exploit the possibilities
Showing 1 - 25 of 37 RSS Feed

Files from Michael Brooks

Email addressth3.r00k at gmail.com
First Active2006-12-28
Last Active2016-03-23
CA Single Sign-On Web Agents Information Disclosure / Denial Of Service
Posted Mar 23, 2016
Authored by Kevin Kotas, Michael Brooks | Site www3.ca.com

CA Technologies Support is alerting customers to potential risks with CA Single Sign-On (CA SSO), formerly known as CA SiteMinder. Michael Brooks of BishopFox alerted CA to vulnerabilities that can allow a remote attacker to cause a denial of service or possibly gain sensitive information. CA has fixes that address the vulnerabilities.

tags | advisory, remote, denial of service, vulnerability
advisories | CVE-2015-6853, CVE-2015-6854
MD5 | ea6cfd50604423801445013893f8aff9
Bypassing Microsoft Internet Explorer's XSS Filter
Posted Sep 21, 2011
Authored by Michael Brooks

This is a whitepaper is called Bypassing Microsoft's Internet Explorer Cross Site Scripting Filter.

tags | paper, xss, bypass
MD5 | 4ef3b953655d52de6b79fb0909d0a574
Bypassing PHPIDS 0.6.5
Posted Aug 26, 2011
Authored by Michael Brooks

Using the attacks in this paper allows you to bypass all of PHPIDS's rule sets, which defeats all protection PHPIDS can provide. Furthermore, on a default install of PHPIDS the log file can be used to drop a PHP backdoor. This can use PHPIDS as a vital steping stone in turning an LFI vulnerability into remote code execution. The end result is that use of PHPIDS 0.6.5 can make you less secure. All of these issues have been fixed in version 0.7.

tags | paper, remote, php, code execution
MD5 | 9ab07f1c927a13a3d156d301289a0974
Yaws Wiki 1.88-1 Cross Site Scripting
Posted Apr 4, 2011
Authored by Michael Brooks

Yaws Wiki version 1.88-1 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | e004ffac9e921a2248fc023967b341fa
Majordomo2 20110121 Directory Traversal
Posted Feb 2, 2011
Authored by Michael Brooks

Majordomo2 versions 20110121 and below suffer from a directory traversal vulnerability.

tags | exploit, file inclusion
advisories | CVE-2011-0049
MD5 | 0d0f6b31c8eb09844959737b86314931
Pligg 1.1.2 Cross Site Scripting / SQL Injection
Posted Dec 27, 2010
Authored by Michael Brooks

Pligg version 1.1.2 suffers from cross site scripting and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
MD5 | 4b98838a0ce1f1e6e26519c247d605ea
OpenClassifieds 1.7.0.3 Chained: Captcha Bypass -> SQL Injection -> XSS on Frontpage
Posted Dec 27, 2010
Authored by Michael Brooks

OpenClassifieds version 1.7.0.3 chained exploit that leverages CAPTCHA bypass, remote SQL injection, and persistent cross site scripting on Frontpage.

tags | exploit, remote, xss, sql injection
MD5 | 618bb4716403b90f645b92f12a78db29
GetSimple CMS 2.01 / 2.02 Credential Disclosure
Posted Nov 24, 2010
Authored by Michael Brooks

GetSimple CMS versions 2.01 and 2.02 suffers from an administrative credential disclosure vulnerability.

tags | exploit, info disclosure
MD5 | 1ed4fdfafb5de05a3641ac7a4d1a5af6
PHPVidz 0.9.5 Database Disclosure
Posted May 18, 2010
Authored by Michael Brooks

PHPVidz version 0.9.5 suffers from a remote database disclosure vulnerability that provides the administrative password.

tags | exploit, remote, info disclosure
MD5 | 7661b86fecf7a9afc013b30b428bb6dc
PHP-Nuke 7.0 / 8.1 / 8.1.35 Wormable Remote Code Execution
Posted May 5, 2010
Authored by Michael Brooks

PHP-Nuke versions 7.0, 8.1 and 8.1.35 wormable remote code execution exploit.

tags | exploit, worm, remote, php, code execution
MD5 | eb272c6ff1c00e0c3cdc8c49150c4be4
cTorrent/DTorrent Buffer Overflow
Posted Apr 17, 2009
Authored by Michael Brooks

cTorrent version 1.3.4 and dTorrent version 3.3.2 buffer overflow exploit that creates a malicious .torrent file.

tags | exploit, overflow
MD5 | 5101d774d64ffb0b494adcf233d97ca9
Zoom VoIP Phone Adapter XSRF Exploit
Posted Jan 30, 2009
Authored by Michael Brooks

Cross site request forgery exploit for the Zoom VoIP Phone Adapter ATA1+1.

tags | exploit, csrf
MD5 | 52b6a55f494de461e310428068e50b37
D-Link VoIP Phone Adapter XSRF / XSS
Posted Jan 30, 2009
Authored by Michael Brooks

