It has been a long time since Token Kidnapping presentation (http://www.argeniss.com/research/TokenKidnapping.pdf)
was published so I decided to release a PoC exploit for Win2k3 that alows to execute code under SYSTEM account.
Basically if you can run code under any service in Win2k3 then you can own Windows, this is because Windows services accounts can impersonate. Other process (not services) that can impersonate are IIS 6 worker processes so if you can run code from an ASP .NET or classic ASP web application then you can own Windows too. If you provide shared hosting services then I would recomend to not allow users to run this kind of code from ASP.
was published so I decided to release a PoC exploit for Win2k3 that alows to execute code under SYSTEM account.
Basically if you can run code under any service in Win2k3 then you can own Windows, this is because Windows services accounts can impersonate. Other process (not services) that can impersonate are IIS 6 worker processes so if you can run code from an ASP .NET or classic ASP web application then you can own Windows too. If you provide shared hosting services then I would recomend to not allow users to run this kind of code from ASP.
October 9, 2008 08:47 | by
MS Windows GDI (EMR_COLORMATCHTOTARGETW) Exploit MS08-021
EMR_COLORMATCHTOTARGETW stack buffer overflow exploit
By Ac!dDrop
This is one of the 2 Vulnerabilities of MS08-021
EMR_COLORMATCHTOTARGETW stack buffer overflow exploit
By Ac!dDrop
This is one of the 2 Vulnerabilities of MS08-021
PhpCms2007 sp6 SQL injection 0day
MS Internet Explorer GDI+ Proof of Concept (MS08-052)
文章作者:friddy
信息来源:邪恶八进制信息安全团队(www.eviloctal.com)
注:文章首发Friddy的罐子,后由原创作者友情提交到邪恶八进制信息安全团队讨论组,转载请著名首发站点。
本文章只含有漏洞存在的证明,效果是运行计算器的程序,不含有攻击性代码!
信息来源:邪恶八进制信息安全团队(www.eviloctal.com)
注:文章首发Friddy的罐子,后由原创作者友情提交到邪恶八进制信息安全团队讨论组,转载请著名首发站点。
本文章只含有漏洞存在的证明,效果是运行计算器的程序,不含有攻击性代码!
仅仅在 Apple 升级播放器堵上九个严重安全漏洞之后的一个星期,一个暂无补丁的 Apple QuickTime 缺陷就于星期二被发布在 milw0rm.com 网站上。
该溢出程序利用了 QuickTime 处理
该程序目前只是使得 QuickTime 崩溃,但问题远比这严重。该程序暗示了漏洞有可能导致任意代码的执行,这可能导致严重的安全隐患,因为攻击者可在网站上嵌入一个恶意文件来触发该漏洞。
但就连这个发布者自己也不大肯定。milw0rm.com 上写着“可能”允许执行任意代码。
该溢出程序利用了 QuickTime 处理
<? quicktime type= ?>
参数时未能正确处理超长字符串的漏洞。该程序目前只是使得 QuickTime 崩溃,但问题远比这严重。该程序暗示了漏洞有可能导致任意代码的执行,这可能导致严重的安全隐患,因为攻击者可在网站上嵌入一个恶意文件来触发该漏洞。
但就连这个发布者自己也不大肯定。milw0rm.com 上写着“可能”允许执行任意代码。
September 19, 2008 10:58 | by
Maxthon Browser 2.1.4.443 UNICODE Remote Denial of Service PoC
[
September 12, 2008 08:48 | by !4p47hy ]
Maxthon Browser 2.1.4.443 UNICODE Remote Denial of Service PoC
Summary: Maxthon Browser is a powerful tabbed browser built for all users. Besides basic browsing functionality, Maxthon Browser provides a rich set of features to improve your surfing experience.
Product web page: http://www.maxthon.com
Summary: Maxthon Browser is a powerful tabbed browser built for all users. Besides basic browsing functionality, Maxthon Browser provides a rich set of features to improve your surfing experience.
Product web page: http://www.maxthon.com
1、注册一个用户,用户名script,密码123456
2、发布一篇日志,日志标题:测试一下
3、个人前台首页找到日志"测试一下",点"推荐"
4、个人后台管理,选择"常用"选项中的"推荐日志",然后点"测试一下"日志后面的修改,把摘要内容修改成:
2、发布一篇日志,日志标题:测试一下
3、个人前台首页找到日志"测试一下",点"推荐"
4、个人后台管理,选择"常用"选项中的"推荐日志",然后点"测试一下"日志后面的修改,把摘要内容修改成:
Wordpress 2.6.1 (SQL Column Truncation) Admin Takeover Exploit
[ September 11, 2008 09:16 | by !4p47hy ]
Wordpress 2.6.1 (SQL Column Truncation) Admin Takeover Exploit
Google Chrome Browser 0.2.149.27 Automatic File Download Exploit
[ September 5, 2008 09:00 | by !4p47hy ]
Author: nerex
E-mail: nerex[at]live[dot]com
Google's new Web browser (Chrome) allows files (e.g., executables) to be automatically downloaded to the user's computer without any user prompt.
E-mail: nerex[at]live[dot]com
Google's new Web browser (Chrome) allows files (e.g., executables) to be automatically downloaded to the user's computer without any user prompt.
################################################## ####################################
# #
# Authors: Dante90, WaRWolFz Crew #
# T0T4L, Ex Member Crew #
# Title: XSS Private Messagging On PhpBB3 By Dante90 [0-Day & Priv8] #
# MSN: dante90.dmc4@hotmail.it #
# Web: www.warwolfz.org #
# Description: XSS (Cross Site Scripting), Grab Status: 100%. #
# #
################################################## ####################################
XSS Private Messagging On PhpBB3 By Dante90 [0-Day & Priv8]
# #
# Authors: Dante90, WaRWolFz Crew #
# T0T4L, Ex Member Crew #
# Title: XSS Private Messagging On PhpBB3 By Dante90 [0-Day & Priv8] #
# MSN: dante90.dmc4@hotmail.it #
# Web: www.warwolfz.org #
# Description: XSS (Cross Site Scripting), Grab Status: 100%. #
# #
################################################## ####################################
XSS Private Messagging On PhpBB3 By Dante90 [0-Day & Priv8]
FlashGet 1.9 (FTP PWD Response) 0day Remote Buffer Overflow PoC Exploit
[
August 14, 2008 11:30 | by !4p47hy ]
#!/usr/bin/python
# FlashGet 1.9 (FTP PWD Response) 0day Remote Buffer Overflow PoC Exploit
# Bug discovered by Krystian Kloskowski (h07)
# Testen on: FlashGet 1.9 / XP SP2 Polish
# Product URL: http://www.flashget.com/en/download.htm?uid=undefined
# Details:..
# FlashGet 1.9 (FTP PWD Response) 0day Remote Buffer Overflow PoC Exploit
# Bug discovered by Krystian Kloskowski (h07)
# Testen on: FlashGet 1.9 / XP SP2 Polish
# Product URL: http://www.flashget.com/en/download.htm?uid=undefined
# Details:..
