Version 0.1
6th December 2014
This is very much a draft - there are many security, privacy and performance considerations
#!/usr/bin/env python | |
# CS-Cart session brute force exploit for v4.2.0 | |
# see https://www.nikcub.com/posts/cs-cart-v4-2-0-session-hijacking-and-other-vulnerabilities/ | |
import sys | |
import requests | |
import argparse | |
import re | |
import string | |
import random |
<!-- | |
Exploit for Disqus for Wordpress admin stored CSRF+XSS up to v2.7.5 | |
Blog post explainer: https://www.nikcub.com/posts/multiple-vulnerabilities-in-disqus-wordpress-plugin/ | |
12th August 2014 | |
Nik Cubrilovic - www.nikcub.com | |
Most of these params are unfiltered/injectable. Not framable on newer Wordpress. |
$ids = array_map('trim', $_POST['ids']); | |
$ids = array_map('intval', $ids); | |
$ids = implode(',', array_values($ids)); | |
$db->query("SELECT * from table where id IN(" . $ids . ")"); |
Legal docs at: http://files.nikcub.com/sr/
18 Feb 2014 - BlackHat Call for Papers opens [[1][1]]
04 Apr 2014 - BlackHat call for papers closes [[1][1]]
21 May 2014 - "You don't have to be the NSA to break Tor: Deanonymizing users on a buget" appears on BlackHat schedule [[2][2]]
I hereby claim:
To claim this, I am signing this object:
Plugin multi-meta-box found running on commercial Wordpress install. First line of code in the first file (line 10 overall) is a straight forward SQLi.
Chrome install - drag + drop onto extensions window at chrome://extensions
{ | |
"created_at": "Mon May 30 07:55:10 +0000 2016", | |
"id": 737190602110963712, | |
"id_str": "737190602110963712", | |
"text": "URL shorteners. Again. Everyone with an inch of clue said these things were a bad idea from day 1. https:\/\/t.co\/R7AHg9Iltx", | |
"truncated": false, | |
"entities": { | |
"hashtags": [], | |
"symbols": [], | |
"user_mentions": [], |
This script will install the latest version of the 2.7.x branch of Python alongside the system Python in the users local directory and it will symlink all the binaries in ~/bin
Any app or daemon that you require to run with the latest Python just run it as either the separate user or make sure it is running from the Python linked into `/bin
install-python.sh <version> <path>