# Exploit Title   : FlexCMS 3.2.1 Multiple CSRF # Date            : 16-03-2012 # Author          : Ivano Binetti (http://www.ivanobinetti.com) # Software link   : http://www.flexcms3.com/index.php/index.html # Vendor site     : http://www.flexcms.com # Version         : 3.2.1 (and lower) # Tested on       : Debian Squeeze (6.0) # Original Advisory: http://ivanobinetti.blogspot.com/2012/03/flexcms-multiple-csrf-vulnerabilities.html Summary 1)Introduction 2)Vulnerabilities Description 3)Exploit 3.1 Exploit (Change Settings of [...]
Archive for the ‘Exploit’ Category
Linux/x86 Polymorphic ShellCode – setuid(0)+setgid(0)+add user ‘iph’ without password to /etc/passwd
March 17th, 2012 
Danis # Exploit Title: Linux/x86 Polymorphic ShellCode – setuid(0)+setgid(0)+add user ‘iph’ without password to /etc/passwd # setuid() – setgid() – open() – write() – close() – exit() # Date: 30/12/2011 # Author: pentesters.ir # Tested on: Linux x86 – CentOS 6.0 – 2.6.32-71 # Website: http://pentesters.ir/ # Contact: Cru3l.b0y@gmail.com # By: Cru3l.b0y # iph::0:0:IPH:/root:/bin/bash # This [...]
XRayCMS 1.1.1 SQL Injection Vulnerability
February 22nd, 2012 admin # Exploit Title: XRayCMS 1.1.1 SQL Injection Vulnerability # Date: 2/5/2012 # Author: chap0 # Software Link: http://sourceforge.net/projects/xraycms/files/latest/download # Version: 1.1.1 # Tested on: Ubuntu XRay CMS is vulnerable to a SQL Injection attack which allows authentication bypass into the admins account. If a malicious user supplies ‘ or 1=1# into the applications user name [...]
Posted in Exploit 
Tags: Author, chap, Date, escape, Exploit, Injection, name, password, Software, sql injection, username, vulnerability 
No Comments »Tube Ace(Adult PHP Tube Script) SQL Injection
February 22nd, 2012 admin # Exploit Title: Tube Ace(Adult PHP Tube Script) SQL Injection # Date: 05/02/2012 # Author: Daniel Godoy # Author Mail: DanielGodoy[at]GobiernoFederal[dot]com # Author Web: www.delincuentedigital.com.ar # Software: Tube Ace # http://www.tubeace.com # Tested on: Linux # Dork: “?viewStandard=0″ [Comment] Greetz: Hernan Jais, Alfonso Cuevas, SPEED, Sensei, Incid3nt, Maximiliano Soler Sunplace, Pablin77,_tty0, Login-Root,Knet,Kikito,Duraznit0, InyeXion her0, r0dr1 [...]
Posted in Exploit Tags: Adult PHP Tube Script, Alfonso Cuevas, Author, char, com, Date, Exploit, Group, Hernan Jais, Injection, LMEk, Software, sql injection, Tube Ace, www No Comments »Sphinix Mobile Web Server Multiple Persistent XSS Vulnerabilities
February 22nd, 2012 admin ############################################################################## # # Title   : Sphinix Mobile Web Server Multiple Persistent XSS Vulnerabilities # Author  : Prabhu S Angadi SecPod Technologies (www.secpod.com) # Vendor  : http://www.sphinx-soft.com/MWS/index.html # Advisory : http://secpod.org/blog/?p=453 #           http://secpod.org/advisories/SecPod_SPHINX_SOFT_Mobile_Web_Server_Mul_Persistence_XSS_Vulns.txt # Software : Mobile Web Server U3 3.1.2.47 # Date    : 01/08/2012 # ############################################################################### SecPod ID: 1027                23/08/2011 Issue Discovered 20/01/2012 Vendor Notified [...]
