bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

DB: 2023-05-19

Browse source 
2 changes to exploits/shellcodes/ghdb

Auto Dealer Management System 1.0 - Broken Access Control Exploit
Auto Dealer Management System v1.0 - SQL Injection
Auto Dealer Management System v1.0 - SQL Injection in sell_vehicle.php
Auto Dealer Management System v1.0 - SQL Injection on manage_user.php
Auto Dealer Management System 1.0 - Broken Access Control Exploit
Auto Dealer Management System v1.0 - SQL Injection
Auto Dealer Management System v1.0 - SQL Injection in sell_vehicle.php
Auto Dealer Management System v1.0 - SQL Injection on manage_user.php

Best pos Management System v1.0 - Remote Code Execution (RCE) on File Upload
Employee Task Management System v1.0 - Broken Authentication
Employee Task Management System v1.0 - SQL Injection on (task-details.php?task_id=?)
Employee Task Management System v1.0 - SQL Injection on edit-task.php
Employee Task Management System v1.0 - Broken Authentication
Employee Task Management System v1.0 - SQL Injection on (task-details.php?task_id=?)
Employee Task Management System v1.0 - SQL Injection on edit-task.php
Music Gallery Site v1.0 - Broken Access Control
Music Gallery Site v1.0 - SQL Injection on  music_list.php
Music Gallery Site v1.0 - SQL Injection on page Master.php
Music Gallery Site v1.0 - SQL Injection on page view_music_details.php
Music Gallery Site v1.0 - Broken Access Control
Music Gallery Site v1.0 - SQL Injection on  music_list.php
Music Gallery Site v1.0 - SQL Injection on page Master.php
Music Gallery Site v1.0 - SQL Injection on page view_music_details.php

Responsive FileManager 9.9.5 - Remote Code Execution (RCE)

Simple Food Ordering System v1.0 - Cross-Site Scripting (XSS)
This commit is contained in:
Exploit-DB 2023-05-19 00:17:10 +00:00
parent 2d5f2f1d15
commit 7217cf5c90
2 changed files with 30 additions and 14 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

