0day.today - Biggest Exploit Database in the World.

Select your language:

Things you should know about 0day.today:

We use one main domain: http://0day.today
Most of the materials is completely FREE
If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earn GOLD

We accept currencies: [contact admin to find more]

We don't want you to use our site as a tool for hacking purposes, so any kind of action that could affect illegaly other users or websites that you don't have right to access will be banned and your account including your data will be destroyed.

Administration of this site uses the official contacts. Beware of impostors!

We DO NOT use Telegram or any messengers / social networks!
Please, beware of scammers!

I am registered user of 0day.today. I don't want to see this screen in future.

What to do first?

Read the [ agreement ]
Read the [ Submit ] rules
Visit the [ faq ] page
[ Register ] profile
Get [ GOLD ]
If you want to [ sell ]
If you want to [ buy ]
If you lost [ Account ]
Any questions [ admin@0day.today ]

Main links

You can contact us by

Mail:

mr.inj3ct0r@gmail.com

Facebook:

Inj3ct0rs

Twitter:

Inj3ct0r

Telegram:

We DO NOT use Telegram or any messengers / social networks!

[ authorization ] [ registration ] [ restore account ]

You can contact us by:

Mail:

mr.inj3ct0r@gmail.com

Facebook:

Inj3ct0rs

Twitter:

Inj3ct0r

Telegram:

We DO NOT use Telegram or any messengers / social networks!

OneOrZero AIMS v2.6.0 Members Edition Multiple Vulnerabilities

Author

Valentin Hobel

Risk

[

Security Risk Unsored

]

0day-ID

Category

Date add

Platform

==============================================================
OneOrZero AIMS v2.6.0 Members Edition Multiple Vulnerabilities
==============================================================

[:::::::::::::::::::::::::::::::::::::: 0x1 ::::::::::::::::::::::::::::::::::::::]
>> General Information
Advisory/Exploit Title = OneOrZero AIMS v2.6.0 Members Edition Multiple Vulnerabilities
Author = Valentin Hoebel
Contact = valentin@xenuser.org
 
 
[:::::::::::::::::::::::::::::::::::::: 0x2 ::::::::::::::::::::::::::::::::::::::]
>> Product information
Name = OneOrZero AIMS
Vendor = OneOrZero
Vendor Website = http://oneorzero.com/
Affected Version(s) = 2.6.0
 
 
Hint: The vulnerabilities can only be seen if you are logged in.
[:::::::::::::::::::::::::::::::::::::: 0x3 ::::::::::::::::::::::::::::::::::::::]
>> SQL Injection
Multiple scripts and parameters are affected by remote SQL injection vulnerabilities.
You can also manipulate SQL queries with the help of various search fields of this
web app.
 
Some example URLs:
index.php?controller=app_oneorzerohelpdesk_main&subcontroller=search_management_manage&option=saved_search&global=1&id=[SQL Injection]
index.php?controller=app_oneorzerohelpdesk_main&subcontroller=search_management_manage&option=show_item_search&item_types=[SQL Injection]
 
 
>> Local File Inclusion
index.php?controller=[LFI]&subcontroller=app_oneorzerotimemanager_manage&option=show_report
This vulnerability can be tricky to exploit. If OpenBaseDir is set, you can at least
view files in the directory of this web software.



#  0day.today [2024-09-19]  #

We DO NOT use Telegram or any messengers / social networks!

Please, beware of scammers!

OneOrZero AIMS v2.6.0 Members Edition Multiple Vulnerabilities

Report Error

Report Error