exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 63 RSS Feed

Files from Brandon Perry

First Active2012-09-07
Last Active2024-08-31
Openbravo ERP XXE Arbitrary File Read
Posted Aug 31, 2024
Authored by Brandon Perry | Site metasploit.com

The Openbravo ERP XML API expands external entities which can be defined as local files. This allows the user to read any files from the FS as the user Openbravo is running as (generally not root). This Metasploit module was tested against Openbravo ERP version 3.0MP25 and 2.50MP6.

tags | exploit, local, root
advisories | CVE-2013-3617
SHA-256 | c558e61dd762b55b525050abca1d8112f97bb92459560be43ef1735d89b69b26
Nexpose XXE Arbitrary File Read
Posted Aug 31, 2024
Authored by Bojan Zdrnja, Brandon Perry, Drazen Popovic | Site metasploit.com

Nexpose v5.7.2 and prior is vulnerable to a XML External Entity attack via a number of vectors. This vulnerability can allow an attacker to a craft special XML that could read arbitrary files from the filesystem. This Metasploit module exploits the vulnerability via the XML API.

tags | exploit, arbitrary
SHA-256 | d95b2d60f811bcbede05c4247ca6449c9a3009a31de1bee38835184d7b8badf0
MantisBT Admin SQL Injection Arbitrary File Read
Posted Aug 31, 2024
Authored by Jakub Galczyk, Brandon Perry | Site metasploit.com

Versions 1.2.13 through 1.2.16 are vulnerable to a SQL injection attack if an attacker can gain access to administrative credentials. This vuln was fixed in 1.2.17.

tags | exploit, sql injection
advisories | CVE-2014-2238
SHA-256 | 320419705ca13a1bfcafc3cda1ab534c90225edc3090390aa620b065772e9291
AlienVault Authenticated SQL Injection Arbitrary File Read
Posted Aug 31, 2024
Authored by Brandon Perry | Site metasploit.com

AlienVault 4.5.0 is susceptible to an authenticated SQL injection attack via a PNG generation PHP file. This Metasploit module exploits this to read an arbitrary file from the file system. Any authenticated user is able to exploit it, as administrator privileges aren't required.

tags | exploit, arbitrary, php, sql injection
SHA-256 | 8ebaffc716eedd5e4b8b8c7e5043252a757d480ee4bddd7781480547382b3917
EMC CTA 10.0 Unauthenticated XXE Arbitrary File Read
Posted Aug 31, 2024
Authored by Brandon Perry | Site metasploit.com

EMC CTA v10.0 is susceptible to an unauthenticated XXE attack that allows an attacker to read arbitrary files from the file system with the permissions of the root user.

tags | exploit, arbitrary, root
advisories | CVE-2014-0644
SHA-256 | c2dd082e06aac52186e44ae70fb12b7ad1fbfb73fa6e41171df28951ddedcfc6
Solarwinds Orion AccountManagement.asmx GetAccounts Admin Creation
Posted Aug 31, 2024
Authored by Brandon Perry | Site metasploit.com

This Metasploit module exploits a stacked SQL injection in order to add an administrator user to the SolarWinds Orion database.

tags | exploit, sql injection
advisories | CVE-2014-9566
SHA-256 | 093acbf207ec9ea4bf6637a74dfccd18178c65093dbf4078f9c5d6f9416237f6
Joomla weblinks-categories Unauthenticated SQL Injection / Arbtirary File Read
Posted Aug 31, 2024
Authored by Brandon Perry | Site metasploit.com

Joomla versions 3.2.2 and below are vulnerable to an unauthenticated SQL injection which allows an attacker to access the database or read arbitrary files as the mysql user. This Metasploit module will only work if the mysql user Joomla is using to access the database has the LOAD_FILE permission.

tags | exploit, arbitrary, sql injection
SHA-256 | e4f0efe9190cb160490dfa35a3813627e3c34903da6ee95ecf2826d34ac1a7b8
OpenMediaVault rpc.php Authenticated Cron Remote Code Execution
Posted Jul 31, 2024
Authored by Brandon Perry, h00die-gr3y | Site metasploit.com

OpenMediaVault allows an authenticated user to create cron jobs as root on the system. An attacker can abuse this by sending a POST request via rpc.php to schedule and execute a cron entry that runs arbitrary commands as root on the system. All OpenMediaVault versions including the latest release 7.4.2-2 are vulnerable.

