9e738d6dae
3 changes to exploits/shellcodes CloudMe Sync 1.11.2 - Buffer Overflow + Egghunt Microsoft Windows VCF or Contact' File - URL Manipulation-Spoof Arbitrary Code Execution PHP Dashboards NEW 5.8 - Local File Inclusion PHP Uber-style GeoTracking 1.1 - SQL Injection Adianti Framework 5.5.0 - SQL Injection PHP Dashboards NEW 5.8 - Local File Inclusion PHP Uber-style GeoTracking 1.1 - SQL Injection Adianti Framework 5.5.0 - SQL Injection Joomla! Component Easy Shop 1.2.3 - Local File Inclusion
21 lines
No EOL
686 B
Text
21 lines
No EOL
686 B
Text
# Exploit Title: Microsoft Windows 'VCF' or 'Contact' File URL Manipulation-Spoof Arbitrary Code Execution Vulnerability -- Remote Vector
|
|
|
|
# Google Dork: N/A
|
|
|
|
# Date: January, 21 2019
|
|
|
|
# Exploit Author: Eduardo Braun Prado
|
|
|
|
# Vendor Homepage: http://www.microsoft.com/
|
|
|
|
# Software Link: http://www.microsoft.com/
|
|
|
|
# Version: Windows 7 SP1, 8.1, 10 v.1809 with full patches up to January 2019. both x86 and x64 architectures.
|
|
|
|
# Tested on: Windows 7 SP1, 8.1, 10 v.1809 with full patches up to January 2019. both x86 and x64 architectures.
|
|
|
|
# CVE : n/a
|
|
|
|
|
|
Proof of Concept:
|
|
https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/46220.zip |