28
files_exploits.csv
View file

@ -14243,10 +14243,10 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
15369,exploits/php/webapps/15369.php,"Auto CMS 1.8 - Remote Code Execution",2010-10-31,"Giuseppe D'Inverno",webapps,php,,2010-10-31,2015-07-12,0,OSVDB-72294;OSVDB-67568,,,,,
16139,exploits/php/webapps/16139.txt,"Auto Database System 1.0 Infusion Addon - SQL Injection",2011-02-09,Saif,webapps,php,,2011-02-09,2011-02-09,1,,,,,http://www.exploit-db.comsubmitted_addon_628.zip,
14239,exploits/php/webapps/14239.txt,"Auto Dealer - SQL Injection",2010-07-06,"Easy Laster",webapps,php,,2010-07-06,2010-07-06,0,OSVDB-66013;CVE-2010-4974,,,,,
51281,exploits/php/webapps/51281.txt,"Auto Dealer Management System 1.0 - Broken Access Control Exploit",2023-04-06,"Muhammad Navaid Zafar Ansari",webapps,php,,2023-04-06,2023-04-06,0,CVE-2023-0916,,,,,
51282,exploits/php/webapps/51282.txt,"Auto Dealer Management System v1.0 - SQL Injection",2023-04-06,"Muhammad Navaid Zafar Ansari",webapps,php,,2023-04-06,2023-04-06,0,CVE-2023-0912,,,,,
51283,exploits/php/webapps/51283.txt,"Auto Dealer Management System v1.0 - SQL Injection in sell_vehicle.php",2023-04-06,"Muhammad Navaid Zafar Ansari",webapps,php,,2023-04-06,2023-04-06,0,CVE-2023-0913,,,,,
51284,exploits/php/webapps/51284.txt,"Auto Dealer Management System v1.0 - SQL Injection on manage_user.php",2023-04-06,"Muhammad Navaid Zafar Ansari",webapps,php,,2023-04-06,2023-04-06,0,CVE-2023-0915,,,,,
51281,exploits/php/webapps/51281.txt,"Auto Dealer Management System 1.0 - Broken Access Control Exploit",2023-04-06,"Muhammad Navaid Zafar Ansari",webapps,php,,2023-04-06,2023-05-18,1,CVE-2023-0916,,,,,
51282,exploits/php/webapps/51282.txt,"Auto Dealer Management System v1.0 - SQL Injection",2023-04-06,"Muhammad Navaid Zafar Ansari",webapps,php,,2023-04-06,2023-05-18,1,CVE-2023-0912,,,,,
51283,exploits/php/webapps/51283.txt,"Auto Dealer Management System v1.0 - SQL Injection in sell_vehicle.php",2023-04-06,"Muhammad Navaid Zafar Ansari",webapps,php,,2023-04-06,2023-05-18,1,CVE-2023-0913,,,,,
51284,exploits/php/webapps/51284.txt,"Auto Dealer Management System v1.0 - SQL Injection on manage_user.php",2023-04-06,"Muhammad Navaid Zafar Ansari",webapps,php,,2023-04-06,2023-05-18,1,CVE-2023-0915,,,,,
44679,exploits/php/webapps/44679.txt,"Auto Dealership & Vehicle Showroom WebSys 1.0 - Multiple Vulnerabilities",2018-05-21,L0RD,webapps,php,,2018-05-21,2018-05-22,0,,,,,,
35954,exploits/php/webapps/35954.txt,"Auto Web Toolbox - 'id' SQL Injection",2011-07-15,Lazmania61,webapps,php,,2011-07-15,2015-01-30,1,,,,,,https://www.securityfocus.com/bid/48683/info
38119,exploits/php/webapps/38119.html,"Auto-Exchanger 5.1.0 - Cross-Site Request Forgery",2015-09-09,"Aryan Bayaninejad",webapps,php,,2015-09-09,2015-09-09,0,CVE-2015-6827;OSVDB-127313,,,,,
@ -14633,7 +14633,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
23455,exploits/php/webapps/23455.txt,"BES-CMS 0.4/0.5 - 'message.php' File Inclusion",2003-12-20,frog,webapps,php,,2003-12-20,2012-12-17,1,OSVDB-3418,,,,,https://www.securityfocus.com/bid/9268/info
23456,exploits/php/webapps/23456.txt,"BES-CMS 0.4/0.5 - 'start.php' File Inclusion",2003-12-20,frog,webapps,php,,2003-12-20,2012-12-17,1,OSVDB-3419,,,,,https://www.securityfocus.com/bid/9268/info
9472,exploits/php/webapps/9472.txt,"Best Dating Script - Arbitrary File Upload",2009-08-18,jetli007,webapps,php,,2009-08-17,,1,,,,,,
