Websecurity - Веб безпека

В даній добірці експлоіти в веб додатках:

• DMXReady SDK <= 1.1 Remote File Download Vulnerability (деталі)
• DMXReady BillboardManager <= 1.1 Contents Change Vulnerability (деталі)
• DMXReady Secure Document Library <= 1.1 Remote SQL Injection Vuln (деталі)
• DMXReady Billboard Manager <= 1.1 Remote File Upload Vulnerability (деталі)
• Aj Classifieds - Personals v3 Remote Shell Upload Vulnerability (деталі)
• Aj Classifieds - Real Estate v3 Remote Shell Upload Vulnerability (деталі)
• ASP ActionCalendar v.1.3 (Auth Bypass) SQL Injection Vulnerability (деталі)
• BlogIt! (SQL/DD/XSS) Multiple Remote Vulnerabilities (деталі)
• RankEm (DD/XSS/CM) Multiple Remote Vulnerabilities (деталі)
• Fhimage 1.2.1 Remote Command Execution Exploit (mq = off) (деталі)
• Fhimage 1.2.1 Remote Index Change Exploit (деталі)
• ESPG (Enhanced Simple PHP Gallery) 1.72 File Disclosure Vulnerability (деталі)
• SCMS v1 (index.php p) Local File Inclusion Vulnerability (деталі)
• Click&Email (Auth Bypass) SQL Injection Vulnerability (деталі)
• DS-IPN.NET Digital Sales IPN Database Disclosure Vulnerability (деталі)

P.S.

Враховуючи, що сайт www.milw0rm.com зараз не працює, то експлоіти розміщені на ньому вам потрібно буде шукати в кешах пошукових систем.

В даній добірці експлоіти в веб додатках:

• DMXReady Document Library Manager <= 1.1 Contents Change Vuln (деталі)
• DMXReady Contact Us Manager <= 1.1 Remote Contents Change Vuln (деталі)
• DMXReady PayPal Store Manager <= 1.1 Contents Change Vulnerability (деталі)
• DMXReady Registration Manager <= 1.1 Contents Change Vulnerability (деталі)
• DMXReady Photo Gallery Manager <= 1.1 Contents Change Vulnerability (деталі)
• GNUBoard 4.31.03 (08.12.29) Local File Inclusion Vulnerability (деталі)
• Joomla Component RD-Autos 1.5.2 (id) SQL Injection Vulnerability (деталі)
• Free Bible Search PHP Script (readbible.php) SQL Injection Vulnerability (деталі)
• Blue Eye CMS <= 1.0.0 (clanek) Blind SQL Injection Exploit (деталі)
• MKPortal <= 1.2.1 Multiple Remote Vulnerabilities (деталі)
• Novell Netware 6.5 (ICEbrowser) Remote System DoS Exploit (деталі)
• BibCiter 1.4 Multiple SQL Injection Vulnerabilities (деталі)
• Simple PHP Newsletter 1.5 (olang) Local File Inclusion Vulnerabilities (деталі)
• Aj Classifieds - For Sale v3 Remote Shell Upload Vulnerability (деталі)
• Surgemail stack overflow PoC exploit (деталі)

Нещодавно була виявлена Denial of Service уразливість в Internet Explorer 6 та 7. Для даної уразливості був розроблений експлоіт.

За словами автора експлоіта, вразливі IE6 та IE7 на Windows Vista, XP SP2 та XP SP3 (браузер повинен вилітати). В мене даний експлоіт працює на IE6 (браузер зависає).

• MS Internet Explorer (Javascript SetAttribute) Remote Crash Exploit (деталі)

В даній добірці експлоіти в веб додатках:

• Joomla Component Fantasytournament SQL Injection Vulnerabilities (деталі)
• Joomla Component Camelcitydb2 2.2 SQL Injection Vulnerabilities (деталі)
• DMXReady Members Area Manager <= 1.2 SQL Injection Vulnerability (деталі)
• DMXReady Member Directory Manager <= 1.1 SQL Injection Vulnerability (деталі)
• DMXReady Links Manager <= 1.1 Remote Contents Change Vulnerability (деталі)
• DMXReady Job Listing <= 1.1 Remote Contents Change Vulnerability (деталі)
• DMXReady Faqs Manager <= 1.1 Remote Contents Change Vulnerability (деталі)
• Oracle Secure Backup 10g exec_qr() Command Injection Vulnerability (деталі)
• phosheezy 2.0 Remote Command Execution Exploit (деталі)
• phpList <= 2.10.8 Local File Inclusion Vulnerability (деталі)
• Php Photo Album 0.8b (index.php preview) Local File Inclusion Vulnerability (деталі)
• Oracle TimesTen Remote Format String PoC (деталі)
• NetSurf Web Browser 1.2 Multiple Remote Vulnerabilities (деталі)
• Joomla com_Eventing 1.6.x Blind SQL Injection Exploit (деталі)
• minb Remote Code Execution Exploit (деталі)

