what you don't know can hurt you
Showing 1 - 17 of 17 RSS Feed

Files from joernchen

Email addressjoernchen at phenoelit.de
First Active2010-12-27
Last Active2018-10-17
Git Submodule Arbitrary Code Execution
Posted Oct 17, 2018
Authored by joernchen

This write up provides a proof of concept with technical details for the git submodule arbitrary code execution vulnerability.

tags | exploit, arbitrary, code execution, proof of concept
advisories | CVE-2018-17456
MD5 | 8b90c70cc560ce019f65408cbaa40ac8
Git cvsserver Remote Command Execution
Posted Sep 28, 2017
Authored by joernchen | Site phenoelit.de

The git subcommand cvsserver is a Perl script which makes excessive use of the backtick operator to invoke git. Unfortunately user input is used within some of those invocations and it allows for OS command injection. Versions before before 2.14.2, 2.13.6, 2.12.5, 2.11.4 and 2.10.5 are affected.

tags | exploit, perl
MD5 | d20dd2daa3a886f605dc703ed7b1a0f7
Metasploit Web UI Static secret_key_base Value
Posted Sep 24, 2016
Authored by joernchen, Justin Steven | Site metasploit.com

This Metasploit module exploits the Web UI for Metasploit Community, Express and Pro where one of a certain set of Weekly Releases have been applied. These Weekly Releases introduced a static secret_key_base value. Knowledge of the static secret_key_base value allows for deserialization of a crafted Ruby Object, achieving code execution. This Metasploit module is based on exploits/multi/http/rails_secret_deserialization.

tags | exploit, web, code execution, ruby
MD5 | 346aa14307013225d55de3662f17f41d
JRuby Sandbox 0.2.2 Bypass
Posted Apr 24, 2014
Authored by joernchen

jruby-sandbox aims to allow safe execution of user given Ruby code within a JRuby [0] runtime. However via import of Java classes it is possible to circumvent those protections and execute arbitrary code outside the sandboxed environment. Versions 0.2.2 and below are affected.

tags | exploit, java, arbitrary, ruby
MD5 | 2fafc9b85853f0e228f2016f5174b125
Github Remote Command Execution
Posted Feb 24, 2014
Authored by joernchen

Github suffered from a remote command execution vulnerability via variable injection.

tags | exploit, remote
MD5 | 49234107765c48d29ec33201b4f544ba
Open-Xchange 7.4.1 Script Insertion
Posted Feb 11, 2014
Authored by joernchen, Martin Braun

Open-Xchange AppSuite version 7.4.1 fails to properly neutralize javascript inserted at the header of an SVG image file.

tags | advisory, javascript
advisories | CVE-2014-1679
MD5 | bc21012775f1fb67c09ffbca640ce011
Fat Free CRM CSRF / SQL Injection / Known Secret
Posted Dec 24, 2013
Authored by joernchen

Fat Free CRM suffers from cross site request forgery, known session secret, and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection, info disclosure, csrf
MD5 | 268e0f639d5feabbcd112362badf3b1c
sup Remote Command Execution
Posted Oct 29, 2013
Authored by joernchen

sup versions prior to 0.14.1.1 and prior to 0.13.2.1 suffer from an arbitrary command execution vulnerability via a forged content type of an email attachment.

tags | exploit, arbitrary
MD5 | b418d622f18701cab2f2e2cdd40cedfd
Ruby on Rails Known Secret Session Cookie Remote Code Execution
Posted Aug 11, 2013
Authored by joernchen | Site metasploit.com

This Metasploit module implements remote command execution on Ruby on Rails applications. Prerequisite is knowledge of the "secret_token" (Rails 2/3) or "secret_key_base" (Rails 4). The values for those can be usually found in the file "RAILS_ROOT/config/initializers/secret_token.rb". The module achieves RCE by deserialization of a crafted Ruby Object.

