This vulnerability allows an attacker to read arbitrary files on the server by exploiting a SQL injection vulnerability in the application. The attacker can use the UNION operator to read the contents of the file. The attacker can also use the LOAD_FILE() function to read the contents of the file.
The webdav component has to be enabled and the user has to have permission to use the COPY or MOVE methods. nginx ("Engine X", written by Igor Sysoev) has the ability to be used as a webdav publishing server. With webdav you can for example copy or move files from one to a different location. The move and copy methods require a "Destination:" HTTP header. The destination header contains information about where the file should be placed. By using characters like "../" the attacker can traverse down the directory tree and place files outside the webroot. This is an insecure behaviour of the nginx webdav module and can be especially dangerous when nginx is used in a virtual hosting environment. nginx runs as the user nobody per default so normally this bug is not a big deal since an attacker may only be allowed to write files to /tmp/ or nobody owned directories. The severity is low because this attack requires webdav "upload" permissions.
Attacker need to be authorized in system for success. Vulnerable scripts are repository_document.php, repository_links.php, repository_editdocument.php, getpolicy.php and newhostgroupform.php. Vulnerable parameters are id_document, group and name. Examples of exploit are provided in the text.
A SQL injection vulnerability exists in MindSculpt's new CMS Content Management System. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable application. This can allow the attacker to gain access to sensitive information such as usernames and hashed passwords.
At page for sending news to email (http://site/email.php?news.1) it's possible to conduct XSS attack via Referer header. Particularly it can be done via flash. Referer: '><script>alert(document.cookie)</script> Vulnerable are E107 0.7.16 and previous versions (all versions).
SwissmangoCMS is vulnerable to SQL injection. An attacker can exploit this vulnerability by sending a malicious SQL query to the vulnerable parameter 'main' in the index.php file. This can allow the attacker to gain access to the database and extract sensitive information such as usernames and passwords.
A remote SQL injection vulnerability exists in Joomla Component com_fastball. An attacker can exploit this vulnerability to inject malicious SQL queries in the application by sending a specially crafted HTTP request to the vulnerable parameter 'league' of the 'com_fastball' component. This can allow the attacker to gain access to the sensitive information stored in the database.
FSphp 0.2.1 is vulnerable to multiple remote file inclusion vulnerability. An attacker can exploit this vulnerability by sending a malicious URL to the vulnerable application. The malicious URL contains the path of the malicious file which is hosted on a remote server. The vulnerable application includes the malicious file in the application and executes it.
Regental Medien is vulnerable to Blind SQL Injection. The vulnerable file is index.php. The exploit can be executed by sending a malicious SQL query to the vulnerable parameter mainid. Proof of concept can be seen in the given example. The dork for this vulnerability is 'powered by regental medien'.
The attacker can inject sql codes in username textbox. In firebird the attack have a low impact, but in SQL Server may compromisse the server.
Services By CQR