This exploit allows an attacker to inject malicious SQL queries into the vulnerable BosNews v4.0 application. The vulnerable parameter is the ‘article’ parameter in the ‘news.php’ script. By appending a malicious SQL query to the vulnerable parameter, an attacker can gain access to the application’s database and extract sensitive information such as usernames and passwords.
This exploit is used to overflow the EIP register by sending more than 524 bytes to the 2954 port. The exploit uses alphanumeric shellcodes and the ret address for the 7.5.1 version. The exploit is written for educational purpose only and can cause damage to the system.
BosClassifieds 3.0 is vulnerable to a remote SQL injection vulnerability. An attacker can exploit this vulnerability by sending a malicious SQL query to the vulnerable parameter 'cat' in the 'index.php' file. An example of a malicious SQL query is '-666 union select 1,2,concat(username,password)from bosdevUUS/*'
A vulnerability exists in SmallBiz eShop CMS which allows an attacker to execute arbitrary SQL commands via the 'content_id' parameter in the 'index.php' script.
This exploit generates a crafted emf file which could automatically run calc.exe in Win2kSP4 CHS Version with MS07-046 patched but no MS08-021 is installed. In Windows XP SP2, explorer.exe will crashed but calc will not be run.
A vulnerability in SmallBiz 4 Seasons CMS allows an attacker to execute arbitrary SQL commands via the 'id' parameter in the 'content.php' script.
Mumbo Jumbo Media - OP4 is vulnerable to Blind SQL Injection. This exploit allows an attacker to extract sensitive information from the database such as admin credentials. The exploit is triggered by sending a specially crafted HTTP request to the vulnerable application. The exploit code uses the 'file_get_contents' function to send the malicious request and extract the data from the response.
PostCard 1.0 (and prior???) suffers from insecure cookie handling. To be able to view admin panel the user requires to login using a valid user/pass. After the valid user/pass has been passed and matches then a cookie is created. The admin panel checks to see if this cookie exists. If it does then user can access admin. Since the cookie doesn't contain no hash/pass/sid just a number '1' indicating we are logged in, the remote attacker can craft a cookie (working example below) to access admin.
XM Easy Personal FTP Server 5.4.0 is vulnerable to a Denial of Service attack when an overly long string is sent to the XCWD command. When the admin looks at the server log, the application crashes.
cpCommerce is an open-source e-commerce solution that is maintained by templates and modules. XSS vulnerability exists due to insufficient sanitization of user-supplied input in the 'obj' parameter of the 'calendar.php' script. SQL Injection vulnerability exists due to insufficient sanitization of user-supplied input in the 'id_product', 'id_manufacturer' and 'id_category' parameters of the 'display_page.func.php' script. Local File Inclusion vulnerability exists due to insufficient verification of user-supplied input in the 'language' and 'action' parameters of the 'language.act.php' and '_functions.php' scripts.
Services By CQR