Inteno DG301 Powered by LuCI Trunk (inteno-1.0.34) and OpenWrt Backfire 10.03.1-RC6 is vulnerable to command injection, which can be exploited directly from the login form on the web interface. The vulnerability could be exploited by unauthenticated attackers. Successful exploitation would allow attackers to execute arbitrary commands with root privileges. The login form presented on the web administration interface (username parameter) is vulnerable to command injection, due to the application does not validate the user input in a proper manner. The following PoC includes a POST request that should be sent to the device via web. The request includes a command that will copy the contents of "/etc/passwd" to a file "test.txt" on the root web folder were the web administration interface is published.
VLC Media Player is prone to DOS utilizing a division by zero error if minimium data packet size is equal to zero. This was tested on Windows XP SP3 and affects all versions of VLC till latest 2.1.2.
A malicious ownCloud user can upload a file with JavaScript code in the filename, share it, and cause a XSS attack when the victim tries to either view the contents of the file or delete the file. If the victim is an ownCloud administrator, an attacker can force the mounting of the webserver's local file system, leading to unauthorized access to server resources and potentially shell access.
The Plogger 1.0 (RC1) is vulnerable to Reflected XSS, Stored XSS and CSRF. Reflected XSS can be exploited by sending a malicious URL to the victim. Stored XSS can be exploited by sending a malicious payload in the description field. CSRF can be exploited by sending a malicious HTML page to the victim.
The D-Link DIR-100 is vulnerable to multiple issues. By sending a specially crafted HTTP request to the device, an attacker can retrieve the administrator password without authentication, retrieve sensitive configuration parameters like the pppoe username and password without authentication, execute arbitrary commands on the device, and perform CSRF attacks.
An arbitrary file upload vulnerability exists in the Dandelion Themes for Wordpress. An attacker can exploit this vulnerability to upload malicious files to the web server and execute arbitrary code. The vulnerability is due to insufficient validation of the uploaded file type. An attacker can exploit this vulnerability by uploading a malicious file with a double extension such as .php.jpg. This can be done by using the upload-handler.php script in the functions directory.
Multiple Sql Injection: An attacker can inject malicious SQL queries into the vulnerable web application. Cross Site Scripting: An attacker can inject malicious JavaScript code into the vulnerable web application. Cross Site Request Forgery: An attacker can send a malicious request to the vulnerable web application.
The SQL Injection vulnerability exists in the /eve_event.php file, where user-supplied input is not properly sanitized before being used in an SQL query. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing malicious SQL statements to the vulnerable script. The Cross Site Scripting vulnerability exists due to insufficient sanitization of user-supplied input in the 'selmonth' and 'selyear' parameters of the 'eventy.php' script. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing malicious JavaScript code to the vulnerable script. The Cross Site Request Forgery vulnerability exists due to the lack of proper validation of user-supplied input in the 'a_admins.php' script. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing malicious HTML code to the vulnerable script.
Multiple Sql Injection vulnerabilities exist in TopicsViewer v3.0 Beta 1 due to improper sanitization of user-supplied input. An attacker can exploit these vulnerabilities by sending specially crafted requests to the vulnerable application. This can allow the attacker to execute arbitrary SQL commands on the underlying database, potentially leading to the disclosure of sensitive information, or the modification of data.
Note: enter the registration page[register.php] and register there, then take the post code. POST /jobs/includes/reg.php HTTP/1.1 Host: localhost User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:26.0) Gecko/20100101 Firefox/26.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Referer: http://localhost/jobs/register.php Cookie: Connection: keep-alive Content-Type: application/x-www-form-urlencoded Content-Length: 122 title=[SQL INJECTION]&firstname=&middlename=&lastname=&address=&city=&user=&user_password=&user_password2=&email=
Services By CQR