what you don't know can hurt you
Showing 1 - 25 of 38 RSS Feed

Files from Dawid Golunski

Email addressgolunski at onet.eu
First Active2009-11-17
Last Active2017-05-17
WordPress PHPMailer Host Header Command Injection
Posted May 17, 2017
Authored by Dawid Golunski, wvu | Site metasploit.com

This Metasploit module exploits a command injection vulnerability in WordPress version 4.6 with Exim as an MTA via a spoofed Host header to PHPMailer, a mail-sending library that is bundled with WordPress. A valid WordPress username is required to exploit the vulnerability. Additionally, due to the altered Host header, exploitation is limited to the default virtual host, assuming the header isn't mangled in transit. If the target is running Apache 2.2.32 or 2.4.24 and later, the server may have HttpProtocolOptions set to Strict, preventing a Host header containing parens from passing through, making exploitation unlikely.

tags | exploit, spoof
advisories | CVE-2016-10033
MD5 | 79e346c62995359fee5570ce7b675572
Vanilla Forums 2.3 Remote Code Execution
Posted May 12, 2017
Authored by Dawid Golunski | Site legalhackers.com

Vanilla Forums versions 2.3 and below remote code execution exploit.

tags | exploit, remote, code execution
advisories | CVE-2016-10033, CVE-2016-10073
MD5 | 8908d107378c35ad76589441cc985ca9
WordPress Core 4.6 Unauthenticated Remote Code Execution
Posted May 5, 2017
Authored by Dawid Golunski | Site legalhackers.com

WordPress (core) 4.6 suffers from an unauthenticated remote code execution condition via an exploitable version of PHPMailer built-in to WordPress code. Exploitation details provided.

tags | exploit, remote, code execution
advisories | CVE-2016-10033
MD5 | 7548237ea4bc029d486f673e64741747
SquirrelMail 1.4.22 Remote Code Execution
Posted Apr 23, 2017
Authored by Dawid Golunski

SquirrelMail versions 1.4.22 and below suffer from a remote code execution vulnerability.

tags | exploit, remote, code execution
advisories | CVE-2017-7692
MD5 | aca9c60af6e94fd27e23b8ce1f25f382
PHPMailer Sendmail Argument Injection
Posted Jan 4, 2017
Authored by Dawid Golunski, Spencer McIntyre | Site metasploit.com

PHPMailer versions up to and including 5.2.19 are affected by a vulnerability which can be leveraged by an attacker to write a file with partially controlled contents to an arbitrary location through injection of arguments that are passed to the sendmail binary. This Metasploit module writes a payload to the web root of the webserver before then executing it with an HTTP request. The user running PHPMailer must have write access to the specified WEB_ROOT directory and successful exploitation can take a few minutes.

tags | exploit, web, arbitrary, root
advisories | CVE-2016-10033, CVE-2016-10045
MD5 | a8dc72e0680b992ed76e35257184f274
PHPMailer / Zend-mail / SwiftMailer Remote Code Execution
Posted Jan 3, 2017
Authored by Dawid Golunski

This proof of concept exploit aims to execute a reverse shell on the target in the context of the web server user via a vulnerable PHP email library.

tags | exploit, web, shell, php, proof of concept
advisories | CVE-2016-10033, CVE-2016-10034, CVE-2016-10045, CVE-2016-10074
MD5 | a0be91defae2564f4405c81fdeab38cd
SwiftMailer Remote Code Execution
Posted Dec 29, 2016
Authored by Dawid Golunski

SwiftMailer versions prior to 5.4.5-DEV suffers from a remote code execution vulnerability.

tags | exploit, remote, code execution
advisories | CVE-2016-10074
MD5 | 867421c2ab76adf20394234a4a466e45
PHPMailer Remote Code Execution
Posted Dec 28, 2016
Authored by Dawid Golunski

PHPMailer versions prior to 5.2.20 zero day remote code execution exploit. This bypasses the CVE-2016-10033 patch.

tags | exploit, remote, code execution
advisories | CVE-2016-10033, CVE-2016-10045
MD5 | 866aa935950ebe6d9acfd7e53a16846c
PHPMailer 5.2.17 Remote Code Execution
Posted Dec 27, 2016
Authored by Dawid Golunski

PHPMailer versions prior to 5.2.18 suffer from a remote code execution vulnerability. This archive consists of the full advisory and also the proof of concept code.