51280,exploits/php/webapps/51280.txt,"Best pos Management System v1.0 - Remote Code Execution (RCE) on File Upload",2023-04-06,"Ahmed Ismail",webapps,php,,2023-04-06,2023-04-06,0,CVE-2023-0943,,,,,
51280,exploits/php/webapps/51280.txt,"Best pos Management System v1.0 - Remote Code Execution (RCE) on File Upload",2023-04-06,"Ahmed Ismail",webapps,php,,2023-04-06,2023-05-18,1,CVE-2023-0943,,,,,
51279,exploits/php/webapps/51279.txt,"Best pos Management System v1.0 - SQL Injection",2023-04-06,"Ahmed Ismail",webapps,php,,2023-04-06,2023-04-06,0,,,,,,
49122,exploits/php/webapps/49122.txt,"Best Support System 3.0.4 - 'ticket_body' Persistent XSS (Authenticated)",2020-11-27,Ex.Mi,webapps,php,,2020-11-27,2020-12-01,0,CVE-2020-24963,,,,,
10655,exploits/php/webapps/10655.txt,"Best Top List - Cross-Site Scripting",2009-12-25,indoushka,webapps,php,,2009-12-24,,1,OSVDB-61372,,,,,
@ -17725,9 +17725,9 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
50112,exploits/php/webapps/50112.txt,"Employee Record Management System 1.2 - Stored Cross-Site Scripting (XSS)",2021-07-08,"Subhadip Nag",webapps,php,,2021-07-08,2021-07-08,0,,,,,,
49280,exploits/php/webapps/49280.txt,"Employee Record System 1.0 - Multiple Stored XSS",2020-12-17,"Saeed Bala Ahmed",webapps,php,,2020-12-17,2020-12-17,0,,,,,,
49389,exploits/php/webapps/49389.txt,"Employee Record System 1.0 - Unrestricted File Upload to Remote Code Execution",2021-01-07,"Saeed Bala Ahmed",webapps,php,,2021-01-07,2021-01-07,0,,,,,,
51285,exploits/php/webapps/51285.txt,"Employee Task Management System v1.0 - Broken Authentication",2023-04-06,"Muhammad Navaid Zafar Ansari",webapps,php,,2023-04-06,2023-04-06,0,CVE-2023-0905,,,,,
51286,exploits/php/webapps/51286.txt,"Employee Task Management System v1.0 - SQL Injection on (task-details.php?task_id=?)",2023-04-06,"Muhammad Navaid Zafar Ansari",webapps,php,,2023-04-06,2023-04-06,0,CVE-2023-0904,,,,,
51287,exploits/php/webapps/51287.txt,"Employee Task Management System v1.0 - SQL Injection on edit-task.php",2023-04-06,"Muhammad Navaid Zafar Ansari",webapps,php,,2023-04-06,2023-04-06,0,CVE-2023-0902,,,,,
51285,exploits/php/webapps/51285.txt,"Employee Task Management System v1.0 - Broken Authentication",2023-04-06,"Muhammad Navaid Zafar Ansari",webapps,php,,2023-04-06,2023-05-18,1,CVE-2023-0905,,,,,
51286,exploits/php/webapps/51286.txt,"Employee Task Management System v1.0 - SQL Injection on (task-details.php?task_id=?)",2023-04-06,"Muhammad Navaid Zafar Ansari",webapps,php,,2023-04-06,2023-05-18,1,CVE-2023-0904,,,,,
51287,exploits/php/webapps/51287.txt,"Employee Task Management System v1.0 - SQL Injection on edit-task.php",2023-04-06,"Muhammad Navaid Zafar Ansari",webapps,php,,2023-04-06,2023-05-18,1,CVE-2023-0902,,,,,
39427,exploits/php/webapps/39427.txt,"Employee TimeClock Software 0.99 - SQL Injection",2010-03-10,"Secunia Research",webapps,php,,2016-02-09,2016-11-17,1,CVE-2010-0122,,,,http://www.exploit-db.comtimeclock-software.zip,http://secunia.com/advisories/business_solutions/
44761,exploits/php/webapps/44761.txt,"Employee Work Schedule 5.9 - 'cal_id' SQL Injection",2018-05-26,AkkuS,webapps,php,,2018-05-26,2018-05-26,0,,,,,,
50583,exploits/php/webapps/50583.txt,"Employees Daily Task Management System 1.0 - 'multiple' Cross Site Scripting (XSS)",2021-12-09,able403,webapps,php,,2021-12-09,2021-12-09,0,,,,,,
@ -23584,10 +23584,10 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
