47885 matches found
Apple macOS/iOS - Kernel Double Free due to Incorrect API Usage in Flow Divert Socket Option Handling
/ Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1373 SOFLOWDIVERTTOKEN is a socket option on the SOLSOCKET layer. It's implemented by flowdiverttokensetstruct socket so, struct sockopt sopt in flowdivert.c. The relevant code is: error = sooptgetmsopt, &token; if error goto don...
Facebook Clone Script 1.0 - 'id' / 'send' SQL Injection
Exploit Title: Facebook Clone Script 1.0 - SQL Injection Dork: N/A Date: 08.12.2017 Vendor Homepage: https://www.phpscriptsmall.com/ Software Link: https://www.phpscriptsmall.com/product/facebook-clone/ Demo: http://smsemailmarketing.in/demo/fbclone/ Version: 1.0 Category: Webapps Tested on:...
Vanguard 1.4 - Arbitrary File Upload
Exploit Title: Vanguard - Marketplace Digital Products PHP 1.4 - Arbitrary File Upload Dork: N/A Date: 11.12.2017 Vendor Homepage: https://www.codegrape.com/user/Vanguard/portfolio Software Link: https://www.codegrape.com/item/vanguard-marketplace-digital-products-php/15825 Demo:...
Single Theater Booking Script 3.2.1 - 'findcity.php?q' SQL Injection
Exploit Title: Single Theater Booking Script 3.2.1 - SQL Injection Dork: N/A Date: 09.12.2017 Vendor Homepage: https://www.phpscriptsmall.com/ Software Link: https://www.phpscriptsmall.com/product/single-theater-booking-script/ Version: 3.2.1 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CVE:...
Resume Clone Script 2.0.5 - SQL Injection
Exploit Title: Resume Clone Script 2.0.5 - SQL Injection Dork: N/A Date: 10.12.2017 Vendor Homepage: https://www.phpscriptsmall.com/ Software Link: https://www.phpscriptsmall.com/product/resume-builder-script/ Version: 2.0.5 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CVE: N/A Exploit Autho...
Advanced World Database 2.0.5 - SQL Injection
Exploit Title: Advanced World Database 2.0.5 - SQL Injection Dork: N/A Date: 10.12.2017 Vendor Homepage: https://www.phpscriptsmall.com/ Software Link: https://www.phpscriptsmall.com/product/advanced-world-database/ Version: 2.0.5 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CVE: N/A Exploit...
Groupon Clone Script 3.01 - 'state_id' / 'search' SQL Injection
Exploit Title: Groupon Clone Script 3.01 - 'stateid' 's' SQL Injection Dork: N/A Date: 10.12.2017 Vendor Homepage: https://www.phpscriptsmall.com/ Software Link: https://www.phpscriptsmall.com/product/groupon-clone-script/ Version: 3.01 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CVE: N/A...
LibTIFF pal2rgb 4.0.9 - Heap Buffer Overflow
Source: http://bugzilla.maptools.org/showbug.cgi?id=2750 The vulnerability is triggered by ./tools/pal2rgb $FILE /dev/null The asan debug information is below: TIFFFetchNormalTag: Warning, IO error during reading of "XResolution"; tag ignored. TIFFFetchNormalTag: Warning, IO error during reading ...
MLM Forced Matrix 2.0.9 - 'newid' SQL Injection
Exploit Title: MLM Forced Matrix 2.0.9 - SQL Injection Dork: N/A Date: 10.12.2017 Vendor Homepage: https://www.phpscriptsmall.com/ Software Link: https://www.phpscriptsmall.com/product/mlm-forced-matrix/ Version: 2.0.9 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CVE: N/A Exploit Author: Ihs...
Laundry Booking Script 1.0 - 'list?city' SQL Injection
Exploit Title: Laundry Booking Script 1.0 - SQL Injection Dork: N/A Date: 08.12.2017 Vendor Homepage: https://www.phpscriptsmall.com/ Software Link: https://www.phpscriptsmall.com/product/laundry-booking-script/ Version: 1.0 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CVE: N/A Exploit Autho...
