exploit the possibilities
Showing 1 - 6 of 6 RSS Feed

Files from Zenofex

Email addresszenofex at exploitee.rs
First Active2017-08-29
Last Active2020-08-13
vBulletin 5.x Remote Code Execution
Posted Aug 13, 2020
Authored by Zenofex | Site metasploit.com

This Metasploit module exploits a logic bug within the template rendering code in vBulletin 5.x. The module uses the vBulletin template rendering functionality to render the widget_tabbedcontainer_tab_panel template while also providing the widget_php argument. This causes the former template to load the latter bypassing filters originally put in place to address CVE-2019-16759. This also allows the exploit to reach an eval call with user input allowing the module to achieve PHP remote code execution on the target. This module has been tested successfully on vBulletin version 5.6.2 on Ubuntu Linux.

tags | exploit, remote, php, code execution
systems | linux, ubuntu
advisories | CVE-2019-16759, CVE-2020-7373
MD5 | b60b0666592e30c6b174a6e6343f7c54
vBulletin 5.x Remote Code Execution
Posted Aug 11, 2020
Authored by Zenofex | Site blog.exploitee.rs

vBulletin version 5.x pre-authentication widget_tabbedcontainer_tab_panel remote code execution exploit. This exploit demonstrates that the patch for CVE-2019-16759 was not sufficient. Written in python.

tags | exploit, remote, code execution, python
advisories | CVE-2019-16759
MD5 | 7f634e6b6aa1449d9669ac7fe9ef4d5b
vBulletin 5.x Remote Code Execution
Posted Aug 11, 2020
Authored by Zenofex | Site blog.exploitee.rs

vBulletin version 5.x pre-authentication widget_tabbedcontainer_tab_panel remote code execution exploit. This exploit demonstrates that the patch for CVE-2019-16759 was not sufficient. Written in bash.

tags | exploit, remote, code execution, bash
advisories | CVE-2019-16759
MD5 | 69ef9f6bd01f8cf67a09f62be35d69fd
vBulletin 5.6.1 SQL Injection
Posted Jun 2, 2020
Authored by Charles FOL, Zenofex | Site metasploit.com

This Metasploit module exploits a SQL injection vulnerability found in vBulletin versions 5.6.1 and below. This module uses the getIndexableContent vulnerability to reset the administrator's password and it then uses the administrators login information to achieve remote code execution on the target. This module has been tested successfully on vBulletin version 5.6.1 on the Ubuntu Linux distribution.

tags | exploit, remote, code execution, sql injection
systems | linux, ubuntu
advisories | CVE-2020-12720
MD5 | fd4655c52e9ed2a0c5c8f8a33cf22cf0
Western Digital MyCloud multi_uploadify File Upload
Posted Dec 15, 2017
Authored by Zenofex | Site metasploit.com

This Metasploit module exploits a file upload vulnerability found in Western Digital's MyCloud NAS web administration HTTP service. The /web/jquery/uploader/multi_uploadify.php PHP script provides multipart upload functionality that is accessible without authentication and can be used to place a file anywhere on the device's file system. This allows an attacker the ability to upload a PHP shell onto the device and obtain arbitrary code execution as root.

tags | exploit, web, arbitrary, shell, root, php, code execution, file upload
advisories | CVE-2017-17560
MD5 | 1f47f80c45cf9163168bba8d9d9e5883
QNAP Transcode Server Command Execution
Posted Aug 29, 2017
Authored by 0x00string, Zenofex | Site metasploit.com

This Metasploit module exploits an unauthenticated remote command injection vulnerability in QNAP NAS devices. The transcoding server listens on port 9251 by default and is vulnerable to command injection using the 'rmfile' command. This Metasploit module was tested successfully on a QNAP TS-431 with firmware version 4.3.3.0262 (20170727).

tags | exploit, remote
MD5 | c7f6b8e5f963a733cc5d3c513ba79f4e
Page 1 of 1
Back1Next

File Archive:

November 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    2 Files
  • 2
    Nov 2nd
    9 Files
  • 3
    Nov 3rd
    15 Files
  • 4
    Nov 4th
    90 Files
  • 5
    Nov 5th
    22 Files
  • 6
    Nov 6th
    16 Files
  • 7
    Nov 7th
    1 Files
  • 8
    Nov 8th
    1 Files
  • 9
    Nov 9th
    40 Files
  • 10
    Nov 10th
    27 Files
  • 11
    Nov 11th
    28 Files
  • 12
    Nov 12th
    13 Files
  • 13
    Nov 13th
    18 Files
  • 14
    Nov 14th
    2 Files
  • 15
    Nov 15th
    2 Files
  • 16
    Nov 16th
    29 Files
  • 17
    Nov 17th
    15 Files
  • 18
    Nov 18th
    15 Files
  • 19
    Nov 19th
    21 Files
  • 20
    Nov 20th
    16 Files
  • 21
    Nov 21st
    1 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    19 Files
  • 24
    Nov 24th
    32 Files
  • 25
    Nov 25th
    9 Files
  • 26
    Nov 26th
    11 Files
  • 27
    Nov 27th
    15 Files
  • 28
    Nov 28th
    9 Files
  • 29
    Nov 29th
    2 Files
  • 30
    Nov 30th
    17 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close