This module exploits an information disclosure vulnerability in Zpanel. The vulnerability is due to a vulnerable version of pChart used by ZPanel that allows unauthenticated users to read arbitrary files remotely on the file system. This particular module utilizes this vulnerability to identify the username/password combination of the MySQL instance. With the credentials the attackers can login to PHPMyAdmin and execute SQL commands to drop a malicious payload on the filesystem and call it leading to remote code execution.
The vulnerability exists in the /class/debug/debug_show.php file of RunCms version 1.5.2 and below. The show_files() and show_queries() functions do not perform any authentication, allowing an attacker to inject SQL queries and disclose sensitive credentials. The exploit takes advantage of this vulnerability to retrieve information from the database.
This is a proof of concept for the Windows Messenger Service Overflow vulnerability. The vulnerability allows an attacker to send a message with a specially crafted body that can cause a buffer overflow and crash the target machine. The vulnerability is caused by the Messenger Service not properly validating the length of the message before passing it to the allocated buffer. When a character 0x14 is encountered in the message body, it is replaced by a CR+LF. The buffer allocated for this operation is twice the size of the string, but is then copied to a buffer that was only allocated 11CAh bytes, allowing for buffer overflow. This proof of concept launches the exploit against the target machine, causing it to reboot.
/modules/flashgames/game.php?lid=-19/**/UNION/**/SELECT/**/0,1,pass,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18/**/FROM/**/xoops_users/**/LIMIT/**/1,1/*
The vulnerability exists in the header.php file of the workbench survival guide. The include function is used to include the navbar.php file without proper sanitization, allowing an attacker to remotely include arbitrary files. An example exploit URL is provided as http://site.com/path/header.php?path=[[Sh3LL Script]].
An older release of blat.exe v2.7.6 is prone to a stack based buffer overflow when sending malicious command line arguments. The vulnerability can be triggered by sending two arguments, the first one can be any value e.g. 'AAAA', and the second argument triggers the buffer overflow and allows execution of arbitrary code on the victim's OS.
The Versado CMS is vulnerable to a remote file inclusion vulnerability. The vulnerability is due to the insecure handling of user-supplied input in the 'urlModulo' parameter of the 'includes/ajax_listado.php' script. An attacker can exploit this vulnerability to include a remote file, which could lead to remote code execution or other malicious activities.
AdobeWorkgroupHelper.exe is a component of the Photoshop 7 workgroup functionality, that lets users work with files on a server that is registered as a workgroup. If AdobeWorkgroupHelper.exe is called with an overly long command line argument it is vulnerable to a stack based buffer overflow exploit. Resulting in arbitrary code execution undermining the integrity of the program. We can control EIP register at about 5,856 bytes, our shellcode will point to ECX register. Tested successfully on Windows 7 SP1. Use below python script to exploit...
This vulnerability allows an attacker to include remote files in the 'common.php' file. By manipulating the 'locale' parameter, an attacker can execute arbitrary code on the server.
This exploit demonstrates a buffer overflow vulnerability in ASX to MP3 Converter. By sending a specially crafted ASX file, an attacker can overwrite the memory and execute arbitrary code. This exploit is for Windows 2003.
Services By CQR