Showing 1 - 5 of 5

Files from Johannes Dahse

First Active	2012-01-06
Last Active	2014-10-21

Joomla Akeeba Kickstart Unserialize Remote Code Execution: Posted Oct 21, 2014; Authored by Johannes Dahse | Site metasploit.com; This Metasploit module exploits a vulnerability found in Joomla! through 2.5.25, 3.2.5 and earlier 3.x versions and 3.3.0 through 3.3.4 versions. The vulnerability affects the Akeeba component, which is responsible for Joomla! updates. Nevertheless it is worth to note that this vulnerability is only exploitable during the update of the Joomla! CMS.; tags | exploit; advisories | CVE-2014-7228; SHA-256 | 5516d077b739b43923f128e4105b580cf998eaf5385300c161f3285ff983977d; Download | Favorite | View

Shopizer 1.1.5 Code Execution / XSS / CSRF / Data Manipulation: Posted Jul 11, 2014; Authored by Johannes Greil, Johannes Dahse | Site sec-consult.com; Shopizer version 1.1.5 suffers from remote command execution, cross site request forgery, cross site scripting, and data manipulation vulnerabilities.; tags | exploit, remote, vulnerability, xss, csrf; SHA-256 | e4162980efab523974589c1d3461783cd9e47700688234801663f08a5f929a8d; Download | Favorite | View

Apache Struts Developer Mode OGNL Execution: Posted Feb 1, 2014; Authored by juan vazquez, Johannes Dahse, Andreas Nusser, Alvaro | Site metasploit.com; This Metasploit module exploits a remote command execution vulnerability in Apache Struts 2. The problem exists on applications running in developer mode, where the DebuggingInterceptor allows evaluation and execution of OGNL expressions, which allows remote attackers to execute arbitrary Java code. This Metasploit module has been tested successfully in Struts 2.3.16, Tomcat 7 and Ubuntu 10.04.; tags | exploit, java, remote, arbitrary; systems | linux, ubuntu; advisories | CVE-2012-0394, OSVDB-78276; SHA-256 | d95e5ef29a2fce9c476472748fd55d151658b54e2b3321896da72a713f7e54b9; Download | Favorite | View

Apache Struts 2.2.1.1 Remote Command Execution: Posted Jun 5, 2012; Authored by sinn3r, juan vazquez, Johannes Dahse, Andreas Nusser | Site metasploit.com; This Metasploit module exploits a remote command execution vulnerability in Apache Struts versions less than or equal to 2.2.1.1. This issue is caused because the ExceptionDelegator interprets parameter values as OGNL expressions during certain exception handling for mismatched data types of properties, which allows remote attackers to execute arbitrary Java code via a crafted parameter.; tags | exploit, java, remote, arbitrary; advisories | CVE-2012-0391, OSVDB-78277; SHA-256 | 0b05a1b978021a7e230996613260f0f4ba94c92ffadf95f1ba1f5be6cacdbf23; Download | Favorite | View

Apache Struts2 File Overwrite / Command Execution: Posted Jan 6, 2012; Authored by Johannes Dahse, Andreas Nusser | Site sec-consult.com; Apache Struts2 versions 2.2.1.1 and below suffer from an ExceptionDelegator remote command execution vulnerability. Versions 2.3.1 and below suffer from remote command execution vulnerabilities related to CookieInterceptor and DebuggingInterceptor. Versions 2.3.1 and below suffer from a file overwrite vulnerability in ParametersInterceptor.; tags | exploit, remote, vulnerability; SHA-256 | 8d363a18f897ed34231b59c495249b3756d6dd28557f389c633b72c05f3bea07; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days