PPstream 2.6.86.8900 PPSMediaList ActiveX Remote BOF PoC

日期: 2009/09/04 分类: 技术杂文 标签: , , , 添加回复

一共两个,

<!--
******************************************************************************
PPStream is the most huge p2p media player in the world.
There are two hundred million ppstream users in the world.
The vulnerability is exploitable,but I have no time to make it,you could visit my blog for detail.^@^
welcome to http://0dayexpose.blogspot.com/ 

阅读全文

WordPress Plugin WP-Syntax < = 0.9.1 Remote Command Execution PoC

日期: 2009/08/15 分类: 技术杂文 标签: , , 添加回复

============================================================
Wordpress Plugin WP-Syntax <= 0.9.1 Remote Command Execution
============================================================

1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ __ __ 1
1 /’ \ __ /’__`\ /\ \__ /’__`\ 0
0 /\_, \ ___ /\_\/\_\ \ \ ___\ \ ,_\/\ \/\ \ _ ___ 1
1 \/_/\ \ /’ _ `\ \/\ \/_/_\_<_ /’___\ \ \/\ \ \ \ \/\`’__\ 0
0 \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/ 1
1 \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\ 0
0 \/_/\/_/\/_/\ \_\ \/___/ \/____/ \/__/ \/___/ \/_/ 1
1 \ \____/ >> Exploit database separated by exploit 0
0 \/___/ type (local, remote, DoS, etc.) 1
1 0
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-1

#[+] Discovered By : Inj3ct0r

阅读全文

phpMyAdmin Remote Code Execution Proof of Concept

日期: 2009/06/10 分类: 技术杂文 标签: , 添加回复 
PoC: http://www.milw0rm.com/exploits/8921
#!/bin/bash

# CVE-2009-1151: phpMyAdmin '/scripts/setup.php' PHP Code Injection RCE PoC v0.11
# by pagvac (gnucitizen.org), 4th June 2009.
# special thanks to Greg Ose (labs.neohapsis.com) for discovering such a cool vuln,
# and to str0ke (milw0rm.com) for testing this PoC script and providing feedback!

# PoC script successfully tested on the following targets:
# phpMyAdmin 2.11.4, 2.11.9.3, 2.11.9.4, 3.0.0 and 3.0.1.1
# Linux 2.6.24-24-generic i686 GNU/Linux (Ubuntu 8.04.2) 

阅读全文