discuz!某自带工具可拿shell

简要描述： discuz!某自带工具，由于使用不当，可以造成webshell。 而且经过调查，使用者数量较大。 详细说明： discuz! 安装包中会自带一个转换工具 convert 这个工具由于存在安全问题，可以拿shell 一般存在网站目录 convert 或 utility/convert 而且经过调查，使用数量还是很大的。 使用前题是data目录可写，这也是这个工具的使用前题。 分析： 文件： utility\convert\include\doconfig.inc.php 中 保存配置，跟踪到saveconfigfile...

CmsEasy后台多处文件包含

简要描述： CmsEasy 存在多处文件包含，可以结合其他漏洞利用，直接GetShell。 详细说明： 第一处，后台自定义——添加表单 先来看看/cmseasy/template/admin/form/addform.php文件： 直接获取到template参数的值 再来看看/cmseasy/lib/admin/formadmin.php 没有判断template参数的值是否合法，是否是在允许的范围内等，直接进行保存。 我们在添加表单时抓包，修改这里template默认的值为我们自己的payload文件boot.php Boot.php文件的内容为 看看数据库存储的内容，直接进行了存储...

ThinkSNS getshell一枚

简要描述： ThinkSNS某处处理不当导致get shell 详细说明： \apps\public\Lib\Action\CommentAction.class.php reply函数 public function reply $var = $GET; $var'initNums' = model'Xdata'-getConfig'weibonums', 'feed'; $var'commentInfo' = model'Comment'-getCommentInfo$var'commentid', false; $var'canrepost' =...

WordPress Blogfolio Shell Upload

Title : WordPress Blogfolio Theme Arbitrary File Upload Author : eX-Sh1Ne Date : 23/11/2013 Category : Web Applications Type : PHP Vendor : http://themify.me/ Download : http://themify.me/themes/blogfolio Greetz : Java Defacer Team - Indonesian Cyber Army - No-Name Crew - Indonesian Hacker Thanks...

WordPress iThemes2 Shell Upload

Title : Wordpress iThemes2 Themes Arbitrary File Upload Author : DevilScreaM Date : 11/20/2013 - 20 November 2013 Category : Web Applications Type : PHP Vendor : http://themify.me/ Link : http://themify.me/themes/ithemes2 Greetz : 0day-id.com | newbie-security.or.id | Borneo Security | Indonesian...

WordPress Suco Shell Upload

Title : Wordpress Suco Themes Arbitrary File Upload Author : DevilScreaM Date : 11/20/2013 - 20 November 2013 Category : Web Applications Type : PHP Vendor : http://themify.me/ Link : http://themify.me/themes/suco Greetz : 0day-id.com | newbie-security.or.id | Borneo Security | Indonesian Securit...

JBoss AS Attacks Up Since Exploit Code Disclosed

Attackers are exploiting a two-year-old vulnerability in JBoss Application Servers that enables a hacker to remotely get a shell on a vulnerable webserver. The number of infections has surged since exploit code called pwn.jsp was publicly disclosed Oct. 4. Researchers at Imperva said that a numbe...

Android 4.3 Superuser Root Privilege Escalation Vulnerability

The Superuser package for Android 4.3 allows a user to spawn /system/xbin/su with manipulated environment variables to execute code as root. Current releases of the CyanogenMod/ClockWorkMod/Koush Superuser package may allow restricted local users to execute arbitrary commands as root in certain,...

Android 4.3 Superuser Root Privilege Escalation

Current releases of the CyanogenMod/ClockWorkMod/Koush Superuser package may allow restricted local users to execute arbitrary commands as root in certain, non-default device configurations. Android 4.3 introduced the concept of "restricted profiles," created through the Settings - Users menu. A...

