From 57c0ae8e7380f0997ab2d8ce336028004e054411 Mon Sep 17 00:00:00 2001 From: Offensive Security Date: Sun, 17 May 2015 05:02:09 +0000 Subject: [PATCH] DB: 2015-05-17 6 new exploits --- files.csv | 6 ++++++ platforms/php/webapps/37022.txt | 13 +++++++++++++ platforms/php/webapps/37023.txt | 7 +++++++ platforms/php/webapps/37024.txt | 9 +++++++++ platforms/php/webapps/37025.txt | 8 ++++++++ platforms/php/webapps/37026.txt | 9 +++++++++ platforms/php/webapps/37027.txt | 9 +++++++++ 7 files changed, 61 insertions(+) create mode 100755 platforms/php/webapps/37022.txt create mode 100755 platforms/php/webapps/37023.txt create mode 100755 platforms/php/webapps/37024.txt create mode 100755 platforms/php/webapps/37025.txt create mode 100755 platforms/php/webapps/37026.txt create mode 100755 platforms/php/webapps/37027.txt diff --git a/files.csv b/files.csv index 82d2cc988..a56154d89 100755 --- a/files.csv +++ b/files.csv @@ -33405,3 +33405,9 @@ id,file,description,date,author,platform,type,port 37019,platforms/php/webapps/37019.txt,"MyBB 1.6.6 index.php conditions[usergroup][] Parameter XSS",2013-03-27,"Aditya Modha",php,webapps,0 37020,platforms/windows/remote/37020.html,"Apple Safari 5.1.5 For Windows 'window.open()' URI Spoofing Vulnerability",2012-03-28,Lostmon,windows,remote,0 37021,platforms/php/webapps/37021.txt,"TomatoCart 1.2.0 Alpha 2 'json.php' Local File Include Vulnerability",2012-03-28,"Canberk BOLAT",php,webapps,0 +37022,platforms/php/webapps/37022.txt,"ocPortal 7.1.5 code_editor.php Multiple Parameter XSS",2012-03-28,"High-Tech Bridge",php,webapps,0 +37023,platforms/php/webapps/37023.txt,"EasyPHP 'main.php' SQL Injection Vulnerability",2012-03-29,"Skote Vahshat",php,webapps,0 +37024,platforms/php/webapps/37024.txt,"eZ Publish 4.x 'ezjscore' Module Cross Site Scripting Vulnerability",2012-03-29,"Yann MICHARD",php,webapps,0 +37025,platforms/php/webapps/37025.txt,"PHP Designer 2007 - Personal Multiple SQL Injection Vulnerabilities",2012-03-30,MR.XpR,php,webapps,0 +37026,platforms/php/webapps/37026.txt,"e107 1.0 'view' Parameter SQL Injection Vulnerability",2012-03-30,Am!r,php,webapps,0 +37027,platforms/php/webapps/37027.txt,"Simple Machines Forum (SMF) 2.0.2 index.php scheduled Parameter XSS",2012-03-29,Am!r,php,webapps,0 diff --git a/platforms/php/webapps/37022.txt b/platforms/php/webapps/37022.txt new file mode 100755 index 000000000..ba688bd69 --- /dev/null +++ b/platforms/php/webapps/37022.txt @@ -0,0 +1,13 @@ +source: http://www.securityfocus.com/bid/52768/info + +ocPortal is prone to multiple cross-site scripting vulnerabilities and an arbitrary file-disclosure vulnerability because the application fails to sufficiently sanitize user-supplied data. + +An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, and obtain sensitive information. + +ocPortal versions prior to 7.1.6 are vulnerable. + +http://www.example.com/code_editor.php?path=%22%3E%3Cscript%3Ealert%28document.cookie%29;%3C/script%3E + +http://www.example.com/code_editor.php?path&line=%22%3E%3Cscript%3Ealert%28document.cookie%29;%3C/script%3E + +http://www.example.com/site/catalogue_file.php?original_filename=1.txt&file=%252e%252e%252f%252e%252e%252finfo.php \ No newline at end of file diff --git a/platforms/php/webapps/37023.txt b/platforms/php/webapps/37023.txt new file mode 100755 index 000000000..dab872163 --- /dev/null +++ b/platforms/php/webapps/37023.txt @@ -0,0 +1,7 @@ +source: http://www.securityfocus.com/bid/52781/info + +EasyPHP is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query. + +A successful exploit may allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database. + +http://www.example.com/home/sqlite/main.php?dbsel=1&table=t1' \ No newline at end of file diff --git a/platforms/php/webapps/37024.txt b/platforms/php/webapps/37024.txt new file mode 100755 index 000000000..86c48b00e --- /dev/null +++ b/platforms/php/webapps/37024.txt @@ -0,0 +1,9 @@ +source: http://www.securityfocus.com/bid/52807/info + +eZ Publish is prone to a cross-site scripting vulnerability because it fails to sanitize user-supplied input. + +An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. + +eZ Publish 4.6 is vulnerable; other versions may also be affected. + +http://www.example.com/ezjscore/call/ezjsc:time \ No newline at end of file diff --git a/platforms/php/webapps/37025.txt b/platforms/php/webapps/37025.txt new file mode 100755 index 000000000..b444d9fe1 --- /dev/null +++ b/platforms/php/webapps/37025.txt @@ -0,0 +1,8 @@ +source: http://www.securityfocus.com/bid/52819/info + +PHP Designer 2007 - Personal is prone multiple SQL-injection vulnerabilities. + +A successful exploit will allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. + +http://www.example.com/read_news.php?news_id=[Sqli] +http://www.example.com/announce.php?id=[Sqli] \ No newline at end of file diff --git a/platforms/php/webapps/37026.txt b/platforms/php/webapps/37026.txt new file mode 100755 index 000000000..60722e8a9 --- /dev/null +++ b/platforms/php/webapps/37026.txt @@ -0,0 +1,9 @@ +source: http://www.securityfocus.com/bid/52821/info + +e107 is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. + +A successful exploit may allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. + +e107 1.0.0 is vulnerable; other versions may also be affected. + +http://www.example.com/index.php?option=com_flexicontent&view=[Sql] \ No newline at end of file diff --git a/platforms/php/webapps/37027.txt b/platforms/php/webapps/37027.txt new file mode 100755 index 000000000..0d6997bf2 --- /dev/null +++ b/platforms/php/webapps/37027.txt @@ -0,0 +1,9 @@ +source: http://www.securityfocus.com/bid/52822/info + +Simple Machines Forum is prone to a cross-site scripting vulnerability because it fails to sanitize user-supplied input. + +An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. + +Simple Machines Forum 2.0.2 is vulnerable; other versions may also be affected. + +http://www.example.com/index.php?scheduled=[Xss] \ No newline at end of file