From b98d02460d144d7866981088bab15cd260c53eb4 Mon Sep 17 00:00:00 2001 From: Offensive Security Date: Tue, 22 Jul 2014 04:41:14 +0000 Subject: [PATCH] Updated 07_22_2014 --- files.csv | 6 ++++++ platforms/php/webapps/34089.txt | 18 ++++++++++++++++++ platforms/php/webapps/34119.txt | 9 +++++++++ platforms/php/webapps/34120.txt | 9 +++++++++ platforms/php/webapps/34121.txt | 9 +++++++++ platforms/php/webapps/34127.txt | 9 +++++++++ platforms/windows/remote/34126.txt | 14 ++++++++++++++ 7 files changed, 74 insertions(+) create mode 100755 platforms/php/webapps/34089.txt create mode 100755 platforms/php/webapps/34119.txt create mode 100755 platforms/php/webapps/34120.txt create mode 100755 platforms/php/webapps/34121.txt create mode 100755 platforms/php/webapps/34127.txt create mode 100755 platforms/windows/remote/34126.txt diff --git a/files.csv b/files.csv index d8118f795..3f2759509 100755 --- a/files.csv +++ b/files.csv @@ -30697,6 +30697,7 @@ id,file,description,date,author,platform,type,port 34086,platforms/linux/webapps/34086.txt,"Bitdefender GravityZone 5.1.5.386 - Multiple Vulnerabilities",2014-07-16,"SEC Consult",linux,webapps,443 34087,platforms/php/webapps/34087.txt,"Joomla Youtube Gallery Component - SQL Injection Vulnerability",2014-07-16,"Pham Van Khanh",php,webapps,80 34088,platforms/android/remote/34088.html,"Boat Browser 8.0 and 8.0.1 - Remote Code Execution Vulnerability",2014-07-16,c0otlass,android,remote,0 +34089,platforms/php/webapps/34089.txt,"Bilboplanet 2.0 - Multiple XSS Vulnerabilities",2014-07-16,"Vivek N",php,webapps,80 34090,platforms/multiple/dos/34090.py,"Node Browserify 4.2.0 - Remote Code Execution Vulnerability",2014-07-16,"Cal Leeming",multiple,dos,0 34091,platforms/php/webapps/34091.txt,"Pay Per Minute Video Chat Script 2.x SQL Injection and Multiple Cross Site Scripting Vulnerabilities",2010-01-04,R3d-D3V!L,php,webapps,0 34092,platforms/jsp/webapps/34092.txt,"JForum 2.1.8 'bookmarks' Module Multiple HTML Injection Vulnerabilities",2010-06-06,"Adam Baldwin",jsp,webapps,0 @@ -30720,3 +30721,8 @@ id,file,description,date,author,platform,type,port 34116,platforms/php/webapps/34116.txt,"Bits Video Script 2.05 Gold Beta showcasesearch.php rowptem[template] Parameter Remote File Inclusion",2010-01-18,indoushka,php,webapps,0 34117,platforms/php/webapps/34117.txt,"Bits Video Script 2.05 Gold Beta showcase2search.php rowptem[template] Parameter Remote File Inclusion",2010-01-18,indoushka,php,webapps,0 34118,platforms/php/webapps/34118.txt,"Hitmaaan Gallery 1.3 Multiple Cross Site Scripting Vulnerabilities",2010-01-18,indoushka,php,webapps,0 +34119,platforms/php/webapps/34119.txt,"Bits Video Script 2.04/2.05 addvideo.php File Upload Arbitrary PHP Code Execution",2010-01-18,indoushka,php,webapps,0 +34120,platforms/php/webapps/34120.txt,"Bits Video Script 2.04/2.05 register.php File Upload Arbitrary PHP Code Execution",2010-01-18,indoushka,php,webapps,0 +34121,platforms/php/webapps/34121.txt,"Bits Video Script 2.04/2.05 'search.php' Cross Site Scripting Vulnerability",2010-01-18,indoushka,php,webapps,0 +34126,platforms/windows/remote/34126.txt,"Microsoft Help and Support Center 'sysinfo/sysinfomain.htm' Cross Site Scripting Weakness",2010-06-10,"Tavis Ormandy",windows,remote,0 +34127,platforms/php/webapps/34127.txt,"Arab Portal 2.2 'members.php' SQL Injection Vulnerability",2010-06-10,SwEET-DeViL,php,webapps,0 diff --git a/platforms/php/webapps/34089.txt b/platforms/php/webapps/34089.txt new file mode 100755 index 000000000..61013081a --- /dev/null +++ b/platforms/php/webapps/34089.txt @@ -0,0 +1,18 @@ +# Exploit Title: Multiple XSS vulnerabilities in Bilboplanet application +# Date: 10/15/13 +# Exploit Author:Vivek N +# (http://nvivek.weebly.com/) +# Vendor Homepage: http://www.bilboplanet.com/ +# Software Link: www.bilboplanet.com/index.php/downloads/?lang=en +# Version: 2.0 +# Tested on: Windows +# CVE : + + 1. Stored XSS Vulnerability when creating and updating tribes in + http://localhost/bilboplanet/user/?page=tribes + POST Parameter: tribe_name + 2. Stored XSS vulnerability when adding tag + http://localhost/bilboplanet/user/?page=tribes + POST Parameter: tags + 3. Stored XSS in parameters : user_id and fullname + http://127.0.0.1/bilboplanet/signup.php diff --git a/platforms/php/webapps/34119.txt b/platforms/php/webapps/34119.txt new file mode 100755 index 000000000..c97618dce --- /dev/null +++ b/platforms/php/webapps/34119.txt @@ -0,0 +1,9 @@ +source: http://www.securityfocus.com/bid/40712/info + +Bits Video Script is prone to multiple arbitrary-file-upload vulnerabilities because it fails to properly sanitize user-supplied input. + +An attacker can exploit these vulnerabilities to upload arbitrary code and run it in the context of the webserver process. This may facilitate unauthorized access or privilege escalation; other attacks are also possible. + +Bits Video Script 2.04 and 2.05 Gold Beta are vulnerable; other versions may also be affected. + +http://www.example.com/Video/addvideo.php \ No newline at end of file diff --git a/platforms/php/webapps/34120.txt b/platforms/php/webapps/34120.txt new file mode 100755 index 000000000..f9ef22f18 --- /dev/null +++ b/platforms/php/webapps/34120.txt @@ -0,0 +1,9 @@ +source: http://www.securityfocus.com/bid/40712/info + +Bits Video Script is prone to multiple arbitrary-file-upload vulnerabilities because it fails to properly sanitize user-supplied input. + +An attacker can exploit these vulnerabilities to upload arbitrary code and run it in the context of the webserver process. This may facilitate unauthorized access or privilege escalation; other attacks are also possible. + +Bits Video Script 2.04 and 2.05 Gold Beta are vulnerable; other versions may also be affected. + +http://www.example.com/Video/register.php \ No newline at end of file diff --git a/platforms/php/webapps/34121.txt b/platforms/php/webapps/34121.txt new file mode 100755 index 000000000..2fcba18bf --- /dev/null +++ b/platforms/php/webapps/34121.txt @@ -0,0 +1,9 @@ +source: http://www.securityfocus.com/bid/40716/info + +Bits Video Script is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. + +An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. + +Bits Video Script 2.04 and 2.05 Gold Beta are vulnerable; other versions may also be affected. + +http://www.example.com/Video/search.php?order=>'>alert(213771818860)%3B \ No newline at end of file diff --git a/platforms/php/webapps/34127.txt b/platforms/php/webapps/34127.txt new file mode 100755 index 000000000..b28848789 --- /dev/null +++ b/platforms/php/webapps/34127.txt @@ -0,0 +1,9 @@ +source: http://www.securityfocus.com/bid/40735/info + +Arab Portal is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. + +Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. + +Arab Portal 2.2 is vulnerable; other versions may also be affected. + +http://www.example.com/apt/members.php?action=msearch&by=[SQL] \ No newline at end of file diff --git a/platforms/windows/remote/34126.txt b/platforms/windows/remote/34126.txt new file mode 100755 index 000000000..f0739db4a --- /dev/null +++ b/platforms/windows/remote/34126.txt @@ -0,0 +1,14 @@ +source: http://www.securityfocus.com/bid/40721/info + +Help and Support Center is prone to a cross-site scripting weakness because it fails to properly sanitize user-supplied input. + +An attacker may leverage this issue to execute arbitrary script code in the privileged zone of the browser of an unsuspecting user. + +NOTE: This issue is a weakness because the affected file is only accessible by trusted sources unless other vulnerabilities, such as BID 40725 (Microsoft Windows Help And Support Center Trusted Document Whitelist Bypass Vulnerability) are used to bypass the restrictions. This weakness may then be used to execute script code in the privileged zone of the browser by unauthorized sites. + + +The following example URI is available: + +hcp://system/sysinfo/sysinfomain.htm?svr=

test

+ +