Websecurity - Веб безпека

В даній добірці експлоіти в веб додатках:

• My Simple Forum 3.0 (index.php action) Local File Inclusion Vulnerability (деталі)
• lcxbbportal 0.1 Alpha 2 Remote File Inclusion Vulnerability (деталі)
• Easy News Content Management (News.mdb) Database Disclosure Vuln (деталі)
• Template Creature (SQL/DD) Multiple Remote Vulnerabilities (деталі)
• NightFall Personal Diary 1.0 (XSS/DD) Multiple Remote Vulnerabilities (деталі)
• RankEm (auth bypass) Remote SQL Injection Vulnerability (деталі)
• RankEm (rankup.asp siteID) Remote SQL Injection Vulnerability (деталі)
• Merlix Educate Servert (Bypass/DD) Multiple Remote Vulnerabilities (деталі)
• Multiple Membership Script 2.5 (id) SQL Injection Vulnerability (деталі)
• BNCwi <= 1.04 Local File Inclusion Vulnerability (деталі)
• Gravity GTD <= 0.4.5 (rpc.php objectname) LFI/RCE Vulnerability (деталі)
• NULL FTP Server 1.1.0.7 SITE Parameters Command Injection Vuln (деталі)
• Tizag Countdown Creator .v.3 Insecure Upload Vulnerability (деталі)
• Cold BBS (cforum.mdb) Remote Database Disclosure Vulnerability (деталі)
• Merlix Teamworx Server (DD/Bypass) Multiple Remote Vulns (деталі)

В даній добірці експлоіти в веб додатках:

• SunByte e-Flower (id) Remote SQL Injection Vulnerability (деталі)
• CMS MAXSITE Component Guestbook Remote Command Execution Exploit (деталі)
• Ocean12 Mailing List Manager Gold (DD/SQL/XSS) Vulnerabilities (деталі)
• Calendar MX Professional 2.0.0 Blind SQL Injection Vulnerability (деталі)
• Gallery MX 2.0.0 (pics_pre.asp ID) Blind SQL Injection Vulnerability (деталі)
• Codefixer MailingListPro (MailingList.mdb) Database Disclosure Vuln (деталі)
• Check New 4.52 (findoffice.php search) Remote SQL Injection Exploit (деталі)
• Rae Media Contact MS (Auth Bypass) SQL Injection Vulnerability (деталі)
• ASP User Engine .NET Remote Database Disclosure Vulnerability (деталі)
• Joomla Component com_jmovies 1.1 (id) SQL Injection Exploit (деталі)
• Wbstreet v.1.0 (SQL/DD) Multiple Remote Vulnerabilities (деталі)
• ccTiddly 1.7.4 (cct_base) Multiple Remote File Inclusion Vulnerabilities (деталі)
• Multi SEO phpBB 1.1.0 (pfad) Remote File Inclusion Vulnerability (деталі)
• User Engine Lite ASP (users.mdb) Database Disclosure Vulnerability (деталі)
• Joomla Component mydyngallery 1.4.2 (directory) SQL Injection Vuln (деталі)

В даній добірці експлоіти в веб додатках:

• Quick Tree View .NET 3.1 (qtv.mdb) Database Disclosure Vulnerability (деталі)
• Active Business Directory v 2 Remote blind SQL Injection Vulnerability (деталі)
• Active Time Billing 3.2 (Auth Bypass) SQL Injection Vulnerability (деталі)
• Active Price Comparison v 4 (ProductID) Blind SQL Injection Vulnerability (деталі)
• Active Photo Gallery 6.2 (Auth Bypass) SQL Injection Vulnerability (деталі)
• Andy’s PHP Knowledgebase 0.92.9 Arbitrary File Upload Vulnerability (деталі)
• z1exchange 1.0 (edit.php site) Remote SQL Injection Vulnerability (деталі)
• Broadcast Machine 0.1 Multiple Remote File Inclusion Vulnerabilities (деталі)
• bcoos 1.0.13 (viewcat.php cid) Remote SQL Injection Exploit (деталі)
• ASPPortal 3.2.5 (ASPPortal.mdb) Database Disclosure Vulnreability (деталі)
• E.Z. Poll v.2 (Auth Bypass) Remote SQL Injection Vulnerability (деталі)
• Maxum Rumpus 6.0 Multiple Remote Buffer Overflow Vulnerabilities (деталі)
• PacPoll 4.0 (poll.mdb/poll97.mdb) Database Disclosure Vulnerability (деталі)
• Rapid Classified 3.1 (cldb.mdb) Database Disclosure Vulnerability (деталі)
• Borland InterBase 2007 “ibserver.exe” Buffer Overflow Vulnerability POC (деталі)

В даній добірці експлоіти в веб додатках:

