A remote file inclusion vulnerability exists in the Dark Portal login.php script, which allows an attacker to include a remote file containing arbitrary code and execute it on the vulnerable server. The vulnerability is due to the include_path parameter not being properly sanitized before being used in a file inclusion call.
An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable application. The request contains a malicious SQL statement that when executed, can disclose sensitive information from the database, modify data, or even delete data.
Spaceacre is vulnerable to multiple SQL injection vulnerabilities. An attacker can inject malicious SQL queries via the 'catID' parameter in the following URLs: http://[target]/cat1.php?catID=[SQL], http://[target]/cat2.php?catID=[SQL], http://[target]/cat3.php?catID=[SQL], http://[target]/cat4.php?catID=[SQL], http://[target]/cat5.php?catID=[SQL], http://[target]/cat6.php?catID=[SQL].
Netvidade engine v1.0 is vulnerable to SQL Injection. This vulnerability is due to the lack of proper sanitization of user-supplied input in the 'id' parameter of the 'webtemplate-categoria.php' and 'concorrer.php' scripts. An attacker can exploit this vulnerability to inject arbitrary SQL commands and gain access to sensitive information from the database.
An attacker can exploit this vulnerability by sending a crafted SQL query to the vulnerable application. The crafted query can be used to extract sensitive information from the database, such as usernames and passwords. The attacker can also use the crafted query to modify the database, such as adding or deleting records.
A bug exists in the way Hyplay processes malformed .asx play list files. This could potentially lead to code execution on the users machine. An evil asx file is created with 3000 bytes of 'A' characters which can cause a denial of service crash.
This exploit is used to check if a website is vulnerable to SQL Injection. It takes the host and path of the website as input and checks if the website is vulnerable to SQL Injection by sending a request to the website with an ID parameter and a single quote at the end. If the website responds with a 200 code, it is vulnerable to SQL Injection.
This exploit is used to gain access to the username and password of users in the Alibaba Clone Version 3.0 (Special) script. It is done by sending a malicious HTTP request to the offers_buy.php page with an id parameter containing a SQL injection payload. This payload will cause the database to return the username and password of all users in the database.
This exploit is used to exploit the SQL Injection vulnerability in the phpscripte24 Shop System. It uses the Host, Path, Userid and Prefix to exploit the vulnerability. If the exploit is successful, it will return a response code of 200.
Dolphin 2.0 is vulnerable to local denial of service attack. When we try to open a file by 'Open(CTRL+O)' that contains 9999 chars ('A'), so dolphin should crash.
Services By CQR