В даній добірці експлоіти в веб додатках:

• Weight Loss Recipe Book 3.1 (Auth Bypass) SQL Injection Vuln (деталі)
• BKWorks ProPHP 0.50b1 (Auth Bypass) SQL Injection Vulnerability (деталі)
• XOOPS Module tadbook2 (open_book.php book_sn) SQL Injection Vuln (деталі)
• phpMDJ <= 1.0.3 (id_animateur) Blind SQL Injection Exploit (деталі)
• Realtor 747 (define.php INC_DIR) Remote File Inclusion Vulnerability (деталі)
• dMx READY ( 25 Products ) Remote Database Disclosure Vulnerability (деталі)
• PWP Wiki Processor 1-5-1 Remote File Upload Vulnerability (деталі)
• Comersus Shopping Cart <= v6 Remote User Pass Exploit (деталі)
• Simple Machines Forum - Destroyer 0.1 (деталі)
• Joomla Component Portfol (vcatid) SQL Injection Vulnerability (деталі)
• Nofeel FTP Server 3.6 (CWD) Remote Memory Consumption Exploit (деталі)
• DMXReady Account List Manager <= 1.1 Contents Change Vulnerability (деталі)
• HSPell 1.1 (cilla.cgi) Remote Command Execution Exploit (деталі)
• DMXReady News Manager <= 1.1 Arbitrary Category Change Vuln (деталі)
• PhsBlog Bypass Sql injection Filtering Exploit (деталі)

В даній добірці експлоіти в веб додатках:

• Perception LiteServe 2.0.1 (user) Remote Buffer Overflow PoC (деталі)
• QuoteBook (poll.inc) Remote Config File Disclosure Vulnerability (деталі)
• PHP-Fusion Mod E-Cart 1.3 (items.php CA) SQL Injection Vulnerability (деталі)
• PHP-Fusion Mod Members CV (job) 1.0 SQL Injection Vulnerability (деталі)
• CuteNews <= 1.4.6 (ip ban) Command Execution Exploit (admin req.) (деталі)
• Pizzis CMS <= 1.5.1 (visualizza.php idvar) Blind SQL Injection Exploit (деталі)
• PHP-Fusion Mod vArcade 1.8 (comment_id) SQL Injection Vulnerability (деталі)
• XOOPS 2.3.2 (mydirname) Remote PHP Code Execution Exploit (деталі)
• Fast FAQs System (Auth Bypass) SQL Injection Vulnerability (деталі)
• Photobase 1.2 (language) Local File Inclusion Vulnerability (деталі)
• Silentum Uploader 1.4.0 Remote File Deletion Exploit (деталі)
• fttss <= 2.0 Remote Command Execution Vulnerability (деталі)
• Social Engine (browse_classifieds.php s) SQL Injection Vulnerability (деталі)
• PHP-Fusion Mod the_kroax (comment_id) SQL Injection Vulnerability (деталі)
• Exploits Ezphotogallery Multiple Vulnerabilities (Xss/Login Bypass/Sql injection Exploit/File Disclosure) (деталі)

Нова добірка експлоітів для останніх помилок (уразливостей) в Internet Explorer. В ній представлені експлоіти для IE7 та IE8.

• MS Internet Explorer 7 Video ActiveX Remote Buffer Overflow Exploit (деталі)
• MS Internet Explorer 7/8 findText Unicode Parsing Crash Exploit (деталі)
• MS Internet Explorer 8.0.7100.0 Simple HTML Remote Crash PoC (деталі)

Попередня добірка eксплоітів для Internet Explorer.

