exploit-db-mirror/exploits/php/webapps/43991.txt
Offensive Security 2c4b08963a DB: 2018-02-08
25 changes to exploits/shellcodes

QNAP NAS Devices - Heap Overflow

QNAP NVR/NAS - Buffer Overflow (PoC)
QNAP NVR/NAS Devices - Buffer Overflow (PoC)
Cisco ASA - Crash PoC
Asterisk 13.17.2 - 'chan_skinny' Remote Memory Corruption
Android - 'getpidcon' Permission Bypass in KeyStore Service
Multiple OEM - 'nsd' Remote Stack Format String (PoC)

HP-UX 11.0 - pppd Stack Buffer Overflow
HP-UX 11.0 - 'pppd' Local Stack Buffer Overflow

SGI IRIX - 'LsD' Multiple Buffer Overflows
SGI IRIX - 'LsD' Multiple Local Buffer Overflows

PostScript Utilities - 'psnup' Argument Buffer Overflow
PostScript Utilities - 'psnup' Local Buffer Overflow

Open Cubic Player 2.6.0pre6/0.1.10_rc5 - Multiple Buffer Overflows
Open Cubic Player 2.6.0pre6/0.1.10_rc5 - Multiple Local Buffer Overflows

MalwareFox AntiMalware 2.74.0.150 - Privilege Escalation
Geovision Inc. IP Camera/Video/Access Control - Multiple Remote Command Execution / Stack Overflow / Double Free / Unauthorized Access
Geovision Inc. IP Camera & Video - Remote Command Execution
Axis SSI - Remote Command Execution / Read Files
Axis Communications MPQT/PACS - Heap Overflow / Information Leakage
Adobe Coldfusion 11.0.03.292866 - BlazeDS Java Object Deserialization Remote Code Execution
Herospeed - 'TelnetSwitch' Remote Stack Overflow / Overwrite Password / Enable TelnetD
Uniview - Remote Command Execution / Export Config (PoC)
Vitek - Remote Command Execution / Information Disclosure (PoC)
Vivotek IP Cameras - Remote Stack Overflow (PoC)
Dahua Generation 2/3 - Backdoor Access
HiSilicon DVR Devices - Remote Code Execution

JiRos Banner Experience 1.0 - Unauthorised Create Admin
JiRos Banner Experience 1.0 - Unauthorized Create Admin
Doctor Search Script 1.0.2 - Persistent Cross-Site Scripting
Multilanguage Real Estate MLM Script - Persistent Cross-Site Scripting
Naukri Clone Script - Persistent Cross-Site Scripting
Hot Scripts Clone Script Classified - Persistent Cross-Site Scripting
Online Test Script 2.0.7 - 'cid' SQL Injection
Entrepreneur Dating Script 2.0.2 - Authentication Bypass
2018-02-08 05:01:53 +00:00

20 lines
No EOL
808 B
Text

######################################################################################
# Exploit Title: Hot Scripts Clone : Script Classified - Stored XSS
# Date: 06.02.2018
# Exploit Author: Prasenjit Kanti Paul
# Web: http://hack2rule.wordpress.com/
# Vendor Homepage: https://www.phpscriptsmall.com/
# Software Link: https://www.phpscriptsmall.com/product/hot-scripts-clone-script-classified/
# Category: Web Application
# Version: 3.1
# Tested on: Linux Mint
# CVE: na
#######################################################################################
Proof of Concept
=================
1. Login to Hot Scripts Clone : Script Classified
2. Select Any Ads
3. Goto below review section and put "<script>alert("PKP")</script>" as
title or description
4. You will have popup of "PKP"