DB: 2015-06-21

1 new exploits
2015-06-21 05:03:06 +00:00 · 2015-06-21 05:03:06 +00:00 · 15d535a900
commit 15d535a900
parent 2030fa98fd
2 changed files with 42 additions and 0 deletions
--- a/files.csv
+++ b/files.csv
@ -33684,6 +33684,7 @@ id,file,description,date,author,platform,type,port
 37321,platforms/php/webapps/37321.txt,"DynPage 1.0 'ckfinder' Multiple Arbitrary File Upload Vulnerabilities",2012-05-25,KedAns-Dz,php,webapps,0
 37322,platforms/multiple/webapps/37322.txt,"ManageEngine SupportCenter Plus 7.90 - Multiple Vulnerabilities",2015-06-19,Vulnerability-Lab,multiple,webapps,0
 37323,platforms/hardware/webapps/37323.txt,"ZTE ZXV10 W300 v3.1.0c_DR0 - UI Session Delete Vulnerability",2015-06-19,Vulnerability-Lab,hardware,webapps,0
 37325,platforms/multiple/webapps/37325.txt,"Lively cart SQL Injection vulnerability",2015-06-19,"Manish Tanwar",multiple,webapps,0
 37326,platforms/windows/dos/37326.py,"WinylPlayer 3.0.3 Memory Corruption PoC",2015-06-19,"Rajganesh Pandurangan",windows,dos,0
 37327,platforms/windows/dos/37327.py,"HansoPlayer 3.4.0 Memory Corruption PoC",2015-06-19,"Rajganesh Pandurangan",windows,dos,0
 37328,platforms/php/webapps/37328.php,"Small-Cms 'hostname' Parameter Remote PHP Code Injection Vulnerability",2012-05-26,L3b-r1'z,php,webapps,0
--- a/platforms/multiple/webapps/37325.txt
+++ b/platforms/multiple/webapps/37325.txt
@ -0,0 +1,41 @@
 ##################################################################################################
 #Exploit Title : Lively cart SQL Injection vulnerability
 #Author        : Manish Kishan Tanwar AKA error1046
 #Vendor Link   : http://codecanyon.net/item/livelycart-a-jquery-php-store-shop/5531393
 #Date          : 18/06/2015
 #Love to       : zero cool,Team indishell,Mannu,Viki,Hardeep Singh,Incredible,Kishan Singh and ritu rathi
 #Discovered At : Indishell Lab
 ##################################################################################################
 ////////////////////////
 /// Overview:
 ////////////////////////
 Lively cart is shping cart script and search parameter(search_query) in not filtering user supplied data and hence affected from SQL injection vulnerability 
 ///////////////////////////////
 // Vulnerability Description:
 ///////////////////////////////
 vulnerability is due to search_query GET parameter 
 ////////////////
 ///  POC   ////
 ///////////////
 http://SERVER/1.2.0/product/search?search_query='
                             --==[[ Greetz To ]]==--
 ############################################################################################
 #Guru ji zero ,code breaker ica, root_devil, google_warrior,INX_r0ot,Darkwolf indishell,Baba, 
 #Silent poison India,Magnum sniper,ethicalnoob Indishell,Reborn India,L0rd Crus4d3r,cool toad,
 #Hackuin,Alicks,mike waals,Suriya Prakash, cyber gladiator,Cyber Ace,Golden boy INDIA,
 #Ketan Singh,AR AR,saad abbasi,Minhal Mehdi ,Raj bhai ji ,Hacking queen,lovetherisk,Bikash Dash
 #############################################################################################
                             --==[[Love to]]==--
 # My Father ,my Ex Teacher,cold fire hacker,Mannu, ViKi ,Ashu bhai ji,Soldier Of God, Bhuppi,
 #Mohit,Ffe,Ashish,Shardhanand,Budhaoo,Jagriti,Salty and Don(Deepika kaushik)
                       --==[[ Special Fuck goes to ]]==--
                            <3  suriya Cyber Tyson <3