A Blind SQL Injection vulnerability was discovered in Joomla Component Clantools version 1.5. An attacker can exploit this vulnerability by sending a malicious SQL query to the vulnerable parameter 'squad' in the URL. This can allow the attacker to gain access to sensitive information from the database.
Using this vulnerability, an attacker can upload any file with two ways: 1) http://Example.com/Modules/PreDefinition/PhotoUpload.aspx?AlbumId=1 and 2) http://Example.com/modules/PreDefinition/VideoUpload.aspx. The vulnerable code is located in http://Example.com/Modules/PreDefinition/PhotoUpload.ascx.cs and http://Example.com/Modules/PreDefinition/VideoUpload.ascx.cs respectively.
chillyCMS is a Content Management System. Its main features are: easily edit your content in a WYSIWYG editor, manage your users in different groups with different rights, upload single files or whole zip archives, insert your pictures into the content by drag and drop, one click backup with integrated installer, extend your cms with various modules, see which articles are most popular in the statistics. The username, in the login form, is one-parenthesis single-quoted injectable. For details check the PoC section. Whenever login failed, the username will be printed without sanitizing on the main page. This could be used for executing any JavaScript code. Exploiting The (MySQL) SQL Injection Vulnerability: Simply go to the login page at 'victim.com/chillyCMS/core/show.site.php' and use the following vector for injecting arbitrary queries: ') or $THE_QUERY or 1=(' For example you may use following vector for extracting the pw field (for password) of the admin user admin')and substr(pw,I,1)=('C replacing the I with the index of char in a loop and C with different characters of it. If the query result was true, username will be accepted and wrong password error will be shown. If the query result was false, then username will be rejected and the wrong username error will be shown. Allowing blind SQL injection to be performed. Exploiting The XSS Vulnerability: Simply go to the login page at 'victim.com/chillyCMS/core/show.site.php' and use the following vector for injecting arbitrary JavaScript code: '><script>alert(1)</script> This will cause an alert box to be shown whenever login failed.
This few lines of code strip whitespaces from the beginning and end of the 'words' GET parameter. Then, all the whitespaces are replaced with %. The string returned from the previous code is used in the query below without being sanitized. Then, the results are echoed
A Remote File Inclusion (RFI) vulnerability exists in PHP Classifieds v7.3. An attacker can exploit this vulnerability to include a remote file containing malicious code and execute it in the context of the web server process. The vulnerability is due to insufficient sanitization of user-supplied input to the 'lang_path' parameter of the 'SetLanguage()' function in 'class.phpmailer.php' script. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable script. Successful exploitation of this vulnerability can result in arbitrary code execution in the context of the web server process.
This exploit is a proof of concept for a stack overflow vulnerability in VLC Media Player versions prior to 1.1.4. The vulnerability is triggered when a maliciously crafted .xspf file is opened, which contains an overly long smb:// URI. This causes a stack overflow, which can be used to execute arbitrary code.
The PHP Classifieds Ads application is vulnerable to Blind-Injection. An attacker can inject malicious SQL queries into the 'sid' parameter of the 'detail.php' page. This can be used to extract sensitive information from the database.
An SQL Injection at line 32 of the addcomment.php file allows to insert javascript that will be executed from the client's browser when he visits the page viewpost.php?postID=<number>.
This CMS have many critical vulnerability that we refer to some of those here: 1. CSRF - Add Admin Account: An attacker can craft a malicious HTML page that contains a form with hidden inputs. When the victim visits the page, the form is automatically submitted, creating a new admin account. 2. LFI (Local File Inclusion): An attacker can exploit this vulnerability by sending a crafted HTTP request containing directory traversal characters (e.g. ../../). This allows the attacker to include and execute arbitrary local files on the server.
This exploit is a remote code execution vulnerability in Trend Micro Internet Security Pro 2010 ActiveX. It is caused by a buffer overflow in the UfPBCtrl.DLL component. The vulnerability is triggered when a specially crafted malicious script is executed in the browser. This script contains a shellcode that is used to execute arbitrary code on the vulnerable system. The exploit code is written in JavaScript and uses the extSetOwner() method of the vulnerable ActiveX control to overwrite the return address of the stack frame with the address of the shellcode.
Services By CQR