CHT漏洞数据库
记录包含各种WordPress/Windows/PHP/Linux等各种系统漏洞或模板。
15,047个主题在此版块
-
- 0 篇回复
- 979 次查看
# Exploit Title: Wordpress Plugin 3dady real-time web stats 1.0 - Stored Cross Site Scripting (XSS) # Google Dork: inurl:/wp-content/plugins/3dady-real-time-web-stats/ # Date: 2022-08-24 # Exploit Author: UnD3sc0n0c1d0 # Vendor Homepage: https://profiles.wordpress.org/3dady/ # Software Link: https://downloads.wordpress.org/plugin/3dady-real-time-web-stats.zip # Category: Web Application # Version: 1.0 # Tested on: Debian / WordPress 6.0.1 # CVE : N/A # 1. Technical Description: The 3dady real-time web stats WordPress plugin is vulnerable to stored XSS. Specifically in the dady_input_text and dady2_input_text fields because the user's input is not properly sanitized whic…
0X01001的最后回复, -
- 0 篇回复
- 490 次查看
# Exploit Title: Wordpress Plugin ImageMagick-Engine 1.7.4 - Remote Code Execution (RCE) (Authenticated) # Google Dork: inurl:"/wp-content/plugins/imagemagick-engine/" # Date: Thursday, September 1, 2022 # Exploit Author: ABDO10 # Vendor Homepage: https://wordpress.org/plugins/imagemagick-engine/ # Software Link: https://github.com/orangelabweb/imagemagick-engine/ # Version: <= 1.7.4 # Tested on: windows 10 -- vulnerable section https://github.com/orangelabweb/imagemagick-engine/commit/73c1d837e0a23870e99d5d1470bd328f8b2cbcd4#diff-83bcdfbbb7b8eaad54df4418757063ad8ce7f692f189fdce2f86b2fe0bcc0a4dR529 -- payload on windows: d&calc.exe&anything -- on unix : notif…
HACK1949的最后回复, -
- 0 篇回复
- 225 次查看
1.MS14-068 kerberos认证,no PAC 用户在向 Kerberos 密钥分发中心(KDC)申请TGT(由票据授权服务产生的身份凭证)时,可以伪造自己的 Kerberos 票据 漏洞效果: 将任意域用户提升到域管权限 利用条件: 1.小于2012R2的域控 没有打MS14-068的补丁(KB3011780) 2.拿下一台加入域的计算机 3.有这台域内计算机的域用户密码和Sid 利用方式: 在《Kerberos认证及过程中产生的攻击》一文中有详细讲 这可以看 https://cloud.tencent.com/developer/article/1760132 2.CVE-2020-1472 NetLogon特权提升漏洞(CVE-2020-1472)是一个windows域控中严重的远程权限提升漏洞。 Netlogon使用的AES认证算法中的vi向量默认为0,导致攻击者可以绕过认证,同时其设置域控密码的远程接口也使用了该函数,导致 以将域控机器用户的password设置为空。 这样我们就可…
KaiWn的最后回复, -
- 0 篇回复
- 197 次查看
#!/usr/bin/python # Exploit Title: AnyBurn x86 - Denial of Service (DoS) # Date: 30-01-2019 # Exploit Author: Dino Covotsos - Telspace Systems # Vendor Homepage: http://www.anyburn.com/ # Version: 4.3 (32-bit) # Software Link : http://www.anyburn.com/anyburn_setup.exe # Contact: services[@]telspace.co.za # Twitter: @telspacesystems (Greets to the Telspace Crew) # Tested Version: 4.3 (32-bit) # Tested on: Windows XP SP3 ENG x86 # Note: The other exploitation field in Anyburn was discovered by Achilles # CVE: TBC from Mitre # Created in preparation for OSCE - DC - Telspace Systems # DOS PoC: # 1.) Generate exploit.txt, copy the contents to clipboard # 2.) In the application…
Tenfk的最后回复, -
- 0 篇回复
- 148 次查看
# Exploit Title: Necrosoft DIG v0.4 - Denial of Service (PoC) SEH overwritten Crash PoC # Discovery by: Rafael Pedrero # Discovery Date: 2005-01-10 # Vendor Homepage: http://www.nscan.org/?index=dns # Software Link : http://www.nscan.org/?index=dns # Tested Version: 0.4 # Tested on: Windows XP SP3 # Vulnerability Type: Denial of Service (DoS) Local Buffer Overflow # Steps to Produce the Crash: # 1.- Run Necrosoft DIG v0.4 (dig.exe) # 2.- copy content DIG_Crash.txt to clipboard (result from this python script) # 3.- Paste the content into the field: 'Target' # 4.- Click 'TCP lookup' button and you will see a crash. ''' SEH chain of thread 000003CC Address SE handler …
Tenfk的最后回复, -
.thumb.jpg.26764a69083eb4469b6d18365588b559.jpg)
- 0 篇回复
- 151 次查看