tags | exploit, remote, code execution, proof of concept
advisories | CVE-2016-10033
MD5 | fd1e17cbce43e18c7ccf541988b20ac8
PHPMailer 5.2.17 Remote Code Execution
Posted Dec 26, 2016
Authored by Dawid Golunski

PHPMailer version 5.2.17 suffers from a remote code execution vulnerability.

tags | exploit, remote, code execution
advisories | CVE-2016-10033
MD5 | e93465ebb2db8952d96d4915153e3e69
Nagios Core Curl Command Injection / Code Execution
Posted Dec 15, 2016
Authored by Dawid Golunski

Nagios Core versions prior to 4.2.2 suffer from a curl command injection vulnerability that can lead to remote code execution.

tags | exploit, remote, code execution
advisories | CVE-2016-9565
MD5 | 6dc98bfd8857fb90408586ac4fad6fd0
GNU Wget Access List Bypass / Race Condition
Posted Nov 24, 2016
Authored by Dawid Golunski

GNU wget versions 1.17 and earlier, when used in mirroring/recursive mode, are affected by a race condition vulnerability that might allow remote attackers to bypass intended wget access list restrictions specified with the -A parameter. This might allow attackers to place malicious/restricted files onto the system. Depending on the application / download directory, this could potentially lead to other vulnerabilities such as code execution, etc.

tags | exploit, remote, vulnerability, code execution, bypass
advisories | CVE-2016-7098
MD5 | 3a7f82b9aec2e988d5b1a8143090c82b
Nginx Root Privilege Escalation
Posted Nov 16, 2016
Authored by Dawid Golunski

Nginx web server packaging on Debian-based distributions such as Debian or Ubuntu was found to create log directories with insecure permissions which can be exploited by malicious local attackers to escalate their privileges from nginx/web user (www-data) to root. The vulnerability could be easily exploited by attackers who have managed to compromise a web application hosted on Nginx server and gained access to www-data account as it would allow them to escalate their privileges further to root access and fully compromise the system. This is fixed in 1.6.2-5+deb8u3 package on Debian and 1.10.0-0ubuntu0.16.04.3 on Ubuntu 16.04 LTS. UPDATE 2017/01/13 - nginx packages below version 1.10.2-r3 on Gentoo are also affected.

tags | exploit, web, local, root
systems | linux, debian, ubuntu
advisories | CVE-2016-1247
MD5 | a18720c4e6d5445fab2ac18439149c1f
MySQL / MariaDB / PerconaDB Root Privilege Escalation
Posted Nov 2, 2016
Authored by Dawid Golunski

MySQL-based databases including MySQL, MariaDB and PerconaDB are affected by a privilege escalation vulnerability which can let attackers who have gained access to mysql system user to further escalate their privileges to root user allowing them to fully compromise the system. The vulnerability stems from unsafe file handling of error logs and other files.

tags | exploit, root
advisories | CVE-2016-6664
MD5 | 73b41ab8c5b59bd8889f73c2538d4f62
MySQL / MariaDB / PerconaDB Privilege Escalation / Race Condition
Posted Nov 2, 2016
Authored by Dawid Golunski

An independent research has revealed a race condition vulnerability which affects MySQL, MariaDB and PerconaDB databases. The vulnerability can allow a local system user with access to the affected database in the context of a low-privileged account (CREATE/INSERT/SELECT grants) to escalate their privileges and execute arbitrary code as the database system user (typically 'mysql').

tags | exploit, arbitrary, local
advisories | CVE-2016-6663
MD5 | 9b5a5ffe51fb38b8ff3c447e246e7c03
Apache Tomcat 8 / 7 / 6 Privilege Escalation
Posted Oct 10, 2016
Authored by Dawid Golunski

Apache Tomcat versions 8, 7, and 6 suffer from a privilege escalation vulnerability on RedHat-based distros.

tags | exploit
systems | linux, redhat
advisories | CVE-2016-5425
MD5 | f3c04168ae0abb155248a68219096e68
Apache Tomcat 8.0.36-2 Privilege Escalation
Posted Oct 2, 2016
Authored by Dawid Golunski

Apache Tomcat versions 8.0.36-2 and below, 7.0.70-2 and below, and 6.0.45+dfsg-1~deb8ul and below suffer from a local root privilege escalation vulnerability.

tags | exploit, local, root
advisories | CVE-2016-1240
MD5 | dcf2beeda84d1c33b8f60d5b10460d33
MySQL 5.7.15 / 5.6.33 / 5.5.52 Remote Code Execution
Posted Sep 12, 2016
Authored by Dawid Golunski

