01eb066d9d
11 new exploits IBM AIX 5.2/5.3 FTP Client - Local Buffer Overflow Yahoo! Widgets Engine 4.0.3 - YDPCTL.dll ActiveX Control Buffer Overflow Simple PHP Blog 0.8.4 - Cross-Site Request Forgery (Add Admin) Simple PHP Blog 0.8.4 - (Add Admin) Cross-Site Request Forgery miniblog 1.0.1 - Cross-Site Request Forgery (Add New Post) miniblog 1.0.1 - (Add New Post) Cross-Site Request Forgery PHP Press Release - Cross-Site Request Forgery (Add Admin) PHP Press Release - (Add Admin) Cross-Site Request Forgery Maian Weblog 4.0 - Cross-Site Request Forgery (Add New Post) Spacemarc News - Cross-Site Request Forgery (Add New Post) Minecraft Launcher - Insecure File Permissions Privilege Escalation Maian Weblog 4.0 - (Add New Post) Cross-Site Request Forgery Spacemarc News - (Add New Post) Cross-Site Request Forgery Minecraft Launcher 1.6.61 - Insecure File Permissions Privilege Escalation sheed AntiVirus - Unquoted Service Path Privilege Escalation AVTECH IP Camera_ NVR_ and DVR Devices - Multiple Vulnerabilities sheed AntiVirus 2.3 - Unquoted Service Path Privilege Escalation AVTECH IP Camera_ NVR_ and DVR Devices - Multiple Vulnerabilities Linux Kernel 3.13.1 - Recvmmsg Privilege Escalation (Metasploit) Linux Kernel 3.13.1 - 'Recvmmsg' Privilege Escalation (Metasploit) ApPHP MicroBlog 1.0.2 - Cross-Site Request Forgery (Add New Author) ApPHP MicroBlog 1.0.2 - (Add New Author) Cross-Site Request Forgery Subversion 1.6.6 / 1.6.12 - Code Execution Cisco Webex Player T29.10 - '.WRF' Use-After-Free Memory Corruption Cisco Webex Player T29.10 - '.ARF' Out-of-Bounds Memory Corruption Adobe Flash Player 23.0.0.162 - '.SWF' ConstantPool Critical Memory Corruption Categorizator 0.3.1 - SQL Injection NetBilletterie 2.8 - Multiple Vulnerabilities ApPHP MicroCMS 3.9.5 - Stored Cross Site Scripting OpenCimetiere v3.0.0-a5 - Blind SQL Injection Android - Binder Generic ASLR Leak ApPHP MicroCMS 3.9.5 - (Add Admin) Cross-Site Request Forgery
31 lines
No EOL
1.6 KiB
Text
Executable file
31 lines
No EOL
1.6 KiB
Text
Executable file
# Exploit Title: NetBilletterie 2.8 | Multiple Vulnerabilities
|
|
# Date: 14/07/16
|
|
# Exploit Author: Wadeek
|
|
# Website Author: https://github.com/Wad-Deek
|
|
# Vendor Homepage: http://net-billetterie.tuxfamily.org/
|
|
# Software Link: https://sourceforge.net/projects/netbilletterie/files/
|
|
# Demo Link: http://net-billetterie.tuxfamily.org/NetBilletterieDemo/login.inc.php
|
|
# Version: 2.8
|
|
# Tested on: Xampp on Windows7
|
|
# Fuzzing tool: https://github.com/Trouiller-David/PHP-Source-Code-Analysis-Tools
|
|
|
|
[phpinfo()]
|
|
################################################################
|
|
(200) => http://localhost/netbilletterie/php_info.php
|
|
################################################################
|
|
|
|
[6 SQL Injection (Type: time-based blind)]
|
|
################################################################
|
|
(200) => http://localhost/netbilletterie/lister_detail_bon.php?date_debut=*
|
|
(200) => http://localhost/netbilletterie/lister_pointes_ok.php?date_debut=*
|
|
(302) => http://localhost/netbilletterie/delete_article.php?article=*
|
|
(302) => http://localhost/netbilletterie/delete_banque.php?id_banque=*
|
|
(302) => http://localhost/netbilletterie/delete_tarif.php?id_tarif=*
|
|
(302) => http://localhost/netbilletterie/del_client.php?num=*
|
|
################################################################
|
|
|
|
[2 SQL Injection (Type: boolean-based blind)]
|
|
################################################################
|
|
(200) => http://localhost/netbilletterie/fpdf/liste_spectateurs.php?article=*
|
|
(200) => http://localhost/netbilletterie/fpdf/liste_spectateurs_attente.php?article=*
|
|
################################################################ |