Kickstarter Clone Acript 2.0 - 'projid' SQL Injection
Exploit Title: Kickstarter Clone Acript 2.0 - SQL Injection Dork: N/A Date: 08.12.2017 Vendor Homepage: https://www.phpscriptsmall.com/ Software Link: https://www.phpscriptsmall.com/product/kickstarter-clone-script/ Version: 2.0 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CVE: N/A Exploit...
Apple macOS/iOS - Kernel Double Free due to IOSurfaceRootUserClient not Respecting MIG Ownership Rules
I have previously detailed the lifetime management paradigms in MIG in the writeups for: CVE-2016-7612 https://bugs.chromium.org/p/project-zero/issues/detail?id=926 and CVE-2016-7633 https://bugs.chromium.org/p/project-zero/issues/detail?id=954 If a MIG method returns KERNSUCCESS it means that th...
PHP Multivendor Ecommerce 1.0 - 'sid' / 'searchcat' / 'chid1' SQL Injection
Exploit Title: PHP Multivendor Ecommerce 1.0 - SQL Injection Dork: N/A Date: 09.12.2017 Vendor Homepage: https://www.phpscriptsmall.com/ Software Link: https://www.phpscriptsmall.com/product/php-multivendor-ecommerce/ Version: 1.0 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CVE: N/A Exploit...
Yoga Class Script 1.0 - 'list?city' SQL Injection
Exploit Title: Yoga Class Script 1.0 - SQL Injection Dork: N/A Date: 09.12.2017 Vendor Homepage: https://www.phpscriptsmall.com/ Software Link: https://www.phpscriptsmall.com/product/yoga-class-script/ Version: 1.0 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CVE: N/A Exploit Author: Ihsan...
Basic Job Site Script 2.0.5 - SQL Injection
Ver Ayari...
Linux Kernel - 'mincore()' Heap Page Disclosure (PoC)
/ The source is modified from https://bugs.chromium.org/p/project-zero/issues/detail?id=1431 I try to find out infomation useful from the infoleak The kernel address can be easily found out from the uninitialized memory leaked from kernel, which can help bypass kaslr / define GNUSOURCE include...
Linux Kernel 4.13 (Debian 9) - Local Privilege Escalation
/ disablemapminadd.c / / / include include include include include include include / offsets might differ, kernel was custom compiled you can read vmlinux and caculate the offset when testing / / define OFFSETKERNELBASE 0x000000 / define MMAPMINADDR 0x1101de8 define DACMMAPMINADDR 0xe8e810 / get...
Car Rental Script 2.0.4 - 'val' SQL Injection
Exploit Title: Car Rental Script 2.0.4 - SQL Injection Dork: N/A Date: 10.12.2017 Vendor Homepage: https://www.phpscriptsmall.com/ Software Link: https://www.phpscriptsmall.com/product/car-rental-script/ Version: 2.0.4 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CVE: N/A Exploit Author: Ihs...
Responsive Events & Movie Ticket Booking Script 3.2.1 - 'findcity.php?q' SQL Injection
Exploit Title: Responsive Events & Movie Ticket Booking Script 3.2.1 - SQL Injection Dork: N/A Date: 09.12.2017 Vendor Homepage: https://www.phpscriptsmall.com/ Software Link: https://www.phpscriptsmall.com/product/responsive-events-movie-ticket-booking-script/ Version: 3.2.1 Category: Webapps...
Responsive Realestate Script 3.2 - 'property-list?tbud' SQL Injection
Exploit Title: Responsive Realestate Script 3.2 - SQL Injection Dork: N/A Date: 09.12.2017 Vendor Homepage: https://www.phpscriptsmall.com/ Software Link: https://www.phpscriptsmall.com/product/responsive-realestate-script/ Version: 3.2 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CVE: N/A...
