IPFire Cgi Web Interface Authenticated Bash Environment Variable Code Injection exploit

[[email protected] ~]$ python ipfire_cgi_shellshock.py ___ _______ _______ __ _______ __ | | _ | _ |__.----.-----. | _ .-----|__| |. |. 1 |. 1___| | _| -__| |. 1___| _ | | |. |. ____|. __) |__|__| |_____| |. |___|___ |__| |: |: | |: | |: 1 |_____| |::.|::.| |::.| |::.. . | `---`---' `---' `-------' _______ __ __ __ _______ __ __ | _ | |--.-----| | | _ | |--....

September 29, 2014 · 1 min · claudio

Gnu Bash 4.3 and below Cgi Scan + Remote Command Injection Exploit

[[email protected] ~]$ ./bash_env_rci_v2.py _______ _______ __ | _ .-----.--.--. | _ .---.-.-----| |--. |. |___| | | | |. 1 | _ |__ --| | |. | |__|__|_____| |. _ |___._|_____|__|__| |: 1 | |: 1 \ |::.. . | |::.. . / `-------' `-------' ___ ___ _______ _______ _______ ___ | Y | | _ | | _ | _ | | | | |_|___| | |. l |. 1___|....

September 26, 2014 · 1 min · claudio

WordPress Slideshow Gallery 1.4.6 Shell Upload Exploit + Demo

[[email protected] ~]$ python wp_gallery_slideshow_146_suv.py -t http://localhost/wordpress -u editor -p editor -f sh33l.php $$$$$$\ $$\ $$\ $$\ $$\ $$ __$$\ $$ |\__| $$ | $$ | $$ / \__|$$ |$$\ $$$$$$$ | $$$$$$\ $$$$$$$\ $$$$$$$\ $$$$$$\ $$\ $$\ $$\ \$$$$$$\ $$ |$$ |$$ __$$ |$$ __$$\ $$ _____|$$ __$$\ $$ __$$\ $$ | $$ | $$ | \____$$\ $$ |$$ |$$ / $$ |$$$$$$$$ |\$$$$$$\ $$ | $$ |$$ / $$ |$$ | $$ | $$ | $$\ $$ |$$ |$$ |$$ | $$ |$$ ____| \____$$\ $$ | $$ |$$ | $$ |$$ | $$ | $$ | \$$$$$$ |$$ |$$ |\$$$$$$$ |\$$$$$$$\ $$$$$$$ |$$ | $$ |\$$$$$$ |\$$$$$\$$$$ | \______/ \__|\__| \_______| \_______|\_______/ \__| \__| \______/ \_____\____/ $$$$$$\ $$\ $$\ $$\ $$\ $$\ $$$$$$\ $$ __$$\ $$ |$$ | $$$$ |$$ | $$ | $$ __$$\ $$ / \__| $$$$$$\ $$ |$$ | $$$$$$\ $$$$$$\ $$\ $$\ \_$$ |$$ | $$ | $$ / \__| $$ |$$$$\ \____$$\ $$ |$$ |$$ __$$\ $$ __$$\ $$ | $$ | $$ |$$$$$$$$ | $$$$$$$\ $$ |\_$$ | $$$$$$$ |$$ |$$ |$$$$$$$$ |$$ | \__|$$ | $$ | $$ |\_____$$ | $$ __$$\ $$ | $$ |$$ __$$ |$$ |$$ |$$ ____|$$ | $$ | $$ | $$ | $$ | $$ / $$ | \$$$$$$ |\$$$$$$$ |$$ |$$ |\$$$$$$$\ $$ | \$$$$$$$ | $$$$$$\ $$\ $$ |$$\ $$$$$$ | \______/ \_______|\__|\__| \_______|\__| \____$$ | \______|\__|\__|\__|\______/ $$\ $$ | \$$$$$$ | \______/ W0rdpr3ss Sl1d3sh04w G4ll3ry 1....

