From 42e75482b660ddf9f505ee9e203f04f0a811cc6f Mon Sep 17 00:00:00 2001
From: Exploit-DB <gitlab@exploit-db.com>
Date: Wed, 6 Mar 2024 00:16:30 +0000
Subject: [PATCH] DB: 2024-03-06

4 changes to exploits/shellcodes/ghdb

Solar-Log 200 PM+ 3.6.0 Build 99 - 15.10.2019 - Stored XSS

kk Star Ratings < 5.4.6 - Rating Tampering via Race Condition

Neontext Wordpress Plugin - Stored XSS
---
 exploits/hardware/webapps/51857.txt | 16 ++++++++++++++++
 exploits/php/webapps/51858.txt      | 22 ++++++++++++++++++++++
 exploits/php/webapps/51859.txt      | 27 +++++++++++++++++++++++++++
 files_exploits.csv                  |  3 +++
 4 files changed, 68 insertions(+)
 create mode 100644 exploits/hardware/webapps/51857.txt
 create mode 100644 exploits/php/webapps/51858.txt
 create mode 100644 exploits/php/webapps/51859.txt

diff --git a/exploits/hardware/webapps/51857.txt b/exploits/hardware/webapps/51857.txt
new file mode 100644
index 000000000..29c33af95
--- /dev/null
+++ b/exploits/hardware/webapps/51857.txt
@@ -0,0 +1,16 @@
+# Exploit Title: Stored XSS in Solar-Log 200 3.6.0 web panel
+# Date: 10-30-23
+# Exploit Author: Vincent McRae, Mesut Cetin - Redteamer IT Security
+# Vendor Homepage: https://www.solar-log.com/en/
+# Version: Solar-Log 200 PM+ 3.6.0 Build 99 - 15.10.2019
+# Tested on: Proprietary devices: https://www.solar-log.com/en/support/firmware/
+# CVE: CVE-2023-46344
+
+# POC:
+
+1. Go to solar panel
+2. Go to configuration -> Smart Energy -> "drag & drop" button.
+3. Change "name" to: <xss onmouseenter="alert(document.cookie)"
+style=display:block>test</xss>
+4. Once you hover over "test", you get XSS -> if a higher privileged
+user hovers over it, we can get their cookies.
\ No newline at end of file
diff --git a/exploits/php/webapps/51858.txt b/exploits/php/webapps/51858.txt
new file mode 100644
index 000000000..0b1d3561e
--- /dev/null
+++ b/exploits/php/webapps/51858.txt
@@ -0,0 +1,22 @@
+# Exploit Title: Wordpress Plugin Neon Text <= 1.1 - Stored Cross Site Scripting (XSS)
+# Date: 2023-11-15
+# Exploit Author: Eren Car
+# Vendor Homepage: https://www.eralion.com/
+# Software Link: https://downloads.wordpress.org/plugin/neon-text.zip
+# Category: Web Application
+# Version: 1.0
+# Tested on: Debian / WordPress 6.4.1
+# CVE : CVE-2023-5817
+
+# 1. Description:
+The Neon text plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's neontext_box shortcode in 1.1 and above versions.
+
+# 2. Proof of Concept (PoC):
+  a. Install and activate version 1.0 of the plugin.
+  b. Go to the posts page and create new post.
+  c. Add shorcode block and insert the following payload:
+
+		[neontext_box][neontext color='"onmouseover="alert(document.domain)"']TEST[/neontext][/neontext_box]
+
+
+  d. Save the changes and preview the page. Popup window demonstrating the vulnerability will be executed.
\ No newline at end of file
diff --git a/exploits/php/webapps/51859.txt b/exploits/php/webapps/51859.txt
new file mode 100644
index 000000000..02cc114c0
--- /dev/null
+++ b/exploits/php/webapps/51859.txt
