This board script doesn't have any XSRF protection thus allowing us to do many things we shouldn't. This exploit will change this info for every user that opens it and is logged in.
Ele Medios CMS is vulnerable to a SQL injection vulnerability. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable application. This can allow the attacker to gain access to sensitive information from the database, such as user credentials. The vulnerable parameter is the 'notiId' parameter in the 'noticias.php' file. An example of the exploit is: http://server/noticias.php?notiId=-1+union+select+1,GROUP_Concat(id,0x3a,nombre,0x3a,clave),3,4,5,6,7+from+auteUsuarios
When creating a "category" or a "tag" in the admin panel the user can submit javascript code that could be executed in the context of the browser. This would not be significant as only the administrator can complete this functionalility, however this can be combined with CSRF for proper exploitation. The parent_id and image_id and unsanitized however image_id does not seem exploitable. Also when updating an image in the caddie there is a post back that has some possibly exploitable variables "associate", "dissociate" and "selection[]". The exploit code is http://[server]/piwigo-2.0.6/admin.php?page=cat_list&parent_id=-6+union+select+1,password,3,4,5,6+from+piwigo.piwigo_users-- and http://[server]/piwigo-2.0.6/admin.php?page=cat_list&parent_id=-6+union+select+1,concat(0x1e,0x1e,version(),0x1e,user(),0x1e,database(),0x1e,0x20),3,4,5,6--
Acc PHP eMail v1.1 is vulnerable to Cross-Site Request Forgery (CSRF). An attacker can craft a malicious HTML page that when visited by an authenticated user, can change the password of the user. The malicious HTML page contains a form with hidden fields that when submitted, can change the password of the user.
Phpldapadmin is web based LDAP client which provides easy, anywhere-accessible, multi-language administration for LDAP server. Vulnerable code is found in cmd.php which doesn't sanitize URI parameter provided by user input. Attacker may view any arbitrary files trough 'cmd' parameter in URI request. Exploit example: http://server/phpldapadmin/cmd.php?cmd=../../../../etc/passwd%00 http://server/phpldapadmin/cmd.php?cmd=../../../../issue%00
SpireCMS v2.0 is vulnerable to a SQL injection vulnerability. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable application. This request can be used to extract sensitive information from the database, such as usernames and passwords. The vulnerable parameter is the alb_id parameter in the photo_album.php file. An attacker can send a malicious request such as http://server/photo_album.php?alb_id=-1+UNION+SELECT+GROUP_Concat(id,0x3a,username,0x3a,password)+from+users or http://server/photo_album.php?alb_id=-1+UNION+SELECT+GROUP_Concat(id,0x3a,username,0x3a,password),null+from+users to extract sensitive information from the database.
A SQL injection vulnerability exists in Joomla Component com_virtuemart, which allows an attacker to execute arbitrary SQL commands via the 'product_id' parameter in a 'shop.product_details' page request.
This exploit allows an attacker to change the username, email, and password of the admin account of AccStatistics v1.1 by submitting a malicious form with hidden inputs. The form action is set to the AccStatistics index page and the submit button name is set to 'preview'.
This is Shopping Cart script, sometimes we find us on a server where we have a shopping cart script as this. And we dont know the directory of infected website (ISC) and we cant find it by using our uploaded shell. This Vulnerability is comming to show you the directory of website(with username on system somes times).
This exploit allows an attacker to gain access to the admin panel of the Uploadscript v1.0. application by decrypting the md5 hash password found in the password.txt file. Once the attacker has access to the admin panel, they can upload a malicious shell to the upload directory and execute it.
Services By CQR