exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 27 RSS Feed

Files from Soroush Dalili

Email addressirsdl at yahoo.com
First Active2005-05-27
Last Active2023-07-11
SmarterTools SmarterMail Remote Code Execution
Posted Jul 11, 2023
Authored by Soroush Dalili, 1F98D, Ismail E. Dawoodjee | Site metasploit.com

This Metasploit module exploits a vulnerability in the SmarterTools SmarterMail software for version numbers 16.x and below or for build numbers below 6985. The vulnerable versions and builds expose three .NET remoting endpoints on port 17001, namely /Servers, /Mail and /Spool. For example, a typical installation of SmarterMail Build 6970 will have the /Servers endpoint exposed to the public at tcp://0.0.0.0:17001/Servers, where serialized .NET commands can be sent through a TCP socket connection. The three endpoints perform deserialization of untrusted data (CVE-2019-7214), allowing an attacker to send arbitrary commands to be deserialized and executed. This module exploits this vulnerability to perform .NET deserialization attacks, allowing remote code execution for any unauthenticated user under the context of the SYSTEM account. Successful exploitation results in full administrative control of the target server under the NT AUTHORITY\SYSTEM account. This vulnerability was patched in Build 6985, where the 17001 port is no longer publicly accessible, although it can be accessible locally at 127.0.0.1:17001. Hence, this would still allow for a privilege escalation vector if the server is compromised as a low-privileged user.

tags | exploit, remote, arbitrary, tcp, code execution
advisories | CVE-2019-7214
SHA-256 | c00513d64b0afbcf82cfd8c3569e9b9bd32c506402e79960d11808c409ea5c44
Microsoft Exchange ProxyNotShell Remote Code Execution
Posted Nov 30, 2022
Authored by Soroush Dalili, Spencer McIntyre, Orange Tsai, Rich Warren, Piotr B, DA-0x43-Dx4-DA-Hx2-Tx2-TP-S-Q | Site metasploit.com

This Metasploit module chains two vulnerabilities on Microsoft Exchange Server that, when combined, allow an authenticated attacker to interact with the Exchange Powershell backend (CVE-2022-41040), where a deserialization flaw can be leveraged to obtain code execution (CVE-2022-41082). This exploit only supports Exchange Server 2019. These vulnerabilities were patched in November 2022.

tags | exploit, vulnerability, code execution
advisories | CVE-2022-41040, CVE-2022-41082
SHA-256 | 52e94b2539eeb923ed6dfcf33bf21788d037db18208e166670e34916d20844dd
Microsoft SharePoint Server 2019 Remote Code Execution
Posted Jul 23, 2021
Authored by Soroush Dalili, West Shepherd, Steven Seele

Microsoft SharePoint Server 2019 remote code execution exploit.

tags | exploit, remote, code execution
advisories | CVE-2020-1147
SHA-256 | 46e9d1239eeb594d08bb2032164a87b9a5b13bfc22da02cdddd6ca552f3b5850
SmarterMail 6985 Remote Code Execution
Posted Dec 9, 2020
Authored by Soroush Dalili, 1F98D

SmarterMail build version 6985 suffers from a remote code execution vulnerability.

tags | exploit, remote, code execution
advisories | CVE-2019-7214
SHA-256 | 03a34ec5b65f814667108d5769e315ba381562b01bceb44b9f6931123cc94443
SharePoint DataSet / DataTable Deserialization
Posted Jul 31, 2020
Authored by Soroush Dalili, mr_me, Spencer McIntyre | Site metasploit.com

A remotely exploitable vulnerability exists within SharePoint that can be leveraged by a remote authenticated attacker to execute code within the context of the SharePoint application service. The privileges in this execution context are determined by the account that is specified when SharePoint is installed and configured. The vulnerability is related to a failure to validate the source of XML input data, leading to an unsafe deserialization operation that can be triggered from a page that initializes either the ContactLinksSuggestionsMicroView type or a derivative of it. In a default configuration, a Domain User account is sufficient to access SharePoint and exploit this vulnerability.

tags | exploit, remote
advisories | CVE-2020-1147
SHA-256 | 34f2633fdb04b0ab14dd5a0aedaf3e5d3b9e387d4d8619fbdd31dabb809602b6
SharePoint Workflows XOML Injection
Posted Mar 26, 2020
Authored by Soroush Dalili, Spencer McIntyre | Site metasploit.com

This Metasploit module exploits a vulnerability within SharePoint and its .NET backend that allows an attacker to execute commands using specially crafted XOML data sent to SharePoint via the Workflows functionality.