MySQL versions 5.7.15 and below, 5.6.33 and below, and 5.5.52 and below suffer from remote root code execution and privilege escalation vulnerabilities.

tags | exploit, remote, root, vulnerability, code execution
advisories | CVE-2003-0150, CVE-2016-6662
MD5 | a33bd7f960992093ff0e37dd88d8076f
Adobe ColdFusion 11 XML External Entity Injection
Posted Sep 7, 2016
Authored by Dawid Golunski

Adobe ColdFusion versions 11 and below suffer from an XML external entity (XXE) injection vulnerability.

tags | exploit
advisories | CVE-2016-4264
MD5 | b03f3352a6a03d60f1977acc5f452637
vBulletin 5.2.2 / 4.2.3 / 3.8.9 Server Side Request Forgery
Posted Aug 8, 2016
Authored by Dawid Golunski

vBulletin versions 5.2.2 and below, 4.2.3 and below, and 3.8.9 and below suffer from a pre-auth server side request forgery vulnerability.

tags | exploit
advisories | CVE-2016-6483
MD5 | 64d6a9fbed7ba7874703b83d32249152
GNU Wget Arbitrary File Upload / Potential Remote Code Execution
Posted Jul 6, 2016
Authored by Dawid Golunski

GNU Wget versions prior to 1.18 suffer from an arbitrary file upload vulnerability that may allow for remote code execution.

tags | exploit, remote, arbitrary, code execution, file upload
advisories | CVE-2016-4971
MD5 | c1bff7c5ea44db8d87e028c13050cabc
Ubuntu Security Notice USN-3012-1
Posted Jun 21, 2016
Authored by Ubuntu, Dawid Golunski | Site security.ubuntu.com

Ubuntu Security Notice 3012-1 - Dawid Golunski discovered that Wget incorrectly handled filenames when being redirected from an HTTP to an FTP URL. A malicious server could possibly use this issue to overwrite local files.

tags | advisory, web, local
systems | linux, ubuntu
advisories | CVE-2016-4971
MD5 | 566d6508eaba1dbcf5286cfd6133c649
CakePHP Framework 3.2.4 IP Spoofing
Posted May 14, 2016
Authored by Dawid Golunski

CakePHP Framework versions 3.2.4 and below suffer from a vulnerability that allows users to spoof the source IP address logged by the server.

tags | exploit, spoof
MD5 | e42211c031063b646edfbfdecb046f33
Exim perl_startup Privilege Escalation
Posted Apr 14, 2016
Authored by Dawid Golunski, wvu | Site metasploit.com

This Metasploit module exploits a Perl injection vulnerability in Exim versions prior to 4.86.2 given the presence of the "perl_startup" configuration parameter.

tags | exploit, perl
MD5 | 1b3e86403723d9ae893f6c3110bbd0c2
Exim Local Privilege Escalation
Posted Mar 10, 2016
Authored by Dawid Golunski

Exim versions prior to 4.86.2 suffer from a local root privilege escalation vulnerability. When Exim installation has been compiled with Perl support and contains a perl_startup configuration variable it can be exploited by malicious local attackers to gain root privileges.

tags | exploit, local, root, perl
advisories | CVE-2016-1531
MD5 | dfa8bd2eefce417043294f1a91f32077
Page 1 of 2
Back12Next

File Archive:

September 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    5 Files
  • 2
    Sep 2nd
    5 Files
  • 3
    Sep 3rd
    3 Files
  • 4
    Sep 4th
    13 Files
  • 5
    Sep 5th
    16 Files
  • 6
    Sep 6th
    15 Files
  • 7
    Sep 7th
    20 Files
  • 8
    Sep 8th
    16 Files
  • 9
    Sep 9th
    4 Files
  • 10
    Sep 10th
    2 Files
  • 11
    Sep 11th
    15 Files
  • 12
    Sep 12th
    19 Files
  • 13
    Sep 13th
    20 Files
  • 14
    Sep 14th
    38 Files
  • 15
    Sep 15th
    31 Files
  • 16
    Sep 16th
    1 Files
  • 17
    Sep 17th
    7 Files
  • 18
    Sep 18th
    15 Files
  • 19
    Sep 19th
    40 Files
  • 20
    Sep 20th
    8 Files
  • 21
    Sep 21st
    1 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close