• Active Websurvey 9.1 (Auth Bypass) Remote SQL Injection Vulnerability (деталі)
• Active Test 2.1 (Auth Bypass) Remote SQL Injection Vulnerability (деталі)
• ActiveVotes 2.2 (Auth Bypass) Remote SQL Injection Vulnerability (деталі)
• Active Web Helpdesk v 2 (Auth Bypass) SQL Injection Vulnerability (деталі)
• OpenForum 0.66 Beta Remote Reset Admin Password Exploit (деталі)
• Active Bids 3.5 (ItemID) Blind SQL Injection Vulnerability (деталі)
• Active Web Mail v 4 Blind SQL Injection Vulnerability (деталі)
• ActiveVotes 2.2 (AccountID) Blind SQL Injection Vulnerability (деталі)
• OraMon 2.0.1 Remote Config File Disclosure Vulnerability (деталі)
• CMS Made Simple 1.4.1 Local File Inclusion Vulnerability (деталі)
• cpCommerce 1.2.6 (URL Rewrite) Input variable overwrite / Auth bypass PoC (деталі)
• Minimal Ablog 0.4 (SQL/FU/Bypass) Multiple Remote Vulnerabilities (деталі)
• KTP Computer Customer Database CMS Blind SQL Injection Vulnerability (деталі)
• KTP Computer Customer Database CMS Local File Inclusion Vulnerability (деталі)
• Smeego CMS Local File Include Exploit (деталі)

В даній добірці експлоіти в веб додатках:

• Bluo CMS 1.2 (index.php id) Blind SQL Injection Vulnerability (деталі)
• SailPlanner 0.3a (Auth Bypass) SQL Injection Vulnerability (деталі)
• All Club CMS <= 0.0.2 Remote DB Config Retrieve Exploit (деталі)
• Web Calendar System <= 3.40 (XSS/SQL) Multiple Remote Vulnerabilities (деталі)
• Booking Centre 2.01 (Auth Bypass) SQL Injection Vulnerability (деталі)
• PHP TV Portal 2.0 (index.php mid) SQL Injection Vulnerability (деталі)
• Active Price Comparison 4 (Auth Bypass) SQL Injection Vulnerability (деталі)
• Active Trade 2 (Auth Bypass) Remote SQL Injection Vulnerability (деталі)
• Active Web Mail v 4 (Auth Bypass) Remote SQL Injection Vulnerability (деталі)
• Active Newsletter 4.3 (Auth Bypass) Remote SQL Injection Vulnerability (деталі)
• eWebquiz v 8 (Auth Bypass) Remote SQL Injection Vulnerability (деталі)
• Active Membership v 2 (Auth Bypass) Remote SQL Injection Vulnerability (деталі)
• Lito Lite CMS (cate.php cid) Remote SQL Injection Exploit (деталі)
• ASPThai.NET Forum 8.5 Remote Database Disclosure Vulnerability (деталі)
• StanWeb.CMS (default.asp id) Remote SQL Injection Exploit (деталі)

В даній добірці експлоіти в веб додатках:

• Ocean12 Membership Manager Pro Database Disclosure Vulnerability (деталі)
• Ocean12 Contact Manager Pro (SQL/XSS/DDV) Multiple Vulnerabilities (деталі)
• Comersus ASP Shopping Cart (DD/XSS) Multiple Remote Vulnerabilities (деталі)
• Ocean12 FAQ Manager Pro Database Disclosure Vulnerability (деталі)
• BaSiC-CMS (index.php r) Remote SQL Injection Vulnerability (деталі)
• Turnkey Arcade Script (id) Remote SQL Injection Vulnerability (деталі)
• PageTree CMS 0.0.2 BETA 0001 Remote File Inclusion Vulnerability (деталі)
• Ocean12 Membership Manager Pro (Auth Bypass) SQL Injection Vuln (деталі)
• Booking Centre 2.01 (HotelID) Remote SQL Injection Vulnerability (деталі)
• Web Calendar 4.1 (Auth Bypass) SQL Injection Vulnerability (деталі)
• Star Articles 6.0 Remote File Upload Vulnerability (деталі)
• Ocean12 FAQ Manager Pro (ID) Blind SQL Injection Vulnerabillity (деталі)
• ReVou Twitter Clone (Auth Bypass) SQL Injection Vulnerability (деталі)
• CMS little (index.php term) Remote SQL Injection Exploit (деталі)
• SunShop Version 3.5.1 Remote Blind Sql Injection (деталі)

В даній добірці експлоіти в веб додатках:

