what you don't know can hurt you
Showing 1 - 25 of 272 RSS Feed

Files from AutoSec Tools

Email addressjohn at autosectools.com
Websitewww.autosectools.com
First Active2010-04-27
Last Active2012-04-17
View User Profile
V-CMS PHP File Upload And Execute
Posted Apr 17, 2012
Authored by sinn3r, AutoSec Tools | Site metasploit.com

This Metasploit module exploits a vulnerability found on V-CMS's inline image upload feature. The problem is due to the inline_image_upload.php file not checking the file type before saving it on the web server. This allows any malicious user to upload a script (such as PHP) without authentication, and then execute it with a GET request. The issue is fixed in 1.1 by checking the extension name. By default, 1.1 only allows jpg, jpeg, png, gif, bmp, but it is still possible to upload a PHP file as one of those extension names, which may still be leveraged in an attack.

tags | exploit, web, php
advisories | CVE-2011-4828
MD5 | 7dc5df6cc48f5dcc39d54d0e93805fdd
PHP Vulnerability Hunter 1.2.0.2
Posted Jan 10, 2012
Authored by AutoSec Tools | Site autosectools.com

PHP Vulnerability Hunter is a PHP fuzzing tool that scans for several different vulnerabilities by performing dynamic program analysis. It can detect arbitrary command execution, local file inclusion, arbitrary upload, and several other types of vulnerabilities.

Changes: Fix made in relation to the error reporting.
tags | arbitrary, local, php, vulnerability, file inclusion, fuzzer
MD5 | 1e02ee78d2940ef98e05c77caf0939cd
PHP Vulnerability Hunter 1.2.0.1
Posted Jan 9, 2012
Authored by AutoSec Tools | Site autosectools.com

PHP Vulnerability Hunter is a PHP fuzzing tool that scans for several different vulnerabilities by performing dynamic program analysis. It can detect arbitrary command execution, local file inclusion, arbitrary upload, and several other types of vulnerabilities.

Changes: Added tooltips to GUI, input map report, automatic error reporting, port setting, static analysis phase, and a ton more. Minor CLI tweaks. Code annotation improvements and updated help menu shortcut.
tags | arbitrary, local, php, vulnerability, file inclusion, fuzzer
MD5 | 4ddf92ab837e326d0d39b49b2c6d2aa6
PHP Vulnerability Hunter 1.1.4.6
Posted Nov 17, 2011
Authored by AutoSec Tools | Site autosectools.com

PHP Vulnerability Hunter is a PHP fuzzing tool that scans for several different vulnerabilities by performing dynamic program analysis. It can detect arbitrary command execution, local file inclusion, arbitrary upload, and several other types of vulnerabilities.

Changes: Added code coverage report. Updated GUI validation. Several instrumentation fixes. Fixed lingering connection issue. Fixed GUI and report viewer crashes related to working directory.
tags | tool, arbitrary, local, php, vulnerability, file inclusion, fuzzer
MD5 | 392085a25f1f990b947853370d539873
V-CMS 1.0 Cross Site Scripting
Posted Nov 17, 2011
Authored by AutoSec Tools | Site autosectools.com

A reflected cross site scripting vulnerability in V-CMS version 1.0 can be exploited to execute arbitrary JavaScript.

tags | exploit, arbitrary, javascript, xss
MD5 | 1b4bc6deefd42efc1d825c37fda25766
V-CMS 1.0 SQL Injection
Posted Nov 17, 2011
Authored by AutoSec Tools | Site autosectools.com

A SQL injection vulnerability in V-CMS version 1.0 can be exploited to extract arbitrary data. In some environments it may be possible to create a PHP shell.

tags | exploit, arbitrary, shell, php, sql injection
MD5 | 227ff1a112b2e271f868947e6f5843e5
V-CMS 1.0 Shell Upload
Posted Nov 17, 2011
Authored by AutoSec Tools | Site autosectools.com

An arbitrary upload vulnerability in V-CMS version 1.0 can be exploited to extract arbitrary data. In some environments it may be possible to create a PHP shell.

tags | exploit, arbitrary, shell, php
MD5 | 16fbeae097458ceaf503548c01ac8d6f
Herberlin Bremsserver 3.0 Directory Traversal
Posted Nov 17, 2011
Authored by AutoSec Tools | Site autosectools.com

