Bug&Exp
It has been a long time since Token Kidnapping presentation (http://www.argeniss.com/research/TokenKidnapping.pdf)
was published so I decided to release a PoC exploit for Win2k3 that alows to execute code under SYSTEM account.
Basically if you can run code under any service in Win2k3 then you can own Windows, this is because Windows services accounts can impersonate. Other process (not services) that can impersonate are IIS 6 worker processes so if you can run code from an ASP .NET or classic ASP web application then you can own Windows too. If you provide shared hosting services then I would recomend to not allow users to run this kind of code from ASP.
was published so I decided to release a PoC exploit for Win2k3 that alows to execute code under SYSTEM account.
Basically if you can run code under any service in Win2k3 then you can own Windows, this is because Windows services accounts can impersonate. Other process (not services) that can impersonate are IIS 6 worker processes so if you can run code from an ASP .NET or classic ASP web application then you can own Windows too. If you provide shared hosting services then I would recomend to not allow users to run this kind of code from ASP.
October 9, 2008 08:47 | by
Serv-U 7.2.0.1 Remote FTP File Replacement Vulnerability (auth)
[
October 4, 2008 11:08 | by !4p47hy ]
Serv-U 7.2.0.1 Remote FTP File Replacement Vulnerability (auth)
#Serv-U 7.2.0.1 ftp file replacement
#user must have upload permissions
#
#(x) dmnt 2008-10-01
#Serv-U 7.2.0.1 ftp file replacement
#user must have upload permissions
#
#(x) dmnt 2008-10-01
MS Windows GDI (EMR_COLORMATCHTOTARGETW) Exploit MS08-021
EMR_COLORMATCHTOTARGETW stack buffer overflow exploit
By Ac!dDrop
This is one of the 2 Vulnerabilities of MS08-021
EMR_COLORMATCHTOTARGETW stack buffer overflow exploit
By Ac!dDrop
This is one of the 2 Vulnerabilities of MS08-021
PhpCms2007 sp6 SQL injection 0day
MS Internet Explorer GDI+ Proof of Concept (MS08-052)
文章作者:friddy
信息来源:邪恶八进制信息安全团队(www.eviloctal.com)
注:文章首发Friddy的罐子,后由原创作者友情提交到邪恶八进制信息安全团队讨论组,转载请著名首发站点。
本文章只含有漏洞存在的证明,效果是运行计算器的程序,不含有攻击性代码!
信息来源:邪恶八进制信息安全团队(www.eviloctal.com)
注:文章首发Friddy的罐子,后由原创作者友情提交到邪恶八进制信息安全团队讨论组,转载请著名首发站点。
本文章只含有漏洞存在的证明,效果是运行计算器的程序,不含有攻击性代码!
September 19, 2008 10:58 | by
Maxthon Browser 2.1.4.443 UNICODE Remote Denial of Service PoC
[
September 12, 2008 08:48 | by !4p47hy ]
Maxthon Browser 2.1.4.443 UNICODE Remote Denial of Service PoC
Summary: Maxthon Browser is a powerful tabbed browser built for all users. Besides basic browsing functionality, Maxthon Browser provides a rich set of features to improve your surfing experience.
Product web page: http://www.maxthon.com
Summary: Maxthon Browser is a powerful tabbed browser built for all users. Besides basic browsing functionality, Maxthon Browser provides a rich set of features to improve your surfing experience.
Product web page: http://www.maxthon.com
1、注册一个用户,用户名script,密码123456
2、发布一篇日志,日志标题:测试一下
3、个人前台首页找到日志"测试一下",点"推荐"
4、个人后台管理,选择"常用"选项中的"推荐日志",然后点"测试一下"日志后面的修改,把摘要内容修改成:
2、发布一篇日志,日志标题:测试一下
3、个人前台首页找到日志"测试一下",点"推荐"
4、个人后台管理,选择"常用"选项中的"推荐日志",然后点"测试一下"日志后面的修改,把摘要内容修改成:
Wordpress 2.6.1 (SQL Column Truncation) Admin Takeover Exploit
[ September 11, 2008 09:16 | by !4p47hy ]
Wordpress 2.6.1 (SQL Column Truncation) Admin Takeover Exploit
Google Chrome Browser 0.2.149.27 Automatic File Download Exploit
[ September 5, 2008 09:00 | by !4p47hy ]
Author: nerex
E-mail: nerex[at]live[dot]com
Google's new Web browser (Chrome) allows files (e.g., executables) to be automatically downloaded to the user's computer without any user prompt.
E-mail: nerex[at]live[dot]com
Google's new Web browser (Chrome) allows files (e.g., executables) to be automatically downloaded to the user's computer without any user prompt.
