A SQL injection vulnerability exists in php-addressbook v3.1.5, which allows an attacker to execute arbitrary SQL commands via the 'id' parameter in the 'edit.php' script. An attacker can exploit this vulnerability by sending a malicious HTTP request to the vulnerable server, such as 'www.[target].com/Script/edit.php?id=-1+union+select+1,concat_ws(0x3a,user(),version(),database()),3,4,5,6,7,8,9,10,11,12,13,14--'.
The vulnerability exists due to insufficient sanitization of user-supplied input in the "id" parameter of the "editquiz.php" script. A remote attacker can execute arbitrary SQL commands in the application's database, compromise the application, access or modify data, exploit latent vulnerabilities in the underlying database, etc.
A blind SQL injection vulnerability exists in Myiosoft easygallery. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable server. The attacker can use the substring() function to determine the version of the database server. For example, an attacker can send a request with the substring() function to determine if the version of the database server is 4 or 5. If the request returns true, then the version of the database server is 5.
A remote SQL injection vulnerability exists in the Mega ADS Portal (cid) due to insufficient sanitization of user-supplied input. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable server. This can allow the attacker to gain access to sensitive information such as usernames, passwords, emails, and other confidential data stored in the database.
A vulnerability exists in Freewebscript'z Games which allows an attacker to bypass authentication by using the username ' or ' 1=1 and the password ' or ' 1=1.
This exploit is related to the Opera 10.10 browser. When a user clicks on a link, the status bar displays the URL of the link, but the user is redirected to a different URL. This is a form of obfuscation, as the user is not aware of the actual URL they are being redirected to.
PhotoDiary 1.3 is vulnerable to a Local File Inclusion vulnerability due to insufficient sanitization of user-supplied input. An attacker can exploit this vulnerability by sending a crafted HTTP request with a malicious 'lng' parameter. This parameter is used to include a file from the web server's file system. By manipulating the 'lng' parameter, an attacker can include arbitrary files from the web server's file system.
Exploit: hxtp://site/hlstats.php?mode=dailyawardinfo&game=l4d&award=@. Login page: hxtp://site/hlstats.php?mode=admin
An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable application. This request contains an SQL query that when executed, will return the username and password of the application's users. The attacker can then use this information to gain access to the application.
Weatimages is vulnerable to directory traversal and local file include attacks. An attacker can use the 'path' parameter in the index.php file to traverse directories and include local files. This vulnerability can be exploited on both Linux and Windows servers.