diff --git a/files.csv b/files.csv index 584752014..3b4816867 100755 --- a/files.csv +++ b/files.csv @@ -30579,7 +30579,6 @@ id,file,description,date,author,platform,type,port 33951,platforms/windows/dos/33951.txt,"Baidu Spark Browser v26.5.9999.3511 - Remote Stack Overflow Vulnerability (DoS)",2014-07-02,LiquidWorm,windows,dos,0 33953,platforms/php/webapps/33953.txt,"Zurmo CRM - Persistent XSS Vulnerability",2014-07-02,Provensec,php,webapps,80 33954,platforms/php/webapps/33954.txt,"Kerio Control 8.3.1 - Blind SQL Injection",2014-07-02,"Khashayar Fereidani",php,webapps,4081 -33955,platforms/php/webapps/33955.txt,"FireEye Malware Analysis System (MAS) 6.4.1 - Multiple Vulnerabilities",2014-07-02,kmkz,php,webapps,0 33957,platforms/php/webapps/33957.txt,"kloNews 2.0 'cat.php' Cross Site Scripting Vulnerability",2010-01-20,"cr4wl3r ",php,webapps,0 33958,platforms/cgi/webapps/33958.txt,"Digital Factory Publique! 2.3 'sid' Parameter SQL Injection Vulnerability",2010-05-06,"Christophe de la Fuente",cgi,webapps,0 33959,platforms/asp/webapps/33959.txt,"Multiple Consona Products 'n6plugindestructor.asp' Cross Site Scripting Vulnerability",2010-05-07,"Ruben Santamarta ",asp,webapps,0 @@ -30610,3 +30609,24 @@ id,file,description,date,author,platform,type,port 33985,platforms/php/webapps/33985.txt,"NPDS Revolution 10.02 'topic' Parameter Cross Site Scripting Vulnerability",2010-05-13,"High-Tech Bridge SA",php,webapps,0 33986,platforms/php/webapps/33986.txt,"PHP File Uploader Remote File Upload Vulnerability",2010-01-03,indoushka,php,webapps,0 33987,platforms/php/webapps/33987.txt,"PHP Banner Exchange 1.2 'signupconfirm.php' Cross Site Scripting Vulnerability",2010-01-03,indoushka,php,webapps,0 +33988,platforms/php/remote/33988.txt,"PHP 5.x 'ext/phar/stream.c' and 'ext/phar/dirstream.c' Multiple Format String Vulnerabilities",2010-05-14,"Stefan Esser",php,remote,0 +33989,platforms/windows/remote/33989.rb,"Oracle Event Processing FileUploadServlet Arbitrary File Upload",2014-07-07,metasploit,windows,remote,9002 +33990,platforms/multiple/remote/33990.rb,"Gitlist Unauthenticated Remote Command Execution",2014-07-07,metasploit,multiple,remote,80 +33991,platforms/php/remote/33991.rb,"Wordpress MailPoet (wysija-newsletters) Unauthenticated File Upload",2014-07-07,metasploit,php,remote,80 +33992,platforms/asp/webapps/33992.txt,"Platnik 8.1.1 Multiple SQL Injection Vulnerabilities",2010-05-17,podatnik386,asp,webapps,0 +33993,platforms/php/webapps/33993.txt,"Planet Script 1.x 'idomains.php' Cross Site Scripting Vulnerability",2010-05-14,Mr.ThieF,php,webapps,0 +33994,platforms/php/webapps/33994.txt,"PonVFTP Insecure Cookie Authentication Bypass Vulnerability",2010-05-17,SkuLL-HackeR,php,webapps,0 +33995,platforms/multiple/webapps/33995.txt,"Blaze Apps 1.x SQL Injection and HTML Injection Vulnerabilities",2010-01-19,"AmnPardaz Security Research Team",multiple,webapps,0 +33996,platforms/ios/webapps/33996.txt,"Photo Org WonderApplications 8.3 iOS - File Include Vulnerability",2014-07-07,Vulnerability-Lab,ios,webapps,0 +33997,platforms/php/webapps/33997.txt,"NPDS Revolution 10.02 'download.php' Cross Site Scripting Vulnerability",2010-05-18,"High-Tech Bridge SA",php,webapps,0 +33998,platforms/php/webapps/33998.html,"JoomlaTune JComments 2.1 Joomla! Component 'ComntrNam' Parameter Cross-Site Scripting Vulnerability",2010-05-18,"High-Tech Bridge SA",php,webapps,0 +33999,platforms/php/webapps/33999.txt,"Mobile Chat 2.0.2 'chatsmileys.php' Cross Site Scripting Vulnerability",2010-01-18,indoushka,php,webapps,0 +34000,platforms/multiple/webapps/34000.txt,"Serialsystem 1.0.4 BETA 'list' Parameter Cross Site Scripting Vulnerability",2010-01-18,indoushka,multiple,webapps,0 +34001,platforms/linux/local/34001.c,"Linux Kernel 2.6.x Btrfs Cloned File Security Bypass Vulnerability",2010-05-18,"Dan Rosenberg",linux,local,0 +34002,platforms/windows/remote/34002.c,"TeamViewer 5.0.8232 Remote Buffer Overflow Vulnerability",2010-05-18,"fl0 fl0w",windows,remote,0 +34003,platforms/php/webapps/34003.txt,"Percha Image Attach 1.1 Component for Joomla! index.php controller Parameter Traversal Arbitrary File Access",2010-05-19,AntiSecurity,php,webapps,0 +34004,platforms/php/webapps/34004.txt,"Percha Fields Attach 1.0 Component for Joomla! index.php controller Parameter Traversal Arbitrary File Access",2010-05-19,AntiSecurity,php,webapps,0 +34005,platforms/php/webapps/34005.txt,"Percha Downloads Attach 1.1 Component for Joomla! index.php controller Parameter Traversal Arbitrary File Access",2010-05-19,AntiSecurity,php,webapps,0 +34006,platforms/php/webapps/34006.txt,"Percha Gallery Component 1.6 Beta for Joomla! index.php controller Parameter Traversal Arbitrary File Access",2010-05-19,AntiSecurity,php,webapps,0 +34007,platforms/php/webapps/34007.txt,"Dolibarr CMS 3.5.3 - Multiple Security Vulnerabilities",2014-07-08,"Deepak Rathore",php,webapps,0 +34008,platforms/php/webapps/34008.txt,"Percha Multicategory Article Component 0.6 for Joomla! index.php controller Parameter Arbitrary File Access",2010-05-19,AntiSecurity,php,webapps,0 diff --git a/platforms/asp/webapps/33992.txt b/platforms/asp/webapps/33992.txt new file mode 100755 index 000000000..01bbfa683 --- /dev/null +++ b/platforms/asp/webapps/33992.txt @@ -0,0 +1,11 @@ +source: http://www.securityfocus.com/bid/40201/info + +Platnik is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. + +Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. + +Platnik 8.01.001 is affected; other versions may also be vulnerable. + +INSERT INTO dbo.UZYTKOWNIK VALUES('LOGIN', 'TEST', 'TEST', 'password hash', '2010-02-28 15:46:48', null, 'A', null)-- +INSERT INTO dbo.UPRAWNIENIA VALUES(id_user, id_platnik)-- +or 1=1-- \ No newline at end of file diff --git a/platforms/ios/webapps/33996.txt b/platforms/ios/webapps/33996.txt new file mode 100755 index 000000000..a158bddd4 --- /dev/null +++ b/platforms/ios/webapps/33996.txt @@ -0,0 +1,237 @@ +Document Title: +=============== +Photo Org WonderApplications v8.3 iOS - File Include Vulnerability + + +References (Source): +==================== +http://www.vulnerability-lab.com/get_content.php?id=1277 + + +Release Date: +============= +2014-07-04 + + +Vulnerability Laboratory ID (VL-ID): +==================================== +1277 + + +Common Vulnerability Scoring System: +==================================== +7.1 + + +Product & Service Introduction: +=============================== +Create great photo albums and video diaries with PhotoOrg. Keep your photo album and video diary secured with passwords. +Share your photo albums and video diary on Facebook, Twitter, Youtube, Picasa, Flickr and MySpace with family, friends +and business associates. + +Photo Editor with the following ability: +-Over eleven photo effects +-Four different photo enhancer +-Rotate and flip photo +-Crop photo +-Change photo brightness +-Change photo Contrast +-Change photo saturation +-Change photo sharpness +-Draw on photo with different colors +-Write text on your photo +-Remove red eyes +-Whiten photo +-Remove blemish on photo + +Features: +-view your pictures