exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 41 RSS Feed

Files from Dawid Golunski

Email addressgolunski at onet.eu
First Active2009-11-17
Last Active2021-09-16
Git git-lfs Remote Code Execution
Posted Sep 16, 2021
Authored by Dawid Golunski, jheysel-r7, space-r7 | Site metasploit.com

This Metasploit modules exploits a critical vulnerability in Git Large File Storage (Git LFS), an open source Git extension for versioning large files, which allows attackers to achieve remote code execution if the Windows-using victim is tricked into cloning the attacker’s malicious repository using a vulnerable Git version control tool.

tags | exploit, remote, code execution
systems | windows
advisories | CVE-2020-27955
SHA-256 | aa2d400dab7c8721b2c5166ed34cccd536045aa8292ad9a6b5fb2e07509a8b9e
GNU wget Arbitrary File Upload / Code Execution
Posted Apr 30, 2021
Authored by Dawid Golunski, liewehacksie

GNU wget versions prior to 1.1.8 arbitrary file upload and code execution exploit.

tags | exploit, arbitrary, code execution, file upload
advisories | CVE-2016-4971
SHA-256 | 9eb9c61465681cef828940670f5a66c10bc60e1ed0055a7bd92271cfbcee572f
git-lfs Remote Code Execution
Posted Nov 6, 2020
Authored by Dawid Golunski

Proof of concept git-lfs remote code execution exploit written in Go. Affects Git, GitHub CLI, GitHub Desktop, Visual Studio, GitKraken, SmartGit, SourceTree, and more.

tags | exploit, remote, code execution, proof of concept
advisories | CVE-2020-27955
SHA-256 | 0c8177c46d702e8d2020c52ea4e282b0e930192714df192331520c8802c41440
WordPress PHPMailer Host Header Command Injection
Posted May 17, 2017
Authored by Dawid Golunski, wvu | Site metasploit.com

This Metasploit module exploits a command injection vulnerability in WordPress version 4.6 with Exim as an MTA via a spoofed Host header to PHPMailer, a mail-sending library that is bundled with WordPress. A valid WordPress username is required to exploit the vulnerability. Additionally, due to the altered Host header, exploitation is limited to the default virtual host, assuming the header isn't mangled in transit. If the target is running Apache 2.2.32 or 2.4.24 and later, the server may have HttpProtocolOptions set to Strict, preventing a Host header containing parens from passing through, making exploitation unlikely.

tags | exploit, spoof
advisories | CVE-2016-10033
SHA-256 | 928eb6125df4b025be7b68270b411eb5dfb58e8b71a32b25b6ed380ce5e0f241
Vanilla Forums 2.3 Remote Code Execution
Posted May 12, 2017
Authored by Dawid Golunski | Site legalhackers.com

Vanilla Forums versions 2.3 and below remote code execution exploit.

tags | exploit, remote, code execution
advisories | CVE-2016-10033, CVE-2016-10073
SHA-256 | 5c7ea9a23a9cecb94400f22b0952a0d9d93fc3cf4ada6196b41f4105e85931c2
WordPress Core 4.6 Unauthenticated Remote Code Execution
Posted May 5, 2017
Authored by Dawid Golunski | Site legalhackers.com

WordPress (core) 4.6 suffers from an unauthenticated remote code execution condition via an exploitable version of PHPMailer built-in to WordPress code. Exploitation details provided.

tags | exploit, remote, code execution
advisories | CVE-2016-10033
SHA-256 | 3562cc0222ccab73bf32045e3f2bee84233aef4cd3e169a98bcd74a969767f51
SquirrelMail 1.4.22 Remote Code Execution
Posted Apr 23, 2017
Authored by Dawid Golunski

SquirrelMail versions 1.4.22 and below suffer from a remote code execution vulnerability.

tags | exploit, remote, code execution
advisories | CVE-2017-7692
SHA-256 | de177f6f9977394beaa2b7397b15b81799bfe18c2f8520e2c8cfe277e5f308a5
PHPMailer Sendmail Argument Injection
Posted Jan 4, 2017
Authored by Dawid Golunski, Spencer McIntyre | Site metasploit.com

PHPMailer versions up to and including 5.2.19 are affected by a vulnerability which can be leveraged by an attacker to write a file with partially controlled contents to an arbitrary location through injection of arguments that are passed to the sendmail binary. This Metasploit module writes a payload to the web root of the webserver before then executing it with an HTTP request. The user running PHPMailer must have write access to the specified WEB_ROOT directory and successful exploitation can take a few minutes.

tags | exploit, web, arbitrary, root
advisories | CVE-2016-10033, CVE-2016-10045
SHA-256 | 70cf2a666368f1670d184b2da81850b9fd8aabe74acc4c71858fb6c372248cc8
PHPMailer / Zend-mail / SwiftMailer Remote Code Execution
Posted Jan 3, 2017
Authored by Dawid Golunski