Readymade PHP Classified Script 3.3 - 'subctid' / 'mctid' SQL Injection
Exploit Title: Readymade PHP Classified Script 3.3 - SQL Injection Dork: N/A Date: 09.12.2017 Vendor Homepage: https://www.phpscriptsmall.com/ Software Link: https://www.phpscriptsmall.com/product/advance-olx-clone/ Version: 3.3 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CVE: N/A Exploit...
Online Exam Test Application Script 1.6 - 'exams.php?sort' SQL Injection
Exploit Title: Online Exam Test Application Script 1.6 - 'Exams.php 'sort' SQL Injection Dork: N/A Date: 08.12.2017 Vendor Homepage: https://www.phpscriptsmall.com/ Software Link: https://www.phpscriptsmall.com/product/online-exam-test-application/ Version: 1.6 Category: Webapps Tested on:...
Lawyer Search Script 1.1 - 'lawyer-list?city' SQL Injection
Exploit Title: Lawyer Search Script 1.1 - SQL Injection Dork: N/A Date: 08.12.2017 Vendor Homepage: https://www.phpscriptsmall.com/ Software Link: https://www.phpscriptsmall.com/product/lawyer-script/ Version: 1.1 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CVE: N/A Exploit Author: Ihsan...
MLM Forex Market Plan Script 2.0.4 - 'newid' / 'eventid' SQL Injection
Exploit Title: MLM Forex Market Plan Script 2.0.4 - SQL Injection Dork: N/A Date: 10.12.2017 Vendor Homepage: https://www.phpscriptsmall.com/ Software Link: https://www.phpscriptsmall.com/product/mlm-forex-market-plan-script/ Version: 2.0.4 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CVE: N...
Multiplex Movie Theater Booking Script 3.1.5 - 'moid' / 'eid' SQL Injection
Exploit Title: Multiplex Movie Theater Booking Script 3.1.5 - SQL Injection Dork: N/A Date: 09.12.2017 Vendor Homepage: https://www.phpscriptsmall.com/ Software Link: https://www.phpscriptsmall.com/product/multiplex-theater-booking-script/ Version: 3.1.5 Category: Webapps Tested on:...
Linux Kernel - 'The Huge Dirty Cow' Overwriting The Huge Zero Page (2)
/ The code is modified from https://www.exploit-db.com/exploits/43199/ / define GNUSOURCE include include include include include include include include include include include include define TRIESPERPAGE 20000000 define PAGESIZE 0x1000 define MEMESETVAL 0x41 define MAPSIZE 0x200000 define STRIN...
Apple macOS - 'necp_get_socket_attributes' so_pcb Type Confusion
/ Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1392&desc=2 When getsockopt edited; original report said "setsockopt" is called on any socket with level SOLSOCKET and optname SONECPATTRIBUTES, necpgetsocketattributes is invoked. necpgetsocketattributes unconditionally calls...
Muslim Matrimonial Script 3.02 - 'succid' SQL Injection
Exploit Title: Muslim Matrimonial Script 3.02 - SQL Injection Dork: N/A Date: 10.12.2017 Vendor Homepage: https://www.phpscriptsmall.com/ Software Link: https://www.phpscriptsmall.com/product/matrimonial-script/ Version: 3.02 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CVE: N/A Exploit...
Foodspotting Clone Script 1.0 - 'quicksearch.php?q' SQL Injection
Exploit Title: Foodspotting Clone Script 1.0 - 'q' SQL Injection Dork: N/A Date: 08.12.2017 Vendor Homepage: https://www.phpscriptsmall.com/ Software Link: https://www.phpscriptsmall.com/product/foodspotting-clone/ Version: 1.0 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CVE: N/A Exploit...
Hot Scripts Clone 3.1 - 'subctid' / 'mctid' SQL Injection
Exploit Title: Hot Scripts Clone 3.1 - SQL Injection Dork: N/A Date: 08.12.2017 Vendor Homepage: https://www.phpscriptsmall.com/ Software Link: https://www.phpscriptsmall.com/product/hot-scripts-clone-script-classified/ Version: 3.1 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CVE: N/A Explo...