32250,exploits/php/webapps/32250.py,"mUnky 0.01 - 'index.php' Remote Code Execution",2008-08-15,"Khashayar Fereidani",webapps,php,,2008-08-15,2016-12-09,1,,,,,http://www.exploit-db.communky-bliki-0.01a.tar.gz,https://www.securityfocus.com/bid/30705/info
12045,exploits/php/webapps/12045.html,"MunkyScripts Simple Gallery - SQL Injection",2010-04-04,ITSecTeam,webapps,php,,2010-04-03,,0,OSVDB-63537,,,,http://www.exploit-db.comSimpleGallery.zip,
34416,exploits/php/webapps/34416.txt,"Muraus Open Blog - Multiple HTML Injection Vulnerabilities",2010-08-05,"High-Tech Bridge SA",webapps,php,,2010-08-05,2014-08-26,1,,,,,,https://www.securityfocus.com/bid/42255/info
51289,exploits/php/webapps/51289.txt,"Music Gallery Site v1.0 - Broken Access Control",2023-04-06,"Muhammad Navaid Zafar Ansari",webapps,php,,2023-04-06,2023-04-06,0,CVE-2023-0963,,,,,
51288,exploits/php/webapps/51288.txt,"Music Gallery Site v1.0 - SQL Injection on music_list.php",2023-04-06,"Muhammad Navaid Zafar Ansari",webapps,php,,2023-04-06,2023-04-06,0,CVE-2023-0938,,,,,
51291,exploits/php/webapps/51291.txt,"Music Gallery Site v1.0 - SQL Injection on page Master.php",2023-04-06,"Muhammad Navaid Zafar Ansari",webapps,php,,2023-04-06,2023-04-06,0,CVE-2023-0962,,,,,
51290,exploits/php/webapps/51290.txt,"Music Gallery Site v1.0 - SQL Injection on page view_music_details.php",2023-04-06,"Muhammad Navaid Zafar Ansari",webapps,php,,2023-04-06,2023-04-06,0,CVE-2023-0961,,,,,
51289,exploits/php/webapps/51289.txt,"Music Gallery Site v1.0 - Broken Access Control",2023-04-06,"Muhammad Navaid Zafar Ansari",webapps,php,,2023-04-06,2023-05-18,1,CVE-2023-0963,,,,,
51288,exploits/php/webapps/51288.txt,"Music Gallery Site v1.0 - SQL Injection on music_list.php",2023-04-06,"Muhammad Navaid Zafar Ansari",webapps,php,,2023-04-06,2023-05-18,1,CVE-2023-0938,,,,,
51291,exploits/php/webapps/51291.txt,"Music Gallery Site v1.0 - SQL Injection on page Master.php",2023-04-06,"Muhammad Navaid Zafar Ansari",webapps,php,,2023-04-06,2023-05-18,1,CVE-2023-0962,,,,,
51290,exploits/php/webapps/51290.txt,"Music Gallery Site v1.0 - SQL Injection on page view_music_details.php",2023-04-06,"Muhammad Navaid Zafar Ansari",webapps,php,,2023-04-06,2023-05-18,1,CVE-2023-0961,,,,,
41137,exploits/php/webapps/41137.txt,"Music Site Script 1.2 - Authentication Bypass",2017-01-20,"Ihsan Sencan",webapps,php,,2017-01-20,2017-01-20,0,,,,,,
12823,exploits/php/webapps/12823.txt,"MusicBox - SQL Injection",2010-05-31,titanichacker,webapps,php,,2010-05-30,,1,,,,,,
27447,exploits/php/webapps/27447.txt,"MusicBox 2.3 - 'cart.php' Cross-Site Scripting",2006-03-18,Linux_Drox,webapps,php,,2006-03-18,2016-11-28,1,CVE-2006-1349;OSVDB-23968,,,,,https://www.securityfocus.com/bid/17149/info
@ -28575,7 +28575,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
43300,exploits/php/webapps/43300.txt,"Responsive Events & Movie Ticket Booking Script 3.2.1 - 'findcity.php?q' SQL Injection",2017-12-11,"Ihsan Sencan",webapps,php,,2017-12-11,2017-12-13,1,CVE-2017-17632,,,,,
49359,exploits/php/webapps/49359.py,"Responsive FileManager 9.13.4 - 'path' Path Traversal",2021-01-05,"Sun* Cyber Security Research Team",webapps,php,,2021-01-05,2021-04-08,0,,,,,,
45987,exploits/php/webapps/45987.txt,"Responsive FileManager 9.13.4 - Multiple Vulnerabilities",2018-12-14,"Fariskhi Vidyan",webapps,php,,2018-12-14,2018-12-14,0,,,,,http://www.exploit-db.comresponsive_filemanager.zip,