This proof of concept exploit aims to execute a reverse shell on the target in the context of the web server user via a vulnerable PHP email library.

tags | exploit, web, shell, php, proof of concept
advisories | CVE-2016-10033, CVE-2016-10034, CVE-2016-10045, CVE-2016-10074
SHA-256 | a6480837acf975f49749549e06ab31dc5538b6276d390b38aa0f7a89e63148d0
SwiftMailer Remote Code Execution
Posted Dec 29, 2016
Authored by Dawid Golunski

SwiftMailer versions prior to 5.4.5-DEV suffers from a remote code execution vulnerability.

tags | exploit, remote, code execution
advisories | CVE-2016-10074
SHA-256 | 6c8d495f3e13599fefac246580f75812ee61962841c2cff7e333f604d3caee57
PHPMailer Remote Code Execution
Posted Dec 28, 2016
Authored by Dawid Golunski

PHPMailer versions prior to 5.2.20 zero day remote code execution exploit. This bypasses the CVE-2016-10033 patch.

tags | exploit, remote, code execution
advisories | CVE-2016-10033, CVE-2016-10045
SHA-256 | 773582183b0cfc6f38ae24f52f7dfb831cd2f3410287245bc6daea84d4d8db83
PHPMailer 5.2.17 Remote Code Execution
Posted Dec 27, 2016
Authored by Dawid Golunski

PHPMailer versions prior to 5.2.18 suffer from a remote code execution vulnerability. This archive consists of the full advisory and also the proof of concept code.

tags | exploit, remote, code execution, proof of concept
advisories | CVE-2016-10033
SHA-256 | dff0fa27b99b22d59b30f33bda4811c6f57a5db1cf1cab549e564bd62faa8e9c
PHPMailer 5.2.17 Remote Code Execution
Posted Dec 26, 2016
Authored by Dawid Golunski

PHPMailer version 5.2.17 suffers from a remote code execution vulnerability.

tags | exploit, remote, code execution
advisories | CVE-2016-10033
SHA-256 | 71254449b5468229de9f3d24cd3659f8ff035410115b6cf7f950f99bf518712f
Nagios Core Curl Command Injection / Code Execution
Posted Dec 15, 2016
Authored by Dawid Golunski

Nagios Core versions prior to 4.2.2 suffer from a curl command injection vulnerability that can lead to remote code execution.

tags | exploit, remote, code execution
advisories | CVE-2016-9565
SHA-256 | c3b5ce14fa314de6954bd04ce7bfdf56d1d7a73489b184889179a25362cc9a20
GNU Wget Access List Bypass / Race Condition
Posted Nov 24, 2016
Authored by Dawid Golunski

GNU wget versions 1.17 and earlier, when used in mirroring/recursive mode, are affected by a race condition vulnerability that might allow remote attackers to bypass intended wget access list restrictions specified with the -A parameter. This might allow attackers to place malicious/restricted files onto the system. Depending on the application / download directory, this could potentially lead to other vulnerabilities such as code execution, etc.

tags | exploit, remote, vulnerability, code execution, bypass
advisories | CVE-2016-7098
SHA-256 | c9c7cf1f94f2e1d07833e7d43576bff9a1066ace4df75ff0824c5188b1e5e8fe
Nginx Root Privilege Escalation
Posted Nov 16, 2016
Authored by Dawid Golunski

Nginx web server packaging on Debian-based distributions such as Debian or Ubuntu was found to create log directories with insecure permissions which can be exploited by malicious local attackers to escalate their privileges from nginx/web user (www-data) to root. The vulnerability could be easily exploited by attackers who have managed to compromise a web application hosted on Nginx server and gained access to www-data account as it would allow them to escalate their privileges further to root access and fully compromise the system. This is fixed in 1.6.2-5+deb8u3 package on Debian and 1.10.0-0ubuntu0.16.04.3 on Ubuntu 16.04 LTS. UPDATE 2017/01/13 - nginx packages below version 1.10.2-r3 on Gentoo are also affected.

tags | exploit, web, local, root
systems | linux, debian, ubuntu
advisories | CVE-2016-1247
SHA-256 | 572946533a64d6b9af6ce4ce53d1c39bc1cc476f9cdbd639425b4aed7713bcef
MySQL / MariaDB / PerconaDB Root Privilege Escalation
Posted Nov 2, 2016
Authored by Dawid Golunski

MySQL-based databases including MySQL, MariaDB and PerconaDB are affected by a privilege escalation vulnerability which can let attackers who have gained access to mysql system user to further escalate their privileges to root user allowing them to fully compromise the system. The vulnerability stems from unsafe file handling of error logs and other files.

tags | exploit, root
advisories | CVE-2016-6664
SHA-256 | ee10c5cd536b7cd793ebaa9a73ff8ae60ef21aeb38f837d26de4bd6c0456a67a
MySQL / MariaDB / PerconaDB Privilege Escalation / Race Condition
Posted Nov 2, 2016
Authored by Dawid Golunski

