鬼仔's Blog

作者：剑心
来源：Neeao’s Blog

exp如下
阅读全文 »

鬼仔注：幻影出的

来源：milw0rm

Vuln Exposed by: ZhenHan.Liu
Team: Ph4nt0m Security Team
http://www.ph4nt0m.org

Tested on: Full Patched Excel 2003 Sp2, CN

http://www.milw0rm.com/sploits/06272007-2670.zip

来源：milw0rm
阅读全文 »

鬼仔注：有两个版本，一个是milw0rm上的版本，另外一个是茄子宝修改的milw0rm上那个版本的，茄子宝说中文版XPSP2+PHP5.2.3测试成功，加一个用户名和密码为rayh4c管理员。

milw0rm上的：
阅读全文 »

来源：milw0rm

<!–
01/06/2007 23.19.50
Microsoft Windows DirectSpeechSynthesis Module (XVoice.dll)
/ DirectSpeechRecognition Module (Xlisten.dll)
remote buffer overflow exploit / 2k sp4 seh version

both the dlls are located in %SystemRoot%\speech folder
and they are vulnerable to the same issue.
while on 2k it depends on activex settings, under xp they are both
阅读全文 »

来源：milw0rm

6.30 10/06/2007
Microsoft Windows DirectSpeechSynthesis Module (XVoice.dll 4.0.4.2512)
/ DirectSpeechRecognition Module (Xlisten.dll 4.0.4.2512)
remote buffer overflow exploit/ xp sp2 version

both dlls are vulnerable, this is the poc for the first one
worked regardless of boot.ini settings, remotely and
by dragging the html file in the browser window
阅读全文 »

来源：milw0rm

1.Yahoo! Messenger Webcam 8.1 (Ywcupl.dll) Download / Execute Exploit
阅读全文 »

来源：milw0rm

/*
El error, bastante tonto por cierto, se encuentra en la función wp_suggestCategories, en el archivo xmlrpc.php:

function wp_suggestCategories($args) {
global $wpdb;

$this->escape($args);

$blog_id = (int) $args[0];
$username = $args[1];
阅读全文 »