This is live exploit code against the online demo. With this exploit, an attacker can execute any SQL query they want, as well as create a new administrative account. The exploit code includes an XSRF to execute arbitrary SQL queries and an XSS vulnerability.
This exploit is used to gain access to the password of a user in the PLE CMS 1.0 beta 4.2 software. It uses a GET request to the login.php page with a crafted SQL query to determine the password of the user. The exploit uses a loop to iterate through each character of the password and determine its value.
Car Portal v1.0 is vulnerable to a remote SQL injection vulnerability. An attacker can bypass the authentication process by entering ' or '1=1 as the username and password.
The vulnerability exists due to insufficient sanitization of user-supplied input passed to the 'page' parameter in 'sysconf.cgi' script. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site, or to traverse directories via directory traversal attacks.
This is a remote heap overflow exploit for WFTPD Explorer Pro 1.0 by Texas Imperial Software. It is based on the PoC by r4x and it recreates the scenario but also exploits it by creating two sockets, which the vital point is the data socket.
This exploit allows an attacker to hijack a user's click on a web page. The attacker can use this vulnerability to redirect the user to a malicious website or to perform a malicious action on the user's behalf. The vulnerability exists in Internet Explorer 7 and is caused by the browser not properly validating user input. The attacker can craft a malicious web page that contains a hidden element that is positioned over a legitimate link. When the user clicks on the link, the hidden element is triggered and the user is redirected to a malicious website or the malicious action is performed.
GLPI cleans the POSTS and GETS making it safe from cross side scripting and Slahsing it if magic_quotes_gpc OFF. However, it is possible to inject the parameter ID with no need to use a quote. This can be exploited to execute arbitrary SQL commands by sending a specially crafted HTTP request to the vulnerable application.
This entire dll is full of bad functions, including read write access to the registry. This must have been accidentally registered to IE's ActiveX interface.
The Coppermine Photo Gallery is vulnerable to a remote PHP file upload vulnerability due to a bypass of the anti-register_globals security. This vulnerability allows an attacker to upload malicious PHP files to the server, which can be used to gain access to the server. The vulnerability is present in version 1.4.19 of the Coppermine Photo Gallery and can be exploited by setting the register_globals parameter to 'on'. A patch is available to fix the vulnerability by unsetting all variables except for the superglobals.
Star Articles 6.0 is prone to an SQL injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. An attacker can exploit this issue to manipulate SQL queries in the back-end database, allowing the manipulation or disclosure of arbitrary data. This may lead to a compromise of the application, disclosure or modification of data, or may permit the attacker to exploit vulnerabilities in the underlying database implementation.
Services By CQR