Fireup your web-browser, Navigate to 'http://127.0.0.1/admin/admin_info/index.php' and then fill the form and submit it.
Mole Group Sky Hunter/Bus Ticket Scripts is vulnerable to a change password exploit. An attacker can change the admin password by submitting a POST request to the admin.php page with the username, password, new password, and confirm password fields. This allows an attacker to gain access to the admin panel.
An attacker can upload a malicious file to the vulnerable application by accessing the upload.php page with the Directory parameter set to ./ and the action parameter set to upload. The malicious file can then be accessed from the documents folder.
This exploit allows an attacker to change the password of the admin user in ZaoCMS. The attacker can send a POST request to the user_updated.php page with the username and password parameters set to the desired values. This will allow the attacker to gain access to the admin panel of the CMS.
An SQL injection vulnerability exists in ZaoCMS. An attacker can exploit this vulnerability to gain access to sensitive information from the database. The vulnerability is due to the application not properly sanitizing user-supplied input before using it in an SQL query. An attacker can exploit this vulnerability by sending a specially crafted SQL query to the vulnerable application. This can allow the attacker to gain access to sensitive information from the database.
This vulnerability is caused by an integer overflow in the MAKI file parsing code of Winamp 5.551. It allows an attacker to overwrite the exception handlers and gain full control of the application. The vendors released a patch for this but older versions are still vulnerable.
A vulnerability exists in Tutorial Share 3.4 which allows an attacker to set a cookie with the username of their choice. By setting the cookie to 'usernamed=demo;path=/', an attacker can gain access to the admin panel of the application. The vulnerable URL is www.site.com/admin/.
This exploit allows an attacker to gain access to a vulnerable IIS 6 server and execute arbitrary code. The exploit works by sending a specially crafted PROPFIND request to the server, which will then return a list of files and directories on the server. The attacker can then use this information to gain access to the server and execute arbitrary code.
A vulnerability in ZaoCMS allows an attacker to remotely disclose files from the server. The vulnerability is caused due to the improper validation of user-supplied input in the 'fichier' and 'Directory' parameters of the 'download.php' script. This can be exploited to disclose arbitrary files from the server by passing directory traversal strings to the 'Directory' parameter.
An attacker can exploit this vulnerability by setting a malicious cookie in the admin/login.php page and then accessing the admin/edit.php page. A demo of the exploit can be found at http://demo.zaocms.com/admin/login.php.
Services By CQR