@@ -0,0 +1,27 @@
+# Exploit Title: kk Star Ratings < 5.4.6 - Rating Tampering via Race
+Condition
+# Google Dork: inurl:/wp-content/plugins/kk-star-ratings/
+# Date: 2023-11-06
+# Exploit Author: Mohammad Reza Omrani
+# Vendor Homepage: https://github.com/kamalkhan
+# Software Link: https://wordpress.org/plugins/kk-star-ratings/
+# WPScan :
+https://wpscan.com/vulnerability/6f481d34-6feb-4af2-914c-1f3288f69207/
+# Version: 5.4.6
+# Tested on: Wordpress 6.2.2
+# CVE : CVE-2023-4642
+
+# POC:
+1- Install and activate kk Star Ratings.
+2- Go to the page that displays the star rating.
+3- Using Burp and the Turbo Intruder extension, intercept the rating
+submission.
+4- Send the request to Turbo Intruder using Action > Extensions > Turbo
+Intruder > Send to turbo intruder.
+5- Drop the initial request and turn Intercept off.
+6- In the Turbo Intruder window, add "%s" to the end of the connection
+header (e.g. "Connection: close %s").
+7- Use the code `examples/race.py`.
+8- Click "Attack" at the bottom of the window. This will send multiple
+requests to the server at the same moment.
+9- To see the updated total rates, reload the page you tested.
\ No newline at end of file
diff --git a/files_exploits.csv b/files_exploits.csv
index 7d8fa6aa0..d7ac9d168 100644
--- a/files_exploits.csv
+++ b/files_exploits.csv
@@ -4810,6 +4810,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 18517,exploits/hardware/webapps/18517.txt,"Snom IP Phone - Privilege Escalation",2012-02-23,"Sense of Security",webapps,hardware,,2012-02-23,2012-02-23,0,OSVDB-79655;OSVDB-79618,,,,,http://www.senseofsecurity.com.au/advisories/SOS-12-001.pdf
 17215,exploits/hardware/webapps/17215.txt,"Snom IP Phone Web Interface < 8 - Multiple Vulnerabilities",2011-04-26,"Yakir Wizman",webapps,hardware,,2011-04-26,2011-04-26,1,,,,,,
 42408,exploits/hardware/webapps/42408.txt,"SOL.Connect ISET-mpp meter 1.2.4.2 - SQL Injection",2017-08-01,"Andy Tan",webapps,hardware,,2017-08-01,2017-08-01,0,CVE-2017-11494,"Authentication Bypass / Credentials Bypass (AB/CB)",,,,
+51857,exploits/hardware/webapps/51857.txt,"Solar-Log 200 PM+ 3.6.0 Build 99 - 15.10.2019 - Stored XSS",2024-03-05,"Vincent McRae_ Mesut Cetin",webapps,hardware,,2024-03-05,2024-03-05,0,,,,,,
 41671,exploits/hardware/webapps/41671.txt,"Solare Datensysteme Solar-Log Devices 2.8.4-56/3.5.2-85 - Multiple Vulnerabilities",2017-03-22,"SEC Consult",webapps,hardware,,2017-03-22,2017-03-22,0,,"Cross-Site Request Forgery (CSRF)",,,,https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20170322-0_Solare_Datensysteme_SolarLog_Multiple_vulnerabilities_v10.txt
 41671,exploits/hardware/webapps/41671.txt,"Solare Datensysteme Solar-Log Devices 2.8.4-56/3.5.2-85 - Multiple Vulnerabilities",2017-03-22,"SEC Consult",webapps,hardware,,2017-03-22,2017-03-22,0,,"Denial of Service (DoS)",,,,https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20170322-0_Solare_Datensysteme_SolarLog_Multiple_vulnerabilities_v10.txt
 50968,exploits/hardware/webapps/50968.txt,"SolarView Compact 6.00 - 'pow' Cross-Site Scripting (XSS)",2022-06-14,"Ahmed Alroky",webapps,hardware,,2022-06-14,2022-06-14,0,CVE-2022-29301,,,,,
