Drupal 7.0 < 7.31 - Drupalgeddon SQL Injection (Admin Session) Exploit

Exploit for php platform in category web applications //· include 'common.inc'; include 'password.inc'; // set values $username = 'admin'; $url = isset$argv1?$argv1:''; $userid = isset$argv2?intval$argv2:1; if $url == '-h' echo "usage:\n"; echo $argv0.' $url $userid'."\n"; die; if empty$url ||...

Kaltura Remote PHP Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Kaltura Remote PHP Code Execution over Cookie', 'Description' = %q This module exploits an Object Injection vulnerability in Kaltura. By exploiti...

Kaltura Remote PHP Code Execution over Cookie

This module exploits an Object Injection vulnerability in Kaltura. By exploiting this vulnerability, unauthenticated users can execute arbitrary code under the context of the web server user. Kaltura makes use of a hardcoded cookie secret which allows to sign arbitrary cookie data. After passing...

Kaltura 11.1.0-2 - Remote Code Execution (Metasploit)

Exploit for php platform in category remote exploits This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Kaltura Remote PHP Code Execution', 'Description' = %q This module exploits an Object Injecti...

Kaltura 11.1.0-2 - Remote Code Execution (Metasploit)

Kaltura 11.1.0-2 - Remote Code Execution Metasploit This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Kaltura Remote PHP Code Execution', 'Description' = %q This module exploits an Object Injectio...

Kaltura Remote PHP Code Execution

This module exploits an Object Injection vulnerability in Kaltura. By exploiting this vulnerability, unauthenticated users can execute arbitrary code under the context of the web server user. Kaltura has a module named keditorservices that takes user input and then uses it as an unserialized...

http-vuln-cve2014-3704 NSE Script

Exploits CVE-2014-3704 also known as 'Drupageddon' in Drupal. Versions 7.32 of Drupal core are known to be affected. Vulnerability allows remote attackers to conduct SQL injection attacks via an array containing crafted keys. The script injects new Drupal administrator user via login form and the...

Cross-Site-Scripting &#40;XSS&#41; in tcllib&#39;s html::textarea

SektionEins GmbH www.sektioneins.de -= Security Advisory =- Advisory: Cross-Site-Scripting XSS in tcllib's html::textarea Release Date: 26 February 2015 Last Modified: 26 February 2015 Author: Ben Fuhrmannek ben.fuhrmannekatsektioneins.de Application: tcllib - Tcl standard library - versions 1.0....

Tcl 1.16 Cross Site Scripting

SektionEins GmbH www.sektioneins.de -= Security Advisory =- Advisory: Cross-Site-Scripting XSS in tcllib's html::textarea Release Date: 26 February 2015 Last Modified: 26 February 2015 Author: Ben Fuhrmannek ben.fuhrmannekatsektioneins.de Application: tcllib - Tcl standard library - versions 1.0....

Drupal < 7.32 Pre Auth SQL Injection

No description provided by source. ?php // // / / / // / / // \ / / /// / / / / / / / / / // / / / , / // / // / / / / // / / / // ////||//// ///// /// // Poc for Drupal Pre Auth SQL Injection - c 2014 SektionEins // // created by Stefan Horst [email protected] // and Stefan Esser...

Drupal 7.0 7.31 - Drupalgeddon SQL Injection (Remote Code Execution)

Drupal 7.0 7.31 - Drupalgeddon SQL Injection Remote Code Execution // and Stefan Esser //· include 'common.inc'; include 'password.inc'; // set values $userid = 0; $username = ''; $codeinject = 'phpinfo;sessiondestroy;die"";'; $url = isset$argv1?$argv1:''; $code = isset$argv2?$argv2:''; if $url =...

Drupal 7.0 &lt; 7.31 - &#039;Drupalgeddon&#039; SQL Injection (Remote Code Execution)

// and Stefan Esser //· include 'common.inc'; include 'password.inc'; // set values $userid = 0; $username = ''; $codeinject = 'phpinfo;sessiondestroy;die"";'; $url = isset$argv1?$argv1:''; $code = isset$argv2?$argv2:''; if $url == '-h' echo "usage:\n"; echo $argv0.' $url $code|$file'."\n"; die; ...

Drupal 7.0 &lt; 7.31 - &#039;Drupalgeddon&#039; SQL Injection (Admin Session)

//· include 'common.inc'; include 'password.inc'; // set values $username = 'admin'; $url = isset$argv1?$argv1:''; $userid = isset$argv2?intval$argv2:1; if $url == '-h' echo "usage:\n"; echo $argv0.' $url $userid'."\n"; die; if empty$url || strpos$url,'https' === False echo "please state the cook...

Drupal HTTP Parameter Key/Value SQL Injection Vulnerability

This Metasploit module exploits the Drupal HTTP Parameter Key/Value SQL Injection aka Drupageddon in order to achieve a remote shell on the vulnerable instance. This Metasploit module was tested against Drupal 7.0 and 7.31 was fixed in 7.32. This module requires Metasploit:...

Internet Bug Bounty: Drupal 7 pre auth sql injection and remote code execution

Motivation I found a SQL Injection bug in Drupal $value ... $newkeys$key . '' . $i = $value; The function assumes that it is called with an array which has no keys. Example: dbquery"SELECT FROM users where name IN :name", array':name'=array'user1','user2'; Which results in this SQL Statement SELE...

PHP Secure Configuration Checker - Check current PHP configuration for potential security flaws

Among the most tedious tasks of PHP security testing is the check for insecure PHP configuration. As a successor of our PHP Security Poster, we have created a script to help system administrators as well as security professionals to assess the state of php.ini and related topics as quickly and as...

PHP openssl_x509_parse() - Memory Corruption Vulnerability

No description provided by source. SektionEins GmbH www.sektioneins.de -= Security Advisory =- Advisory: PHP opensslx509parse Memory Corruption Vulnerability Release Date: 2013/12/13 Last Modified: 2013/12/13 Author: Stefan Esser stefan.esseratsektioneins.de Application: PHP 4.0.6 - PHP 4.4.9 PHP...

Internet Bug Bounty: SPL ArrayObject/SPLObjectStorage Unserialization Type Confusion Vulnerabilities

This vulnerability was reported directly to the PHP development team. A detailed summary is available here: https://www.sektioneins.de/en/blog/14-08-27-unserialize-typeconfusion.html...

Warning: Malware Campaign targeting Jailbroken Apple iOS Devices

A new piece of malicious malware infection targeting jailbroken Apple iOS devices in an attempt to steal users’ credentials, has been discovered by Reddit users. The Reddit Jailbreak community discovered the malicious infection dubbed as ‘Unflod Baby Panda’, on some jailbroken Apple iOS devices o...

Advisory 01/2013: PHP openssl_x509_parse&#40;&#41; Memory Corruption Vulnerability

SektionEins GmbH www.sektioneins.de -= Security Advisory =- Advisory: PHP opensslx509parse Memory Corruption Vulnerability Release Date: 2013/12/13 Last Modified: 2013/12/13 Author: Stefan Esser stefan.esseratsektioneins.de Application: PHP 4.0.6 - PHP 4.4.9 PHP 5.0.x PHP 5.1.x PHP 5.2.x PHP 5.3....