what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 10 of 10 RSS Feed

Files from Rodrigo Marcos

Email addressrodrigo.marcos at irmplc.com
First Active2006-10-17
Last Active2017-05-01
MySQL 5.6.35 / 5.7.17 Integer Overflow
Posted May 1, 2017
Authored by Rodrigo Marcos

MySQL versions 5.6.35 and below and 5.7.17 and below suffer from an integer overflow vulnerability.

tags | exploit, overflow
advisories | CVE-2017-3599
SHA-256 | 0ee06e9ca07a91bdf300e8247f0088f5b1ec71f49b7ac4b052a8d6f34794a932
Apache mod_proxy Proof Of Concept
Posted Oct 11, 2011
Authored by Rodrigo Marcos | Site secforce.co.uk

The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an initial @ (at sign) character. This is a proof of concept exploit that demonstrates this vulnerability.

tags | exploit, remote, web, proof of concept
advisories | CVE-2011-3368
SHA-256 | 75f36dfa842b3b7a95c175cb265cef819693d09f8c78a6ec91fe76cb8705da9e
Microsoft SQL Server Payload Execution via SQL injection
Posted Jan 29, 2011
Authored by Rodrigo Marcos, David Kennedy, jduck | Site metasploit.com

This Metasploit module will execute an arbitrary payload on a Microsoft SQL Server, using a SQL injection vulnerability. Once a vulnerability is identified this module will use xp_cmdshell to upload and execute Metasploit payloads. It is necessary to specify the exact point where the SQL injection vulnerability happens.

tags | exploit, arbitrary, sql injection
advisories | CVE-2000-0402, CVE-2000-1209, OSVDB-15757
SHA-256 | 5c71a8e0d959c8b1f43ce27c1cfb87641e1abf71b42047e2636fd0256601f31a
Microsoft SQL Server sp_replwritetovarbin Memory Corruption via SQL Injection
Posted Jan 24, 2011
Authored by Rodrigo Marcos, jduck | Site metasploit.com

This Metasploit module exploit smashes several pointers. A heap-based buffer overflow can occur when calling the undocumented "sp_replwritetovarbin" extended stored procedure. This vulnerability affects all versions of Microsoft SQL Server 2000 and 2005, Windows Internal Database, and Microsoft Desktop Engine (MSDE) without the updates supplied in MS09-004. Microsoft patched this vulnerability in SP3 for 2005 without any public mention.

tags | exploit, overflow
systems | windows
advisories | CVE-2008-5416, OSVDB-50589
SHA-256 | 22edb58a5f3eb94beb9d96ca4c1c67aaf6a45c0df8336fcfd1b91c3de3a418ba
RDdbenum.py.txt
Posted Apr 21, 2008
Authored by Rodrigo Marcos, Mark Crowther | Site irmplc.com

RedDot CMS versions 7.5 Build 7.5.0.48 and below full database enumeration exploit that takes advantage of a remote SQL injection vulnerability in ioRD.asp.

tags | exploit, remote, sql injection, asp
advisories | CVE-2008-1613
SHA-256 | 3425a7a46022a1d5c00c940d64eb2be9302b2e7ef356f8e16b7bbc1869f47731
reddot-sql.txt
Posted Apr 21, 2008
Authored by Rodrigo Marcos, Mark Crowther | Site irmplc.com

RedDot CMS versions 7.5 Build 7.5.0.48 and below suffer from a remote SQL injection vulnerability in ioRD.asp.

tags | exploit, remote, sql injection, asp
advisories | CVE-2008-1613
SHA-256 | b97bd24c53768c65b163383bb33684f6375c1f7cb5294f4c72c3f30ea93c2ed8
proxyfuzz.py.txt
Posted Apr 5, 2007
Authored by Rodrigo Marcos | Site theartoffuzzing.com

ProxyFuzz is a man-in-the-middle non-deterministic network fuzzer written in Python. ProxyFuzz randomly changes (fuzzes) contents on the network traffic. It supports TCP and UDP protocols and can also be configured to fuzz only one side of the communication. ProxyFuzz is protocol agnostic so it can randomly fuzz any network communication.

tags | udp, tcp, protocol, python, fuzzer
SHA-256 | 83cb422e91d20d05afbe49119a394fe82ea883046f73d3a4484f08440e667307
taof-0.3.tgz
Posted Feb 6, 2007
Authored by Rodrigo Marcos | Site sourceforge.net

Taof is a GUI cross-platform Python generic network protocol fuzzer. It has been designed for minimizing set-up time during fuzzing sessions and it is especially useful for fast testing of proprietary or undocumented protocols.

Changes: Version 0.3 adds support for fuzzing both TCP and UDP protocols. Moreover, Taof 0.3 aids the monitoring process during fuzzing by the use of an embedded debugger (PyDbg).
tags | protocol, python, fuzzer
SHA-256 | 602cb39c8ea3a3fed659db86b8e125037d32883c0f0f836cb2930f82c109dd9a
taof-0.2.tgz
Posted Nov 30, 2006
Authored by Rodrigo Marcos | Site sourceforge.net

Taof is a GUI cross-platform Python generic network protocol fuzzer. It has been designed for minimizing set-up time during fuzzing sessions and it is especially useful for fast testing of proprietary or undocumented protocols.

Changes: Version 0.2 fixes a number of bugs and includes new exciting features such as the implementation of dictionary attacks and the possibility of including a variable length field on the fuzzed request.
tags | protocol, python, fuzzer
SHA-256 | b76f3be147a9483559333d14a283d267d85352df074912fc8ec5b79fefdde902
taof-0.1beta-src.tgz
Posted Oct 17, 2006
Authored by Rodrigo Marcos | Site sourceforge.net

Taof is a GUI cross-platform Python generic network protocol fuzzer. It has been designed for minimizing set-up time during fuzzing sessions and it is especially useful for fast testing of proprietary or undocumented protocols.

tags | protocol, python, fuzzer
SHA-256 | d30483f8e9b254765ea834846f66dda81784964a044db89c17ab0b4f71cfde86
Page 1 of 1
Back1Next

File Archive:

February 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    16 Files
  • 2
    Feb 2nd
    19 Files
  • 3
    Feb 3rd
    0 Files
  • 4
    Feb 4th
    0 Files
  • 5
    Feb 5th
    24 Files
  • 6
    Feb 6th
    2 Files
  • 7
    Feb 7th
    10 Files
  • 8
    Feb 8th
    25 Files
  • 9
    Feb 9th
    37 Files
  • 10
    Feb 10th
    0 Files
  • 11
    Feb 11th
    0 Files
  • 12
    Feb 12th
    17 Files
  • 13
    Feb 13th
    20 Files
  • 14
    Feb 14th
    25 Files
  • 15
    Feb 15th
    15 Files
  • 16
    Feb 16th
    6 Files
  • 17
    Feb 17th
    0 Files
  • 18
    Feb 18th
    0 Files
  • 19
    Feb 19th
    35 Files
  • 20
    Feb 20th
    25 Files
  • 21
    Feb 21st
    18 Files
  • 22
    Feb 22nd
    15 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    10 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    37 Files
  • 27
    Feb 27th
    34 Files
  • 28
    Feb 28th
    0 Files
  • 29
    Feb 29th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close