tags | exploit
advisories | CVE-2020-0646
SHA-256 | 583c7dc9e2c88b3f3622ee79ae7bc09a2e63d8641d172496c3143a024bc22425
SQL Server Reporting Services (SSRS) ViewState Deserialization
Posted Mar 12, 2020
Authored by Soroush Dalili, Spencer McIntyre | Site metasploit.com

A vulnerability exists within Microsoft's SQL Server Reporting Services which can allow an attacker to craft an HTTP POST request with a serialized object to achieve remote code execution. The vulnerability is due to the fact that the serialized blob is not signed by the server.

tags | exploit, remote, web, code execution
advisories | CVE-2020-0618
SHA-256 | 6a7a492f2dc70d4a79f4f4220d5e1a617458fbab09046134c7b6d7f120a2b5aa
TechSmith Camtasia 7 / 8 Cross Site Scripting
Posted Jan 14, 2015
Authored by Soroush Dalili

TechSmith Camtasia versions 7 and 8 suffer from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 0da3668d93c5d907fcfe6b8abc0ab9b5251abb5997b3d5d0d8042ce947378c29
Adobe Reader ToolButton Use After Free
Posted Dec 17, 2013
Authored by Soroush Dalili, sinn3r, juan vazquez, temp66 | Site metasploit.com

This Metasploit module exploits an use after free condition on Adobe Reader versions 11.0.2, 10.1.6 and 9.5.4 and prior. The vulnerability exists while handling the ToolButton object, where the cEnable callback can be used to early free the object memory. Later use of the object allows triggering the use after free condition. This Metasploit module has been tested successfully on Adobe Reader 11.0.2 and 10.0.4, with IE and Windows XP SP3, as exploited in the wild in November, 2013. At the moment, this module doesn't support Adobe Reader 9 targets; in order to exploit Adobe Reader 9 the fileformat version of the exploit can be used.

tags | exploit
systems | windows
advisories | CVE-2013-3346, OSVDB-96745
SHA-256 | 138b5061095c157ac1ee1b8954ca08cb7b70e4dd78274f3ac703d12404ff91b1
Adobe Reader ToolButton Use After Free
Posted Dec 17, 2013
Authored by Soroush Dalili, sinn3r, juan vazquez, temp66 | Site metasploit.com

This Metasploit module exploits an use after free condition on Adobe Reader versions 11.0.2, 10.1.6 and 9.5.4 and prior. The vulnerability exists while handling the ToolButton object, where the cEnable callback can be used to early free the object memory. Later use of the object allows triggering the use after free condition. This Metasploit module has been tested successfully on Adobe Reader 11.0.2, 10.0.4 and 9.5.0 on Windows XP SP3, as exploited in the wild in November, 2013.

tags | exploit
systems | windows
advisories | CVE-2013-3346, OSVDB-96745
SHA-256 | d0dbf161cbc3db6f711c5aade3b3b43f7a5e9f4d7399cf1ba132b40664e9a097
Gleamtech FileVista / FileUltimate 4.6 Directory Traversal
Posted Nov 28, 2012
Authored by Soroush Dalili

Gleamtech FileVista / FileUltimate version 4.6 suffers from a directory traversal vulnerability.

tags | advisory, file inclusion
SHA-256 | 109f5ca5f5be84fd82191d8a0fbff91cbb160e954b6e4083b398af37397fc8ba
FCKEditor 2.6.8 ASP File Upload Protection Bypass
Posted Nov 28, 2012
Authored by Soroush Dalili

FCKEditor version 2.6.8 ASP version suffers from a file upload protection bypass.

tags | advisory, asp, bypass, file upload
SHA-256 | 139ccad597b02f049b3b2b0129bd2dd23c86df34ebff98c04ada72b76409a1d8
CKFinder 2.3 / FCKEditor 2.6.8 SWF Cross Site Scripting
Posted Nov 12, 2012
Authored by Soroush Dalili

CK Finder version 2.3 and FCKEditor version 2.6.8 allow uploads of malicious swf files that can allow for cross site scripting attacks.

tags | exploit, xss
SHA-256 | d82a591cc39f84f739a5883f7788b375ddde2f6568df00ff6cbe8a116ba4e460
Microsoft IIS Tilde Character Name Disclosure / Denial Of Service
Posted Jul 2, 2012
Authored by Soroush Dalili

Microsoft IIS suffers from a short file/folder name disclosure vulnerability when handling tilde characters. The .NET framework may also suffer from a denial of service condition relating to the handling of tilde. Proof of concept scanner included.