#!/usr/bin/python # Exploit Title: AnyBurn x86 - Denial of Service (DoS) # Date: 30-01-2019 # Exploit Author: Dino Covotsos - Telspace Systems # Vendor Homepage: http://www.anyburn.com/ # Version: 4.3 (32-bit) # Software Link : http://www.anyburn.com/anyburn_setup.exe # Contact: services[@]telspace.co.za # Twitter: @telspacesystems (Greets to the Telspace Crew) # Tested Version: 4.3 (32-bit) # Tested on: Windows XP SP3 ENG x86 # Note: The other exploitation field in Anyburn was discovered by Achilles # CVE: TBC from Mitre # Created in preparation for OSCE - DC - Telspace Systems # DOS PoC: # 1.) Generate exploit.txt, copy the contents to clipboard # 2.) In the application…
尖REN的最后回复, -
- 0 篇回复
- 141 次查看
# Exploit Title: Necrosoft DIG v0.4 - Denial of Service (PoC) SEH overwritten Crash PoC # Discovery by: Rafael Pedrero # Discovery Date: 2005-01-10 # Vendor Homepage: http://www.nscan.org/?index=dns # Software Link : http://www.nscan.org/?index=dns # Tested Version: 0.4 # Tested on: Windows XP SP3 # Vulnerability Type: Denial of Service (DoS) Local Buffer Overflow # Steps to Produce the Crash: # 1.- Run Necrosoft DIG v0.4 (dig.exe) # 2.- copy content DIG_Crash.txt to clipboard (result from this python script) # 3.- Paste the content into the field: 'Target' # 4.- Click 'TCP lookup' button and you will see a crash. ''' SEH chain of thread 000003CC Address SE handler …
尖REN的最后回复, -
- 0 篇回复
- 150 次查看
# Exploit Title: a-Mac Address Change v5.4 - Denial of Service (PoC) # Discovery by: Rafael Pedrero # Discovery Date: 2019-01-30 # Vendor Homepage: http://amac.paqtool.com/ # Software Link : http://amac.paqtool.com/ # Tested Version: 5.4 # Tested on: Windows XP SP3 # Vulnerability Type: Denial of Service (DoS) Local Buffer Overflow # Steps to Produce the Crash: # 1.- Run amac.exe # 2.- copy content amac_Crash.txt or 212 "A" to clipboard (result from this python script) # 3.- Go to Register - Amac Register Form and paste the result in all fields: "Your Name", "Your Company", "Register Code" # 4.- Click in Register button and you will see a crash. #!/usr/bin/env python c…
Tenfk的最后回复, -
- 0 篇回复
- 128 次查看
#!/usr/bin/python # Exploit Title: AnyBurn x86 - Denial of Service (DoS) # Date: 30-01-2019 # Exploit Author: Dino Covotsos - Telspace Systems # Vendor Homepage: http://www.anyburn.com/ # Version: 4.3 (32-bit) # Software Link : http://www.anyburn.com/anyburn_setup.exe # Contact: services[@]telspace.co.za # Twitter: @telspacesystems (Greets to the Telspace Crew) # Tested Version: 4.3 (32-bit) # Tested on: Windows XP SP3 ENG x86 # Note: The other exploitation field in Anyburn was discovered by Achilles # CVE: TBC from Mitre # Created in preparation for OSCE - DC - Telspace Systems # DOS PoC: # 1.) Generate exploit.txt, copy the contents to clipboard # 2.) In the application…
Xiao7的最后回复, -
- 0 篇回复
- 120 次查看
#!/usr/bin/python # Exploit Title: R i386 3.5.0 - Local Buffer Overflow (SEH) # Date: 30/01/2019 # Exploit Author: Dino Covotsos - Telspace Systems # Vendor Homepage: https://www.r-project.org/ # Version: 3.5.0 # Software Link: https://cran.r-project.org/bin/windows/base/old/3.5.0/R-3.5.0-win.exe # Contact: services[@]telspace.co.za # Twitter: @telspacesystems (Greets to the Telspace Crew) # Version: 3.5.0 # Tested on: Windows XP Prof SP3 ENG x86 # Note: SEH exploitation method (SEH + DEP Bypass exploit for Windows 7 x86 by Bzyo available on exploit-db) # CVE: TBC from Mitre # Created in preparation for OSCE - DC - Telspace Systems # PoC: # 1.) Generate exploit.txt, copy …
Tenfk的最后回复, -
