25 lines
No EOL
987 B
Text
25 lines
No EOL
987 B
Text
Here is a bug that I finally found time to write about :-)
|
|
|
|
https://infosecabsurdity.wordpress.com/2013/02/09/iris-citations-management-tool-post-auth-remote-command-execution/
|
|
|
|
The attached contains my mini framework, exploit and screenshot.
|
|
|
|
Cheers!
|
|
|
|
~ aeon
|
|
|
|
# I Read It Somewhere (IRIS) <= v1.3 (post auth) Remote Command Execution
|
|
# download: http://ireaditsomewhere.googlecode.com
|
|
# Notes:
|
|
# - Found this in my archive, duno how long this has been 0Day for... but I had no use for it obviously.
|
|
# - Yes! ..the code is disgusting, but does the job
|
|
# - Sorry if I ripped your code, it worked for me and I dont reinvent wheels so thank you!
|
|
# ~ aeon (https://infosecabsurdity.wordpress.com/)
|
|
#
|
|
# Exploit requirements:
|
|
# ~~~~~~~~~~~~~~~~~~~~~
|
|
#
|
|
# - A valid account as at least a user
|
|
# - The target to have outgoing internet connectivity
|
|
|
|
Exploit-DB Mirror: https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/bin-sploits/24480.tar.gz |