The exploit allows an attacker to perform Local File Inclusion (LFI) and SQL Injection attacks on the vulnerable Joomla Component com_event. The attacker can use the Dork inurl:"com_event" to find vulnerable websites. The LFI attack can be performed by sending a crafted HTTP request to the vulnerable website with the view parameter set to [LFI]. The SQL Injection attack can be performed by sending a crafted HTTP request to the vulnerable website with the task parameter set to details and the sid parameter set to -61 union select 1,concat(username,0x3a,password),3,4,5,6,7,8,9,10 from jos_users--.
Tainos Webdesign is vulnerable to SQL/XSS/HTML Injection. An attacker can inject malicious SQL/XSS/HTML code into the vulnerable parameters of the application. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code, to steal cookie-based authentication credentials and to execute malicious HTML and script code in the browser of an unsuspecting user in order to steal sensitive information.
Input passed via the 'type' parameter to inner.php is not properly sanitised before being used in a SQL query. Input passed to the 'keys' parameter in search.php is not properly sanitised before being returned to the user.
Local File Include Vulnerability: A vulnerability in Tainos web design allows an attacker to include a file from the local system. This can be exploited to gain access to sensitive information such as passwords. SQL Injection Vulnerability: A vulnerability in Tainos web design allows an attacker to inject arbitrary SQL commands into a vulnerable web application. This can be exploited to gain access to sensitive information such as passwords. Cross Site Scripting Vulnerability: A vulnerability in Tainos web design allows an attacker to inject arbitrary JavaScript code into a vulnerable web application. This can be exploited to gain access to sensitive information such as passwords.
EgO is a PHP script that makes easier the set up and administration of a website. EgO supports customizable skins and modules that would be designed to fit specific needs. An attacker can exploit a vulnerability in EgO's FCKEditor to upload arbitrary files to the server, allowing them to execute arbitrary code on the server.
A vulnerability in Joomla Component simpledownload allows an attacker to remotely disclose files from the server. An attacker can send a specially crafted HTTP request containing a malicious fileid parameter to the vulnerable server and disclose files from the server.
A proof-of-concept exploit for a stack buffer overflow vulnerability in Shellzip v3.0 Beta 3 (.zip). The vulnerability is caused due to a boundary error when processing .zip files, which can be exploited to cause a stack-based buffer overflow via a specially crafted .zip file.
A Remote Command Execution vulnerability exists in LinPHA < 1.3.2. An attacker can exploit this vulnerability to execute arbitrary commands on the vulnerable system. This is due to the application not properly sanitizing user-supplied input to the 'full_convert_path' parameter in the 'rotate.php' script. An attacker can exploit this vulnerability by sending a malicious HTTP request containing a malicious command to the vulnerable system.
The iceberg 'Content Management System' is vulnerable to SQL Injection. The vulnerability can be exploited by sending malicious SQL queries to the vulnerable website. The vulnerable parameter is 'p_id' which can be found in the URL of the website. The malicious query can be used to extract sensitive information from the database.
A vulnerability in Cybertek CMS allows an attacker to include a local file on the server via the 'page' parameter in the 'index.php' script. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing directory traversal characters (e.g. '../') to the vulnerable server.
Services By CQR