标签 ‘Exploit’ 下的日志

超星浏览器4.0漏洞0day & Exp

2008/09/21 23:07 | 鬼仔 | 技术文章 | 消灭0回复

文章作者:friddy
信息来源:邪恶八进制信息安全团队(www.eviloctal.com

注:文章首发Friddy的罐子,后由原创作者友情提交到邪恶八进制信息安全团队讨论组,转载请著名首发站点。

本文章只含有漏洞存在的证明,效果是运行计算器的程序,不含有攻击性代码!

去年11月出的漏洞是在target.Register(ok,buffer)上,这次的缓冲区溢出出在target.LoadPage(buffer ,1 ,1 ,1)

漏洞位置:clsid:7F5E27CE-4A5C-11D3-9232-0000B48A05B2的LoadPage函数发生缓冲区溢出
漏洞告警: ACCESS_VIOLATION
Disasm: 41414141    ?????    ()
阅读全文 »

Tags: , ,

Wordpress 2.6.1 (SQL Column Truncation) Admin Takeover Exploit

2008/09/11 1:43 | 鬼仔 | 工具收集 | 消灭0回复

#!/usr/bin/php
<?php
# ------------------------------------------------------------
# quick'n'dirty wordpress admin-take0ver poc
# by iso^kpsbr in august 2oo8
#
# works w/ wordpress 2.6.1
#
# .oO( private -- do not spread! )Oo.
#
# you'll have to make sure you run roughly the same
# php version as on the server, that is: if server
# is >=5.2.1 you'll need to be as well, in case
# server is <5.2.1, your php also needs to be below.
# to make sure it works you'll need the exact same version!
# also, mod_php works better than (f)cgi..
# (this is a first working version - not a very reliable one)
阅读全文 »

Tags: , ,

Google Chrome Browser 0.2.149.27 (SaveAs) Remote BOF Exploit

2008/09/06 0:43 | 鬼仔 | 工具收集 | 消灭0回复

PoC Code is in Attach file because this file is saved in 'Unicode' type for exploit.

Here is Description for this Vuln :
· Type of Issue : Buffer Overflow.
· Affected Software : Google Chrome 0.2.149.27.
· Exploitation Environment : Google Chrome (Language: Vietnamese) on Windows XP SP2.
· Impact: Remote code execution.
· Rating : Critical .
· Description :
阅读全文 »

Tags: ,

Google Chrome Browser 0.2.149.27 Automatic File Download Exploit

2008/09/04 19:51 | 鬼仔 | 工具收集 | 2 个回复

Author: nerex
E-mail: nerex[at]live[dot]com

Google's new Web browser (Chrome) allows files (e.g., executables) to be automatically
downloaded to the user's computer without any user prompt.

This proof-of-concept was created for educational purposes only.
Use the code it at your own risk.
The author will not be responsible for any damages.
阅读全文 »

Tags: ,

phpwind任意修改管理员密码漏洞 VBS版利用程序

2008/08/08 13:12 | 鬼仔 | 工具收集 | 消灭0回复

作者:Tr4c3

'phpwind任意修改管理员密码漏洞 VBS版利用程序 By Tr4c3
Dim strUrl, strPost, xPost, strGet
Set Args = Wscript.Arguments
If Args.count<>2 Then
Wscript.Echo "Usage: " & Wscript.ScriptName & " http://hi.baidu.com/tr4c3/ 1"
Wscript.Quit
Else
strUrl = Args(0) & "wap/index.php"
阅读全文 »

Tags: , ,

Kaminsky DNS Cache Poisoning Flaw Exploit for Domains

2008/07/24 14:36 | 鬼仔 | 工具收集 | 7 个回复 
                      ____      ____     __    __
                     /    \    /    \   |  |  |  |
        ----====####/  /\__\##/  /\  \##|  |##|  |####====----
                   |  |      |  |__|  | |  |  |  |
                   |  |  ___ |   __   | |  |  |  |
  ------======######\  \/  /#|  |##|  |#|  |##|  |######======------
                     \____/  |__|  |__|  \______/

                    Computer Academic Underground
                        http://www.caughq.org
                            Exploit Code

===============/========================================================
Exploit ID:     CAU-EX-2008-0003
Release Date:   2008.07.23
Title:          bailiwicked_domain.rb
Description:    Kaminsky DNS Cache Poisoning Flaw Exploit for Domains
Tested:         BIND 9.4.1-9.4.2
Attributes:     Remote, Poison, Resolver, Metasploit
Exploit URL:    http://www.caughq.org/exploits/CAU-EX-2008-0003.txt
Author/Email:   I)ruid <druid (@) caughq.org>
                H D Moore <hdm (@) metasploit.com>
===============/========================================================

阅读全文 »

Tags: ,