what you don't know can hurt you
Showing 1 - 25 of 42 RSS Feed

Files from Osanda Malith

Email addressOsandaJayathissa at gmail.com
First Active2013-12-21
Last Active2017-05-12
CMS Made Simple 2.1.6 Code Execution / Cross Site Scripting
Posted May 12, 2017
Authored by Osanda Malith

CMS Made Simple version 2.1.6 suffers from code execution and cross site scripting vulnerabilities.

tags | exploit, vulnerability, code execution, xss
MD5 | fe8ae1a4ea67237579bd325e4d507415
89 Bytes Position Independent Shellcode
Posted Mar 29, 2017
Authored by Osanda Malith

89 bytes small WinExec position independent calc shellcode.

tags | shellcode
MD5 | b2f1fda802d38a1e9b3f08d5089722e8
CreateFile Shellcode
Posted Mar 20, 2017
Authored by Osanda Malith

This shellcode uses CreateFile and tries to read a non existing network path. You can use tools such as Responder to capture NetNTLM hashes. The shellcode can be modified to steal hashes over internet. SMBRelay attacks can also be performed.

tags | shellcode
MD5 | e53e653c870322fe99dc73d75e082b05
Extracting Data From UPDATE And INSERT
Posted Feb 4, 2017
Authored by Osanda Malith

The traditional in-band method in INSERT, UPDATE injections would be by fixing the query. For example in INSERT statements one can simply fix the query, comment out the rest and extract the data once it is echoed out by the application. Same goes with the UPDATE statement, but only if the query has more than one column we can fix the query. What if we face a situation where UPDATE or INSERT has one column or simply we don’t know the exact query to fix? What if mysql_error() is not echoed out? This paper discusses how this works in-depth.

tags | paper
MD5 | b7f93b900e475675844e4bcace0d312d
MySQL OOB Hacking
Posted Jan 29, 2017
Authored by Osanda Malith

This is a paper that discussing MySQL OOB hacking techniques under Windows.

tags | paper
systems | windows
MD5 | f927be9e4e0c76f1ea9267c22544c206
Alternative For Information_Schema.Tables In MySQL
Posted Jan 29, 2017
Authored by Osanda Malith

Brief paper discussing an alternative technique to use instead of 'information_schema.tables' when extracting table names in SQL injections.

tags | paper, sql injection
MD5 | 8e6048a99360f0516cf7cb6a2eae3e08
D-Link DIR-615 Open Redirection / Cross Site Scripting
Posted Jan 13, 2017
Authored by Osanda Malith

D-Link DIR-615 suffers from cross site scripting and open redirection vulnerabilities. Hardware version E3 with firmware version 5.10 is affected.

tags | exploit, vulnerability, xss
MD5 | bbfaa1463e868d5175d7ec50ef497376
MySQL Procedure Analyse Denial Of Service
Posted May 28, 2016
Authored by Osanda Malith

MySQL Procedure Analyse denial of service exploit that affects versions up to 5.5.45.

tags | exploit, denial of service
advisories | CVE-2015-4870
MD5 | 1a85e20529f00c83a924fa4025add3b4
MySQL Error Based SQL Injection Using EXP
Posted Aug 22, 2015
Authored by Osanda Malith

This paper discusses an overflow in the DOUBLE data type in MySQL.

tags | paper, overflow
MD5 | 6719c22c4e76623f9156b543969a0c83
BIGINT Overflow Error Based SQL Injection
Posted Aug 5, 2015
Authored by Osanda Malith

This whitepaper deep dives into using BIGINT overflow errors in MySQL in order to extract data upon injection.

tags | paper, overflow, sql injection
MD5 | 6b07eab8ef3d32101a729a41d8d83e52
GNS3 1.2.3 DLL Hijacking
Posted May 2, 2015
Authored by Osanda Malith

GNS3 version 1.2.3 suffers from a dll hijacking vulnerability.

tags | exploit
systems | windows
advisories | CVE-2015-2667
MD5 | 4a4f601198814a9c67a2d5154912731e
PROLiNK H5004NK Cross Site Request Forgery
Posted Apr 21, 2015
Authored by Osanda Malith

PROLiNK H5004NK suffers from multiple cross site request forgery vulnerabilities.

tags | exploit, vulnerability, csrf
MD5 | 99d988f46dbb1689e7b5a349ea496173
79 Bytes Add Mapping /etc/hosts
Posted Mar 2, 2015
Authored by Osanda Malith

79 bytes small shellcode for armv6l that adds a mapping in /etc/hosts.

tags | shellcode
MD5 | ffb92e150f52393601489605eb64f490
Exif Pilot 4.7.2 Buffer Overflow
Posted Jan 21, 2015
Authored by Osanda Malith