• fuzzylime cms 3.03 (track.php p) Local File Inclusion Vulnerability (деталі)
• Clean CMS 1.5 (full_txt.php id) Blind SQL Injection Exploit (деталі)
• WebStudio CMS (pageid) Remote Blind SQL Injection Vuln (mil mixup) (деталі)
• Post Affiliate Pro v.3 (umprof_status) Blind SQL Injection Vulnerability (деталі)
• CMS Ortus <= 1.13 Remote SQL Injection Vulnerability (деталі)
• Star Articles 6.0 Remote Blind SQL Injection Vulnerability (деталі)
• ParsBlogger (blog.asp wr) Remote SQL Injection Vulnerability (деталі)
• Star Articles 6.0 Remote Blind SQL Injection exploit (деталі)
• Web Calendar System 3.12/3.30 Multiple Remote Vulnerabilities (деталі)
• TxtBlog (index.php m) Local File Inclusion Vulnerability (деталі)
• RakhiSoftware Shopping Cart (subcategory_id) SQL Injection Vulnerability (деталі)
• Family Project 2.x (Auth Bypass) SQL Injection Vulnerability (деталі)
• Ocean12 Calendar Manager Gold Database Disclosure Vulnerability (деталі)
• Ocean12 Poll Manager Pro Database Disclosure Vulnerability (деталі)
• Exploits Joomla Component xsstream-dm 0.01 Beta Remote SQL Injection (деталі)

Деякий час тому була оприлюднена уразливість в Mozilla Firefox. Для якої був розроблений експлоіт. Після чого були оприлюднені подібні експлоіти для Opera та Safari, що базуються на експлоіті для Firefox.

Атака відбувається через XML-парсер в даних браузерах.

• Firefox 3.0.x (XML Parser) Memory Corruption / DoS PoC (деталі)
• Opera 9.64 (7400 nested elements) XML Parsing Remote Crash Exploit (деталі)
• Safari 3.2.2/4b (nested elements) XML Parsing Remote Crash Exploit (деталі)

Уразливі Mozilla Firefox 3.0.10 та попередні версії.

Уразливі Opera 9.64 та попередні версії.

Уразливі Safari 3.2.2/4b та попередні версії.

В даній добірці експлоіти в веб додатках:

• FTPzik (XSS/LFI) Multiple Remote Vulnerabilities (деталі)
• W3C Amaya 10.1 Web Browser (id) Remote Stack Overflow PoC (деталі)
• VideoScript 3.0 <= 4.1.5.55 Unofficial Shell Injection Exploit (деталі)
• Pie Web M{a,e}sher Mod Rss 0.1 Remote File Inclusion Vulnerability (деталі)
• FAQ Manager 1.2 (categorie.php cat_id) SQL Injection Vulnerability (деталі)
• WebStudio eCatalogue (pageid) Blind SQL Injection Vulnerability (деталі)
• WebStudio eHotel (pageid) Blind SQL Injection Vulnerability (деталі)
• FAQ Manager 1.2 (config_path) Remote File Inclusion Vulnerability (деталі)
• Clean CMS 1.5 (Blind SQL Injection/XSS) Multiple Remote Vulnerabilities (деталі)
• Chipmunk Topsites (Auth Bypass/XSS) Multiple Remote Vulnerabilities (деталі)
• Jamit Job Board 3.4.10 (show_emp) Blind SQL Injection Vulnerability (деталі)
• VideoGirls BiZ (view_snaps.php type) Blind SQL Injection Vulnerability (деталі)
• LoveCMS 1.6.2 Final (Download Manager 1.0) File Upload Exploit (деталі)
• SimpleBlog 3.0 (simpleBlog.mdb) Database Disclosure Vulnerability (деталі)
• phpMyNewsletter <= 0.8 (beta5) Multiple Vuln Exploit (деталі)

В даній добірці експлоіти в веб додатках:

• PG Real Estate (Auth Bypass) SQL Injection Vulnerability (деталі)
• NetArtMedia Blog System (image.php id) SQL Injection Vulnerability (деталі)
• NetArtMedia Cars Portal 2.0 (image.php id) SQL Injection Vulnerability (деталі)
• Goople Cms 1.7 Remote File Upload Vulnerability (деталі)
• Prozilla Hosting Index (id) Remote SQL Injection Vulnerability (деталі)
• PHP Classifieds Script Remote Database Disclosure Vulnerability (деталі)
• Goople Cms 1.7 Insecure Cookie Handling Vulnerability (деталі)
• MODx CMS <= 0.9.6.2 (RFI/XSS) Multiple Remote Vulnerabilities (деталі)
• MauryCMS <= 0.53.2 (fckeditor) Remote Arbitrary File Upload Vuln (деталі)
• Pie Web M{a,e}sher 0.5.3 Multiple Remote File Inclusion Vulnerability (деталі)
• Nitrotech 0.0.3a (RFI/SQL) Multiple Remote Vulnerabilities (деталі)
• Quicksilver Forums <= 1.4.2 RCE Exploit (windows only) (деталі)
• WebStudio CMS (index.php pageid) Blind SQL Injection Vulnerability (деталі)
• Bandwebsite 1.5 (SQL/XSS) Multiple Remote Vulnerabilities (деталі)
• InoutMailingListManager <= 3.1 Command Execution Exploit + Login Retrieve + Advisory (деталі)