The web application allows member to inject persistent Cross-Site-Scripting payload which will be executed in both member and Admin panel. An attacker can create an account and login as a member, inject a payload into the Firstname input, fill other inputs as desired, and click the Update button. The payload will be executed when the Admin visits the members page in their Dashboard, allowing the attacker to take over the Admin account.
A vulnerability in IPFire 2.25 allows an authenticated user to execute arbitrary code on the target system. This is due to the lack of proper input validation in the 'pakfire.cgi' script, which allows an attacker to inject malicious code into the 'INSPAKS' parameter. This can be exploited by sending a specially crafted HTTP POST request to the vulnerable script.
Stored XSS, also known as persistent XSS, is the more damaging of the two. It occurs when a malicious script is injected directly into a vulnerable web application. This vulnerability can result in the attacker to inject the XSS payload in the Title field of the page and each time any user will open the website, the XSS triggers and attacker can able to steal the cookie according to the crafted payload.
Chamilo LMS 1.11.14 is vulnerable to a Remote Code Execution vulnerability. An authenticated user can upload a malicious PHP webshell to the web root directory of the application. This allows an attacker to execute arbitrary commands on the server.
Podcast Generator is an open source Content Management System written in PHP and specifically designed for podcast publishing. The following is PoC to use the XSS bug with unauthorized user. Login to your admin account. 'Upload New Episode' or 'Edit' field has got 'Long Description'. Long Description field is not filtered. It is possible to place JavaScript code. Click the Home button. Click 'More' button of created or edited episode.
The web application allows for an Attacker to inject persistent Cross-Site-Scripting payload in Live Chat. An attacker can inject a malicious payload in the 'message' parameter of the 'nav_bar_action.php' page and send it to the server. This will result in a persistent XSS vulnerability.
This vulnerability allows an attacker to execute arbitrary code on a vulnerable version of Firefox. It contains a stage one (egg hunter) and stage two (WPAD sandbox escape) shellcode, the latter of which is used to bypass the sandbox protection.
This exploit is a JavaScript file containing CVE-2020-0674 UAF targetting IE8/11 and WPAD 64-bit on Windows 7 and 8.1 x64. It may be used as an alternative RCE attack vector in tandem with the firefox.exe exploit.
ZeroShell 3.9.0 is vulnerable to Remote Command Execution. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable server. This will allow the attacker to execute arbitrary commands on the server.
The 'date' POST parameter is vulnerable to UNION-based SQL Injection. Attacker can use it to retrieve sensitive data like usernames, passwords, versions, etc.
Services By CQR