The CMS Faethon 2.2 Ultimate is vulnerable to remote file inclusion and cross-site scripting. The remote file inclusion vulnerability can be exploited by sending a malicious URL to the mainpath parameter in the header.php file. The cross-site scripting vulnerability can be exploited by sending a malicious script to the what and where parameters in the search.php file.
This exploit is used to gain access to the OneCMS 2.5 database by exploiting a blind SQL injection vulnerability. The exploit uses a POST request to the asd.php page with a crafted SQL query to extract the password from the onecms_users table. The exploit uses a time-based approach to determine the value of each character in the password.
Multiple SQL Injections can be used to gain access to the PostcardMentor application. For MS SQL Server, the exploit is 'convert(int,(select+@@version))' and for MS Access, the exploit is '1 IIF((select%20mid(last(name),1,1)%20from%20(select%20top%2010%20name%20from%20cat))='a',0,'done')'
gameCMS Lite 1.0 is vulnerable to a remote SQL injection vulnerability. An attacker can exploit this vulnerability to gain access to the database and execute arbitrary SQL commands. The vulnerability exists due to insufficient sanitization of user-supplied input in the 'id' parameter of the 'index.php' script. An attacker can exploit this vulnerability by sending a specially crafted HTTP request with malicious SQL commands to the vulnerable script.
Galleristic v1.0 is vulnerable to a remote SQL injection vulnerability. This exploit works only when magic_quotes_gpc is set to off. The exploit is triggered by sending a maliciously crafted HTTP request to the vulnerable application. The exploit code is written in PHP and it takes the target URL as a parameter. It then sends a maliciously crafted HTTP request to the vulnerable application and extracts the value from the gallery_settings table.
Blind SQL Injection is a type of SQL Injection attack that asks the database true or false questions and determines the answer based on the applications response. This attack is often used when the web application is configured to show generic error messages but has not mitigated the code that is vulnerable to SQL injection.
Pre Shopping Mall suffers from multiple remote sql injection bugs. This allows the remote attacker to pull admin credentials from the database, since the admin details are in plaintext this makes it easy for the attacker to gain access to the administarion panel.
DeluxeBB version 1.2 and below is vulnerable to Blind SQL injection and PHP injection. The $sort variable in forums.php is not properly sanitised, so an attacker could be inject (with MySQL >= 4.1 that allows subqueries) SQL code in a subquery after 'ORDER BY' statement, in the query at line 132. The $dir variable in admincp.php is not properly sanitised, so an attacker could be inject (with MySQL >= 4.1 that allows subqueries) PHP code in a subquery after 'ORDER BY' statement, in the query at line 132.
A local file inclusion vulnerability exists in Power Editor, which allows an attacker to include a file from the local system. This can be exploited to execute arbitrary PHP code by including files from the local system. The vulnerability is located in the 'editor.php' script when the 'action' parameter is set to 'tempedit'. The 'm' parameter is base64 encoded and is used to authenticate the user. The 'te' parameter is used to specify the file to include and the 'dir' parameter is used to specify the directory. Successful exploitation requires that 'register_globals' is set to 'on'.
The dhost.exe process will consume 100% of a CPU. More than one request can be used to lock every CPU. Two 'Connection:' headers can be used to exploit this vulnerability, one with two values.
Services By CQR