exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 12 of 12 RSS Feed

Files from Narendra Shinde

Email addressprivate
First Active2011-07-25
Last Active2019-11-12
View User Profile
Xorg X11 Server Local Privilege Escalation
Posted Nov 12, 2019
Authored by Narendra Shinde | Site metasploit.com

This Metasploit module has been tested with AIX 7.1 and 7.2, and should also work with 6.1. Due to permission restrictions of the crontab in AIX, this module does not use cron, and instead overwrites /etc/passwd in order to create a new user with root privileges. All currently logged in users need to be included when /etc/passwd is overwritten, else AIX will throw 'Cannot get "LOGNAME" variable' when attempting to change user. The Xorg '-fp' parameter used in the OpenBSD exploit does not work on AIX, and is replaced by '-config', in conjuction with ANSI-C quotes to inject newlines when overwriting /etc/passwd.

tags | exploit, root
systems | openbsd, aix
advisories | CVE-2018-14665
SHA-256 | cdb60dbe662ae825c2e68b4e3467951ff4065037e1a4c7ab93afe4fd720eaf44
Xorg X11 Server SUID modulepath Privilege Escalation
Posted Oct 22, 2019
Authored by Narendra Shinde, Aaron Ringo | Site metasploit.com

This Metasploit module attempts to gain root privileges with SUID Xorg X11 server versions 1.19.0 up to 1.20.3. A permission check flaw exists for -modulepath and -logfile options when starting Xorg. This allows unprivileged users that can start the server the ability to elevate privileges and run arbitrary code under root privileges. This module has been tested with CentOS 7 (1708). CentOS default install will require console auth for the users session. Xorg must have SUID permissions and may not start if running. On successful exploitation artifacts will be created consistent with starting Xorg.

tags | exploit, arbitrary, root
systems | linux, centos
advisories | CVE-2018-14665
SHA-256 | 9377740962fb859c56e4c74db8eb408580293ddee8808bfba3b45eda70d58cd2
Xorg X11 Server SUID Privilege Escalation
Posted Nov 25, 2018
Authored by Narendra Shinde, Raptor, Aaron Ringo | Site metasploit.com

This Metasploit module attempts to gain root privileges with SUID Xorg X11 server versions 1.19.0 up to 1.20.3. A permission check flaw exists for -modulepath and -logfile options when starting Xorg. This allows unprivileged users that can start the server the ability to elevate privileges and run arbitrary code under root privileges. This Metasploit module has been tested with OpenBSD 6.3, 6.4, and CentOS 7 (1708). CentOS default install will require console auth for the users session. Cron launches the payload so if Selinux is enforcing exploitation may still be possible, but the module will bail. Xorg must have SUID permissions and may not start if running. On exploitation a crontab.old backup file will be created by Xorg. This Metasploit module will remove the .old file and restore crontab after successful exploitation. Failed exploitation may result in a corrupted crontab. On successful exploitation artifacts will be created consistent with starting Xorg and running a cron.

tags | exploit, arbitrary, root
systems | linux, openbsd, centos
advisories | CVE-2018-14665
SHA-256 | 720e628b35284931ff0424715e648634cd3ec31db1a89c8b1fff88eddfb6f4ab
Exponent CMS 2.3.1 Cross Site Scripting
Posted Feb 12, 2015
Authored by Narendra Shinde, Mayuresh Dani

Exponent CMS version 2.3.1 suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
advisories | CVE-2014-8690
SHA-256 | d7c212b63775bde5c49ae7979f6feda188aeede831184a2ef05a72bfb78c0ad3
Yealink VOIP Phone Cross Site Scripting
Posted Mar 13, 2012
Authored by Narendra Shinde

Yealink VOIP Phone suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2012-1417
SHA-256 | 594dab55fa06525eeb25a234672469d458221c09b400c782310c5903d307c318
Yealink VOIP Phone Cross Site Scripting
Posted Feb 29, 2012
Authored by Narendra Shinde

Yealink VOIP Phone suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2012-1417
SHA-256 | 1c5d7a80bb2cf3d1f660ade3a9a696b35ca2ec64015f60892c18290b1f7c608c
MailEnable Webmail Cross Site Scripting
Posted Jan 13, 2012
Authored by Narendra Shinde, Sajjad Pourali, Shahab NamaziKhah

MailEnable Professional and Enterprise versions are prone to cross site scripting vulnerabilities as the user-supplied input received via the "Username" parameter of the "ForgottonPassword.aspx" page is not properly sanitized. Versions 4.2.6 and below, 5.52 and below and 6.02 and below are affected.

tags | exploit, vulnerability, xss
advisories | CVE-2012-0389
SHA-256 | cab4ee58932f48fbb2493be671b4513aaa7da0caa31bfdb2f95731c6adf0d732
NetSaro Enterprise Manager 2.0 Cross Site Request Forgery / Cross Site Scripting
Posted Aug 31, 2011
Authored by Narendra Shinde

NetSaro Enterprise Manager version 2.0 suffers from cross site request forgery and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf
SHA-256 | 04fd1b5fea29b86f930d0d4af4271d77b858a03704dc36391d9621bdd648e4e1
ManageEngine ServiceDesk Plus 8.0 Cross Site Scripting
Posted Jul 29, 2011
Authored by Narendra Shinde

ManageEngine ServiceDesk Plus version 8.0 build 8013 suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | 4307cd7c0b9620083e36f686fe14e007f7ca64884c5ceaa83beff75b77a767ac
Samba Web Administration Tool Cross Site Request Forgery
Posted Jul 27, 2011
Authored by Narendra Shinde

SWAT (Samba Web Administration Tool) in Samba versions 3.0.x through 3.5.9 suffers from a cross site request forgery vulnerability.

tags | exploit, web, csrf
advisories | CVE-2011-2522
SHA-256 | d475476bb91d90ae8126882c28a969539769386b49ecf8a69ad974db8e791de9
ManageEngine ServiceDesk Plus 8.0 Improper User Privileges
Posted Jul 25, 2011
Authored by Narendra Shinde

ManageEngine ServiceDesk Plus version 8.0 allows a user with limited privileges access to certain functionality that should only be available to administrative users. Proof of concept included.

tags | exploit, proof of concept
SHA-256 | e8ccc4a1e95942aa9e19d5eff1d90052cd550386db0397b0735cad9c2fbbea44
OpenX Ad Server 2.8.7 Cross Site Request Forgery
Posted Jul 25, 2011
Authored by Narendra Shinde

OpenX Ad Server version 2.8.7 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
SHA-256 | 2122972907040dd56b1dcbfb3d0e13db9229e8c17a99da1c23958464c856bccb
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close