WordPress ThisWay Shell Upload

. . / / | // | | .. / \ \ \ \ \ / ||| \ | | / \ / |/ | |/ | / | | // | | | | \ / //|| /\ \ ||| / | /\ /// \ \ //|| | / /|| /| ||/|| / / / / || // / / / / || / / Exploit title: WordPress ThisWay theme - Arbitrary File Upload Vulnerability Author: Bet0 Google Dork:...

WordPress MoneyTheme Cross Site Scripting / Shell Upload

Title : Wordpress MoneyTheme Themes XSS / Arbitrary File Upload Author : DevilScreaM Date : 10/27/2013 Category : Web Applications Type : PHP Vendor : http://themesjunction.com Link : http://themesjunction.com/theme/moneywordpresstemplate-17129.html Greetz : 0day-id.com | newbie-security.or.id |...

CVE-2013-0694

The Emerson Process Management ROC800 RTU with software 3.50 and earlier, DL8000 RTU with software 2.30 and earlier, and ROC800L RTU with software 1.20 and earlier have hardcoded credentials in a ROM, which makes it easier for remote attackers to obtain shell access to the underlying OS by...

Hardcoded credentials

The Emerson Process Management ROC800 RTU with software 3.50 and earlier, DL8000 RTU with software 2.30 and earlier, and ROC800L RTU with software 1.20 and earlier have hardcoded credentials in a ROM, which makes it easier for remote attackers to obtain shell access to the underlying OS by...

CVE-2013-0694

CVE-2013-0694 concerns hardcoded credentials in ROMs of Emerson ROC800 RTU family: ROC800 (v3.50 and earlier), DL8000 (v2.30 and earlier), and ROC800L (v1.20 and earlier). The underlying flaw enables remote attackers to obtain a shell on the OS by exploiting ROM contents known from a device insta...

CVE-2013-0694

The Emerson Process Management ROC800 RTU with software 3.50 and earlier, DL8000 RTU with software 2.30 and earlier, and ROC800L RTU with software 1.20 and earlier have hardcoded credentials in a ROM, which makes it easier for remote attackers to obtain shell access to the underlying OS by...

Discuz! 后台第三方插件上传任意后缀文件拿shell（某插件导致）

简要描述： Discuz!利用插件拿Discuz!论坛shell的文章：http://zone.wooyun.org/content/5275 拿shell，我在这篇文章里面用到的插件是zend加密的，可能有系统不支持。 今天谈的这个利用插件拿shell，是未加密的插件，基本都支持吧，不挑版本系统。 另外有小伙伴说，安装插件需要 安全密码，确实有的论坛需要安全密码。 绕过安全密码第一版：http://www.wooyun.org/bugs/wooyun-2013-032644 我已经提交给官方了，所以失效了。 但是我后续还会上 绕过安全密码第二版。 详细说明：...

PCMAN FTP 2.07 STOR Command - Buffer Overflow Exploit

Exploit for windows platform in category remote exploits !/usr/bin/python Exploit Title: PCMAN FTP 2.07 STOR Command - buffer overflow Date: 18 Agosto 2013 Exploit Author: Christian Polunchis Ramirez https://intrusionlabs.org Contact: email protected Version: PCMAN FTP 2.07 STOR Command Tested on...

AVAST Antivirus v8.0.1489 - Multiple Core Vulnerabilities

Document Title: =============== AVAST Antivirus v8.0.1489 - Multiple Core Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=963 Release Date: ============= 2013-06-29 Vulnerability Laboratory ID VL-ID: ==================================== 9...

CVE-2013-3379

The firewall subsystem in Cisco TelePresence TC Software before 4.2 does not properly implement rules that grant access to hosts, which allows remote attackers to obtain shell access with root privileges by leveraging connectivity to the management network, aka Bug ID CSCts37781...

IBM QRadar SIEM command injection vulnerability

Overview IBM QRadar SIEM software contains a command injection vulnerability that allows an authenticated user to execute operating system commands on the QRadar device. Description The IBM security bulletin for CVE-2013-2970 states:A command injection vulnerability has been discovered within the...