what you don't know can hurt you
Showing 1 - 10 of 10 RSS Feed

Files from Rodrigo Marcos

Email addressrodrigo.marcos at irmplc.com
First Active2006-10-17
Last Active2017-05-01
MySQL 5.6.35 / 5.7.17 Integer Overflow
Posted May 1, 2017
Authored by Rodrigo Marcos

MySQL versions 5.6.35 and below and 5.7.17 and below suffer from an integer overflow vulnerability.

tags | exploit, overflow
advisories | CVE-2017-3599
MD5 | b75b270cdc0e95780d2eb0566b2c31c7
Apache mod_proxy Proof Of Concept
Posted Oct 11, 2011
Authored by Rodrigo Marcos | Site secforce.co.uk

The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an initial @ (at sign) character. This is a proof of concept exploit that demonstrates this vulnerability.

tags | exploit, remote, web, proof of concept
advisories | CVE-2011-3368
MD5 | 595c25bd025d51c132f83785da87856b
Microsoft SQL Server Payload Execution via SQL injection
Posted Jan 29, 2011
Authored by Rodrigo Marcos, David Kennedy, jduck | Site metasploit.com

This Metasploit module will execute an arbitrary payload on a Microsoft SQL Server, using a SQL injection vulnerability. Once a vulnerability is identified this module will use xp_cmdshell to upload and execute Metasploit payloads. It is necessary to specify the exact point where the SQL injection vulnerability happens.

tags | exploit, arbitrary, sql injection
advisories | CVE-2000-0402, CVE-2000-1209, OSVDB-15757
MD5 | 56da5422bd1ae1542f656891184e888d
Microsoft SQL Server sp_replwritetovarbin Memory Corruption via SQL Injection
Posted Jan 24, 2011
Authored by Rodrigo Marcos, jduck | Site metasploit.com

This Metasploit module exploit smashes several pointers. A heap-based buffer overflow can occur when calling the undocumented "sp_replwritetovarbin" extended stored procedure. This vulnerability affects all versions of Microsoft SQL Server 2000 and 2005, Windows Internal Database, and Microsoft Desktop Engine (MSDE) without the updates supplied in MS09-004. Microsoft patched this vulnerability in SP3 for 2005 without any public mention.

tags | exploit, overflow
systems | windows
advisories | CVE-2008-5416, OSVDB-50589
MD5 | 272aab03f6434b209023547965592695
RDdbenum.py.txt
Posted Apr 21, 2008
Authored by Rodrigo Marcos, Mark Crowther | Site irmplc.com

RedDot CMS versions 7.5 Build 7.5.0.48 and below full database enumeration exploit that takes advantage of a remote SQL injection vulnerability in ioRD.asp.

tags | exploit, remote, sql injection, asp
advisories | CVE-2008-1613
MD5 | b3e6d17bdc4a0dcb97d352f7f51cee73
reddot-sql.txt
Posted Apr 21, 2008
Authored by Rodrigo Marcos, Mark Crowther | Site irmplc.com

RedDot CMS versions 7.5 Build 7.5.0.48 and below suffer from a remote SQL injection vulnerability in ioRD.asp.

tags | exploit, remote, sql injection, asp
advisories | CVE-2008-1613
MD5 | e0792209f14eb0e65fa09f4998833156
proxyfuzz.py.txt
Posted Apr 5, 2007
Authored by Rodrigo Marcos | Site theartoffuzzing.com

ProxyFuzz is a man-in-the-middle non-deterministic network fuzzer written in Python. ProxyFuzz randomly changes (fuzzes) contents on the network traffic. It supports TCP and UDP protocols and can also be configured to fuzz only one side of the communication. ProxyFuzz is protocol agnostic so it can randomly fuzz any network communication.

tags | udp, tcp, protocol, python, fuzzer
MD5 | 16335167eec8447d244ca48ab1ae1b2a
taof-0.3.tgz
Posted Feb 6, 2007
Authored by Rodrigo Marcos | Site sourceforge.net

Taof is a GUI cross-platform Python generic network protocol fuzzer. It has been designed for minimizing set-up time during fuzzing sessions and it is especially useful for fast testing of proprietary or undocumented protocols.

Changes: Version 0.3 adds support for fuzzing both TCP and UDP protocols. Moreover, Taof 0.3 aids the monitoring process during fuzzing by the use of an embedded debugger (PyDbg).
tags | protocol, python, fuzzer
MD5 | 32c86c5f27a66aa583f0b2ce1534afcc
taof-0.2.tgz
Posted Nov 30, 2006
Authored by Rodrigo Marcos | Site sourceforge.net

Taof is a GUI cross-platform Python generic network protocol fuzzer. It has been designed for minimizing set-up time during fuzzing sessions and it is especially useful for fast testing of proprietary or undocumented protocols.

Changes: Version 0.2 fixes a number of bugs and includes new exciting features such as the implementation of dictionary attacks and the possibility of including a variable length field on the fuzzed request.
tags | protocol, python, fuzzer
MD5 | fbdd2858cc5ae8e451477e8aff0c6847
taof-0.1beta-src.tgz
Posted Oct 17, 2006
Authored by Rodrigo Marcos | Site sourceforge.net

Taof is a GUI cross-platform Python generic network protocol fuzzer. It has been designed for minimizing set-up time during fuzzing sessions and it is especially useful for fast testing of proprietary or undocumented protocols.

tags | protocol, python, fuzzer
MD5 | d2af30e33af194e04d1d7fece1bcdba0
Page 1 of 1
Back1Next

File Archive:

October 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    24 Files
  • 2
    Oct 2nd
    15 Files
  • 3
    Oct 3rd
    7 Files
  • 4
    Oct 4th
    4 Files
  • 5
    Oct 5th
    10 Files
  • 6
    Oct 6th
    1 Files
  • 7
    Oct 7th
    21 Files
  • 8
    Oct 8th
    19 Files
  • 9
    Oct 9th
    5 Files
  • 10
    Oct 10th
    20 Files
  • 11
    Oct 11th
    17 Files
  • 12
    Oct 12th
    4 Files
  • 13
    Oct 13th
    4 Files
  • 14
    Oct 14th
    15 Files
  • 15
    Oct 15th
    19 Files
  • 16
    Oct 16th
    25 Files
  • 17
    Oct 17th
    17 Files
  • 18
    Oct 18th
    7 Files
  • 19
    Oct 19th
    1 Files
  • 20
    Oct 20th
    1 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close