Pages: 3/11 First page Previous page 1 2 3 4 5 6 7 8 9 10 11 Next page Final page [ View by Articles | List ]

Cain & Abel 4.9.23 (rdp file) Buffer Overflow PoC

  [晴 December 1, 2008 10:25 | by !4p47hy ]
[www.sebug.net]
The following procedures (methods) may contain something offensive,they are only for security researches and teaching , at your own risk!
Tags: , , , , ,

Discuz! admindatabase.inc.php get-webshell bug

  [晴 November 29, 2008 20:45 | by !4p47hy ]
Author: ring04h
Team:http://www.80vul.com

由于Discuz!的admin\database.inc.php里action=importzip解压zip文件时,导致可以得到webshell.
Tags: , , , ,

Discuz! 6.1 xss2webshell Exploit

  [多云 November 27, 2008 11:39 | by !4p47hy ]
Discuz! 6.1 xss2webshell Exploit
Tags: , , , , ,

Discuz! 6.x/7.x SODB-2008-13 Exp

  [多云 November 15, 2008 20:08 | by !4p47hy ]
SODB-2008-13 Discuz! $_DCACHE数组变量覆盖漏洞
Tags: , , , ,

PhpCms2007 sp6 v 0day (wenba)

  [晴 November 10, 2008 15:05 | by !4p47hy ]
作者:oldjun
早前在phpcms 0day频发的时候写的这个exp,藏着这个exp藏了一个多月吧,也没有拿它去打站,一直丢在我硬盘里,今天看到11期的黑防公布了,于是我也丢出来吧:
Tags: , , , , , ,

Discuz! $_DCACHE数组变量覆盖漏洞

  [多云 November 9, 2008 10:47 | by !4p47hy ]
Author: ryat_at_www.wolvez.org

由于Discuz! 的wap\index.php调用Chinese类里Convert方法在处理post数据时不当忽视对数组的处理,可使数组被覆盖为NULL.当覆盖$_DCACHE时导致导致xss sql注射 代码执行等众多严重的安全问题.
Tags: , , , , ,

Discuz! admin unwizard.inc.php get-webshell bug

  [晴 November 4, 2008 09:08 | by !4p47hy ]
Author: 80vul-A  Team:http://www.80vul.com

由于Discuz!的admin\runwizard.inc.php里saverunwizardhistory()写文件操作没有限制导致执行代码漏洞.
Tags: , , , , , ,

微软MS08-067远程控制漏洞测试

  [晴 October 28, 2008 17:54 | by !4p47hy ]
来源:IT 专家网
最近,微软爆出一个安全级别为“严重”高危漏洞——MS08-067。据微软官方解释“这是Windows操作系统下的Server服务在处理RPC请求过程中存在的一个严重漏洞,远程攻击者可以通过发送恶意RPC请求触发这个溢出,导致完全入侵用户系统,并以SYSTEM权限执行任意指令并获取数据,造成系统失窃及系统崩溃等严重问题。

MS08-067 Exploit for CN 2k/xp/2003 bypass version

  [多云 October 27, 2008 19:52 | by !4p47hy ]
MS08-067 Exploit for CN 2k/xp/2003 bypass version

PS:据说成功率非常高的 EXP ···
In vstudio command prompt:

  mk.bat

next:

  attach debugger to services.exe (2k) or the relevant svchost (xp/2k3/...)
Tags: , , , , , , ,

利用MS08-058攻击Google

  [阴 October 21, 2008 13:05 | by !4p47hy ]
来自:80sec

漏洞说明:Google是全球最大的搜索引擎。同时Google拥有其他庞大的WEB应用程序产品线,涉及EMAIL、BLOG、在线文档、个人主页、电子地图、论坛、RSS等互联网几乎所有的应用业务。80sec发现Google提供的图片搜索服务存在安全问题,结合IE浏览器的MS08-058漏洞可以造成整站的跨站脚本漏洞,几乎可以控制所有的Google服务和获得目标用户的认证信息。
Vulnerable:
Tru-Zone NukeET 3.4
FCKeditor FCKeditor 2.4.3
FCKeditor FCKeditor 2.0 rc3
Tags: , , , , , ,

快客电邮(QuarkMail)远程命令执行漏洞

  [晴 October 12, 2008 15:36 | by !4p47hy ]
来自:80Sec

漏洞说明:快客电邮(QuarkMail)是北京雄智伟业科技公司推出的电子邮件系统,被广泛用于各个领域的电子邮件解决方案,其webmail部分使用perl cgi编写,但是80sec在其系统中发现一个重大的安全漏洞,导致远程用户可以在邮件系统上以当前进程身份执行任意命令,从而进一步控制主机或者系统。

MS Windows 2003 Token Kidnapping Local Exploit PoC

  [阴 October 9, 2008 12:40 | by !4p47hy ]
It has been a long time since Token Kidnapping presentation (http://www.argeniss.com/research/TokenKidnapping.pdf)
was published so I decided to release a PoC exploit for Win2k3 that alows to execute code under SYSTEM account.

Basically if you can run code under any service in Win2k3 then you can own Windows, this is because Windows services accounts can impersonate.  Other process (not services) that can impersonate are IIS 6 worker processes so if you can run code from an ASP .NET or classic ASP web application then you can own Windows too. If you provide shared hosting services then I would recomend to not allow users to run this kind of code from ASP.
Pages: 3/11 First page Previous page 1 2 3 4 5 6 7 8 9 10 11 Next page Final page [ View by Articles | List ]