DLINK DCS-5020L wireless cloud camera remote code execution vulnerability analysis-vulnerability warning-the black bar safety net

This article is mainly to demonstrate, how to find IOT device vulnerability. Look for the following commands of the injection process can be divided into 3 steps, somewhat similar to the 100 point CTF challenge: download the binary file, run the string, the tracking system calls to the origin of...

CVE-2017-17020

On D-Link DCS-5009 devices with firmware 1.08.11 and earlier, DCS-5010 devices with firmware 1.14.09 and earlier, and DCS-5020L devices with firmware before 1.15.01, command injection in alphapd binary responsible for running the camera's web server allows remote authenticated attackers to execut...

Omegle Clone - SQL Injection

Exploit Title: Omegle Clone - SQL Injection Google Dork: N/A Date: 18.03.2017 Vendor Homepage: http://turnkeycentral.com/ Software: http://www.turnkeycentral.com/scripts/omegle-clone/ Demo: http://demo.turnkeycentral.com/omegleclone/ Version: N/A Tested on: Win7 x64, Kali Linux x64 Exploit Author...

Vanderbilt IP-Camera CCPW3025-IR / CVMW3025-IR - Local File Disclosure

Vanderbilt IP-Camera CCPW3025-IR + CVMW3025-IR allows an unauthenticated user through the browser sends a request to obtain a user name and password Requesting links is as follows: http://host:port/cgi-bin/readfile.cgi?query=ADMINID Return information example: var AdmID="admin"; var...

shopxp pinglun. asp page injection vulnerability-vulnerability warning-the black bar safety net

shopxp pinglun. asp page injection vulnerability Injecting the subject of the sentence exp 1=2 union select 1,2,3,4,5,6,7,8,9,10,11 from shopxpadmin...

CVE-2008-6228

Pre Multi-Vendor Shopping Malls allows remote attackers to bypass authentication and gain administrative access by setting the 1 adminname and the 2 adminid cookies to "admin"...

Authentication flaw

Pre Multi-Vendor Shopping Malls allows remote attackers to bypass authentication and gain administrative access by setting the 1 adminname and the 2 adminid cookies to "admin"...

CVE-2009-0460

Whole Hog Ware Support 1.x allows remote attackers to bypass authentication and obtain administrative access via an integer value in the adminid cookie...

CVE-2009-0461

Whole Hog Password Protect: Enhanced 1.x allows remote attackers to bypass authentication and obtain administrative access via an integer value in the adminid cookie...

CVE-2009-0461

The vulnerability CVE-2009-0461 affects Whole Hog Password Protect: Enhanced 1.x. An integer value in the adminid cookie can bypass authentication, enabling remote attackers to obtain administrative access. This is the root cause and impact described across sources; no remediation or patched vers...

CVE-2009-0460

Whole Hog Ware Support 1.x allows remote attackers to bypass authentication and obtain administrative access via an integer value in the adminid cookie...

WholeHogSoftware Ware Support - Insecure Cookie Handling

WholeHogSoftware Ware Support Insecure Cookie Handling Vulnerability + Script :Ware Support + Site :http://wholehogsoftware.com + Detay :http://wholehogsoftware.com/index.php/page/waresupport + Discovered By Mountassif Moad + www.v4-team.com + Greetz : All my Freind Exploit:...

CVE-2008-5892

Multiple SQL injection vulnerabilities in ClickAndEmail allow remote attackers to execute arbitrary SQL commands via 1 the ID parameter to admindblayers.asp in an update action, 2 the adminid parameter to adminloginCheck.asp aka the USERNAME field in adminmain.asp, and 3 the PassWord parameter to...

Netious CMS 0.4 - 'pageid' SQL Injection

|| || | || o,7 || . o7 || 4||| ow, : / / . ================================ ========================== ==================== |-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=| | | | /' \ /'\ /\ \ /'\ /\ \ | | /, \ /\/\L\ \ \ \ ,/\ /\ \ \ \ / | | //\ \ /' \ /\ //\ Kings...

MeGaCheatZ 1.1 Multiple Remote SQL Injection Vulnerabilities

Exploit for unknown platform in category web applications ============================================================ MeGaCheatZ 1.1 Multiple Remote SQL Injection Vulnerabilities ============================================================...