what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 10 of 10 RSS Feed

Files from Rodrigo Marcos

Email addressrodrigo.marcos at irmplc.com
First Active2006-10-17
Last Active2017-05-01
MySQL 5.6.35 / 5.7.17 Integer Overflow
Posted May 1, 2017
Authored by Rodrigo Marcos

MySQL versions 5.6.35 and below and 5.7.17 and below suffer from an integer overflow vulnerability.

tags | exploit, overflow
advisories | CVE-2017-3599
SHA-256 | 0ee06e9ca07a91bdf300e8247f0088f5b1ec71f49b7ac4b052a8d6f34794a932
Apache mod_proxy Proof Of Concept
Posted Oct 11, 2011
Authored by Rodrigo Marcos | Site secforce.co.uk

The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an initial @ (at sign) character. This is a proof of concept exploit that demonstrates this vulnerability.

tags | exploit, remote, web, proof of concept
advisories | CVE-2011-3368
SHA-256 | 75f36dfa842b3b7a95c175cb265cef819693d09f8c78a6ec91fe76cb8705da9e
Microsoft SQL Server Payload Execution via SQL injection
Posted Jan 29, 2011
Authored by Rodrigo Marcos, David Kennedy, jduck | Site metasploit.com

This Metasploit module will execute an arbitrary payload on a Microsoft SQL Server, using a SQL injection vulnerability. Once a vulnerability is identified this module will use xp_cmdshell to upload and execute Metasploit payloads. It is necessary to specify the exact point where the SQL injection vulnerability happens.

tags | exploit, arbitrary, sql injection
advisories | CVE-2000-0402, CVE-2000-1209, OSVDB-15757
SHA-256 | 5c71a8e0d959c8b1f43ce27c1cfb87641e1abf71b42047e2636fd0256601f31a
Microsoft SQL Server sp_replwritetovarbin Memory Corruption via SQL Injection
Posted Jan 24, 2011
Authored by Rodrigo Marcos, jduck | Site metasploit.com

This Metasploit module exploit smashes several pointers. A heap-based buffer overflow can occur when calling the undocumented "sp_replwritetovarbin" extended stored procedure. This vulnerability affects all versions of Microsoft SQL Server 2000 and 2005, Windows Internal Database, and Microsoft Desktop Engine (MSDE) without the updates supplied in MS09-004. Microsoft patched this vulnerability in SP3 for 2005 without any public mention.

tags | exploit, overflow
systems | windows
advisories | CVE-2008-5416, OSVDB-50589
SHA-256 | 22edb58a5f3eb94beb9d96ca4c1c67aaf6a45c0df8336fcfd1b91c3de3a418ba
RDdbenum.py.txt
Posted Apr 21, 2008
Authored by Rodrigo Marcos, Mark Crowther | Site irmplc.com

RedDot CMS versions 7.5 Build 7.5.0.48 and below full database enumeration exploit that takes advantage of a remote SQL injection vulnerability in ioRD.asp.

tags | exploit, remote, sql injection, asp
advisories | CVE-2008-1613
SHA-256 | 3425a7a46022a1d5c00c940d64eb2be9302b2e7ef356f8e16b7bbc1869f47731
reddot-sql.txt
Posted Apr 21, 2008
Authored by Rodrigo Marcos, Mark Crowther | Site irmplc.com

RedDot CMS versions 7.5 Build 7.5.0.48 and below suffer from a remote SQL injection vulnerability in ioRD.asp.

tags | exploit, remote, sql injection, asp
advisories | CVE-2008-1613
SHA-256 | b97bd24c53768c65b163383bb33684f6375c1f7cb5294f4c72c3f30ea93c2ed8
proxyfuzz.py.txt
Posted Apr 5, 2007
Authored by Rodrigo Marcos | Site theartoffuzzing.com

ProxyFuzz is a man-in-the-middle non-deterministic network fuzzer written in Python. ProxyFuzz randomly changes (fuzzes) contents on the network traffic. It supports TCP and UDP protocols and can also be configured to fuzz only one side of the communication. ProxyFuzz is protocol agnostic so it can randomly fuzz any network communication.

tags | udp, tcp, protocol, python, fuzzer
SHA-256 | 83cb422e91d20d05afbe49119a394fe82ea883046f73d3a4484f08440e667307
taof-0.3.tgz
Posted Feb 6, 2007
Authored by Rodrigo Marcos | Site sourceforge.net

Taof is a GUI cross-platform Python generic network protocol fuzzer. It has been designed for minimizing set-up time during fuzzing sessions and it is especially useful for fast testing of proprietary or undocumented protocols.

Changes: Version 0.3 adds support for fuzzing both TCP and UDP protocols. Moreover, Taof 0.3 aids the monitoring process during fuzzing by the use of an embedded debugger (PyDbg).
tags | protocol, python, fuzzer
SHA-256 | 602cb39c8ea3a3fed659db86b8e125037d32883c0f0f836cb2930f82c109dd9a
taof-0.2.tgz
Posted Nov 30, 2006
Authored by Rodrigo Marcos | Site sourceforge.net

Taof is a GUI cross-platform Python generic network protocol fuzzer. It has been designed for minimizing set-up time during fuzzing sessions and it is especially useful for fast testing of proprietary or undocumented protocols.

Changes: Version 0.2 fixes a number of bugs and includes new exciting features such as the implementation of dictionary attacks and the possibility of including a variable length field on the fuzzed request.
tags | protocol, python, fuzzer
SHA-256 | b76f3be147a9483559333d14a283d267d85352df074912fc8ec5b79fefdde902
taof-0.1beta-src.tgz
Posted Oct 17, 2006
Authored by Rodrigo Marcos | Site sourceforge.net

Taof is a GUI cross-platform Python generic network protocol fuzzer. It has been designed for minimizing set-up time during fuzzing sessions and it is especially useful for fast testing of proprietary or undocumented protocols.

tags | protocol, python, fuzzer
SHA-256 | d30483f8e9b254765ea834846f66dda81784964a044db89c17ab0b4f71cfde86
Page 1 of 1
Back1Next

File Archive:

January 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jan 1st
    0 Files
  • 2
    Jan 2nd
    13 Files
  • 3
    Jan 3rd
    5 Files
  • 4
    Jan 4th
    5 Files
  • 5
    Jan 5th
    9 Files
  • 6
    Jan 6th
    5 Files
  • 7
    Jan 7th
    0 Files
  • 8
    Jan 8th
    0 Files
  • 9
    Jan 9th
    18 Files
  • 10
    Jan 10th
    31 Files
  • 11
    Jan 11th
    30 Files
  • 12
    Jan 12th
    33 Files
  • 13
    Jan 13th
    25 Files
  • 14
    Jan 14th
    0 Files
  • 15
    Jan 15th
    0 Files
  • 16
    Jan 16th
    7 Files
  • 17
    Jan 17th
    25 Files
  • 18
    Jan 18th
    38 Files
  • 19
    Jan 19th
    6 Files
  • 20
    Jan 20th
    21 Files
  • 21
    Jan 21st
    0 Files
  • 22
    Jan 22nd
    0 Files
  • 23
    Jan 23rd
    24 Files
  • 24
    Jan 24th
    68 Files
  • 25
    Jan 25th
    22 Files
  • 26
    Jan 26th
    20 Files
  • 27
    Jan 27th
    17 Files
  • 28
    Jan 28th
    0 Files
  • 29
    Jan 29th
    0 Files
  • 30
    Jan 30th
    0 Files
  • 31
    Jan 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close