tags | exploit, denial of service, proof of concept
systems | linux
SHA-256 | ac7e17676655fc32991058e316c32da4c4a71a9100a0f1c88e9530581b4638c8
Bugzilla Unauthorized Access / Cross Site Scripting
Posted Apr 19, 2012
Authored by Soroush Dalili, Frederic Buclin, Byron Jones | Site bugzilla.org

Bugzilla Security Advisory - Bugzilla versions 3.5.3 to 3.6.8, 3.7.1 to 4.0.5, and 4.1.1 to 4.2 suffer from an authorized access vulnerability. Bugzilla versions 2.17.4 to 3.6.8, 3.7.1 to 4.0.5, and 4.1.1 to 4.2 suffer from a cross site scripting vulnerability.

tags | advisory, xss
advisories | CVE-2012-0465, CVE-2012-0466
SHA-256 | cd5bcb16d9fc77f836d09c3e0255fb95fd2cfe29cc6147822f65c77d60475b15
Adobe Reader / Acrobat 10.0.1 Denial Of Service
Posted Jun 17, 2011
Authored by Soroush Dalili

This is a proof of concept denial of service exploit for Adobe Reader / Acrobat 10.0.1.

tags | exploit, denial of service, proof of concept
systems | linux
SHA-256 | f4707181a5488c9a9c04dd3216eef79a7d475b24d554758aac8d2f6d346f71c2
Douran Portal 3.9.7.8 File Disclosure
Posted Mar 21, 2011
Authored by Soroush Dalili, HUrr!c4nE!

Douran Portal version 3.9.7.8 suffers from a file download / source code disclosure vulnerability.

tags | exploit, info disclosure
SHA-256 | 05de5c3083ad1234fda02cbcc818d3263aeb88c4dea387ee5fc84d20f85ef3f7
IIS 5 Authentication Bypass
Posted Jul 3, 2010
Authored by Soroush Dalili | Site soroush.secproject.com

IIS 5 suffers from an authentication bypass vulnerability.

tags | exploit, bypass
SHA-256 | 37ea748726abfdcf90c5f620168c130aaee2fc345aa57be4c08c7f6c6dc47a6a
Cross Site URL Hijacking Using Error Object In Firefox
Posted May 28, 2010
Authored by Soroush Dalili

Whitepaper called Cross Site URL Hijacking by using Error Object in Mozilla Firefox.

tags | paper
SHA-256 | 993115eaca328415779f0ad41ec21241e1acdc72bd095710c3cc2939a0d118f5
Improve File Uploaders' Protections
Posted May 28, 2010
Authored by Soroush Dalili

Whitepaper called Improve File Uploaders' Protections. It focuses on Windows-based web applications.

tags | paper, web, file upload
systems | windows
SHA-256 | 803f2abcacda9201f41388593ce11f07255874a6d23932ff67d843faf023b0fe
Findings Vulnerabilities In YaFtp 1.0.14
Posted May 28, 2010
Authored by Soroush Dalili

Whitepaper called Finding vulnerabilities in YaFtp version 1.0.14.

tags | paper, vulnerability
SHA-256 | df7b6114136d60935a464739865eac6e7866ddee528d58b47d356fb5c6881b15
Microsoft IIS Semi-Colon Execution
Posted Dec 29, 2009
Authored by Soroush Dalili

Microsoft IIS servers suffer from a semi-colon bug where any file can be executed as an Active Server Page.

tags | exploit
SHA-256 | 443f3fbb36e323e5d66ae72c42458f7d1d061375232ceaaa360f5e395e9bc143
ASP And JSP Security
Posted Sep 2, 2009
Authored by Soroush Dalili

Whitepaper called ASP and JSP security. Written in Persian.

tags | paper, asp
SHA-256 | 9f0786137b295e197529b0f6c2c803c2290fb6965060132823b5ad6518989140
Web Application Security Consortium Glossary
Posted Feb 10, 2009
Authored by Soroush Dalili | Site soroush.secproject.com

The Web Application Security Consortium Glossary. Written in Persian.

tags | paper, web
SHA-256 | 9036a7e9a5f9f88b2d3cf365665a8b639cffe135d76365a82735b41f7a1eb967
hc-bugs.txt
Posted Jul 9, 2006
Authored by Soroush Dalili

Hosting Controller version 6.1 Hotfix (versions 3.2 and below) suffer from flaws that allow an attacker the ability to gain reseller privileges and administrative privileges.

tags | advisory
SHA-256 | c29498cc33bfddaabd14004ef369823d808759f1e695df756330be008e94b882
Page 1 of 2
Back12Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close