Showing 1 - 5 of 5

Files from Simon Scannell

Email address	contact at scannell-infosec.net
First Active	2018-03-31
Last Active	2024-09-12

UnRAR Path Traversal: Posted Sep 12, 2024; Authored by Ron Bowes, Simon Scannell | Site metasploit.com; This Metasploit module creates a RAR file that exploits CVE-2022-30333, which is a path-traversal vulnerability in unRAR that can extract an arbitrary file to an arbitrary location on a Linux system. UnRAR fixed this vulnerability in version 6.12 (open source version 6.1.7). The core issue is that when a symbolic link is unRARed, Windows symbolic links are not properly validated on Linux systems and can therefore write a symbolic link that points anywhere on the filesystem. If a second file in the archive has the same name, it will be written to the symbolic link path.; tags | exploit, arbitrary; systems | linux, windows; advisories | CVE-2022-30333; SHA-256 | 2df85540ffe31bd6abf8706295866ebd1d381d12c36e4680836b772ead8e9445; Download | Favorite | View

Linux eBPF Path Pruning Gone Wrong: Posted Aug 8, 2024; Authored by Simon Scannell, Valentina Palmiotti, Meador Inge, Juan Jose Lopez Jaimez | Site github.com; A bug in the eBPF Verifier branch pruning logic can lead to unsafe code paths being incorrectly marked as safe. As demonstrated in the exploitation section, this can be leveraged to get arbitrary read/write in kernel memory, leading to local privilege escalation and Container escape.; tags | exploit, arbitrary, kernel, local; advisories | CVE-2023-2163; SHA-256 | 136ce639cfd15a56ffb726b157cb063671eb2afeb14923a1653b8bdfd103c611; Download | Favorite | View

Zimbra UnRAR Path Traversal: Posted Aug 5, 2022; Authored by Ron Bowes, Simon Scannell | Site metasploit.com; This Metasploit module creates a RAR file that can be emailed to a Zimbra server to exploit CVE-2022-30333. If successful, it plants a JSP-based backdoor in the public web directory, then executes that backdoor. The core vulnerability is a path-traversal issue in unRAR that can extract an arbitrary file to an arbitrary location on a Linux system. This issue is exploitable on Zimbra Collaboration versions 9.0.0 Patch 24 and below and 8.8.15 Patch 31 and below provided that UnRAR versions 6.11 or below are installed.; tags | exploit, web, arbitrary; systems | linux; advisories | CVE-2022-30333; SHA-256 | ca0f5b8e2038241415fba603b901534752f2529d4c8d1c1134f97e76d1935fef; Download | Favorite | View

osCommerce Installer Unauthenticated Code Execution: Posted May 3, 2018; Authored by Daniel Teixeira, Simon Scannell | Site metasploit.com; If the /install/ directory was not removed, it is possible for an unauthenticated attacker to run the "install_4.php" script, which will create the configuration file for the installation. This allows the attacker to inject PHP code into the configuration file and execute it.; tags | exploit, php; SHA-256 | 806d396b8f8393708196c84967f4c3db14adf4f64c443cf3f37029101e6385f9; Download | Favorite | View

osCommerce 2.3.4.1 Remote Code Execution: Posted Mar 31, 2018; Authored by Simon Scannell; osCommerce version 2.3.4.1 suffers from a code execution vulnerability.; tags | exploit, code execution; SHA-256 | 3a9c8b3b77bdf3e503378fb0902da7dfcb3e2c29c42deb289a62f986ab00800f; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days