what you don't know can hurt you
Showing 1 - 16 of 16 RSS Feed

Files from joernchen

Email addressjoernchen at phenoelit.de
First Active2010-12-27
Last Active2017-09-28
Git cvsserver Remote Command Execution
Posted Sep 28, 2017
Authored by joernchen | Site phenoelit.de

The git subcommand cvsserver is a Perl script which makes excessive use of the backtick operator to invoke git. Unfortunately user input is used within some of those invocations and it allows for OS command injection. Versions before before 2.14.2, 2.13.6, 2.12.5, 2.11.4 and 2.10.5 are affected.

tags | exploit, perl
MD5 | d20dd2daa3a886f605dc703ed7b1a0f7
Metasploit Web UI Static secret_key_base Value
Posted Sep 24, 2016
Authored by joernchen, Justin Steven | Site metasploit.com

This Metasploit module exploits the Web UI for Metasploit Community, Express and Pro where one of a certain set of Weekly Releases have been applied. These Weekly Releases introduced a static secret_key_base value. Knowledge of the static secret_key_base value allows for deserialization of a crafted Ruby Object, achieving code execution. This Metasploit module is based on exploits/multi/http/rails_secret_deserialization.

tags | exploit, web, code execution, ruby
MD5 | 346aa14307013225d55de3662f17f41d
JRuby Sandbox 0.2.2 Bypass
Posted Apr 24, 2014
Authored by joernchen

jruby-sandbox aims to allow safe execution of user given Ruby code within a JRuby [0] runtime. However via import of Java classes it is possible to circumvent those protections and execute arbitrary code outside the sandboxed environment. Versions 0.2.2 and below are affected.

tags | exploit, java, arbitrary, ruby
MD5 | 2fafc9b85853f0e228f2016f5174b125
Github Remote Command Execution
Posted Feb 24, 2014
Authored by joernchen

Github suffered from a remote command execution vulnerability via variable injection.

tags | exploit, remote
MD5 | 49234107765c48d29ec33201b4f544ba
Open-Xchange 7.4.1 Script Insertion
Posted Feb 11, 2014
Authored by joernchen, Martin Braun

Open-Xchange AppSuite version 7.4.1 fails to properly neutralize javascript inserted at the header of an SVG image file.

tags | advisory, javascript
advisories | CVE-2014-1679
MD5 | bc21012775f1fb67c09ffbca640ce011
Fat Free CRM CSRF / SQL Injection / Known Secret
Posted Dec 24, 2013
Authored by joernchen

Fat Free CRM suffers from cross site request forgery, known session secret, and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection, info disclosure, csrf
MD5 | 268e0f639d5feabbcd112362badf3b1c
sup Remote Command Execution
Posted Oct 29, 2013
Authored by joernchen

sup versions prior to 0.14.1.1 and prior to 0.13.2.1 suffer from an arbitrary command execution vulnerability via a forged content type of an email attachment.

tags | exploit, arbitrary
MD5 | b418d622f18701cab2f2e2cdd40cedfd
Ruby on Rails Known Secret Session Cookie Remote Code Execution
Posted Aug 11, 2013
Authored by joernchen | Site metasploit.com

This Metasploit module implements remote command execution on Ruby on Rails applications. Prerequisite is knowledge of the "secret_token" (Rails 2/3) or "secret_key_base" (Rails 4). The values for those can be usually found in the file "RAILS_ROOT/config/initializers/secret_token.rb". The module achieves RCE by deserialization of a crafted Ruby Object.

tags | exploit, remote, ruby
MD5 | 351a3975d84e6a8ac892218c906fef91
sudo 1.8.3p1 Format String
Posted Jan 30, 2012
Authored by joernchen | Site phenoelit.de

sudo versions 1.8.0 through 1.8.3p1 suffer from a format string vulnerability that allows for privilege escalation.

tags | exploit
MD5 | b2036d45402949553965c07da5b6d34c
Gitorious Remote Command Execution
Posted Jan 28, 2012
Authored by joernchen | Site phenoelit.de

Gitorious versions prior to 2.1.1 suffer from a remote command execution vulnerability.

tags | exploit, remote
MD5 | 29144dc4f809ee2b0f9f56dd45971982
Gitorious Arbitrary Command Execution
Posted Jan 21, 2012
Authored by joernchen | Site metasploit.com

This Metasploit module exploits an arbitrary command execution vulnerability in the in gitorious. Unvalidated input is send to the shell allowing command execution.

tags | exploit, arbitrary, shell
MD5 | 689ddf3546d96485c325e6ed260ee72a
Spreecommerce 0.60.1 Arbitrary Command Execution
Posted Oct 10, 2011
Authored by joernchen | Site metasploit.com

This Metasploit module exploits an arbitrary command execution vulnerability in the Spreecommerce search. Unvalidated input is called via the Ruby send method allowing command execution.

tags | exploit, arbitrary, ruby
advisories | OSVDB-76011
MD5 | c5507048e088c83936d0f914767dec99
Spreecommerce Arbitrary Command Execution
Posted Apr 22, 2011
Authored by joernchen | Site metasploit.com

This Metasploit module exploits an arbitrary command execution vulnerability in the Spreecommerce API searchlogic. Unvalidated input is called via the Ruby send method allowing command execution.

tags | exploit, arbitrary, ruby
advisories | OSVDB-71900
MD5 | 51ac93a2c2e2d1830bf37204c78c23a9
Distributed Ruby Send instance_eval/syscall Code Execution
Posted Mar 28, 2011
Authored by joernchen | Site metasploit.com

This Metasploit module exploits remote code execution vulnerabilities in dRuby.

tags | exploit, remote, vulnerability, code execution
MD5 | 1ddfb7438e9601a8ff41f0ece5b3ef06
Distributed Ruby Send Syscall Vulnerability
Posted Mar 23, 2011
Authored by joernchen | Site metasploit.com

This Metasploit module exploits remote syscalls in DRuby.

tags | exploit, remote
MD5 | c0bf40e9779a3089040539556689b6eb
Redmine SCM Repository Arbitrary Command Execution
Posted Dec 27, 2010
Authored by joernchen | Site metasploit.com

This Metasploit module exploits an arbitrary command execution vulnerability in the Redmine repository controller. The flaw is triggered when a rev parameter is passed to the command line of the SCM tool without adequate filtering.

tags | exploit, arbitrary
advisories | OSVDB-70090
MD5 | 786ab1c4d70bf6985b3a787fcf48a0f6
Page 1 of 1
Back1Next

File Archive:

October 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    15 Files
  • 2
    Oct 2nd
    16 Files
  • 3
    Oct 3rd
    15 Files
  • 4
    Oct 4th
    15 Files
  • 5
    Oct 5th
    11 Files
  • 6
    Oct 6th
    6 Files
  • 7
    Oct 7th
    2 Files
  • 8
    Oct 8th
    1 Files
  • 9
    Oct 9th
    13 Files
  • 10
    Oct 10th
    16 Files
  • 11
    Oct 11th
    15 Files
  • 12
    Oct 12th
    23 Files
  • 13
    Oct 13th
    13 Files
  • 14
    Oct 14th
    12 Files
  • 15
    Oct 15th
    2 Files
  • 16
    Oct 16th
    16 Files
  • 17
    Oct 17th
    16 Files
  • 18
    Oct 18th
    15 Files
  • 19
    Oct 19th
    10 Files
  • 20
    Oct 20th
    7 Files
  • 21
    Oct 21st
    4 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close