Whitepaper documenting the recent Pwn2Own 2010 Windows 7 Internet Explorer compromise.
98aa82f07d8894e65cff840e18ab39473886dee9071e52d31cb111db7f4a2fb8
This whitepaper documents a walk through that describes the steps taken to identify a remote code execution vulnerability in multiOTP version 5.0.4.4.
4732ae6117764a5cac9dd84f3d79ef6065f0a8c5a22085a25d924acb3a87756e
This proof of concept exploit aims to execute a reverse shell on the target in the context of the web server user via a vulnerable PHP email library.
a6480837acf975f49749549e06ab31dc5538b6276d390b38aa0f7a89e63148d0
This whitepaper documents shortcomings in various popular web application firewalls (WAFS) and how to trigger cross site scripting attacks regardless of the protections in place. Covered are F5 Big IP, Imperva Incapsula, AQTRONIX WebKnight, PHP-IDS, Mod-Security, Sucuri, QuickDefense, and Barracuda WAF.
c38f62eb042bf845f286dc56c557e0a4422de464a3d9658b8fd2d013a1a708c2
This proof of concept exploits a missing sign check in IOBluetoothHCIUserClient::SimpleDispatchWL() on Mac OS X Mavericks.
1dd3038cf5d241dc284516224174f72943e3ec4e439021ee7654973dc33df8a6
This whitepaper documents how to compromise CA ControlMinder versions 12.5, 12.6, and 12.6 SP1 running JBoss version 4.2.2.GA.
d79c4e8b7e01e49acdda05ad5eceda4f0bf7d0d76f4b960c5d9135475bebc7d6
Oracle Reports pwnacle exploit that uploads a jsp shell to the target system using the URLPARAMETER vulnerability that allows for planting files.
3581d647b9a2e8009d1d33ce3190ed76df5b93ae7c3bb78683ead1f423d79945
This whitepaper document how the brute forcing exploit works for a buffer overflow vulnerability in nginx versions 1.3.9 and 1.4.0 on x86.
83e7a76cda024bdc1720e8569cb20218c76aa3c5b8a8f5ddfad4818e03f8afe9
This code is a backdoor for nginx. It provides remote shell access, SOCKS5 tunneling, and HTTP password sniffing and logging.
8f754357b61c73fe20efc8dd28b52d222feb812bbaf36bebdfee47e30d0ddfb1
Pwnnel-Blicker is a second local root exploit for Tunnel Blick OS X OpenVPN manager.
469187a05e24af6ff54301dc1ce224c0d812f436efa24c7f9245c5385e416fb9
Whitepaper called Pwning the BSNL Users.
4b22e4e33ddefc12559ed84d9659f1017723993f24e80a133e95b05bdb4ed88f
pwnat, pronounced "poe-nat", is a tool that allows any number of clients behind NATs to communicate with a server behind a separate NAT with no port forwarding and no DMZ setup on any routers in order to directly communicate with each other. The server does not need to know anything about the clients trying to connect.
709e1288e05bcae5f1221f2904de2ef64b9d8b81d5fbee6c3b69ef49a807aa1f
Apache version 2.2.14 mod_isapi remote SYSTEM exploit. Due to the nature of the vulnerability, and exploitation method, DEP should be limited to essential Windows programs and services. At worst, if DEP is enabled for the Apache process, you could cause a constant DoS by looping this (since apache will automatically restart).
c783414f79f43dcae00ce4cd44e85c324652565b650c7c405e711ebdd5c30075
This pdf has the Anti-virus PWN2RM Challenge results. An amusing read discussing how to disable McAfee, Norton, and various other AV software.
232bf4211083bfc95c523a4af38a1e65423009125b74c66afdafd26c6bd3968a
The Pwnie Awards ceremony will return for the third consecutive year to the BlackHat USA conference in Las Vegas. The award ceremony will take place during the BlackHat reception on Wed, July 29. The deadline for nominations is Wednesday, July 15.
d41345c93e4e6fbcbec9cc12b2810b67756a26764da817df33d9d5f20cdbf800
Whitepaper called From 0 To 0 Day On Symbian - Finding Low Level Vulnerabilities On Symbian Smartphones.
9f84cc111e30835b5b7e8fbc5e38e756d4e282500b242481eca7fe284fc5a2df
Race condition exploit that takes advantage of a flaw in Intego VirusBarrier X4.
8fbc3bac0aef7c91710230a3e7449dcef6d21741f4c4c879f4899e657a426416
VP-ASP Shopping Cart version 5.50 is susceptible to SQL injection attacks.
332f445af6a6c5c47f068cb8d8c03ed007441924b9c1604249e696ad8d996b1f
PwnZilla 5 - Exploit for the IDN host name heap buffer overrun in Mozilla browsers such as Firefox, Mozilla, and Netscape.
5fd84b75e862d1b3f6cac437ba7e571a8da0bd7fe4f45638c172f865b261d320