A directory traversal vulnerability in Herberlin Bremsserver version 3.0 can be exploited to read files outside of the web root.

tags | exploit, web, root
MD5 | 6239926a009b5342021fdfdc46486256
Process Hollowing
Posted Sep 27, 2011
Authored by AutoSec Tools | Site autosectools.com

Whitepaper called Process Hollowing. Process hollowing is yet another tool in the kit of those who seek to hide the presence of a process. The idea is rather straight forward: a bootstrap application creates a seemingly innocent process in a suspended state. The legitimate image is then unmapped and replaced with the image that is to be hidden. If the preferred image base of the new image does not match that of the old image, the new image must be rebased. Once the new image is loaded in memory the EAX register of the suspended thread is set to the entry point. The process is then resumed and the entry point of the new image is executed.

tags | paper
MD5 | 991ac5d5f3a901007a494d89dc276de4
FuzzTalk Fuzzing Framework 1.0.0.0
Posted Sep 6, 2011
Authored by AutoSec Tools | Site autosectools.com

FuzzTalk is an XML driven fuzz testing framework that emphasizes easy extensibility and reusability. While most fuzzing frameworks require in depth programming knowledge, FuzzTalk can test a wide range of network protocols with the help of XML templates. Includes scripts for fuzzing HTTP, FTP, and SMTP servers.

tags | web, protocol, fuzzer
MD5 | 0f7206509ccf1ffe3ceed654642a63b9
Anti-Debugging With Exceptions
Posted Aug 30, 2011
Authored by AutoSec Tools | Site autosectools.com

Whitepaper call Anti-Debugging with Exceptions. Several techniques for detecting exception swallowing debuggers have been documented. The concept is simple: by design, debuggers handle certain kinds of exceptions. If such an exception is wrapped in a try block, the exception handle is only executed if a debugger is not attached. Hence it can be inferred that a debugger is attached whenever the exception block is not executed.

tags | paper
MD5 | 6df664f50473c74a1b7c3dafb9eccf59
PHP Vulnerability Hunter 1.1.3.1
Posted Aug 16, 2011
Authored by AutoSec Tools | Site autosectools.com

PHP Vulnerability Hunter is a PHP fuzzing tool that scans for several different vulnerabilities by performing dynamic program analysis. It can detect arbitrary command execution, local file inclusion, arbitrary upload, and several other types of vulnerabilities.

tags | arbitrary, local, php, vulnerability, file inclusion, fuzzer
MD5 | 183aba9079d7a9459d25a61d503d2330
IAT Hooking Revisited
Posted Aug 2, 2011
Authored by AutoSec Tools | Site autosectools.com

Import address table (IAT) hooking is a well documented technique for intercepting calls to imported functions. However, most methods rely on suspicious API functions and leave several easy to identify artifacts. This paper explores different ways IAT hooking can be employed while circumventing common detection mechanisms.

tags | paper
MD5 | d0cefc671ad94febb6cd76561c7d9b76
All Windows Null-Free MessageBoxA Shellcode
Posted Jul 12, 2011
Authored by AutoSec Tools | Site autosectools.com

167 bytes small all Windows null-free MessageBoxA shellcode. Tested on 2000, XP, XP x64, Vista, 7, 8 M3 x64.

tags | shellcode
systems | windows
MD5 | dfa35acf94a6226ccd3a9e44c48db966
All Windows Null-Free CreateProcessA Calc Shellcode
Posted Jul 6, 2011
Authored by AutoSec Tools | Site autosectools.com

112 bytes small all Windows null-free CreateProcessA calc.exe shellcode.

tags | shellcode
systems | windows
MD5 | ba9a69346aa022a746db247c8f3836f5
HTTP Bog 1.0.0.0
Posted Jun 18, 2011
Authored by AutoSec Tools | Site autosectools.com

HTTP Bog is a slow HTTP denial-of-service tool that works similarly to other attacks, but rather than leveraging request headers or POST data Bog consumes sockets by slowly reading responses. Requires .NET 3.5. Written in C#.

tags | web, denial of service
MD5 | c89d3304824a4967c6697363b15bd2f7
Directory Traversal Scanner 1.0.1.0
Posted Jun 7, 2011
Authored by AutoSec Tools | Site autosectools.com

This is a directory traversal scanner written in C# that audits HTTP servers and web applications. Complete source included.