Exif Pilot version 4.7.2 SEH-based buffer overflow exploit.

tags | exploit, overflow
MD5 | 3d0bd0dd5cd32cf14c0979fb26e04e3f
Sim Editor 6.6 Buffer Overflow
Posted Jan 16, 2015
Authored by Osanda Malith

Sim Editor version 6.6 stack-based buffer overflow exploit.

tags | exploit, overflow
advisories | CVE-2015-1171
MD5 | 9f387336173b3416ae4cf4c02298ab1d
Google.lk Mapping Addition To /etc/hosts Shellcode
Posted Oct 29, 2014
Authored by Osanda Malith

110 byte shellcode that adds an entry for google.lk to /etc/hosts.

tags | shellcode
MD5 | 85e4f105321ffc287c48abd2f572fa33
ESTsoft ALUpdate 8.5.1.0.0 Privilege Escalation
Posted Oct 28, 2014
Authored by Osanda Malith

ESTsoft ALUpdate version 8.5.1.0.0 suffers from a privilege escalation vulnerability.

tags | exploit
advisories | CVE-2014-8494
MD5 | 1ffa37aae8784b3305279987120f2b25
Huawei Mobile Partner DLL Hijacking
Posted Oct 21, 2014
Authored by Osanda Malith

Huawei Mobile Partner suffers from a DLL hijacking vulnerability.

tags | exploit
systems | windows
advisories | CVE-2014-8358, CVE-2014-8359
MD5 | 08089a4db7b02aeef254f63cc26e0353
Hamster Free ZIP Archiver 2.0.1.7 DLL Hijacking
Posted Oct 16, 2014
Authored by Osanda Malith

Hamster Free ZIP Archiver version 2.0.1.7 DLL hijacking exploit.

tags | exploit
systems | windows
advisories | CVE-2014-0619
MD5 | 5346a73a621064512191f1f9d1e7de52
Moodle 2.7 Cross Site Scripting
Posted Jul 25, 2014
Authored by Osanda Malith

Moodle version 2.7 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2014-3544
MD5 | a076640d243f0a4e976fa846da42ddae
Concrete 5.6.2.1 REFERER Cross Site Scripting
Posted Jul 16, 2014
Authored by Osanda Malith

Concrete version 5.6.2.1 suffers from a REFERER header-based cross site scripting vulnerability.

tags | exploit, xss
MD5 | fd75a5bd594fc578e865d97e017b1acd
56 Bytes shutdown -h now Shellcode
Posted Jun 30, 2014
Authored by Osanda Malith

56 bytes small Linux/x86 shellcode for shutdown -h now.

tags | x86, shellcode
systems | linux
MD5 | f7a071789989e250bf4b15ede7242608
65 Bytes shutdown -h now Shellcode
Posted Jun 30, 2014
Authored by Osanda Malith

64 bytes small Linux/x86_64 shellcode for shutdown -h now.

tags | shellcode
systems | linux
MD5 | aead2a42ecd5bc727239c9ca2e0a527d
39 Bytes mkdir haxor / exit Shellcode
Posted Jun 26, 2014
Authored by Osanda Malith

39 bytes small mkdir() 'haxor' and exit() shellcode.

tags | shellcode
MD5 | 8c789304e8671a5f20aeec7fc6a1c299
Linux/x86 chmod 0777 /etc/shadow Polymorphic Shellcode
Posted Jun 22, 2014
Authored by Osanda Malith

51 bytes Linux/x86 chmod 0777 /etc/shadow polymorphic shellcode.

tags | x86, shellcode
systems | linux
MD5 | 71d21ed9bc5efc10d3314eaebc81d49b
Page 1 of 2
Back12Next

File Archive:

July 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    2 Files
  • 2
    Jul 2nd
    3 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    4 Files
  • 5
    Jul 5th
    15 Files
  • 6
    Jul 6th
    15 Files
  • 7
    Jul 7th
    10 Files
  • 8
    Jul 8th
    2 Files
  • 9
    Jul 9th
    10 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    15 Files
  • 12
    Jul 12th
    19 Files
  • 13
    Jul 13th
    16 Files
  • 14
    Jul 14th
    15 Files
  • 15
    Jul 15th
    3 Files
  • 16
    Jul 16th
    2 Files
  • 17
    Jul 17th
    8 Files
  • 18
    Jul 18th
    11 Files
  • 19
    Jul 19th
    15 Files
  • 20
    Jul 20th
    15 Files
  • 21
    Jul 21st
    15 Files
  • 22
    Jul 22nd
    7 Files
  • 23
    Jul 23rd
    1 Files
  • 24
    Jul 24th
    19 Files
  • 25
    Jul 25th
    1 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close