exploit the possibilities
Showing 1 - 12 of 12 RSS Feed

Files from Narendra Shinde

Email addressprivate
First Active2011-07-25
Last Active2019-11-12
View User Profile
Xorg X11 Server Local Privilege Escalation
Posted Nov 12, 2019
Authored by Narendra Shinde | Site metasploit.com

This Metasploit module has been tested with AIX 7.1 and 7.2, and should also work with 6.1. Due to permission restrictions of the crontab in AIX, this module does not use cron, and instead overwrites /etc/passwd in order to create a new user with root privileges. All currently logged in users need to be included when /etc/passwd is overwritten, else AIX will throw 'Cannot get "LOGNAME" variable' when attempting to change user. The Xorg '-fp' parameter used in the OpenBSD exploit does not work on AIX, and is replaced by '-config', in conjuction with ANSI-C quotes to inject newlines when overwriting /etc/passwd.

tags | exploit, root
systems | openbsd, aix
advisories | CVE-2018-14665
MD5 | 441242f216fc75457eaee333db550449
Xorg X11 Server SUID modulepath Privilege Escalation
Posted Oct 22, 2019
Authored by Narendra Shinde, Aaron Ringo | Site metasploit.com

This Metasploit module attempts to gain root privileges with SUID Xorg X11 server versions 1.19.0 up to 1.20.3. A permission check flaw exists for -modulepath and -logfile options when starting Xorg. This allows unprivileged users that can start the server the ability to elevate privileges and run arbitrary code under root privileges. This module has been tested with CentOS 7 (1708). CentOS default install will require console auth for the users session. Xorg must have SUID permissions and may not start if running. On successful exploitation artifacts will be created consistent with starting Xorg.

tags | exploit, arbitrary, root
systems | linux, centos
advisories | CVE-2018-14665
MD5 | d5e6f9fce10b890713038be1179ea1bd
Xorg X11 Server SUID Privilege Escalation
Posted Nov 25, 2018
Authored by Narendra Shinde, Raptor, Aaron Ringo | Site metasploit.com

This Metasploit module attempts to gain root privileges with SUID Xorg X11 server versions 1.19.0 up to 1.20.3. A permission check flaw exists for -modulepath and -logfile options when starting Xorg. This allows unprivileged users that can start the server the ability to elevate privileges and run arbitrary code under root privileges. This Metasploit module has been tested with OpenBSD 6.3, 6.4, and CentOS 7 (1708). CentOS default install will require console auth for the users session. Cron launches the payload so if Selinux is enforcing exploitation may still be possible, but the module will bail. Xorg must have SUID permissions and may not start if running. On exploitation a crontab.old backup file will be created by Xorg. This Metasploit module will remove the .old file and restore crontab after successful exploitation. Failed exploitation may result in a corrupted crontab. On successful exploitation artifacts will be created consistent with starting Xorg and running a cron.

tags | exploit, arbitrary, root
systems | linux, openbsd, centos
advisories | CVE-2018-14665
MD5 | 3bc1656931b4d8bbac2d3b28656c2582
Exponent CMS 2.3.1 Cross Site Scripting
Posted Feb 12, 2015
Authored by Narendra Shinde, Mayuresh Dani

Exponent CMS version 2.3.1 suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
advisories | CVE-2014-8690
MD5 | e3af295b80662d9ed91e8fddd2286f71
Yealink VOIP Phone Cross Site Scripting
Posted Mar 13, 2012
Authored by Narendra Shinde

Yealink VOIP Phone suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2012-1417
MD5 | acc7a67f43c5132f29138e4e63ff95c6
Yealink VOIP Phone Cross Site Scripting
Posted Feb 29, 2012
Authored by Narendra Shinde

Yealink VOIP Phone suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2012-1417
MD5 | 1356c22c62ef3603d02f11bd45485604
MailEnable Webmail Cross Site Scripting
Posted Jan 13, 2012
Authored by Narendra Shinde, Sajjad Pourali, Shahab NamaziKhah

MailEnable Professional and Enterprise versions are prone to cross site scripting vulnerabilities as the user-supplied input received via the "Username" parameter of the "ForgottonPassword.aspx" page is not properly sanitized. Versions 4.2.6 and below, 5.52 and below and 6.02 and below are affected.

tags | exploit, vulnerability, xss
advisories | CVE-2012-0389
MD5 | 15429f98b1c54346186a220bdd5bb75f
NetSaro Enterprise Manager 2.0 Cross Site Request Forgery / Cross Site Scripting
Posted Aug 31, 2011
Authored by Narendra Shinde

NetSaro Enterprise Manager version 2.0 suffers from cross site request forgery and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf
MD5 | 97048f77d4f40aacd03a3e5e3c2046ec
ManageEngine ServiceDesk Plus 8.0 Cross Site Scripting
Posted Jul 29, 2011
Authored by Narendra Shinde

ManageEngine ServiceDesk Plus version 8.0 build 8013 suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | badf8b14aea76a0dc1fa3211797f4f9f
Samba Web Administration Tool Cross Site Request Forgery
Posted Jul 27, 2011
Authored by Narendra Shinde

SWAT (Samba Web Administration Tool) in Samba versions 3.0.x through 3.5.9 suffers from a cross site request forgery vulnerability.

tags | exploit, web, csrf
advisories | CVE-2011-2522
MD5 | 216a5e5c11d92819fd472e5318f10d13
ManageEngine ServiceDesk Plus 8.0 Improper User Privileges
Posted Jul 25, 2011
Authored by Narendra Shinde

ManageEngine ServiceDesk Plus version 8.0 allows a user with limited privileges access to certain functionality that should only be available to administrative users. Proof of concept included.

tags | exploit, proof of concept
MD5 | bd380fc550b4aa775ff95ab5264d33be
OpenX Ad Server 2.8.7 Cross Site Request Forgery
Posted Jul 25, 2011
Authored by Narendra Shinde

OpenX Ad Server version 2.8.7 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
MD5 | 8438b3adfdd427f5a9db444410cbdce8
Page 1 of 1
Back1Next

File Archive:

October 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    25 Files
  • 2
    Oct 2nd
    13 Files
  • 3
    Oct 3rd
    1 Files
  • 4
    Oct 4th
    1 Files
  • 5
    Oct 5th
    15 Files
  • 6
    Oct 6th
    15 Files
  • 7
    Oct 7th
    15 Files
  • 8
    Oct 8th
    11 Files
  • 9
    Oct 9th
    3 Files
  • 10
    Oct 10th
    1 Files
  • 11
    Oct 11th
    1 Files
  • 12
    Oct 12th
    8 Files
  • 13
    Oct 13th
    12 Files
  • 14
    Oct 14th
    23 Files
  • 15
    Oct 15th
    4 Files
  • 16
    Oct 16th
    13 Files
  • 17
    Oct 17th
    1 Files
  • 18
    Oct 18th
    1 Files
  • 19
    Oct 19th
    27 Files
  • 20
    Oct 20th
    41 Files
  • 21
    Oct 21st
    18 Files
  • 22
    Oct 22nd
    16 Files
  • 23
    Oct 23rd
    2 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close