# Exploit Title: Advanced Host Monitor 11.90 Beta - 'Registration number' Denial of Service (PoC) # Discovery by: Luis Martinez # Discovery Date: 2019-01-30 # Vendor Homepage: https://www.ks-soft.net # Software Link : https://www.ks-soft.net/download/hm1190.exe # Tested Version: 11.90 Beta # Vulnerability Type: Denial of Service (DoS) Local # Tested on OS: Windows 10 Pro x64 es # Steps to Produce the Crash: # 1.- Run python code : python Advanced_Host_Monitor_11.90_Beta.py # 2.- Open Advanced_Host_Monitor_11.90_Beta.txt and copy content to clipboard # 3.- Open HostMonitor # 4.- Help -> License... # 5.- Register Now # 6.- Name (Organization): -> l4m5 # 7.- Paste Cl…
Tenfk的最后回复, -
- 0 篇回复
- 124 次查看
# Exploit Title: Necrosoft DIG v0.4 - Denial of Service (PoC) SEH overwritten Crash PoC # Discovery by: Rafael Pedrero # Discovery Date: 2005-01-10 # Vendor Homepage: http://www.nscan.org/?index=dns # Software Link : http://www.nscan.org/?index=dns # Tested Version: 0.4 # Tested on: Windows XP SP3 # Vulnerability Type: Denial of Service (DoS) Local Buffer Overflow # Steps to Produce the Crash: # 1.- Run Necrosoft DIG v0.4 (dig.exe) # 2.- copy content DIG_Crash.txt to clipboard (result from this python script) # 3.- Paste the content into the field: 'Target' # 4.- Click 'TCP lookup' button and you will see a crash. ''' SEH chain of thread 000003CC Address SE handler …
Xiao7的最后回复, -
- 0 篇回复
- 129 次查看
#!/usr/bin/python # Exploit Title: AnyBurn x86 - Denial of Service (DoS) # Date: 30-01-2019 # Exploit Author: Dino Covotsos - Telspace Systems # Vendor Homepage: http://www.anyburn.com/ # Version: 4.3 (32-bit) # Software Link : http://www.anyburn.com/anyburn_setup.exe # Contact: services[@]telspace.co.za # Twitter: @telspacesystems (Greets to the Telspace Crew) # Tested Version: 4.3 (32-bit) # Tested on: Windows XP SP3 ENG x86 # Note: The other exploitation field in Anyburn was discovered by Achilles # CVE: TBC from Mitre # Created in preparation for OSCE - DC - Telspace Systems # DOS PoC: # 1.) Generate exploit.txt, copy the contents to clipboard # 2.) In the application…
剑道尘心的最后回复, -
- 0 篇回复
- 121 次查看
# Exploit Title: a-Mac Address Change v5.4 - Denial of Service (PoC) # Discovery by: Rafael Pedrero # Discovery Date: 2019-01-30 # Vendor Homepage: http://amac.paqtool.com/ # Software Link : http://amac.paqtool.com/ # Tested Version: 5.4 # Tested on: Windows XP SP3 # Vulnerability Type: Denial of Service (DoS) Local Buffer Overflow # Steps to Produce the Crash: # 1.- Run amac.exe # 2.- copy content amac_Crash.txt or 212 "A" to clipboard (result from this python script) # 3.- Go to Register - Amac Register Form and paste the result in all fields: "Your Name", "Your Company", "Register Code" # 4.- Click in Register button and you will see a crash. #!/usr/bin/env python c…
尖REN的最后回复, -
- 0 篇回复
- 132 次查看
#!/usr/bin/python # Exploit Title: R i386 3.5.0 - Local Buffer Overflow (SEH) # Date: 30/01/2019 # Exploit Author: Dino Covotsos - Telspace Systems # Vendor Homepage: https://www.r-project.org/ # Version: 3.5.0 # Software Link: https://cran.r-project.org/bin/windows/base/old/3.5.0/R-3.5.0-win.exe # Contact: services[@]telspace.co.za # Twitter: @telspacesystems (Greets to the Telspace Crew) # Version: 3.5.0 # Tested on: Windows XP Prof SP3 ENG x86 # Note: SEH exploitation method (SEH + DEP Bypass exploit for Windows 7 x86 by Bzyo available on exploit-db) # CVE: TBC from Mitre # Created in preparation for OSCE - DC - Telspace Systems # PoC: # 1.) Generate exploit.txt, copy …
尖REN的最后回复, -