tags | exploit, arbitrary, root, php
advisories | CVE-2013-3632
SHA-256 | 977b68b131bff0d949e6b913d2598f3af7e54c6447c2599729d421f769bac029
Moodle Authenticated Spelling Binary Remote Code Execution
Posted Oct 12, 2021
Authored by Brandon Perry | Site metasploit.com

Moodle allows an authenticated user to define spellcheck settings via the web interface. The user can update the spellcheck mechanism to point to a system-installed aspell binary. By updating the path for the spellchecker to an arbitrary command, an attacker can run arbitrary commands in the context of the web application upon spellchecking requests. This Metasploit module also allows an attacker to leverage another privilege escalation vuln. Using the referenced XSS vuln, an unprivileged authenticated user can steal an admin sesskey and use this to escalate privileges to that of an admin, allowing the module to pop a shell as a previously unprivileged authenticated user. This module was tested against Moodle version 2.5.2 and 2.2.3.

tags | exploit, web, arbitrary, shell
advisories | CVE-2013-3630, CVE-2013-4341
SHA-256 | ac6f5ab057f512464caba3ae5c9eb29729a37923234846241c7451944f72ebf8
OpenEXR 2.2.0 Crash
Posted May 15, 2017
Authored by Brandon Perry

This archive contains a zip file of EXR images that cause segmentation faults in the OpenEXR library version 2.2.0.

tags | exploit
SHA-256 | 1865e85495f25d1e947a73c7cddc392c1eb7891d3c07ba9b51859f7909ea697b
FreeTDS Denial Of Service
Posted May 11, 2017
Authored by Brandon Perry

This archive contains numerous TDS streams that cause segmentation faults in the FreeTDS library. The 'tsql' binary was used for the fuzzing, so these most likely only affect client-side functionality. These have been resolved on master and the 1.0 branch.

tags | exploit, denial of service
SHA-256 | 66f3f4a74d00b0e618225737ba456b7a11922247bc49c5ae8f7ef7ad115866f7
Oracle Outside In File ID Library 8.5.3 Memory Corruption
Posted Sep 18, 2016
Authored by Brandon Perry

Oracle Outside In File ID library version 8.5.3 suffers from a memory corruption issue.

tags | exploit
SHA-256 | 9c8ae6dc6a9a6d7b3b12479fd7a07ef5b5ceea818473f03193e8c865a379ff34
PrinceXML Wrapper Class Command Injection
Posted Jul 6, 2016
Authored by Brandon Perry

Wrapper classes provided by PrinceXML appear to suffer from command injection vulnerabilities.

tags | exploit, vulnerability
SHA-256 | af3f900b8ea8475a7548d9c557b237e3693679f81551df21a63dddf1a022c03f
Apache Xerces-C XML Parser Crash
Posted Jun 29, 2016
Authored by Brandon Perry

The Xerces-C XML parser fails to successfully parse a DTD that is deeply nested, and this causes a stack overflow, which makes a denial of service attack against many applications possible by an unauthenticated attacker. Apache Xerces-C XML Parser library versions prior to 3.1.4 are affected.

tags | advisory, denial of service, overflow
advisories | CVE-2016-4463
SHA-256 | a0b966184480f64c7fc857680e37cc670d35cc9e4cccf14b0d26c6528bbbdd5a
libical 0.47 / 1.0 Crash
Posted Jun 25, 2016
Authored by Brandon Perry

libical versions 0.47 and 1.0 suffer from a crash issue.

tags | exploit
SHA-256 | e314583b6bf83ffbfdfd9a7a4875334a7dbd17311c08e56a43e14b40b4d360a7
Dell SonicWALL Scrutinizer 11.01 methodDetail SQL Injection
Posted May 17, 2016
Authored by sinn3r, Brandon Perry | Site metasploit.com

This Metasploit module exploits a vulnerability found in Dell SonicWALL Scrutinizer. The methodDetail parameter in exporters.php allows an attacker to write arbitrary files to the file system with an SQL Injection attack, and gain remote code execution under the context of SYSTEM for Windows, or as Apache for Linux. Authentication is required to exploit this vulnerability, but this module uses the default admin:admin credential.

