This application is vulnerable to Stored XSS vulnerability. Whenever we will go to the page (http://localhost/attendance/sanction) where the script is injected, the stored script will be executed and the Javascript code (XSS) will be executed.
School File Management System 1.0 is vulnerable to stored cross-site scripting. An attacker can inject malicious JavaScript code into the 'Firstname' and 'Lastname' fields of the 'Update Account' page. When a user visits the page, the malicious code will be executed, allowing the attacker to access the user's cookies.
The PDFCOMPLETE Corporate Edition 4.1.45 is vulnerable to an unquoted service path vulnerability. This vulnerability can be exploited by an attacker to gain elevated privileges on the system. The vulnerability exists due to the pdfcDispatcher service not being properly quoted. An attacker can exploit this vulnerability by creating a malicious executable with the same name as the service and placing it in the same directory as the service executable. The malicious executable will then be executed with elevated privileges.
This exploit allows an attacker to execute arbitrary code on the vulnerable system without needing to upload any local file. The exploit works by registering a user with the Online Marriage Registration System (OMRS) 1.0, and then uploading a malicious PHP file. The attacker can then execute arbitrary code on the vulnerable system by sending a GET request to the malicious file.
The 'path' parameter of OpenLiteSpeed (1.7.8) web server has command injection vulnerability that leads to escalate privilege. OpenLiteSpeed runs with user(nobody):group(nogroup) privilege. However, extUser and extGroup parameters could be used to join a group (GID) such as shadow, sudo, etc.
Send the following URL http://HOST/evoadm.php?.ctrl=comments&filter=restore&tab3=123%22onmouseover=%22alert(document.domain)%22&blog=1&blog=1 to the logged in victim using any social engineering technique. When an unsuspecting user with high privileges opens this URL, XSS will be triggered which will execute the malicious javascript payload in users browser. The vulnerable parameter in this case is “tab3”.
An open redirect vulnerability exists in b2evolution 6.11.6. An attacker can craft a malicious link containing the 'redirect_to' parameter and send it to an unsuspecting user. When the user clicks on the link, they will be redirected to the attacker-controlled domain, which can be used to perform malicious phishing campaigns.
A vulnerability in the Node.js module 'node-serialize' allows remote attackers to execute arbitrary code. The vulnerability is due to the use of the 'eval' function to deserialize user-supplied data. An attacker can exploit this vulnerability by sending a malicious serialized object to the application. This can result in arbitrary code execution on the server.
Login with an account having high privileges, navigate to System -> Plugins and select any plugin, change the plugin name and enter the following payload '><svg/onload=alert(123)> in the name parameter, payload gets stored in the database, the payload gets executed after the victim checks the plugin page, this vulnerability needs high privilege and can affect other users with similar privileges.
By adding this (/system/help/support) to the end of the desired website address, you can view the username without any filter or obstacle. Sometimes even without a username and password. And by adding (/system/login) to the end of the desired website address, you can access the admin panel without any filters.
Services By CQR