An attacker can exploit this vulnerability by sending a crafted SQL query to the vulnerable application. An example of such a query is http://www.xxx.org/blog/index.php?categorie=-1+union+select+0,1,2,database(),4,5,6/*. Another example is http://localhost/[script_path]/index.php?categorie=-1+union+select+1,2,concat(login,0x3a,pass),4,5,6+from+blog_utilisateurs/*
Users can upload a malicious file to the server by exploiting the vulnerability in the modif_config.php page. The malicious file can be uploaded either directly or in a compressed zip format. After the file is uploaded, it can be accessed from the templates folder.
An attacker can exploit this vulnerability by accessing the URL http://[Site]/[script]/admin/sauvBase.php to dump the database table blog_utilisateurs.
MyBulletin Board (MyBB) Plugin "Custom Pages 1.0" is vulnerable to a SQL Injection vulnerability. The vulnerability exists due to insufficient sanitization of user-supplied input in the 'page' GET parameter of the 'pages.php' script. An attacker can exploit this vulnerability to gain access to sensitive information from the database, such as username and password. The success rate of the attack depends on the permissions set for viewing the 'page' parameter.
Software Index 1.1 is vulnerable due to multiple insecure mysql querys. An attacker can exploit this vulnerability by sending a specially crafted SQL query to the vulnerable script. This can allow the attacker to gain access to the admin panel and execute arbitrary code.
Links directorys is vulnerable to a insecure sql query. An attacker can use a malicious URL to inject a SQL query into the vulnerable application. The URL contains a UNION statement that allows the attacker to load a local file on the vulnerable server. The hex inside the load_file() function is '/etc/passwd' in plaintext, however, some permissions are needed to use this function. The admin password is in the config.php file, and if the attacker can find the complete path, they can use load file to view the contents of the file and view the admin password.
VisualPic 0.3.1 is vulnerable to a Remote File Include vulnerability. This vulnerability allows an attacker to include a remote file, usually through a malicious URL, containing arbitrary code which is then executed on the vulnerable server. The vulnerable code is located in the index.php file, where the include() function is used to include the file specified in the _CONFIG[files][functions_page] parameter.
This popular gaming directory script is vulnerable due to insecure mysql querys. This allows the remote attacker to pull info from the database. The below Injection uses MYSQL's load_file function, since the admin area password is stored in a config file we can use load_file to to try and locate it and display the contents of the file. Certain permissons to the running db user is required for this to work. In the load_file below is a string that has been converted to HEX and if you can read hex then its /etc/passwd so this should load the /etc/passwd file on most linux distros. Remember certain permissions are needed.
CoBaLT v1.0 is vulnerable to remote SQL injection. An attacker can exploit this vulnerability by sending malicious SQL queries to the vulnerable application. This can be done by appending malicious SQL queries to the vulnerable parameter in the URL. For example, an attacker can send the following URL to the vulnerable application: http://xxx.org/cobaltv1/urun.asp?id=24+union+select+0,1,sifre,3,kadi+from+yonetici. This will allow the attacker to access the database and extract sensitive information such as usernames and passwords.
retrive users username and plaintext password.
Services By CQR