This exploit allows an attacker to extract data from the database using a blind sql injection vulnerability.
AllMyGuests is prone to an SQL injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. An attacker can exploit this issue to manipulate SQL queries in the back-end database, allowing the attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database implementation.
Simple Customer is vulnerable due to MULTIPLE insecure mysql querys the querys take php $_GET variables and does not do any sanitizing at all. below are 2 sql injections, the first one will display admin user/pass
PhShoutBox suffers from insecure cookie handling, allowing the remote attacker to craft a cookie that makes the attacker look like a admin, this works because the admin panel only checks the password if a password has been posted using the php vars "$_POST" if POST isnt set, then the cookies will be checked for existance if they exist then it will grant admin. The javascript code below is the easyiesy way to do this, just paste it in your browser whilst at the vulnerable site, then visit "admin.php".
OpenInvoice 0.9 beta (and prior) Suffers from Insecure cookies and admin panel validating, combining the two, an attacker can change any users password except for the 1st admin.
2532|Gigs does not validate a user in 'backup.php' this means any user can visit and backup. of course some GET variables are being used but thats all. running the below url/path on a server that is running 2532|Gigs will make a backup of the database and save it too 'http://site.com/2532gigs/backup.sql'
category_list.php?category_ID=-1/**/UNION/**/SELECT/**/1,username,password,4,5,6,7,8,9,10,11,12,13,14,15/**/FROM/**/login/* note: if error says :table login does not exist the website is using a prefix for tables.
A remote file include vulnerability exists in Grape Web Statistics, which allows an attacker to include a remote file containing malicious code, resulting in arbitrary code execution.
This proof-of-concept code exploits a buffer overflow vulnerability in Microsoft Works 7. The vulnerability is caused due to a boundary error in the WkImgSrv.dll module when handling a specially crafted HTML file. This can be exploited to cause a stack-based buffer overflow via an overly long argument passed to the WksPictureInterface property of the WkImgSrv.dll ActiveX control. Successful exploitation may allow execution of arbitrary code.
A vulnerability in the E107 Chat Module 123FlashChat allows remote attackers to include arbitrary files via the e107path parameter in a 123flashchat.php request.
Services By CQR