Windows 7 and 8 LSASS process dumping shellcode for x86_64.
41b5bde446f3043a2efedae4355ae03bcae36187bd0a4e190e8e57e8f1deccfd
Windows 10 and Windows Server 2019 LSASS process dumping shellcode for x86_64.
1777d6af23b3ee7baf94df617caec3220389b8eadd263c5188ed616a60099b85
EE 4GEE Mini suffers from a unquoted service path local privilege escalation vulnerability.
c1b7aa39cbec823fe71e2b733e4df2dac3df5252f2e6af9a8594b06b5823418f
Whitepaper called MySQL UDF Exploitation.
e3f1baa170d27afb7c63c85824246d5dacb72df1f9b55d3c574624348aab3380
CMS Made Simple version 2.1.6 suffers from code execution and cross site scripting vulnerabilities.
30eaff6ebd04dc3917930b8ae8e436030b22b272cc193fab53f323c5fec4f76c
89 bytes small WinExec position independent calc shellcode.
e51e0f27d14fd2d6eb13fde09bc881228c8126c446a729735ae078f6e2a7548a
This shellcode uses CreateFile and tries to read a non existing network path. You can use tools such as Responder to capture NetNTLM hashes. The shellcode can be modified to steal hashes over internet. SMBRelay attacks can also be performed.
2491b63c867c622c3989731692259fbf0c1e25e9f5dc567cec8b45443580d9f2
The traditional in-band method in INSERT, UPDATE injections would be by fixing the query. For example in INSERT statements one can simply fix the query, comment out the rest and extract the data once it is echoed out by the application. Same goes with the UPDATE statement, but only if the query has more than one column we can fix the query. What if we face a situation where UPDATE or INSERT has one column or simply we don’t know the exact query to fix? What if mysql_error() is not echoed out? This paper discusses how this works in-depth.
e7e9068d43e4f86618c09b4979313f1ccd2c4a3b121b0a980a5ccc8d648fc1c0
This is a paper that discussing MySQL OOB hacking techniques under Windows.
2247188880eb740f7ce4589272459ef60a338fc40904dccee82018aa011cdc78
Brief paper discussing an alternative technique to use instead of 'information_schema.tables' when extracting table names in SQL injections.
8006a7c0f0af2402a7ed534eb5b6b5a2613ea2701de03a1ce153a9ff29ed3eab
D-Link DIR-615 suffers from cross site scripting and open redirection vulnerabilities. Hardware version E3 with firmware version 5.10 is affected.
a064b4156c0da33a3966fee4dfb137fa8926b8e38df505f768ebfd0be0ab208a
MySQL Procedure Analyse denial of service exploit that affects versions up to 5.5.45.
d572109b0189ecd815c569ad47520780444acf35842b036897634bb7c97017fb
This paper discusses an overflow in the DOUBLE data type in MySQL.
994da41348fedec81430a33635725f5ef5bf21eaded32a286053dfd2938cf982
This whitepaper deep dives into using BIGINT overflow errors in MySQL in order to extract data upon injection.
e8fbee2a079d4d4558ea961db0b57f97cb03c62856ccc42dab34844750c3ec48
GNS3 version 1.2.3 suffers from a dll hijacking vulnerability.
3327679db8b0169f95b0e2c95d2cbace0ec6da60ad331bd34a0afda21ff93630
PROLiNK H5004NK suffers from multiple cross site request forgery vulnerabilities.
b210515168778f66be7b43848af94d8ab68b509ccefdebb2e6027e6451d59008
79 bytes small shellcode for armv6l that adds a mapping in /etc/hosts.
318b8a39ccbe95150914624284fab185bb8e44b9b248cd2b89f8701e7946d1e9
Exif Pilot version 4.7.2 SEH-based buffer overflow exploit.
5117c0bf1833397b5724a6e62d92a06d4545cab17646d109905ba7c4d8ebbd49
Sim Editor version 6.6 stack-based buffer overflow exploit.
0f061824fc59baa0d38bfd9364ff194c26e0a2185d52c693740a5897afacaa48
110 byte shellcode that adds an entry for google.lk to /etc/hosts.
2a29f118b2f3d44252f36a47223954660e1741b17e76194ef86d6c3da1d82e4d
ESTsoft ALUpdate version 8.5.1.0.0 suffers from a privilege escalation vulnerability.
2ac6441238ee7b081bebbe85cb5cc78a62c50c26bd6433f839deaadbcc8214cd
Huawei Mobile Partner suffers from a DLL hijacking vulnerability.
913927cdd94e02084afad32b696a3ca202f8c09234d1c117b3a97dac19da2ff7
Hamster Free ZIP Archiver version 2.0.1.7 DLL hijacking exploit.
d5d2c6500d69eeeed43f4f03d733064412af5cb611b1560b1a19e273f16d028a
Moodle version 2.7 suffers from a persistent cross site scripting vulnerability.
959eea10516335cfd227b085fe290db6e24c09b51b65eae621a5fba7876d90e6
Concrete version 5.6.2.1 suffers from a REFERER header-based cross site scripting vulnerability.
5132ad0d776021270916cb7e3a628f5ae97560841c95e08123603a834cf8f018