A vulnerability was discovered in the internal system for total administration of the site, which is available in multiple languages. The vulnerability allows for an attacker to inject malicious SQL code into the URL parameters of the site, which can be used to gain access to sensitive information.
The config.ini file can be accessed from [path]/admin/include/config.ini which contains MySQL connection information. At line 115, the requested HTTP parameter id is used in an SQL query without filtering. An XSS attack payload can be posted as a comment which is then saved in the database.
A SQL injection vulnerability was discovered in the Site to Store Automobile - Motorcycle - Boat website. The vulnerability exists in the products_view.php page, where an attacker can inject malicious SQL code into the 'id' parameter.
A fuzzer was written and used to test roughly 1000 cases on several Document Reader Applications for iPhone. The fuzzer was used to mutate the data from a sample found on the internet (http://www.ccp14.ac.uk/ccp/web-mirrors/bca-spreadsheets/scanplot101.xls). The exploit is available at https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/13825.xls (goodreader_poc.xls)
This application was vulnerable to source code disclosure/download vulnerability when it was running in Windows OS (NTFS file system). App parser couldn't handle ADS (Alternate Data Streams) and it treated a data stream as an usual file. An Attacker could read/download source code of webapps files using default data stream (unnamed): 'filename::$data'.
Power Tab Editor v1.7 (Build 80) is vulnerable to a SEH Overflow vulnerability. This vulnerability can be exploited by an attacker to execute arbitrary code on the target system. The vulnerability is caused due to a boundary error when handling specially crafted input. This can be exploited to cause a stack-based buffer overflow by overwriting the SEH handler with a malicious payload.
gen_confirm.php shows the error message of $_GET['errmsg'] , but it's not protected against XSS. Exploit : [HOST]/[PATH]/gen_confirm.php?errmsg=. contactuser.php suffers from a blind sqli in the get 'es_id'. Exploit : [HOST]/[PATH]/contactuser.php?es_type=3&es_id=62+and+1=(select 1)--. listings.php suffers from a blind sqli in the get 'mem_id'. Exploit : [HOST]/[PATH]/listings.php?mem_id=-207+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24--
When parsing .indd files to the application, it crashes instantly overwriting memory registers. Depending on the offset, EBP, EDI, EDX and ESI gets overwritten. Pottential vulnerability use is arbitrary code execution and denial of service.
Miniweb 2.0 is designed for those who want to transform a brochure site into a dynamic Web 2.0 site that attracts tons of traffic and sales. This CMS applicationcomes with 21 modules: Affiliate Wiz, Auto Ezine, Blog Writer, Classified Ads, Custom Shop, Directory, Events Calendar, FAQ Manager, Form Maker, Forum, Groups, Help Desk, Job Board, Link Shortener, Media Album, My Amazon, Online Store, Publisher, Site Builder, Survey Pro, and Text Ads. It's also one of the easiest content management systemsto install and administer: just plug and play. There is no need to change your Web design because the system will integrate with it 100%. The modules share a common admin, member system, user interface, photo and video upload, work flow, and database, which result in an extremely pleasant user experience. Miniweb 2.0 has worked wonder for many sites by boosting their traffic and sales. Now is your turn to try it, use it, and profit from it! DEMO URL :http://[site]/index.php?module=[sqli]
This exploit allows an attacker to remotely add an admin user to the Store Locator application. The attacker can send a POST request to the admin_add.php page with the username and password of the new admin user. The page will then create the new admin user with the provided credentials.
Services By CQR