The D-Link VoIP Phone Adapter suffers from cross site request forgery and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf
MD5 | f0b88a1f7c24b11bce6007dd3272ed2f
Profense Web Application Firewall XSRF / XSS
Posted Jan 30, 2009
Authored by Michael Brooks

The Profense Web Application Firewall version 2.6.2 suffers from cross site request forgery and cross site scripting vulnerabilities.

tags | exploit, web, vulnerability, xss, csrf
MD5 | 18464aecf6a95f5e72d0989484c8d7b4
ManageEngine Firewall Analyzer 5 XSRF / XSS
Posted Jan 30, 2009
Authored by Michael Brooks

The ManageEngine Firewall Analyzer version 5 suffers from cross site request forgery and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf
MD5 | 4471b559ed2d4f8c8c9d2800f1bccfc4
Pligg 9.9.5 Cross Site Request Forgery
Posted Jan 30, 2009
Authored by Michael Brooks

Pligg version 9.9.5 cross site request forgery protection bypass and captcha bypass exploits.

tags | exploit, csrf
MD5 | 6f4b97b7c8101a98dc278ee22b794858
Coppermine Photo Gallery 1.4.19 File Upload
Posted Jan 29, 2009
Authored by Michael Brooks

Coppermine Photo Gallery version 1.4.19 suffers from a remote PHP file upload vulnerability.

tags | exploit, remote, php, file upload
MD5 | 6bd93a3ad3b295df2c45bc0e7182c7d7
Web On Windows Code Execution
Posted Jan 29, 2009
Authored by Michael Brooks

WOW - Web On Windows Active-X control version 2 remote code execution exploit.

tags | exploit, remote, web, code execution, activex
systems | windows
MD5 | dc31f4a6691c8b9e15a60fcd2db37c24
PHPepperShop 1.4 Cross Site Scripting
Posted Dec 9, 2008
Authored by Michael Brooks | Site rooksecurity.com

PHPepperShop version 1.4 suffers from four reflective cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | 10ffc65d37fd5d174942e55e008d1319
PrestaShop 1.1.0.3 Cross Site Scripting
Posted Dec 9, 2008
Authored by Michael Brooks | Site rooksecurity.com

PrestaShop version 1.1.0.3 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 54b7fe6ea0c23b7becc7a6a8d481e465
phpMyAdmin 3.1.0 XSRF / SQL Injection
Posted Dec 9, 2008
Authored by Michael Brooks | Site rooksecurity.com

phpMyAdmin version 3.1.0 suffers from a SQL injection vulnerability that can be leveraged via a cross site request forgery vulnerability.

tags | exploit, sql injection, csrf
MD5 | 0a22e8d11bc6b72e02a537596611b0be
Simple Directory Listing Upload Vulnerability
Posted Dec 9, 2008
Authored by Michael Brooks | Site rooksecurity.com

Simple Directory Listing version 2.1 beta 1 suffers from a cross site file upload vulnerability.

tags | exploit, file upload
MD5 | c92888e720baae69cfcc82efccbc4809
XAMPP 1.6.8 Password Exploit
Posted Dec 8, 2008
Authored by Michael Brooks | Site rooksecurity.com

XAMPP version 1.6.8 cross site request forgery exploit that changes the administrative password.

tags | exploit, csrf
MD5 | 1f9d18cb956505c4d80b58d9baaeaa6d
DD-WRT 24-sp1 Cross Site Request Forgery
Posted Dec 8, 2008
Authored by Michael Brooks | Site rooksecurity.com

DD-WRT version 24-sp1 cross site request forgery exploit that lets you execute code as root.

tags | exploit, root, csrf
MD5 | 1db79e8667a0d94471c8adf7e8ab2c2c
smf_captcha.zip
Posted Apr 21, 2008
Authored by Michael Brooks | Site rooksecurity.com

Tool that demonstrates the breaking of Simple Machine Forum's audio CAPTCHA.

tags | exploit
MD5 | 22c081a2babb99cea4891aa3d2381d5f
Page 1 of 2
Back12Next

File Archive:

August 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    10 Files
  • 2
    Aug 2nd
    8 Files
  • 3
    Aug 3rd
    2 Files
  • 4
    Aug 4th
    1 Files
  • 5
    Aug 5th
    15 Files
  • 6
    Aug 6th
    79 Files
  • 7
    Aug 7th
    16 Files
  • 8
    Aug 8th
    11 Files
  • 9
    Aug 9th
    10 Files
  • 10
    Aug 10th
    0 Files
  • 11
    Aug 11th
    6 Files
  • 12
    Aug 12th
    26 Files
  • 13
    Aug 13th
    15 Files
  • 14
    Aug 14th
    19 Files
  • 15
    Aug 15th
    52 Files
  • 16
    Aug 16th
    11 Files
  • 17
    Aug 17th
    1 Files
  • 18
    Aug 18th
    2 Files
  • 19
    Aug 19th
    18 Files
  • 20
    Aug 20th
    19 Files
  • 21
    Aug 21st
    17 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close