tags | exploit, remote, ruby
MD5 | 351a3975d84e6a8ac892218c906fef91
sudo 1.8.3p1 Format String
Posted Jan 30, 2012
Authored by joernchen | Site phenoelit.de

sudo versions 1.8.0 through 1.8.3p1 suffer from a format string vulnerability that allows for privilege escalation.

tags | exploit
MD5 | b2036d45402949553965c07da5b6d34c
Gitorious Remote Command Execution
Posted Jan 28, 2012
Authored by joernchen | Site phenoelit.de

Gitorious versions prior to 2.1.1 suffer from a remote command execution vulnerability.

tags | exploit, remote
MD5 | 29144dc4f809ee2b0f9f56dd45971982
Gitorious Arbitrary Command Execution
Posted Jan 21, 2012
Authored by joernchen | Site metasploit.com

This Metasploit module exploits an arbitrary command execution vulnerability in the in gitorious. Unvalidated input is send to the shell allowing command execution.

tags | exploit, arbitrary, shell
MD5 | 689ddf3546d96485c325e6ed260ee72a
Spreecommerce 0.60.1 Arbitrary Command Execution
Posted Oct 10, 2011
Authored by joernchen | Site metasploit.com

This Metasploit module exploits an arbitrary command execution vulnerability in the Spreecommerce search. Unvalidated input is called via the Ruby send method allowing command execution.

tags | exploit, arbitrary, ruby
advisories | OSVDB-76011
MD5 | c5507048e088c83936d0f914767dec99
Spreecommerce Arbitrary Command Execution
Posted Apr 22, 2011
Authored by joernchen | Site metasploit.com

This Metasploit module exploits an arbitrary command execution vulnerability in the Spreecommerce API searchlogic. Unvalidated input is called via the Ruby send method allowing command execution.

tags | exploit, arbitrary, ruby
advisories | OSVDB-71900
MD5 | 51ac93a2c2e2d1830bf37204c78c23a9
Distributed Ruby Send instance_eval/syscall Code Execution
Posted Mar 28, 2011
Authored by joernchen | Site metasploit.com

This Metasploit module exploits remote code execution vulnerabilities in dRuby.

tags | exploit, remote, vulnerability, code execution
MD5 | 1ddfb7438e9601a8ff41f0ece5b3ef06
Distributed Ruby Send Syscall Vulnerability
Posted Mar 23, 2011
Authored by joernchen | Site metasploit.com

This Metasploit module exploits remote syscalls in DRuby.

tags | exploit, remote
MD5 | c0bf40e9779a3089040539556689b6eb
Redmine SCM Repository Arbitrary Command Execution
Posted Dec 27, 2010
Authored by joernchen | Site metasploit.com

This Metasploit module exploits an arbitrary command execution vulnerability in the Redmine repository controller. The flaw is triggered when a rev parameter is passed to the command line of the SCM tool without adequate filtering.

tags | exploit, arbitrary
advisories | OSVDB-70090
MD5 | 786ab1c4d70bf6985b3a787fcf48a0f6
Page 1 of 1
Back1Next

File Archive:

August 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    3 Files
  • 2
    Aug 2nd
    2 Files
  • 3
    Aug 3rd
    32 Files
  • 4
    Aug 4th
    22 Files
  • 5
    Aug 5th
    15 Files
  • 6
    Aug 6th
    19 Files
  • 7
    Aug 7th
    6 Files
  • 8
    Aug 8th
    0 Files
  • 9
    Aug 9th
    2 Files
  • 10
    Aug 10th
    9 Files
  • 11
    Aug 11th
    0 Files
  • 12
    Aug 12th
    0 Files
  • 13
    Aug 13th
    0 Files
  • 14
    Aug 14th
    0 Files
  • 15
    Aug 15th
    0 Files
  • 16
    Aug 16th
    0 Files
  • 17
    Aug 17th
    0 Files
  • 18
    Aug 18th
    0 Files
  • 19
    Aug 19th
    0 Files
  • 20
    Aug 20th
    0 Files
  • 21
    Aug 21st
    0 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close