Fakhri Zulkifli fakhrizulkifli
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [ 0.000000] Linux version 4.15.0-29-generic (buildd@lcy01-amd64-024) (gcc version 5.4.0 20160609 (Ubuntu 5.4.0-6ubuntu1~16.04.10)) #31~16.04.1-Ubuntu SMP Wed Jul 18 08:54:04 UTC 2018 (Ubuntu 4.15.0-29.31~16.04.1-generic 4.15.18) | |
| [ 0.000000] Command line: BOOT_IMAGE=/boot/vmlinuz-4.15.0-29-generic root=UUID=698582a6-55a9-44bf-b937-26bede2bff48 ro find_preseed=/preseed.cfg auto noprompt priority=critical locale=en_US quiet | |
| [ 0.000000] KERNEL supported cpus: | |
| [ 0.000000] Intel GenuineIntel | |
| [ 0.000000] AMD AuthenticAMD | |
| [ 0.000000] Centaur CentaurHauls | |
| [ 0.000000] Disabled fast string operations | |
| [ 0.000000] x86/fpu: Supporting XSAVE feature 0x001: 'x87 floating point registers' | |
| [ 0.000000] x86/fpu: Supporting XSAVE feature 0x002: 'SSE registers' | |
| [ 0.000000] x86/fpu: Supporting XSAVE feature 0x004: 'AVX registers' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Exploit Title: Nagios Core qh_help Denial of Service | |
| # Date: 2018-07-09 | |
| # Exploit Author: Fakhri Zulkifli (@d0lph1n98) | |
| # Vendor Homepage: https://www.nagios.org/ | |
| # Software Link: https://www.nagios.org/downloads/nagios-core/ | |
| # Version: 4.4.1 and earlier | |
| # Tested on: 4.4.1 | |
| # CVE : CVE-2018-13441 | |
| qh_help in Nagios Core version 4.4.1 and earlier is prone to a NULL pointer dereference vulnerability, which allows attacker to cause a local denial-of-service condition by sending a crafted payload to the listening UNIX socket. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Exploit Title: Nagios Core qh_core Denial of Service | |
| # Date: 2018-07-09 | |
| # Exploit Author: Fakhri Zulkifli (@d0lph1n98) | |
| # Vendor Homepage: https://www.nagios.org/ | |
| # Software Link: https://www.nagios.org/downloads/nagios-core/ | |
| # Version: 4.4.1 and earlier | |
| # Tested on: 4.4.1 | |
| # CVE : CVE-2018-13458 | |
| qh_core in Nagios Core 4.4.1 and earlier is prone to a NULL pointer dereference vulnerability, which allows attackers to cause a local denial-of-service condition by sending a crafted payload to the listening UNIX socket. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Exploit Title: Nagios Core qh_echo Denial of Service | |
| # Date: 2018-07-09 | |
| # Exploit Author: Fakhri Zulkifli (@d0lph1n98) | |
| # Vendor Homepage: https://www.nagios.org/ | |
| # Software Link: https://www.nagios.org/downloads/nagios-core/ | |
| # Version: 4.4.1 and earlier | |
| # Tested on: 4.4.1 | |
| # CVE : CVE-2018-13457 | |
| qh_echo in Nagios Core 4.4.1 and earlier is prone to a NULL pointer dereference vulnerability, which allows attackers to cause a local denial-of-service condition by sending a crafted payload to the listening UNIX socket. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Exploit Title: QEMU Guest Agent Denial of Service | |
| # Date: 2018-06-07 | |
| # Exploit Author: Fakhri Zulkifli (@d0lph1n98) | |
| # Vendor Homepage: https://www.qemu.org/ | |
| # Software Link: https://www.qemu.org/download/ | |
| # Version: 2.12.50 and earlier | |
| # Tested on: 2.12.50 | |
| # CVE : CVE-2018-12617 | |
| QEMU Guest Agent 2.12.50 and earlier has an integer overflow causing a g_malloc0() call to trigger a segfault() call when trying to allocate a large memory chunk. The vulnerability can be exploited by sending a specific QMP command to the agent via the listening socket. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Exploit Title: ntpq and ntpdc 4.2.8p11 Local Buffer Overflow | |
| # Date: 2018-06-06 | |
| # Exploit Author: Fakhri Zulkifli (@d0lph1n98) | |
| # Vendor Homepage: http://www.ntp.org/ | |
| # Software Link: http://www.ntp.org/downloads.html | |
| # Version: 4.2.8p11 and earlier | |
| # Tested on: 4.2.8p11 | |
| # CVE : CVE-2018-12327 | |
| Stack-based buffer overflow in ntpq and ntpdc of NTP version 4.2.8p11 allows a local attacker to achieve code execution or escalate to higher privileges via a long string as the argument for an IPv4 or IPv6 command-line parameter. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Exploit Title: Redis-cli Buffer Overflow | |
| # Date: 2018-06-13 | |
| # Exploit Author: Fakhri Zulkifli (@d0lph1n98) | |
| # Vendor Homepage: https://redis.io/ | |
| # Software Link: https://redis.io/download | |
| # Version: 5.0, 4.0, 3.2 | |
| # Fixed on: 5.0, 4.0, 3.2 | |
| # CVE : CVE-2018-12326 | |
| Buffer overflow in redis-cli of Redis version 3.2, 4.0, and 5.0 allows a local attacker to achieve code execution and escalate to higher privileges via a long string in the hostname parameter. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Exploit Title: Redis 5.0 Denial of Service | |
| # Date: 2018-06-13 | |
| # Exploit Author: Fakhri Zulkifli (@d0lph1n98) | |
| # Vendor Homepage: https://redis.io/ | |
| # Software Link: https://redis.io/download | |
| # Version: 5.0 | |
| # Fixed on: 5.0 | |
| # CVE : CVE-2018-12453 | |
| Type confusion in the xgroupCommand function in t_stream.c in redis-server in Redis before 5.0 allows remote attackers to cause denial-of-service via an XGROUP command in which the key is not a stream. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python | |
| # -*- coding: utf-8 -*- | |
| import os | |
| import sys | |
| import errno | |
| from datetime import datetime | |
| from time import time | |
| rootdir = os.getcwd() |
fakhrizulkifli
/ xss_clean.php
Created
May 29, 2014 11:12
— forked from mbijon/xss_clean.php
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| * XSS filter | |
| * | |
| * This was built from numerous sources | |
| * (thanks all, sorry I didn't track to credit you) | |
| * | |
| * It was tested against *most* exploits here: http://ha.ckers.org/xss.html | |
| * WARNING: Some weren't tested!!! | |
| * Those include the Actionscript and SSI samples, or any newer than Jan 2011 | |
| * |
NewerOlder