Websecurity - Веб безпека

В даній добірці експлоіти в веб додатках:

• X7 Chat 2.0.5 (Auth Bypass) SQL Injection Vulnerability (деталі)
• GS Real Estate Portal Multiple SQL Injection Vulnerability (деталі)
• ClipShare Pro 2006-2007 (chid) SQL Injection Vulnerability (деталі)
• Lazarus Guestbook 1.x Insecure Cookie Handling Vulnerability (деталі)
• yahoo answers (id) Remote SQL Injection Vulnerability (деталі)
• Minigal b13 (index.php list) Remote File Disclosure Exploit (деталі)
• Q-Shop 3.0 Remote XSS/SQL Injection Vulnerabilities (деталі)
• FREEze Greetings 1.0 Remote Password Retrieve Exploit (деталі)
• Myiosoft easygallery (catid) Blind SQL Injection Vulnerability (деталі)
• E-topbiz AdManager 4 (group) Blind SQL Injection Vulnerability (деталі)
• OpenASP <= 3.0 Blind SQL Injection Vulnerability (деталі)
• mxCamArchive 2.2 Bypass Config Download Vulnerability (деталі)
• phpstore Wholesale (track.php?id) SQL Injection Vulnerability (деталі)
• FloSites Blog Multiple Remote SQL Injection Vulnerabilities (деталі)
• Jadu Galaxies (categoryID) Blind SQL Injection Vulnerability (деталі)

В даній добірці експлоіти в веб додатках:

• Pi3Web <= 2.0.13 (ISAPI) Remote Denial of Service Exploit (деталі)
• turnkeyforms Web Hosting Directory Multiple Vulnerabilities (деталі)
• turnkeyforms Local Classifieds Auth Bypass Vulnerability (деталі)
• SlimCMS <= 1.0.0 (edit.php) Remote SQL Injection Exploit (деталі)
• Bankoi Webhost Panel 1.20 (Auth Bypass) SQL Injection Vulnerability (деталі)
• Discuz! 6.x/7.x Remote Code Execution Exploit (деталі)
• turnkeyforms Text Link Sales Auth Bypass Vulnerability (деталі)
• GS Real Estate Portal US/International Module Multiple Vulnerabilities (деталі)
• AlstraSoft Web Host Directory 1.2 Multiple Vulnerabilities (деталі)
• MemHT Portal 4.0.1 SQL Injection Code Execution Exploit (деталі)
• BandSite CMS 1.1.4 Insecure Cookie Handling Vulnerability (деталі)
• ScriptsFeed (SF) Recipes Listing Portal Remote File Upload Vulnerability (деталі)
• ScriptsFeed (SF) Auto Classifieds Software Remote File Upload Vuln (деталі)
• turnkeyforms Text Link Sales (id) XSS/SQL Injection Vulnerability (деталі)
• Scout Portal Toolkit <= 1.4.0 (ParentId) Remote SQL Injection Exploit (деталі)

В даній добірці експлоіти в веб додатках:

• Joomla Component com_books (book_id) SQL Injection Vulnerability (деталі)
• ooVoo 1.7.1.35 (URL Protocol) Remote Unicode Buffer Overflow PoC (деталі)
• Aj Classifieds Authentication Bypass Vulnerability (деталі)
• AJ Auction Authentication Bypass Vulnerability (деталі)
• AJSquare Free Polling Script (DB) Multiple Vulnerabilities (деталі)
• PHPStore Real Estate Remote File Upload Vulnerability (деталі)
• Joomla / Mambo com_catalogproduction (id) SQL Injection Vulnerability (деталі)
• PozScripts Business Directory Script (cid) Remote SQL Injection Vuln (деталі)
• Joomla Component com_marketplace 1.2.1 (catid) SQL Injection Vuln (деталі)
• Joomla Component Simple RSS Reader 1.0 RFI Vulnerability (деталі)
• Net-SNMP <= 5.1.4/5.2.4/5.4.1 Perl Module Buffer Overflow PoC (деталі)
• Quick Poll Script (code.php id) Remote SQL Injection Vulnerability (деталі)
• AlstraSoft Web Host Directory (Auth Bypass) SQL Injection Vuln (деталі)
• AlstraSoft Article Manager Pro (Auth Bypass) SQL Injection Vuln (деталі)
• AlstraSoft SendIt Pro Remote File Upload Vulnerability (деталі)

