This exploit allows an attacker to gain access to the admin panel of Koobi Pro v6.1 gallery by exploiting a SQL injection vulnerability in the img_id parameter of the index.php page. The attacker can use the DORK 1 to find vulnerable websites and then use the EXPLOiT to gain access to the admin panel.
An attacker can inject malicious SQL queries via the 'id' parameter in the 'index.php' script. The vulnerable code is located in the 'com_materialsuche' component. The malicious SQL query can be used to extract information from the database.
Mini-stream ripper version 3.0.1.1 is vulnerable to a local universal buffer overflow exploit. The exploit is triggered when a maliciously crafted .pls file is opened. The malicious .pls file contains a payload of 1000 bytes of NOP instructions followed by a shellcode. The shellcode is designed to connect back to the attacker's machine on port 4444. The exploit was tested on Windows XP SP3.
This module exploits a stack buffer overflow in Media Jukebox 8.0.400 By creating a specially crafted m3u or pls file, an an attacker may be able to execute arbitrary code.
A vulnerability exists in phPay V2.2a which allows an attacker to access the backup directory of the application. The attacker can access the backup directory by sending a request to http://127.0.0.1/phpayv2.02a/admin/backup/
An attacker can exploit this vulnerability by sending a specially crafted SQL query to the vulnerable application. This can be done by appending the malicious SQL query to the vulnerable URL parameter.
Cybershade CMS 0.2 is vulnerable to a Remote File Inclusion vulnerability due to the lack of sanitization of user-supplied input in the 'CMS_ROOT' parameter in the 'core.php' and 'includes.php' scripts. An attacker can exploit this vulnerability by sending a malicious URL in the 'CMS_ROOT' parameter, which will be executed by the vulnerable application.
A Cross Site Scripting vulnerability exists in the Joomla Component com_trabalhe_conosco, which allows an attacker to inject malicious JavaScript code into the vulnerable application. This code can be used to steal user cookies and gain access to the administrator account. The vulnerability can be exploited by sending a specially crafted HTTP request containing malicious JavaScript code to the vulnerable application.
com_oprykningspoint_mc is vulnerable to Cross Site Scripting (XSS) attacks. An attacker can inject malicious JavaScript code into the vulnerable parameter of the application, which can be executed in the browser of the victim. This can be used to steal user cookies, hijack user sessions, redirect users to malicious websites, etc.
com_qpersonel is a Joomla component that is vulnerable to Cross Site Scripting (XSS) attacks. An attacker can inject malicious JavaScript code into the 'personel_sira' parameter of the 'index.php' script. This code will be executed in the browser of the victim when they visit the vulnerable page. The malicious code can be used to steal the administrator and user cookies, which can then be used to gain access to the Joomla website.
Services By CQR