Changes: UI improvements. Fixed a timeout. Settings are now saved upon exit. Several fuzz string updates and more.
tags | tool, web, scanner
systems | unix
MD5 | 798bbe1106f4280b2e657657f6a283b3
Tele Data Contact Management Server Directory Traversal
Posted Jun 6, 2011
Authored by AutoSec Tools | Site autosectools.com

A directory traversal vulnerability in Tele Data Contact Management Server can be exploited to read files outside of the web root.

tags | exploit, web, root, file inclusion
MD5 | 12add4a93ba2b67aa6f0743c358c9c2b
Simple Web-Server 1.2 Directory Traversal
Posted Jun 6, 2011
Authored by AutoSec Tools | Site autosectools.com

A directory traversal vulnerability in Simple web-server version 1.2 can be exploited to read files outside of the web root.

tags | exploit, web, root
MD5 | 0953890bc1299e7b8cb0e44e8992b42d
Nakid CMS 1.0.2 Cross Site Scripting
Posted Jun 6, 2011
Authored by AutoSec Tools | Site autosectools.com

A reflected cross site scripting vulnerability in Nakid CMS version 1.0.2 can be exploited to execute arbitrary JavaScript.

tags | exploit, arbitrary, javascript, xss
MD5 | a488a90b1a7f2a4cda5f688ba986e317
Angora Guestbook 1.5 Local File Inclusion
Posted Jun 6, 2011
Authored by AutoSec Tools | Site autosectools.com

A local file inclusion vulnerability in Angora Guestbook version 1.5 can be exploited to include arbitrary files.

tags | exploit, arbitrary, local, file inclusion
MD5 | 0ab487d5cc11e2b38345d81f9138c958
HTTPConsole 1.0.0.0 For Windows
Posted May 31, 2011
Authored by AutoSec Tools | Site autosectools.com

This is an HTTP console to remote administer Windows hosts with a browser-based, AJAX-enabled, command-line interface. Server requires .NET 3.5. Written in C# and JavaScript.

tags | remote, web, javascript
systems | windows
MD5 | bca2d252dec2fdc40cb4c285d0c3b57a
Clipbucket 2.4 RC2 645 SQL Injection
Posted May 25, 2011
Authored by AutoSec Tools | Site autosectools.com

A SQL injection vulnerability in Clipbucket version 2.4 RC2 645 can be exploited to extract arbitrary data. In some environments it may be possible to create a PHP shell.

tags | exploit, arbitrary, shell, php, sql injection
MD5 | b1b0439bb9441c5ac22b49cc43e394f4
eGroupware 1.8.001.20110421 Local File Inclusion
Posted May 25, 2011
Authored by AutoSec Tools | Site autosectools.com

A local file inclusion vulnerability in eGroupware version 1.8.001.20110421 can be exploited to include arbitrary files.

tags | exploit, arbitrary, local, file inclusion
MD5 | 3f5927d07efba7233255ced7e79056cd
eGroupware 1.8.001.20110421 Open Redirect
Posted May 25, 2011
Authored by AutoSec Tools | Site autosectools.com

An open redirect in eGroupware version 1.8.001.20110421 can be exploited to redirect users to an arbitrary URL.

tags | exploit, arbitrary
MD5 | c30f72c6bf551e389bc7d602e471dd19
Page 1 of 11
Back12345Next

File Archive:

July 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    15 Files
  • 2
    Jul 2nd
    19 Files
  • 3
    Jul 3rd
    11 Files
  • 4
    Jul 4th
    0 Files
  • 5
    Jul 5th
    0 Files
  • 6
    Jul 6th
    0 Files
  • 7
    Jul 7th
    0 Files
  • 8
    Jul 8th
    0 Files
  • 9
    Jul 9th
    0 Files
  • 10
    Jul 10th
    0 Files
  • 11
    Jul 11th
    0 Files
  • 12
    Jul 12th
    0 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    0 Files
  • 16
    Jul 16th
    0 Files
  • 17
    Jul 17th
    0 Files
  • 18
    Jul 18th
    0 Files
  • 19
    Jul 19th
    0 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close