exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 8 of 8 RSS Feed

Files Date: 2018-02-10

glibc '$ORIGIN' Expansion Privilege Escalation
Posted Feb 10, 2018
Authored by Tavis Ormandy, Brendan Coles | Site metasploit.com

This Metasploit module attempts to gain root privileges on Linux systems by abusing a vulnerability in the GNU C Library (glibc) dynamic linker. glibc ld.so in versions before 2.11.3, and 2.12.x before 2.12.2 does not properly restrict use of the LD_AUDIT environment variable when loading setuid executables which allows control over the $ORIGIN library search path resulting in execution of arbitrary shared objects. This Metasploit module opens a file descriptor to the specified suid executable via a hard link, then replaces the hard link with a shared object before instructing the linker to execute the file descriptor, resulting in arbitrary code execution. The specified setuid binary must be readable and located on the same file system partition as the specified writable directory. This Metasploit module has been tested successfully on glibc version 2.5 on CentOS 5.4 (x86_64), 2.5 on CentOS 5.5 (x86_64) and 2.12 on Fedora 13 (i386). RHEL 5 is reportedly affected, but untested. Some versions of ld.so hit a failed assertion in dl_open_worker causing exploitation to fail.

tags | exploit, arbitrary, root, code execution
systems | linux, fedora, centos
advisories | CVE-2010-3847
SHA-256 | 9a6bdfa99ad597fe9f9517dd0f8bdc9cdeba67fff5dacc64d849ac9bf5bfbfed
WordPress Bookly Lite 13.2 Cross Site Scripting
Posted Feb 10, 2018
Authored by Luigi Gubello

WordPress Bookly Lite plugin version 13.2 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2018-6891
SHA-256 | 1e099cc6690be2bd8587eb15b9d5614597c0c1247f792e3a27b45507ad09905a
glibc LD_AUDIT Arbitrary DSO Load Privilege Escalation
Posted Feb 10, 2018
Authored by Marco Ivaldi, Tavis Ormandy, Todor Donev, zx2c4, Brendan Coles | Site metasploit.com

This Metasploit module attempts to gain root privileges on Linux systems by abusing a vulnerability in the GNU C Library (glibc) dynamic linker. glibc ld.so in versions before 2.11.3, and 2.12.x before 2.12.2 does not properly restrict use of the LD_AUDIT environment variable when loading setuid executables. This allows loading arbitrary shared objects from the trusted library search path with the privileges of the suid user. This Metasploit module uses LD_AUDIT to load the libpcprofile.so shared object, distributed with some versions of glibc, and leverages arbitrary file creation functionality in the library constructor to write a root-owned world-writable file to a system trusted search path (usually /lib). The file is then overwritten with a shared object then loaded with LD_AUDIT resulting in arbitrary code execution. This Metasploit module has been tested successfully on glibc version 2.11.1 on Ubuntu 10.04 x86_64 and version 2.7 on Debian 5.0.4 i386. RHEL 5 is reportedly affected, but untested. Some glibc distributions do not contain the libpcprofile.so library required for successful exploitation.

tags | exploit, arbitrary, root, code execution
systems | linux, debian, ubuntu
advisories | CVE-2010-3847, CVE-2010-3856
SHA-256 | 79d3dcb40544179ef2c545514e54b7352e225d51c57c720672f33d1b717c00e5
Multi Language Olx Clone Script 2.0.7 Cross Site Scripting
Posted Feb 10, 2018
Authored by Varun Bagaria

Multi Language Olx Clone Script version 2.0.6 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2018-6845
SHA-256 | 64e50ed099cde351e46f83e423e1d0f8b43ee73da55244234d3947d24a3924ac
Multi Religion Responsive Matrimonial 4.7.2 Cross Site Scripting
Posted Feb 10, 2018
Authored by Prasenjit Kanti Paul

Multi Religion Responsive Matrimonial version 4.7.2 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2018-6864
SHA-256 | cfed3f090e03e0d3d2a4637df4fcea9eb85049e0840aced24aee1c1658abbf16
Select Your College Script 2.0.2 Authentication Bypass
Posted Feb 10, 2018
Authored by Prasenjit Kanti Paul

Select Your College Script version 2.0.2 suffers from an authentication bypass vulnerability.

tags | exploit, bypass
advisories | CVE-2018-6863
SHA-256 | 38ff594038aa929afa90c92373306ee91db98acc117208e61f10149f49cd4a3c
SSLsplit 0.5.2
Posted Feb 10, 2018
Site roe.ch

SSLsplit is a tool for man-in-the-middle attacks against SSL/TLS encrypted network connections. Connections are transparently intercepted through a network address translation engine and redirected to SSLsplit. SSLsplit terminates SSL/TLS and initiates a new SSL/TLS connection to the original destination address, while logging all data transmitted. SSLsplit is intended to be useful for network forensics and penetration testing.

Changes: Add support for SSLv2 ClientHello handshake format for SSLv3/TLS connections and while there, essentially fixing autossl for clients using SSLv2 ClientHello handshake format with SSLv3/TLS. Suppress Upgrade header added in order to prevent upgrading connections to WebSockets or HTTP/2. Various other updates and additions.
tags | tool, encryption
SHA-256 | f32c7fd760a45bb521adb8d96c819173fcaed1964bf114e666fcd7cf7ff043a8
DNS Spider Multithreaded Bruteforcer 0.9
Posted Feb 10, 2018
Authored by noptrix | Site nullsecurity.net

DNS Spider is a multi-threaded bruteforcer of subdomains that leverages a wordlist and/or character permutation.

Changes: Uses async multithreading via concurrent.futures module. Logs only the subdomains to logfile when '-r' was chosen. Various other updates.
tags | tool, scanner
systems | unix
SHA-256 | 2a1c19a15fae3931628d48366690c0774b30ef7952d0bd8404c0f1b59751fbb3
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close