Posted in Exploit Tags: AboutSomething, Cross, Mobile, mobile web server, Prabhu S Angadi, Proof, Report, Scripting, SecPod, Software, Sphinx Software Mobile Web Server, txt, XSS No Comments »OSCommerce v3.0.2 – Persistent Cross Site Vulnerability
February 22nd, 2012 admin Title: ====== OSCommerce v3.0.2 – Persistent Cross Site Vulnerability Date: ===== 2012-02-02 VL-ID: ===== 407 Introduction: ============= osCommerce is the leading Open Source online shop e-commerce solution that is available for free under the GNU General Public License. It features a rich set of out-of-the-box online shopping cart functionality that allows store owners to setup, [...]
Posted in Exploit Tags: com, Cross, cross site scripting, Cross Site Vulnerability, Front, gnu general public license, img, module, onerror, Online, risk, shop, store, vulnerability, Vulnerability-Lab No Comments »Horde 3.3.12 Backdoor Arbitrary PHP Code Execution
February 22nd, 2012 admin ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit # Framework web site for more information on licensing and terms of use. # http://metasploit.com/framework/ ## require ‘msf/core’ class Metasploit3 < Msf::Exploit::Remote     Rank = ExcellentRanking     include Msf::Exploit::Remote::HttpClient     def initialize(info = {}) [...]
Posted in Exploit Tags: Arbitrary, Arch, code, datastore, Execution, Exploit, function, Horde Groupware, info, LICENSE, Metasploit, metasploit framework No Comments »CVE-2011-3544 / ZDI-11-305 – Oracle Java Applet Rhino Script Engine Remote Code Execution
February 13th, 2012 yur4kh4 AUTHORS : Michael Schierl < > juan vazquez < > Edward D. Teach < teach [at] consortium-of-pwners.net > sinn3r < sinn3r [at] metasploit.com > Description : Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7 and 6 Update 27 and earlier allows remote untrusted Java Web Start applications [...]
MaXe/WordPress TimThumb 1.32 Code Execution
January 23rd, 2012 admin # Exploit Title: WordPress TimThumb Plugin – Remote Code Execution # Google Dork: inurl:timthumb ext:php -site:googlecode.com -site:google.com # Date: 3rd August 2011 # Author: MaXe # Software Link: http://timthumb.googlecode.com/svn-history/r141/trunk/timthumb.php # Version: 1.32 # Screenshot: See attachment # Tested on: Windows XP + Apache + PHP (XAMPP) WordPress TimThumb (Theme) Plugin – Remote Code Execution Versions [...]
Posted in Bugs, Dork, Exploit Tags: code, code execution, com, dengan, Execution, Exploit, itu, jauh, Proof, proof of concept, Remote Code Execution, Remote Code Execution Versions, untuk, WordPress, WordPress themes, xFF No Comments »MustLive/Joomla Themes Cross Site Scripting / Denial Of Service
January 23rd, 2012 admin Theme PBV MULTI VirtueMart Theme for component VirtueMart for Joomla: Full path disclosure (WASC-13): http://site/components/com_virtuemart/themes/pbv_multi/scripts/timthumb.php?src=http:// XSS (WASC-08): http://site/components/com_registration/script/timthumb.php?src=1%3Cbody%20onload=alert(document.cookie)%3E Vulnerable to XSS, Full path disclosure, Abuse of Functionality and DoS. Component Handy Photo Album for Joomla: XSS (WASC-08): http://site/components/com_hpalbum/timthumb.php?src=1%3Cbody%20onload=alert(document.cookie)%3E Vulnerable to XSS, Full path disclosure, Abuse of Functionality and DoS. untuk kerentanan dalam beberapa tema untuk [...]
Joomla Discussions Component (com_discussions) SQL Injection Vulnerability
January 23rd, 2012 admin # # Title : Joomla Discussions Component (com_discussions) SQL Injection Vulnerability # Author : Red Security TEAM # Date : 17/01/2012 # Risk : High # Software : http://extensions.joomla.org/extensions/communication/forum/13560 # Tested On : CentOS # Contact : Info [ 4t ] RedSecurity [ d0t ] COM # Home : http://RedSecurity.COM # # Exploit : # [...]