В даній добірці експлоіти в веб додатках:

• Safari (Arguments) Array Integer Overflow PoC (New Heap Spray) (деталі)
• RiotPix <= 0.61 (Auth Bypass) SQL Injection Vulnerability (деталі)
• ezPack 4.2b2 (XSS/SQL) Multiple Remote Vulnerabilities (деталі)
• RiotPix <= 0.61 (forumid) Blind SQL Injection Exploit (деталі)
• PHPAuctionSystem Multiple Remote File Inclusion Vulnerabilities (деталі)
• Oracle 10g SYS.LT.COMPRESSWORKSPACETREE SQL Injection Exploit (деталі)
• Oracle 10g SYS.LT.MERGEWORKSPACE SQL Injection Exploit (деталі)
• Oracle 10g SYS.LT.REMOVEWORKSPACE SQL Injection Exploit (деталі)
• Goople <= 1.8.2 (frontpage.php) Blind SQL Injection Exploit (деталі)
• playSMS 0.9.3 Multiple Remote/Local File Inclusion Vulnerabilities (деталі)
• ItCMS <= 2.1a (Auth Bypass) SQL Injection Vulnerability (деталі)
• Joomla <= 1.5.8 (xstandard editor) Local Directory Traversal Vulnerability (деталі)
• PollHelper (poll.inc) Remote Config File Disclosure Vulnerability (деталі)
• BlogHelper (common_db.inc) Remote Config File Disclosure Vulnerability (деталі)
• Exploits munky-bliki Lfi (деталі)

В даній добірці експлоіти в веб додатках:

• Webspell 4 (Auth Bypass) SQL Injection Vulnerability (деталі)
• Lito Lite CMS Multiple Cross Site Scripting / Blind SQL Injection Exploit (деталі)
• Cybershade CMS 0.2b (index.php) Remote File Inclusion Exploit (деталі)
• Joomla Component simple_review 1.x SQL Injection Vulnerability (деталі)
• Ayemsis Emlak Pro (Auth Bypass) SQL Injection Vulnerability (деталі)
• Ayemsis Emlak Pro (acc.mdb) Database Disclosure Vulnerability (деталі)
• The Rat CMS Alpha 2 (viewarticle.php id) Blind SQL Injection Exploit (деталі)
• plxAutoReminder 3.7 (id) Remote SQL Injection Vulnerability (деталі)
• PhpMesFilms 1.0 (index.php id) Remote SQL Injection Vulnerability (деталі)
• WSN Guest 1.23 (search) Remote SQL Injection Vulnerability (деталі)
• PHPAuctionSystem (XSS/SQL) Multiple Remote Vulnerabilities (деталі)
• Joomla com_phocadocumentation (id) Remote SQL Injection Exploit (деталі)
• Joomla com_na_newsdescription (newsid) SQL Injection Exploit (деталі)
• PHPAuctionSystem Insecure Cookie Handling Vulnerability (деталі)
• K-Links Directory Blind SQL Injection Exploit (деталі)

В даній добірці експлоіти в веб додатках:

• Megacubo 5.0.7 (mega://) Remote File Download and Execute Exploit (деталі)
• DDL-Speed Script (acp/backup) Admin Backup Bypass Vulnerability (деталі)
• ViArt Shopping Cart 3.5 Multiple Remote Vulnerabilities (деталі)
• Konqueror <= 4.1 XSS / Remote Crash Vulnerabilities (деталі)
• PowerClan 1.14a (Auth Bypass) SQL Injection Vulnerability (деталі)
• PowerNews 2.5.4 (news.php newsid) SQL Injection Vulnerability (деталі)
• w3blabor CMS <= 3.3.0 (Admin Bypass) SQL Injection Vulnerability (деталі)
• phpScribe 0.9 (user.cfg) Remote Config Disclosure Vulnerability (деталі)
• Memberkit 1.0 Remote PHP File Upload Vulnerability (деталі)
• PHPFootball <= 1.6 (filter.php) Remote Hash Disclosure Exploit (деталі)
• ASPThai.Net Webboard 6.0 (bview.asp) SQL Injection Vulnerability (деталі)
• phpSkelSite 1.4 (RFI/LFI/XSS) Multiple Remote Vulnerabilities (деталі)
• Built2Go PHP Rate My Photo 1.46.4 Remote File Upload Vulnerability (деталі)
• Built2Go PHP Link Portal 1.95.1 Remote File Upload Vulnerability (деталі)
• Exploits mitsubishi GB-50A (деталі)