tags | exploit, remote, arbitrary, php, code execution, sql injection
systems | linux, windows
advisories | CVE-2014-4977
SHA-256 | 46eef5e2e82adcace1eb86cca34fa1691dfc435af8857a0821e91b120976f5fc
Dell SonicWall Scrutinizer 11.0.1 SQL Injection / Code Execution
Posted May 10, 2016
Authored by mr_me, Brandon Perry

Dell SonicWall Scrutinizer versions 11.0.1 and below setUserSkin/deleteTab SQL injection / remote code execution exploit that leverages a vulnerability found by Brandon Perry in July of 2014.

tags | exploit, remote, code execution, sql injection
SHA-256 | 6dc759bc14a238d30a49e98bea0afabd99f1ed4bda69fec060f0fc09e8cf5e1a
Raritan PowerIQ Default Accounts
Posted Sep 10, 2015
Authored by Brandon Perry

Raritan PowerIQ ships with three default backdoor credentials left in.

tags | exploit
SHA-256 | 2dcd98105d78a18b206ac52d081745dcf42c639e862b7b25a8d8a0c7ab5e2c5e
Symantec Endpoint Protection Manager Authentication Bypass / Code Execution
Posted Aug 17, 2015
Authored by Brandon Perry, Markus Wulftange | Site metasploit.com

This Metasploit module exploits three separate vulnerabilities in Symantec Endpoint Protection Manager in order to achieve a remote shell on the box as NT AUTHORITY\SYSTEM. The vulnerabilities include an authentication bypass, a directory traversal and a privilege escalation to get privileged code execution.

tags | exploit, remote, shell, vulnerability, code execution
advisories | CVE-2015-1486, CVE-2015-1487, CVE-2015-1489
SHA-256 | 55479cb3065f838f82cc61df0c4fdee54d41ee44aace24351aecba453e3be8c5
Joomla J2Store 3.1.6 SQL Injection
Posted Jul 11, 2015
Authored by Brandon Perry

Joomla J2Store extension version 3.1.6 suffers from multiple remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
SHA-256 | 2495ca05c8e312061ad70427868645898c2ed7b6d86871b75506ad32b299c074
OS Solution OSProperty 2.8.0 SQL Injection
Posted Apr 29, 2015
Authored by Brandon Perry

OS Solution OSProperty version 2.8.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | afb9d76a0580b59eef035727449af6742f88e1ec6208060bf24d021e74f952d4
Joomla ECommerce-WD 1.2.5 SQL Injection
Posted Mar 19, 2015
Authored by Brandon Perry

Joomla ECommerce-WD plugin version 1.2.5 suffers from multiple remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
SHA-256 | cc4be435a403cd80f5b4f40120c961b2dbee70db21b36e683a07c11ebdb15757
Raritan PowerIQ 4.1 / 4.2 / 4.3 Code Execution
Posted Mar 12, 2015
Authored by Brandon Perry

Raritan PowerIQ versions 4.1, 4.2, and 4.3 ship with a Rails 2 web interface with a hardcoded session secret. This can be used to achieve unauthenticated remote code execution as the nginx user on vulnerable systems.

tags | exploit, remote, web, code execution
SHA-256 | 681c8bb72ae6628420487909d37bf9e367efcdc762196f727263b8b5ca086eda
Solarwinds Orion Service SQL Injection
Posted Mar 3, 2015
Authored by Brandon Perry

Various remote SQL injection vulnerabilities exist in the core Orion service used in most of the Solarwinds products. Affected products include Network Performance Monitor below version 11.5, NetFlow Traffic Analyzer below version 4.1, Network Configuration Manager below version 7.3.2, IP Address Manager below version 4.3, User Device Tracker below version 3.2, VoIP

tags | exploit, remote, web, vulnerability, sql injection
advisories | CVE-2014-9566
SHA-256 | 40f0cfd35789791a3221e29e1e315107c0ccf98e5d5f17f0defa24fafd955c3f
eTouch Samepage 4.4.0.0.239 SQL Injection / File Read
Posted Feb 13, 2015
Authored by Brandon Perry

eTouch Samepage version 4.4.0.0.239 suffers from remote SQL injection and arbitrary file read vulnerabilities.

tags | exploit, remote, arbitrary, vulnerability, sql injection, file inclusion
SHA-256 | 3d132193ed477d7d4ba1937eda3c2f767b2192990404bb7846361beb567d88c6
Page 1 of 3
Back123Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close