Open Redirect

Overview st is a module for serving static files. An attacker is able to craft a request that results in an HTTP 301 redirect to an entirely different domain. A request for: http://some.server.com//nodesecurity.org/%2e%2e would result in a 301 to //nodesecurity.org/%2e%2e which most browsers trea...

ALPINE-CVE-2017-14159

slapd in OpenLDAP 2.4.45 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a "kill cat /pathname" command, ...

FreeBSD : phpmailer -- XSS in code example and default exeception handler (c5d79773-8801-11e7-93f7-d43d7e971a1b)

PHPMailer reports : Fix XSS vulnerability in one of the code examples, CVE-2017-11503. The codegenerator.phps example did not filter user input prior to output. This file is distributed with a .phps extension, so it it not normally executable unless it is explicitly renamed, so it is safe by...

An ssh-agent for every domain: SSHecret

If you have an encrypted ssh key for each domain you access you should, and you keep your unlocked keys in a single ssh-agent you maybe shouldn’t, AND you’ve ever decided you need to forward your ssh-agent, then you should feel bad. If you forward an ssh-agent with all your unique keys for every...

jwt-cracker - Simple HS256 JWT Token Brute Force Cracker

Simple HS256 JWT token brute force cracker. Effective only to crack JWT tokens with weak secrets. Recommendation : Use strong long secrets or RS256 tokens. Install With npm: npm install --global jwt-cracker Usage From command line: jwt-cracker Where: token : the full HS256 JWT token string to cra...

Muviko 1.0 SQL Injection

Exploit Title: Muviko - Video CMS v1.0 a 'q' Parameter SQL Injection Date: 02.08.2017 Vendor Homepage: https://muvikoscript.com/ Exploit Author: Kaan KAMIS Contact: iletisimatk2andotcom Website: http://k2an.com Category: Web Application Exploits Overview Muviko is a movie & video content manageme...

Muviko 1.0 - q SQL Injection

Muviko 1.0 - q SQL Injection Exploit Title: Muviko - Video CMS v1.0 – 'q' Parameter SQL Injection Date: 02.08.2017 Vendor Homepage: https://muvikoscript.com/ Exploit Author: Kaan KAMIS Contact: iletisimatk2andotcom Website: http://k2an.com Category: Web Application Exploits Overview Muviko is a...

EDUMOD Pro 1.3 - SQL Injection

EDUMOD Pro 1.3 - SQL Injection Exploit Title: School Management System | EDUMOD Pro v1.3 – SQL Injection Date: 02.08.2017 Vendor Homepage: https://codecanyon.net/item/school-management-system-edumod-pro/19764430?srank=288 Exploit Author: Kaan KAMIS Contact: iletisimatk2andotcom Website:...

phpmailer -- XSS in code example and default exeception handler

PHPMailer reports: Fix XSS vulnerability in one of the code examples, CVE-2017-11503. The codegenerator.phps example did not filter user input prior to output. This file is distributed with a .phps extension, so it it not normally executable unless it is explicitly renamed, so it is safe by...

XSS vulnerability in code example

SECURITY Fix XSS vulnerability in one of the code examples, CVE-2017-11503. The codegenerator.phps example did not filter user input prior to output. This file is distributed with a .phps extension, so it it not normally executable unless it is explicitly renamed, so it is safe by default. There...

DEBIAN-CVE-2017-11173

Missing anchor in generated regex for rack-cors before 0.4.1 allows a malicious third-party site to perform CORS requests. If the configuration were intended to allow only the trusted example.com domain name and not the malicious example.net domain name, then example.com.example.net as well as...

UBUNTU-CVE-2017-11173

Missing anchor in generated regex for rack-cors before 0.4.1 allows a malicious third-party site to perform CORS requests. If the configuration were intended to allow only the trusted example.com domain name and not the malicious example.net domain name, then example.com.example.net as well as...

Network OSINT Gathering Tool: XRay

XRay is a tool for network OSINT gathering, its goal is to make some of the initial tasks of information gathering and network mapping automatic. How Does it Work? XRay is a very simple tool, it works this way: 1. It’ll bruteforce subdomains using a wordlist and DNS requests. 2. For every...

Lepide Auditor Suite - createdb() Web Console Database Injection Remote Code Execution Exploit

Exploit for php platform in category remote exploits !/usr/bin/python """ Lepide Auditor Suite createdb Web Console Database Injection Remote Code Execution Vulnerability Vendor: http://www.lepide.com/ File: lepideauditorsuite.zip SHA1: 3c003200408add04308c04e3e0ae03b7774e4120 Download:...

CVE-2017-10788

CVE-2017-10788 affects the DBD::mysql Perl module (up to at least 4.043). A remote attacker can trigger a use-after-free condition or cause an application crash by exploiting certain error responses from MySQL or a lost network connection. The use-after-free defect was introduced by incorrect Ora...

WMI Command Shell Wrapper: WMIcmd

WMI Command Shell Wrapper When doing low impact investigations and other similar activities you may want to minimize what is written to disk / obvious. This tool allows us to execute commands via WMI and get information not otherwise available via this channel. Purpose A small utility which only...

durell.co.uk XSS vulnerability

Vulnerable URL: http://durell.co.uk/programservices/onlinesystemmanual/files/page-viewer.asp?pagetitle=Spreadsheet,%20Example%20to%20List%20Fees%20Financial%20Adviser=1288%22--!%3E%3CSvg/Onload=confirmOPENBUGBOUNTY%3E%22=files/Spreadsheet,%20Example%20to%20List%20Fees%20Financial%20Adviser.htm...

Pwntools - CTF Framework And Exploit Development Library

pwntools is a CTF framework and exploit development library. Written in Python, it is designed for rapid prototyping and development, and intended to make exploit writing as simple as possible. from pwn import contextarch = 'i386', os = 'linux' r = remote'exploitme.example.com', 31337 EXPLOIT COD...

example: Heap-buffer-overflow in DoStuff

Detailed report: https://oss-fuzz.com/testcase?key=6201271579049984 Project: example Fuzzer: libFuzzerexampledostufffuzzer Fuzz target binary: dostufffuzzer Job Type: libfuzzerasanexample Platform Id: linux Crash Type: Heap-buffer-overflow READ 4 Crash Address: 0x60a000000314 Crash State: DoStuff...

Cloudera HUE Session cookies stored in the database

User session cookies are stored in the database. Combined with the vulnerability related to configuration file which is world readable, it is possible to spoof a user across the entire cluster launching jobs and browsing the datalake, without having to crack password hashes. Cookies are stored in...