В даній добірці експлоіти в веб додатках:

• Joomla Component JooBlog 0.1.1 (PostID) SQL Injection Vulnerability (деталі)
• OTManager CMS 2.4 (Tipo) Remote File Inclusion Vulnerability (деталі)
• Collabtive 0.4.8 (XSS/Auth Bypass/Upload) Multiple Vulnerabilities (деталі)
• Openfire Server <= 3.6.0a (Auth Bypass/SQL/XSS) Multiple Vulnerabilities (деталі)
• X10media Mp3 Search Engine <= 1.6 Remote File Disclosure Vulnerability (деталі)
• ZEEMATRI 3.0 (bannerclick.php adid) SQL Injection Vulnerability (деталі)
• ExoPHPDesk 1.2 Final (Auth Bypass) SQL Injection Vulnerability (деталі)
• Zeeways PHOTOVIDEOTUBE 1.1 Auth Bypass Vulnerability (деталі)
• V3 Chat Live Support 3.0.4 Insecure Cookie Handling Vulnerability (деталі)
• Mole Group Airline Ticket Script (Auth Bypass) SQL Injection Vuln (деталі)
• Fresh Email Script 1.0 Multiple Remote Vulnerabilities (деталі)
• FREEsimplePHPguestbook (guestbook.php) Remote Code Execution Vulnerability (деталі)
• Pre Real Estate Listings File Upload Vulnerability (деталі)
• Joomla Component Contact Info 1.0 SQL Injection Vulnerability (деталі)
• WAC Server <= 2.0 Build 3503 double heap overflow (деталі)

В даній добірці експлоіти в веб додатках:

• Mole Group Rental Script (Auth Bypass) SQL Injection Vuln (деталі)
• PHP Auto Listings Script (Auth Bypass) SQL Injection Vuln (деталі)
• SpeedStream 5200 Authentication Bypass Config Download Vulnerability (деталі)
• Myiosoft EasyBookMarker v4 (Parent) SQL Injection Vulnerability (деталі)
• Domain Seller Pro 1.5 (id) Remote SQL Injection Vulnerability (деталі)
• Mambo Component n-form (form_id) Blind SQL Injection Exploit (деталі)
• V3 Chat - Profiles/Dating Script 3.0.2 Insecure Cookie Handling Vuln (деталі)
• ZEEJOBSITE 2.0 Remote File Upload Vulnerability (деталі)
• V3 Chat Profiles/Dating Script 3.0.2 (Auth Bypass) SQL Injection Vuln (деталі)
• 2WIRE DSL Router (xslt) Denial of Service Vulnerability (деталі)
• Enthusiast 3.1.4 (show_joined.php path) Remote File Inclusion Vuln (деталі)
• zeeproperty 1.0 (Upload/XSS) Multiple Remote Vulnerabilities (деталі)
• MemHT Portal <= 4.0 Remote Code Execution Exploit (деталі)
• GE Proficy Real Time Information Portal Credentials Leak Sniffer (meta) (деталі)
• Exploits SiteXS CMS Remote File Upload Vulnerability (деталі)

В даній добірці експлоіти в веб додатках:

• Joomla Component Clickheat 1.0.1 Multiple RFI Vulnerabilities (деталі)
• E-topbiz Slide Popups 1.0 (Auth Bypass) SQL Injection Vuln (деталі)
• turnkeyforms Local Classifieds (XSS/SQL) Multiple Vulnerabilities (деталі)
• U&M Software Event Lister 1.0 Auth Bypass Vulnerability (деталі)
• U&M Software JustBookIt 1.0 Auth Bypass Vulnerability (деталі)
• U&M Software Signup 1.1 Auth Bypass Vulnerability (деталі)
• e-Vision CMS <= 2.0.2 Multiple Local File Inclusion Exploit (деталі)
• E-topbiz Number Links 1 (id) Remote SQL Injection Vulnerability (деталі)
• Mini Web Calendar 1.2 (File Disclosure/XSS) Multiple Vulnerabilities (деталі)
• E-topbiz Online Store 1 (cat_id) SQL Injection Vulnerability (деталі)
• DeltaScripts PHP Classifieds <= 7.5 SQL Injection Vulnerability (деталі)
• MyioSoft EasyCalendar (Auth Bypass) Remote SQL Injection Vulnerability (деталі)
• MyioSoft EasyBookMarker (Auth Bypass) SQL Injection Vulnerability (деталі)
• MyioSoft Ajax Portal 3.0 (Auth Bypass) SQL Injection Vulnerability (деталі)
• TFTP server tester (деталі)