KomaMail Local Path Inclusion
November 29th, 2011 admin # Exploit Title: [KomaMail Local Path Inclusion] # Date: [26/11/2011] # Author: [SnakingMax] # WebSite: [snakingmax.blogspot.com] # Software Link: [http://www.koma-code.de/ProgsZip/KomaMail.zip] # Version: [3.82] # Category: [Local Exploit] # Tested on: [Windows XP (SP3)] # 0-Day Exploit # Thanks to my family, girlfriend and friends. #Exploit # Go to “Create a new User” in the login [...]
Posted in Bugs, Exploit Tags: Author, com, Day, Exploit, KomaMail Local Path Inclusion, Local Exploit, panel, Path, ProofOfConcept, Software, User, UserAccount No Comments »WordPress Zingiri Plugin <= 2.2.3 (ajax_save_name.php) Remote Code Execution
November 14th, 2011 admin Microsoft Excel 2007 SP2 Buffer Overwrite
November 7th, 2011 admin Abysssec Research 1) Advisory information Title : Microsoft Excel 2007 SP2 Buffer Overwrite Vulnerability Analysis : Abysssec.com Vendor : http://www.microsoft.com Impact : Critical Contact : info [at] abysssec.com Twitter : @abysssec Microsoft : A remote code execution vulnerability exists in the way that Microsoft Excel handles specially crafted Excel files. An attacker who successfully exploited [...]
Linux <= 2.6.37-rc1 serial_multiport_struct Local Info Leak Exploit
November 7th, 2011 admin /* Linux
Apache Server 2.3.14 <= Denial of Service Exploit
October 27th, 2011 admin #!/usr/bin/perl -w # Exploit Title: Apache Server 2.3.14 \$xenon,’num=i’ => \$connections,’cache’ => \$cache,’port=i’ => \$port,’https’ => \$ssl,’tcpto=i’ => \$tcpto,’test’ => \$test,’timeout=i’ => \$timeout,’version’ => \$version,); if ($version) { print “Version 1.0\n”; exit; } unless ($host) { print “Test:\n\n\tperl $0 -dns [www.example.com] -test\n”; print “Usage:\n\n\tperl $0 -dns [www.example.com] -port 80 -timeout 100 -num 1000 -tcpto 5 [...]
phpLDAPadmin <= 1.2.1.1 (query_engine) Remote PHP Code Injection
October 27th, 2011 admin ## # $Id: phpldapadmin_query_engine.rb 14062 2011-10-25 16:19:55Z sinn3r $ ## ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit # Framework web site for more information on licensing and terms of use. # http://metasploit.com/framework/ ## require ‘msf/core’ class Metasploit3 < [...]
Joomla YJ Contact us Component Local File Inclusion Vulnerability
October 27th, 2011 admin ================================================================================ – YJ Contact us – Enhanced Joomla Contact Form
Default Image Uploader <+ Shell Upload Vulnrability
October 27th, 2011 admin ===================================================================== .__ .__ __ .__ .___ ____ ___ _________ | | ____ |__|/ |_ |__| __| _/ _/ __ \\ \/ /\____ \| | / _ \| \ __\ ______ | |/ __ \ ___/ > < | |_> > |_( ) || | /_____/ | / /_/ \___ >__/\_ \| __/|____/\____/|__||__| |__\____ \/ \/|__| [...]
Posted in Bugs, Exploit Tags: com, Default, default image, Default Image Uploader, Disclosure, Exploit, Exploit Information Disclosure, image, Information, member, root, Uploader, web No Comments »StarDevelop.LiveHelp <= v2.0 (index.php) Local File Include Vulnerability
September 17th, 2011 admin 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 _ __ __ __ 1 1 /’ \ __ /’__`\ /\ \__ /’__`\ 0 0 /\_, \ ___ /\_\/\_\ \ \ ___\ \ ,_\/\ \/\ \ _ ___ 1 1 \/_/\ \ /’ _ `\ \/\ \/_/_\_> Exploit database separated by exploit 0 0 \/___/ type (local, remote, DoS, etc.) 1 1 1 [...]