September 16, 2014 · 3 min · claudio

Joomla Spider Contacts 1.3.6 and below SQL Injection vulnerability

$$$$$\ $$\ $$$$$$\ $$\ $$\ \__$$ | $$ | $$ __$$\ \__| $$ | $$ | $$$$$$\ $$$$$$\ $$$$$$\$$$$\ $$ | $$$$$$\ $$ / \__| $$$$$$\ $$\ $$$$$$$ | $$$$$$\ $$$$$$\ $$ |$$ __$$\ $$ __$$\ $$ _$$ _$$\ $$ | \____$$\ \$$$$$$\ $$ __$$\ $$ |$$ __$$ |$$ __$$\ $$ __$$\ $$\ $$ |$$ / $$ |$$ / $$ |$$ / $$ / $$ |$$ | $$$$$$$ | \____$$\ $$ / $$ |$$ |$$ / $$ |$$$$$$$$ |$$ | \__| $$ | $$ |$$ | $$ |$$ | $$ |$$ | $$ | $$ |$$ |$$ __$$ | $$\ $$ |$$ | $$ |$$ |$$ | $$ |$$ ____|$$ | \$$$$$$ |\$$$$$$ |\$$$$$$ |$$ | $$ | $$ |$$ |\$$$$$$$ | \$$$$$$ |$$$$$$$ |$$ |\$$$$$$$ |\$$$$$$$\ $$ | \______/ \______/ \______/ \__| \__| \__|\__| \_______| \______/ $$ ____/ \__| \_______| \_______|\__| $$ | $$ | \__| $$$$$$\ $$\ $$\ $$\ $$$$$$\ $$$$$$\ $$ __$$\ $$ | $$ | $$$$ | $$ ___$$\ $$ __$$\ $$ / \__| $$$$$$\ $$$$$$$\ $$$$$$\ $$$$$$\ $$$$$$$\ $$$$$$\ $$$$$$$\ \_$$ | \_/ $$ | $$ / \__| $$ | $$ __$$\ $$ __$$\_$$ _| \____$$\ $$ _____|\_$$ _| $$ _____| $$ | $$$$$ / $$$$$$$\ $$ | $$ / $$ |$$ | $$ | $$ | $$$$$$$ |$$ / $$ | \$$$$$$\ $$ | \___$$\ $$ __$$\ $$ | $$\ $$ | $$ |$$ | $$ | $$ |$$\ $$ __$$ |$$ | $$ |$$\ \____$$\ $$ | $$\ $$ | $$ / $$ | \$$$$$$ |\$$$$$$ |$$ | $$ | \$$$$ |\$$$$$$$ |\$$$$$$$\ \$$$$ |$$$$$$$ | $$$$$$\ $$\$$$$$$ |$$\ $$$$$$ | \______/ \______/ \__| \__| \____/ \_______| \_______| \____/ \_______/ \______|\__|\______/ \__|\______/ j00ml4 Spid3r C0nt4cts <= 1....

September 10, 2014 · 3 min · claudio

Joomla Spider Calendar 3.2.6 SQL Injection Exploit + Demo

$$$$$\ $$\ $$$$$$\ $$\ $$\ \__$$ | $$ | $$ __$$\ \__| $$ | $$ | $$$$$$\ $$$$$$\ $$$$$$\$$$$\ $$ | $$$$$$\ $$ / \__| $$$$$$\ $$\ $$$$$$$ | $$$$$$\ $$$$$$\ $$ |$$ __$$\ $$ __$$\ $$ _$$ _$$\ $$ | \____$$\ \$$$$$$\ $$ __$$\ $$ |$$ __$$ |$$ __$$\ $$ __$$\ $$\ $$ |$$ / $$ |$$ / $$ |$$ / $$ / $$ |$$ | $$$$$$$ | \____$$\ $$ / $$ |$$ |$$ / $$ |$$$$$$$$ |$$ | \__| $$ | $$ |$$ | $$ |$$ | $$ |$$ | $$ | $$ |$$ |$$ __$$ | $$\ $$ |$$ | $$ |$$ |$$ | $$ |$$ ____|$$ | \$$$$$$ |\$$$$$$ |\$$$$$$ |$$ | $$ | $$ |$$ |\$$$$$$$ | \$$$$$$ |$$$$$$$ |$$ |\$$$$$$$ |\$$$$$$$\ $$ | \______/ \______/ \______/ \__| \__| \__|\__| \_______| \______/ $$ ____/ \__| \_______| \_______|\__| $$ | $$ | \__| $$$$$$\ $$\ $$\ $$$$$$\ $$$$$$\ $$$$$$\ $$ __$$\ $$ | $$ | $$ ___$$\ $$ __$$\ $$ __$$\ $$ / \__| $$$$$$\ $$ | $$$$$$\ $$$$$$$\ $$$$$$$ | $$$$$$\ $$$$$$\ \_/ $$ | \__/ $$ | $$ / \__| $$ | \____$$\ $$ |$$ __$$\ $$ __$$\ $$ __$$ | \____$$\ $$ __$$\ $$$$$ / $$$$$$ | $$$$$$$\ $$ | $$$$$$$ |$$ |$$$$$$$$ |$$ | $$ |$$ / $$ | $$$$$$$ |$$ | \__| \___$$\ $$ ____/ $$ __$$\ $$ | $$\ $$ __$$ |$$ |$$ ____|$$ | $$ |$$ | $$ |$$ __$$ |$$ | $$\ $$ | $$ | $$ / $$ | \$$$$$$ |\$$$$$$$ |$$ |\$$$$$$$\ $$ | $$ |\$$$$$$$ |\$$$$$$$ |$$ | \$$$$$$ |$$\ $$$$$$$$\ $$\ $$$$$$ | \______/ \_______|\__| \_______|\__| \__| \_______| \_______|\__| \______/ \__|\________|\__|\______/ j00ml4 Spid3r C4l3nd4r >= 2....

September 6, 2014 · 3 min · claudio