The condition for this exploit to work is for an employee to have the same password as a customer. The exploit will yield a valid employee cookie for back office access. With a bit of tweaking, one can modify the exploit to access any customer account, get access to statistics, coupons, etc. or get an admin CSRF token. The attack may fail for a variety of reasons, including me messing up the padding somewhere. You might need to run the exploit several times.
This module exploits a command injection vulnerability in the `change_passwd` API method within the web interface of QNAP Q'Center virtual appliance versions prior to 1.7.1083. The vulnerability allows the 'admin' privileged user account to execute arbitrary commands as the 'admin' operating system user. Valid credentials for the 'admin' user account are required, however, this module also exploits a separate password disclosure issue which allows any authenticated user to view the password set for the 'admin' user during first install. This module has been tested successfully on QNAP Q'Center appliance version 1.6.1075.
The Softbiz Jobs & Recruitment Script is vulnerable to SQL Injection. The vulnerability allows an attacker to inject malicious SQL code into the 'cid' parameter of the 'browsecats.php' script, resulting in unauthorized access to sensitive information such as usernames and passwords. The exploit code provided in the text demonstrates how to retrieve the admin username and password from the database.
The Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway is vulnerable to a remote root exploit. The affected versions include IPn4G 1.1.0 build 1098, IPn3Gb 2.2.0 build 2160, IPn4Gb 1.1.6 build 1184-14, IPn4Gb 1.1.0 Rev 2 build 1090-2, IPn4Gb 1.1.0 Rev 2 build 1086, Bullet-3G 1.2.0 Rev A build 1032, VIP4Gb 1.1.6 build 1204, VIP4G 1.1.6 Rev 3.0 build 1184-14, VIP4G-WiFi-N 1.1.6 Rev 2.0.0 build 1196, IPn3Gii / Bullet-3G 1.2.0 build 1076, IPn4Gii / Bullet-LTE 1.2.0 build 1078, BulletPlus 1.3.0 build 1036, Dragon-LTE 1.1.0 build 1036.
The vulnerability allows attackers to perform arbitrary file attacks on Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway devices. The affected versions include IPn4G 1.1.0 build 1098, IPn3Gb 2.2.0 build 2160, IPn4Gb 1.1.6 build 1184-14, IPn4Gb 1.1.0 Rev 2 build 1090-2, IPn4Gb 1.1.0 Rev 2 build 1086, Bullet-3G 1.2.0 Rev A build 1032, VIP4Gb 1.1.6 build 1204, VIP4G 1.1.6 Rev 3.0 build 1184-14, VIP4G-WiFi-N 1.1.6 Rev 2.0.0 build 1196, IPn3Gii / Bullet-3G 1.2.0 build 1076, IPn4Gii / Bullet-LTE 1.2.0 build 1078, BulletPlus 1.3.0 build 1036, and Dragon-LTE 1.1.0 build 1036.
The Job Manager plugin for Wordpress version 4.1.0 is vulnerable to stored cross site scripting. An attacker can inject malicious script code through the 'job_title' and 'job_description' fields, which will be executed when a user views the job listing. This can lead to unauthorized access, data theft, or further compromise of the website.
The vulnerability that affects the device is LFI type in the uc-http service 1.0.0. It allows obtaining information of configurations, wireless scanned networks, sensitive directories, etc. of the device.
The LiveAlbum 0.9.0 application is vulnerable to remote file inclusion. An attacker can exploit this vulnerability by injecting a malicious URL in the livealbum_dir parameter in the common.php file, which allows them to include and execute remote files, potentially leading to arbitrary code execution.
This module exploits an unauthenticated command execution vulnerability in Apache Hadoop through ResourceManager REST API.
phpMyAdmin v4.8.0 and v4.8.1 are vulnerable to local file inclusion, which can be exploited post-authentication to execute PHP code by application.
Services By CQR