51251,exploits/php/webapps/51251.py,"Responsive FileManager 9.9.5 - Remote Code Execution (RCE)",2023-04-05,"Galoget Latorre",webapps,php,,2023-04-05,2023-04-05,0,CVE-2022-46604,,,,,
51251,exploits/php/webapps/51251.py,"Responsive FileManager 9.9.5 - Remote Code Execution (RCE)",2023-04-05,"Galoget Latorre",webapps,php,,2023-04-05,2023-05-18,1,CVE-2022-46604,,,,,
45271,exploits/php/webapps/45271.txt,"Responsive FileManager < 9.13.4 - Directory Traversal",2018-08-27,"Simon Uvarov",webapps,php,80,2018-08-27,2018-08-27,1,CVE-2018-15536;CVE-2018-15535,Traversal,,,http://www.exploit-db.comResponsiveFilemanager-9.13.3.tar.gz,
41272,exploits/php/webapps/41272.txt,"Responsive Filemanger <= 9.11.0 - Arbitrary File Disclosure",2017-02-07,"Wiswat Aswamenakul",webapps,php,,2017-02-07,2017-02-07,1,,,,,http://www.exploit-db.comResponsiveFilemanager-9.11.0.zip,
41533,exploits/php/webapps/41533.txt,"Responsive Matrimonial Script 4.0.1 - SQL Injection",2017-03-06,"Ihsan Sencan",webapps,php,,2017-03-06,2017-03-06,0,,,,,,
@ -29289,7 +29289,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
2883,exploits/php/webapps/2883.txt,"simple file manager 0.24a - Multiple Vulnerabilities",2006-12-02,flame,webapps,php,,2006-12-01,,1,OSVDB-37176;CVE-2006-6376,,,,,
26246,exploits/php/webapps/26246.txt,"Simple File Manager 024 - Authentication Bypass",2013-06-17,Chako,webapps,php,,2013-06-17,2013-06-17,1,OSVDB-94404,,,,http://www.exploit-db.comsfm-v24.tar.gz,
41943,exploits/php/webapps/41943.py,"Simple File Uploader - Arbitrary File Download",2017-04-27,"Daniel Godoy",webapps,php,,2017-04-27,2017-04-27,0,,,,,,
51292,exploits/php/webapps/51292.txt,"Simple Food Ordering System v1.0 - Cross-Site Scripting (XSS)",2023-04-06,"Muhammad Navaid Zafar Ansari",webapps,php,,2023-04-06,2023-04-06,0,CVE-2023-0902,,,,,
51292,exploits/php/webapps/51292.txt,"Simple Food Ordering System v1.0 - Cross-Site Scripting (XSS)",2023-04-06,"Muhammad Navaid Zafar Ansari",webapps,php,,2023-04-06,2023-05-18,1,CVE-2023-0902,,,,,
49740,exploits/php/webapps/49740.txt,"Simple Food Website 1.0 - Authentication Bypass",2021-04-05,"Viren Saroha",webapps,php,,2021-04-05,2021-04-05,0,,,,,,
4989,exploits/php/webapps/4989.txt,"Simple Forum 3.2 - File Disclosure / Cross-Site Scripting",2008-01-26,tomplixsee,webapps,php,,2008-01-25,2016-10-28,1,OSVDB-40819;CVE-2008-0542;OSVDB-40818;CVE-2008-0541,,,,,
37408,exploits/php/webapps/37408.txt,"Simple Forum PHP - Multiple SQL Injections",2012-06-14,"Vulnerability Research Laboratory",webapps,php,,2012-06-14,2015-06-28,1,,,,,,https://www.securityfocus.com/bid/54024/info

Can't render this file because it is too large.

16
ghdb.xml
View file

@ -53520,6 +53520,22 @@ passwords..etc</textualDescription>
<date>2013-08-08</date>
<author>anonymous</author>
</entry>
<entry>
<id>8187</id>
<link>https://www.exploit-db.com/ghdb/8187</link>
<category>Files Containing Juicy Info</category>
<shortDescription>inurl:wp-content/uploads/wcpa_uploads</shortDescription>
<textualDescription># Google Dork: inurl:wp-content/uploads/wcpa_uploads
# Files Containing Juicy Info
# Date: 17/05/2023
# Author: Stuart Steenberg
</textualDescription>
<query>inurl:wp-content/uploads/wcpa_uploads</query>
<querystring>https://www.google.com/search?q=inurl:wp-content/uploads/wcpa_uploads</querystring>
<edb></edb>
<date>2023-05-18</date>
<author>Stuart Steenberg</author>
</entry>
<entry>
<id>7669</id>
<link>https://www.exploit-db.com/ghdb/7669</link>