@@ -22251,6 +22252,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 32983,exploits/php/webapps/32983.txt,"kitForm CRM Extension 0.43 - 'sorter.ph?sorter_value' SQL Injection",2014-04-22,chapp,webapps,php,80,2014-04-22,2014-04-22,0,OSVDB-106179;CVE-2014-3757,,,,http://www.exploit-db.comkitForm_0.43.zip,
 8885,exploits/php/webapps/8885.pl,"Kjtechforce mailman b1 - 'dest' Blind SQL Injection",2009-06-05,YEnH4ckEr,webapps,php,,2009-06-04,,1,OSVDB-55303;CVE-2009-2164;OSVDB-55302,,,,,
 8884,exploits/php/webapps/8884.txt,"Kjtechforce mailman b1 - Delete Row 'code' SQL Injection",2009-06-05,YEnH4ckEr,webapps,php,,2009-06-04,,1,OSVDB-55303;CVE-2009-2164;OSVDB-55302,,,,,
+51859,exploits/php/webapps/51859.txt,"kk Star Ratings < 5.4.6 - Rating Tampering via Race Condition",2024-03-05,"Mohammad Reza Omrani",webapps,php,,2024-03-05,2024-03-05,0,,,,,,
 32543,exploits/php/webapps/32543.txt,"KKE Info Media Kmita Catalogue 2 - 'search.php' Cross-Site Scripting",2008-10-28,cize0f,webapps,php,,2008-10-28,2014-03-26,1,CVE-2008-5067;OSVDB-49441,,,,,https://www.securityfocus.com/bid/31968/info
 32544,exploits/php/webapps/32544.txt,"KKE Info Media Kmita Gallery - Multiple Cross-Site Scripting Vulnerabilities",2008-10-29,cize0f,webapps,php,,2008-10-29,2014-03-26,1,CVE-2008-5068;OSVDB-49445;OSVDB-49444,,,,,https://www.securityfocus.com/bid/31970/info
 14585,exploits/php/webapps/14585.php,"kleeja 1.0.0RC6 - Database Disclosure",2010-08-09,indoushka,webapps,php,,2010-08-09,2010-08-09,0,,,,,http://www.exploit-db.comkleeja1RC6_.zip,
@@ -24318,6 +24320,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 38865,exploits/php/webapps/38865.txt,"NeoBill 0.9-alpha - 'language' Local File Inclusion",2013-12-06,KedAns-Dz,webapps,php,,2013-12-06,2016-10-24,1,OSVDB-100670,,,,,https://www.securityfocus.com/bid/64112/info
 21317,exploits/php/webapps/21317.txt,"NeoBill CMS 0.8 Alpha - Multiple Vulnerabilities",2012-09-14,Vulnerability-Lab,webapps,php,,2012-09-14,2012-09-14,0,OSVDB-86204,,,,http://www.exploit-db.comNeoBill0.8-alpha.zip,https://www.vulnerability-lab.com/get_content.php?id=685
 3163,exploits/php/webapps/3163.txt,"Neon Labs Website 3.2 - 'nl.php?g_strRootDir' Remote File Inclusion",2007-01-20,3l3ctric-Cracker,webapps,php,,2007-01-19,,1,OSVDB-36797;CVE-2007-0496,,,,,
+51858,exploits/php/webapps/51858.txt,"Neontext Wordpress Plugin - Stored XSS",2024-03-05,"Eren Car",webapps,php,,2024-03-05,2024-03-05,0,,,,,,
 26183,exploits/php/webapps/26183.txt,"NEPHP 3.0.4 - 'browse.php' Cross-Site Scripting",2005-08-22,bl2k,webapps,php,,2005-08-22,2013-06-14,1,,,,,,https://www.securityfocus.com/bid/14626/info
 9712,exploits/php/webapps/9712.txt,"Nephp Publisher Enterprise 4.5 - Authentication Bypass",2009-09-17,"learn3r hacker",webapps,php,,2009-09-16,,1,OSVDB-58311;CVE-2009-3315,,,,,
 6830,exploits/php/webapps/6830.txt,"NEPT Image Uploader 1.0 - Arbitrary File Upload",2008-10-24,Dentrasi,webapps,php,,2008-10-23,,1,OSVDB-49428;CVE-2008-6822,,,,,