This exploit is based on an advisory by Pridels Team. It uses LWP::UserAgent and URI::Escape to send a malicious command to the target server. The command is then executed on the server and the output is printed on the screen.
This code exploits Xmame 0.102 and below by exploiting 3 of the vulnerabilities found in Xmame giving you an euid=0. The shellcode used in this exploit is taken from Mixter's buffer overflow tutorial.
This exploit uses the vulnerability discovered by nukedx@nukedx.com. Exploit uses SQl-injection to give you the hash from user with chosen id.
Farmers Wife Server 4.4 SP1 is vulnerable to a directory traversal attack. This allows an attacker to access files and directories that are outside the root directory of the application. By default, the application runs on port 22003 and the default writable path is /guests. An attacker can use the ../../../ patterns to access files and directories outside the root directory. The anonymous login gives guest access, which means write access to /guests, which means default remote 'root' aka SYSTEM access.
HomeFtp v1.1 is vulnerable to a Denial of Service attack. An attacker can send a crafted USER and PASS command with a large number of characters to the server, causing the server to crash. This vulnerability is due to a lack of proper input validation.
An input validation flaw exists within 'admin/file_editor.php' of FlatCMS which can lead to remote command execution. The problem is that the $save_file variable is not properly sanitized, allowing an attacker to inject malicious code into the $f_content variable, which is then written to the $save_file file. This can be exploited to execute arbitrary commands on the remote system.
Accela Civic Platform version 21.1 and prior is vulnerable to Cross-Site-Scripting (XSS) due to improper validation of the 'successURL' parameter. An attacker can craft a malicious URL with a malicious payload and send it to the victim. When the victim clicks on the URL, the malicious payload will be executed in the victim's browser.
In WoWonder < 3.1, remote attackers can take over any account due to the weak cryptographic algorithm in recover.php. The code parameter is easily predicted from the time of day. The vulnerability is found the 'code' parameter in password reset link. The password reset code can be estimated by combining the password reset link time and the random value generated between 111 and 999. If an attacker exploits this vulnerability, attacker may access all accounts in WoWonder application.
Login to the admin page of Zenario CMS with admin credentials, which is http://server_ip/zenario/admin.php. Click on, New → HTML page to create a new sample page and intercept it with your interceptor. Just a single quote on the 'cID' parameter will confirm the SQL injection. After confirming that the 'cID' parameter is vulnerable to SQL injection, feeding the request to SQLMAP will do the rest of the work for you.
An issue was discovered in Solar-Log 500 prior to 2.8.2 Build 52 - 23.04.2013. In /export.html, email.html, sms.html, the devices store plaintext passwords, which may allow sensitive information to be read by someone with access to the device. Proof of Concept: Browse the configuration page in Solar-Log 500, we can find out that the passwords of FTP, SMTP, SMS services are stored in plaintext.
Services By CQR