Food Order Script 1.0 - 'list?city' SQL Injection
Exploit Title: Food Order Script 1.0 - SQL Injection Dork: N/A Date: 08.12.2017 Vendor Homepage: https://www.phpscriptsmall.com/ Software Link: https://www.phpscriptsmall.com/product/food-order-script-2/ Demo: http://ordermanagementscript.com/demo/food-order/ Version: 1.0 Category: Webapps Tested...
Multivendor Penny Auction Clone Script 1.0 - SQL Injection
Exploit Title: Multivendor Penny Auction Clone Script 1.0 - SQL Injection Dork: N/A Date: 08.12.2017 Vendor Homepage: https://www.phpscriptsmall.com/ Software Link: https://www.phpscriptsmall.com/product/penny-auction-script/ Version: 1.0 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CVE: N/A...
Apple macOS XNU Kernel - Memory Disclosure due to bug in Kernel API for Detecting Kernel Memory Disclosures
/ Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1372 the kernel libproc API proclistuptrs has the following comment in it's userspace header: / Enumerate potential userspace pointers embedded in kernel data structures. Currently inspects kqueues only. NOTE: returned "pointers"...
MikroTik 6.40.5 ICMP - Denial of Service
include include include include include include include include define handlei htonsi define cicmp 32 define aicmp aflags & cicmp define sendingp if sendtorawsock,&packet,sizeof packet,0,struct sockaddr &victim,sizeof victim s...
Apple macOS - 'getrusage' Stack Leak Through struct Padding
/ Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1405 For 64-bit processes, the getrusage syscall handler converts a struct rusage to a struct user64rusage using mungeuser64rusage, then copies the struct user64rusage to userspace: int getrusagestruct proc p, struct getrusagearg...
Entrepreneur Bus Booking Script 3.0.4 - 'sourcebus' SQL Injection
Exploit Title: Entrepreneur Bus Booking Script 3.0.4 - SQL Injection Dork: N/A Date: 10.12.2017 Vendor Homepage: https://www.phpscriptsmall.com/ Software Link: https://www.phpscriptsmall.com/product/entrepreneur-bus-booking-script/ Version: 3.0.4 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64...
Professional Service Script 1.0 - 'service-list?city' SQL Injection
Exploit Title: Professional Service Script 1.0 - SQL Injection Dork: N/A Date: 09.12.2017 Vendor Homepage: https://www.phpscriptsmall.com/ Software Link: https://www.phpscriptsmall.com/product/professional-service-script/ Version: 1.0 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CVE: N/A...
Opensource Classified Ads Script 3.2 - SQL Injection
...
Vanguard 1.4 - SQL Injection
Exploit Title: Vanguard - Marketplace Digital Products PHP 1.4 - SQL Injection Dork: N/A Date: 11.12.2017 Vendor Homepage: https://www.codegrape.com/user/Vanguard/portfolio Software Link: https://www.codegrape.com/item/vanguard-marketplace-digital-products-php/15825 Version: 1.4 Category: Webapps...
Advanced Real Estate Script 4.0.7 - SQL Injection
Exploit Title: Advanced Real Estate Script 4.0.7 - SQL Injection Dork: N/A Date: 10.12.2017 Vendor Homepage: https://www.phpscriptsmall.com/ Software Link: https://www.phpscriptsmall.com/product/advanced-real-estate-script/ Version: 4.0.7 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CVE: N/A...
Multireligion Responsive Matrimonial 4.7.2 - 'succid' SQL Injection
Exploit Title: Multireligion Responsive Matrimonial 4.7.2 - SQL Injection Dork: N/A Date: 09.12.2017 Vendor Homepage: https://www.phpscriptsmall.com/ Software Link: https://www.phpscriptsmall.com/product/multireligion-responsive-matrimonial/ Version: 4.7.2 Category: Webapps Tested on:...
