injection will display admin username and password.
Freelance Auction Script (all versions to date) suffers from a insecure mysql query, this allows the remote attacker to arbitrary execute mysql code/query's. The below MySQL Injection will display the admin login details.
IDAutomation ActiveX controls contain multiple vulnerabilities that can be exploited by malicious people to compromise a user's system. The vulnerabilities are caused due to the ActiveX controls not properly validating user-supplied input before using it in filesystem operations. This can be exploited to create or overwrite arbitrary files in arbitrary locations on the user's system by tricking a user into visiting a malicious web page.
A remote SQL injection vulnerability exists in EMO Realty Manager. An attacker can send a specially crafted HTTP request containing malicious SQL statements to the vulnerable application in order to gain access to unauthorized information. This can be exploited to gain access to the database and potentially gain access to sensitive information.
Meto Forum v1.1 is vulnerable to multiple remote SQL injection attacks. Attackers can exploit this vulnerability to gain access to the admin panel and steal all user passwords. The vulnerable files are kategori.asp, admin_kategori.asp, duzenle.asp, admin_oku.asp, uye.asp, and oku.asp.
Services By CQR