what you don't know can hurt you

Register | Login

FilesNewsUsersAuthors

Home Files News &[SERVICES_TAB]About Contact Add New

Showing 1 - 5 of 5

Files from Johannes Dahse

Joomla Akeeba Kickstart Unserialize Remote Code Execution

Posted Oct 21, 2014

Authored by Johannes Dahse | Site metasploit.com

This Metasploit module exploits a vulnerability found in Joomla! through 2.5.25, 3.2.5 and earlier 3.x versions and 3.3.0 through 3.3.4 versions. The vulnerability affects the Akeeba component, which is responsible for Joomla! updates. Nevertheless it is worth to note that this vulnerability is only exploitable during the update of the Joomla! CMS.

tags | exploit

advisories | CVE-2014-7228

SHA-256 | 5516d077b739b43923f128e4105b580cf998eaf5385300c161f3285ff983977d

Download | Favorite | View

Shopizer 1.1.5 Code Execution / XSS / CSRF / Data Manipulation

Posted Jul 11, 2014

Authored by Johannes Greil, Johannes Dahse | Site sec-consult.com

Shopizer version 1.1.5 suffers from remote command execution, cross site request forgery, cross site scripting, and data manipulation vulnerabilities.

tags | exploit, remote, vulnerability, xss, csrf

SHA-256 | e4162980efab523974589c1d3461783cd9e47700688234801663f08a5f929a8d

Download | Favorite | View

Apache Struts Developer Mode OGNL Execution

Posted Feb 1, 2014

Authored by juan vazquez, Johannes Dahse, Andreas Nusser, Alvaro | Site metasploit.com

This Metasploit module exploits a remote command execution vulnerability in Apache Struts 2. The problem exists on applications running in developer mode, where the DebuggingInterceptor allows evaluation and execution of OGNL expressions, which allows remote attackers to execute arbitrary Java code. This Metasploit module has been tested successfully in Struts 2.3.16, Tomcat 7 and Ubuntu 10.04.

tags | exploit, java, remote, arbitrary

systems | linux, ubuntu

advisories | CVE-2012-0394, OSVDB-78276

SHA-256 | d95e5ef29a2fce9c476472748fd55d151658b54e2b3321896da72a713f7e54b9

Download | Favorite | View

Apache Struts 2.2.1.1 Remote Command Execution

Posted Jun 5, 2012

Authored by sinn3r, juan vazquez, Johannes Dahse, Andreas Nusser | Site metasploit.com

This Metasploit module exploits a remote command execution vulnerability in Apache Struts versions less than or equal to 2.2.1.1. This issue is caused because the ExceptionDelegator interprets parameter values as OGNL expressions during certain exception handling for mismatched data types of properties, which allows remote attackers to execute arbitrary Java code via a crafted parameter.

tags | exploit, java, remote, arbitrary

advisories | CVE-2012-0391, OSVDB-78277

SHA-256 | 0b05a1b978021a7e230996613260f0f4ba94c92ffadf95f1ba1f5be6cacdbf23

Download | Favorite | View

Apache Struts2 File Overwrite / Command Execution

Posted Jan 6, 2012

Authored by Johannes Dahse, Andreas Nusser | Site sec-consult.com

Apache Struts2 versions 2.2.1.1 and below suffer from an ExceptionDelegator remote command execution vulnerability. Versions 2.3.1 and below suffer from remote command execution vulnerabilities related to CookieInterceptor and DebuggingInterceptor. Versions 2.3.1 and below suffer from a file overwrite vulnerability in ParametersInterceptor.

tags | exploit, remote, vulnerability

SHA-256 | 8d363a18f897ed34231b59c495249b3756d6dd28557f389c633b72c05f3bea07

Download | Favorite | View