В даній добірці експлоіти в веб додатках:

• Pre Real Estate Listings (Auth Bypass) SQL Injection Vulnerability (деталі)
• LoveCMS 1.6.2 Final Arbitrary File Delete Vulnerability (деталі)
• SoftComplex PHP Image Gallery 1.0 (Auth Bypass) SQL Injection Vuln (деталі)
• MySQL Quick Admin 1.5.5 Local File Inclusion Vulnerability (деталі)
• Arab Portal 2.1 Remote File Disclosure Vulnerability (win only) (деталі)
• NICE FAQ Script (Auth Bypass) SQL Injection Vulnerability (деталі)
• DeltaScripts PHP Shop 1.0 (Auth Bypass) SQL Injection Vulnerability (деталі)
• DeltaScripts PHP Links <= 1.3 (Auth Bypass) SQL Injection Vuln (деталі)
• DeltaScripts PHP Classifieds <= 7.5 (Auth Bypass) SQL Injection Vuln (деталі)
• turnkeyforms Software Directory (XSS/SQL) Multiple Vulnerabilities (деталі)
• SoftComplex PHP Image Gallery (ctg) SQL Injection Vulnerability (деталі)
• E-topbiz Online Store 1 (Auth Bypass) SQL Injection Vuln (деталі)
• Joomla Component Feederator 1.0.5 Multiple RFI Vulnerabilities (деталі)
• Joomla Component Recly!Competitions 1.0.0 Multiple RFI Vulnerabilities (деталі)
• Coppermine <=1.4.16 [Content-type] SQL-injection Exploit (деталі)

Новий тест для вашого браузера. Даний експлоіт виконує DoS атаку на Microsoft Internet Explorer 6 (та можливо наступні версії IE).

В результаті роботи експлоіта браузер вилітає (тобто DoS атака). Як я протестував, на моєму Internet Explorer 6 під Windows XP SP2 цей експлоіт працює.

Протестувати Internet Explorer 6

Останній тест для IE був DoS в Internet Explorer, з яким ви також можете ознайомитися.

В даній добірці експлоіти в веб додатках:

• Joomla Component Dada Mail Manager 2.6 RFI Vulnerability (деталі)
• DFLabs PTK <= 1.0 Local Command Execution Vulnerability (деталі)
• Pre Classified Listings Insecure Cookie Handling Vulnerability (деталі)
• Pre Multi-Vendor Shopping Malls Multiple Remote Vulnerabilities (деталі)
• Pre Shopping Mall Insecure Cookie Handling Vulnerability (деталі)
• Pre ADS Portal <= 2.0 (Auth Bypass/XSS) Multiple Vulnerabilities (деталі)
• DevelopItEasy Photo Gallery 1.2 SQL Injection Vulnerabilities (деталі)
• DevelopItEasy Membership System 1.3 (Auth Bypass) SQL Injection (деталі)
• DevelopItEasy News And Article System 1.4 SQL Injection Vulns (деталі)
• DevelopItEasy Events Calendar 1.2 Multiple SQL Injection Vulnerabilities (деталі)
• hMAilServer 4.4.2 (PHPWebAdmin) File Inclusion Vulnerabilities (деталі)
• Simple Machines Forum <= 1.1.6 (LFI) Code Execution Exploit (деталі)
• Mole Group Taxi Calc Dist Script (Auth Bypass) SQL Injection Vuln (деталі)
• Mole Group Airline Ticket Script SQL Injection Vulnerability (деталі)
• Coppermine <=1.4.16 [Content-type] SQL-injection Exploit (деталі)

Нещодавно була виявлена Code Execution уразливість в PHP, що дозволяє віддалене виконання коду. Для якої був розроблений експлоіт.

Уразлива функція mb_ereg(i)_replace().

• PHP mb_ereg(i)_replace() Evaluate Replacement String Vulnerability (деталі)