Secure E-commerce Script 2.0.1 - 'searchcat' / 'searchmain' SQL Injection
Exploit Title: Secure E-commerce Script 2.0.1 - SQL Injection Dork: N/A Date: 09.12.2017 Vendor Homepage: https://www.phpscriptsmall.com/ Software Link: https://www.phpscriptsmall.com/product/secure-e-commerce-script/ Version: 2.0.1 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CVE: N/A Explo...
Readymade Video Sharing Script 3.2 - SQL Injection
Exploit Title: Readymade Video Sharing Script 3.2 - SQL Injection Dork: N/A Date: 09.12.2017 Vendor Homepage: https://www.phpscriptsmall.com/ Software Link: https://www.phpscriptsmall.com/product/php-video-sharing-script/ Version: 3.2 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CVE: N/A...
Freelance Website Script 2.0.6 - 'pr_id' / 'catid' SQL Injection
Exploit Title: Freelance Website Script 2.0.6 - SQL Injection Dork: N/A Date: 08.12.2017 Vendor Homepage: https://www.phpscriptsmall.com/ Software Link: https://www.phpscriptsmall.com/product/freelance-website-script/ Version: 2.0.6 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CVE: N/A Explo...
Affiliate MLM Script 1.0 - 'product-category.php?key' SQL Injection
Exploit Title: Affiliate MLM Script 1.0 - SQL Injection Dork: N/A Date: 08.12.2017 Vendor Homepage: https://www.phpscriptsmall.com/ Software Link: https://www.phpscriptsmall.com/product/affiliate-mlm-script/ Demo: http://www.smsemailmarketing.in/demo/Affiliate/ Version: 1.0 Category: Webapps Test...
FS Care Clone 1.0 - 'jobFrequency' / 'jobType' SQL Injection
Exploit Title: FS Care Clone 1.0 - SQL Injection Dork: N/A Date: 08.12.2017 Vendor Homepage: https://fortunescripts.com/ Software Link: https://fortunescripts.com/product/care-clone/ Demo: http://care-clone.demonstration.co.in/ Version: 1.0 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CVE: N...
FS Amazon Clone 1.0 - SQL Injection
Exploit Title: FS Amazon Clone 1.0 - SQL Injection Dork: N/A Date: 08.12.2017 Vendor Homepage: https://fortunescripts.com/ Software Link: https://fortunescripts.com/product/amazon-clone/ Demo: http://amazon-clone.demonstration.co.in/ Version: 1.0 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64...
Advance B2B Script 2.1.3 - 'show_id' / 'pid' SQL Injection
Exploit Title: Advance B2B Script 2.1.3 - SQL Injection Dork: N/A Date: 08.12.2017 Vendor Homepage: https://www.phpscriptsmall.com/ Software Link: https://www.phpscriptsmall.com/product/advance-b2b-script/ Demo: http://198.38.86.159/advancedb2b/ Version: 2.1.3 Category: Webapps Tested on:...
FS Ebay Clone 1.0 - 'id' / 'sub_category_id' / 'category_id' SQL Injection
Exploit Title: FS Ebay Clone 1.0 - SQL Injection Dork: N/A Date: 08.12.2017 Vendor Homepage: https://fortunescripts.com/ Software Link: https://fortunescripts.com/product/ebay-clone/ Demo: http://ebay-clone.demonstration.co.in/ Version: 1.0 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CVE: N...
FS IMDB Clone 1.0 - 'f' / 's' / 'id' SQL Injection
Exploit Title: FS IMDB Clone 1.0 - SQL Injection Dork: N/A Date: 08.12.2017 Vendor Homepage: https://fortunescripts.com/ Software Link: https://fortunescripts.com/product/imdb-clone/ Demo: http://imdb-clone.demonstration.co.in/ Version: 1.0 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CVE: N...