An independent research has revealed a race condition vulnerability which affects MySQL, MariaDB and PerconaDB databases. The vulnerability can allow a local system user with access to the affected database in the context of a low-privileged account (CREATE/INSERT/SELECT grants) to escalate their privileges and execute arbitrary code as the database system user (typically 'mysql').

tags | exploit, arbitrary, local
advisories | CVE-2016-6663
SHA-256 | 01f753f3d94e735ce76518cc2e604e919a99e02cf0b9361221ae6463f8e2aed2
Apache Tomcat 8 / 7 / 6 Privilege Escalation
Posted Oct 10, 2016
Authored by Dawid Golunski

Apache Tomcat versions 8, 7, and 6 suffer from a privilege escalation vulnerability on RedHat-based distros.

tags | exploit
systems | linux, redhat
advisories | CVE-2016-5425
SHA-256 | 12ec6d054904816f7a7adc452b470c239ac9e45d1cbea47b206cc70413667d52
Apache Tomcat 8.0.36-2 Privilege Escalation
Posted Oct 2, 2016
Authored by Dawid Golunski

Apache Tomcat versions 8.0.36-2 and below, 7.0.70-2 and below, and 6.0.45+dfsg-1~deb8ul and below suffer from a local root privilege escalation vulnerability.

tags | exploit, local, root
advisories | CVE-2016-1240
SHA-256 | 893a92e39c86918879337de752d3a9e073dfec764fa778ff27ab1e26ede6e1a3
MySQL 5.7.15 / 5.6.33 / 5.5.52 Remote Code Execution
Posted Sep 12, 2016
Authored by Dawid Golunski

MySQL versions 5.7.15 and below, 5.6.33 and below, and 5.5.52 and below suffer from remote root code execution and privilege escalation vulnerabilities.

tags | exploit, remote, root, vulnerability, code execution
advisories | CVE-2003-0150, CVE-2016-6662
SHA-256 | 5e8a01e26f616b7e322e11ee4900c798c738b94ceece89ba36e9df202cdc0496
Adobe ColdFusion 11 XML External Entity Injection
Posted Sep 7, 2016
Authored by Dawid Golunski

Adobe ColdFusion versions 11 and below suffer from an XML external entity (XXE) injection vulnerability.

tags | exploit, xxe
advisories | CVE-2016-4264
SHA-256 | a212b04a6debb5df2b3e137824d36dd10c3fdf16684e40ee63a9ffdcf54319c3
vBulletin 5.2.2 / 4.2.3 / 3.8.9 Server Side Request Forgery
Posted Aug 8, 2016
Authored by Dawid Golunski

vBulletin versions 5.2.2 and below, 4.2.3 and below, and 3.8.9 and below suffer from a pre-auth server side request forgery vulnerability.

tags | exploit
advisories | CVE-2016-6483
SHA-256 | 2399e0f10243e428aec1ae8502b9ebad331ccfb7745a1e7561bbf4566c53fd7a
GNU Wget Arbitrary File Upload / Potential Remote Code Execution
Posted Jul 6, 2016
Authored by Dawid Golunski

GNU Wget versions prior to 1.18 suffer from an arbitrary file upload vulnerability that may allow for remote code execution.

tags | exploit, remote, arbitrary, code execution, file upload
advisories | CVE-2016-4971
SHA-256 | 3ebf4d81b9c108e57502040e8018d849ca791f68c50a3e363db8ee6554556d53
Ubuntu Security Notice USN-3012-1
Posted Jun 21, 2016
Authored by Ubuntu, Dawid Golunski | Site security.ubuntu.com

Ubuntu Security Notice 3012-1 - Dawid Golunski discovered that Wget incorrectly handled filenames when being redirected from an HTTP to an FTP URL. A malicious server could possibly use this issue to overwrite local files.

tags | advisory, web, local
systems | linux, ubuntu
advisories | CVE-2016-4971
SHA-256 | ce58c9f63ee02189ccf645ed4f89fd26639c73baac37f0bbea564d04d356fe3d
Page 1 of 2
Back12Next

File Archive:

July 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    52 Files
  • 2
    Jul 2nd
    0 Files
  • 3
    Jul 3rd
    0 Files
  • 4
    Jul 4th
    11 Files
  • 5
    Jul 5th
    0 Files
  • 6
    Jul 6th
    0 Files
  • 7
    Jul 7th
    0 Files
  • 8
    Jul 8th
    0 Files
  • 9
    Jul 9th
    0 Files
  • 10
    Jul 10th
    0 Files
  • 11
    Jul 11th
    0 Files
  • 12
    Jul 12th
    0 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    0 Files
  • 16
    Jul 16th
    0 Files
  • 17
    Jul 17th
    0 Files
  • 18
    Jul 18th
    0 Files
  • 19
    Jul 19th
    0 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close