and videos using your browser +-upload your picture and video using your browser +-upload video to Youtube, Picasa, Facebook, Twitter, Flickr and MySpace +-upload multiple pictures to Facebook, Twitter, Flickr and MySpace +-Keep your photo and videos organized the way you like it +-Keep your photo and video secured with password +-copy your photo and video from anywhere and paste them into the application + + +( Copy of the Homepage: https://itunes.apple.com/us/app/photo-org/id330740156 ) + + +Abstract Advisory Information: +============================== +The Vulnerability Laboratory Research Team discovered a local file include vulnerability in the official WonderApplications Photo Org v8.3 iOS web-application. + + +Vulnerability Disclosure Timeline: +================================== +2014-07-04: Public Disclosure (Vulnerability Laboratory) + + +Discovery Status: +================= +Published + + +Affected Product(s): +==================== +WonderApplications +Product: Photo Org L - iOS Mobile Application 8.3 + + +Exploitation Technique: +======================= +Local + + +Severity Level: +=============== +High + + +Technical Details & Description: +================================ +A local file include web vulnerability has been discovered in the official WonderApplications Photo Org v8.3 iOS web-application. +The local file include web vulnerability allows remote attackers to unauthorized include local file/path requests or system specific +path commands to compromise the mobile web-application. + +The web vulnerability is located in the `filename` value of the `uploadMedia` (uploadfile) module. Remote attackers are able to inject +own files with malicious `filename` values in the `uploadMedia` POST method request to compromise the mobile web-application. The local +file/path include execution occcurs in the index file/folder list context next to the vulnerable name/path value. The attacker is able +to inject the local file request by usage of the available `wifi interface` for file exchange/share. + +Remote attackers are also able to exploit the filename validation issue in combination with persistent injected script codes to execute +different local malicious attacks requests. The attack vector is on the application-side of the wifi service and the request method to +inject is POST. + +The security risk of the local file include web vulnerability is estimated as high with a cvss (common vulnerability scoring system) +count of 7.1. Exploitation of the local file include web vulnerability requires no privileged web-application user account but low +user interaction. Successful exploitation of the local file include web vulnerability results in mobile application or connected +device component compromise. + + +Request Method(s): + [+] [POST] + +Vulnerable Service(s): + [+] WonderApplications - WiFi Share + +Vulnerable Module(s): + [+] uploadMedia + +Vulnerable Parameter(s): + [+] filename + +Affected Module(s): + [+] Index File/Folder Dir Listing (http://localhost:[port-x]/) + + +Proof of Concept (PoC): +======================= +The local file inlcude web vulnerability can be exploited by remote attackers with low privileged application user account and without user interaction. +For security demonstration or to reproduce the vulnerability follow the provided information and steps below to continue. + + +PoC: WonderApplications (Photo & Video) - Index- & Sub-Categories + +
+
+ abcde |
+![]() +abcdef <././/var/mobile/Applications/[LOCAL FILE INCLUDE VULNERABILITY!].png.zip"> + |