#!/usr/bin/python # Exploit Title: UltraISO 9.7.1.3519 - Local Buffer Overflow (SEH) # Date: 30/01/2019 # Exploit Author: Dino Covotsos - Telspace Systems # Vendor Homepage: https://www.ultraiso.com/ # Version: 9.7.1.3519 # Software Link: https://www.ultraiso.com/download.html # Contact: services[@]telspace.co.za # Twitter: @telspacesystems (Greets to the Telspace Crew) # Tested on: Windows XP Prof SP3 ENG x86 # CVE: TBC from Mitre # Thanks to Francisco Ramirez for the original Windows 10 x64 DOS. # Created in preparation for OSCE - DC - Telspace Systems # PoC: # 1.) Generate exploit.txt, copy the content to clipboard # 2.) In the application, click "Make CD/DVD Image" #…
Tenfk的最后回复, -
# Exploit Title: Advanced Host Monitor 11.90 Beta - 'Registration number' Denial of Service (PoC) # Discovery by: Luis Martinez # Discovery Date: 2019-01-30 # Vendor Homepage: https://www.ks-soft.net # Software Link : https://www.ks-soft.net/download/hm1190.exe # Tested Version: 11.90 Beta # Vulnerability Type: Denial of Service (DoS) Local # Tested on OS: Windows 10 Pro x64 es # Steps to Produce the Crash: # 1.- Run python code : python Advanced_Host_Monitor_11.90_Beta.py # 2.- Open Advanced_Host_Monitor_11.90_Beta.txt and copy content to clipboard # 3.- Open HostMonitor # 4.- Help -> License... # 5.- Register Now # 6.- Name (Organization): -> l4m5 # 7.- Paste Cl…
尖REN的最后回复, -
- 0 篇回复
- 116 次查看
# Exploit Title: Necrosoft DIG v0.4 - Denial of Service (PoC) SEH overwritten Crash PoC # Discovery by: Rafael Pedrero # Discovery Date: 2005-01-10 # Vendor Homepage: http://www.nscan.org/?index=dns # Software Link : http://www.nscan.org/?index=dns # Tested Version: 0.4 # Tested on: Windows XP SP3 # Vulnerability Type: Denial of Service (DoS) Local Buffer Overflow # Steps to Produce the Crash: # 1.- Run Necrosoft DIG v0.4 (dig.exe) # 2.- copy content DIG_Crash.txt to clipboard (result from this python script) # 3.- Paste the content into the field: 'Target' # 4.- Click 'TCP lookup' button and you will see a crash. ''' SEH chain of thread 000003CC Address SE handler …
剑道尘心的最后回复, -
- 0 篇回复
- 131 次查看
#!/usr/bin/python # Exploit Title: AnyBurn x86 - Denial of Service (DoS) # Date: 30-01-2019 # Exploit Author: Dino Covotsos - Telspace Systems # Vendor Homepage: http://www.anyburn.com/ # Version: 4.3 (32-bit) # Software Link : http://www.anyburn.com/anyburn_setup.exe # Contact: services[@]telspace.co.za # Twitter: @telspacesystems (Greets to the Telspace Crew) # Tested Version: 4.3 (32-bit) # Tested on: Windows XP SP3 ENG x86 # Note: The other exploitation field in Anyburn was discovered by Achilles # CVE: TBC from Mitre # Created in preparation for OSCE - DC - Telspace Systems # DOS PoC: # 1.) Generate exploit.txt, copy the contents to clipboard # 2.) In the application…
KaiWn的最后回复, -
- 0 篇回复
- 122 次查看
# Exploit Title: a-Mac Address Change v5.4 - Denial of Service (PoC) # Discovery by: Rafael Pedrero # Discovery Date: 2019-01-30 # Vendor Homepage: http://amac.paqtool.com/ # Software Link : http://amac.paqtool.com/ # Tested Version: 5.4 # Tested on: Windows XP SP3 # Vulnerability Type: Denial of Service (DoS) Local Buffer Overflow # Steps to Produce the Crash: # 1.- Run amac.exe # 2.- copy content amac_Crash.txt or 212 "A" to clipboard (result from this python script) # 3.- Go to Register - Amac Register Form and paste the result in all fields: "Your Name", "Your Company", "Register Code" # 4.- Click in Register button and you will see a crash. #!/usr/bin/env python c…
Xiao7的最后回复,
