Both 'index.php' and 'admin.php' includes file 'common.php' which checks for user permission on line 81 via function 'check_user()'. This function is defined in file 'include/func_user.php'. There is another one function - 'get_cookie()' which gets cookie values. So, in cookies we put our evil string and further actions should be clear. This exploit uses SQL-injection to create dump of users table. Actually, we are possible to do all administrator actions.
This exploit is based on a vulnerability in EmbedThis Appweb v3.0B.2-4, which allows a remote attacker to cause a buffer overflow by sending a specially crafted payload to the server. This payload can be sent using a socket connection, and will cause a fault in libappweb.dll.
This exploit is a buffer overflow vulnerability in pIPL V 2.5.0 (.PLS /.PL) which allows an attacker to execute arbitrary code on the vulnerable system. The vulnerability is caused due to a boundary error when handling .PLS and .PL files, which can be exploited to cause a stack-based buffer overflow by sending a specially crafted file to the vulnerable application. Successful exploitation of this vulnerability can result in arbitrary code execution in the context of the application.
Gazelle CMS 1.0 is vulnerable to multiple vulnerabilities such as Password Reset, Local File Inclusion, Cross-Site Scripting and Remote Code Execution. The Password Reset vulnerability allows an attacker to reset the password of any user by sending a crafted request to the renew.php file. The Local File Inclusion vulnerability allows an attacker to include a remote file by sending a crafted request to the index.php file. The Cross-Site Scripting vulnerability allows an attacker to inject malicious JavaScript code by sending a crafted request to the user.php and search.php files. The Remote Code Execution vulnerability allows an attacker to execute arbitrary code on the server by sending a crafted request to the settemplate.php file.
Plume CMS is a content management system written in PHP. The application suffers from SQL injection vulnerabilities in index.php and tools.php, as it fails to validate data supplied in the 'm' variable of index.php before being used in a SQL query. Additionally, the variable 'id' of tools.php is also vulnerable to the same type of attack. SQL injection attacks can give an attacker access to backend database contents, the ability to remotely execute system commands, or in some circumstances the means to take control of the operating system hosting the database.
Microsoft Wordpad on WinXP SP3 is vulnerable to a memory exhaustion vulnerability. This vulnerability was discovered by murderkey in Hellcode Labs and exploit coded by karak0rsan aka musashi. The exploit is a 0day bug and can be used for fun.
Gallarific Photo Gallery version 1.0 and prior is vulnerable to an arbitrary delete-edit category vulnerability. An attacker can exploit this vulnerability by sending a malicious HTTP request to the vulnerable application. This can allow the attacker to delete or edit any category in the application.
Easy Music Player 1.0.0.2 is vulnerable to a buffer overflow vulnerability when a specially crafted .pls file is opened. This can be exploited to execute arbitrary code by corrupting the stack and overwriting the SEH handler. The exploit code is written in Perl and contains a payload of shellcode.
A vulnerability exists in Shorty v0.7.1 Beta, which allows an attacker to bypass authentication by setting the 'snickerdoodle' cookie to 'polarbears'. This can be done by writing 'javascript:document.cookie="snickerdoodle=polarbears";' in the URL or by creating the cookie with a Firefox extension.
Easy Music Player 1.0.0.2 is vulnerable to a buffer overflow vulnerability when a specially crafted .wav file is opened. This can be exploited to execute arbitrary code by corrupting the stack and overwriting the SEH handler.
Services By CQR