«
Expand/Collapse
1778 items tagged "php"
Related tags:
style sheet language [+],
service vulnerability [+],
red hat security [+],
red [+],
cross [+],
apache http server [+],
php version [+],
disclosure [+],
day [+],
cms [+],
vulnerability [+],
phar [+],
pdo [+],
invision [+],
information disclosure vulnerability [+],
file upload [+],
arbitrary command [+],
web applications [+],
version 6 [+],
stream [+],
php file [+],
mandriva [+],
linux [+],
information [+],
buffer [+],
based buffer overflow [+],
tar [+],
sugarcrm [+],
server [+],
scandir [+],
openssl [+],
mybb [+],
injection [+],
http [+],
function buffer overflow [+],
drupal [+],
cross site scripting [+],
c heap [+],
buyclassifiedscript [+],
apache [+],
zero day [+],
wp property [+],
wordpress [+],
webapps [+],
web gateway [+],
secure communications [+],
secure [+],
scripts [+],
prado [+],
php apache [+],
page parameter [+],
open [+],
monitor [+],
memory access violation [+],
local buffer overflow [+],
invision power board [+],
information disclosure [+],
index [+],
implementations [+],
guestbook scripts [+],
guestbook [+],
event calendar [+],
diff [+],
communications library [+],
communications [+],
calendar [+],
basilic [+],
announcements [+],
xoda [+],
weevely [+],
webserver user [+],
webpagetest [+],
web shell [+],
voip pbx [+],
unicode characters [+],
tickets [+],
sudo [+],
sql [+],
spywall [+],
simple [+],
script shell [+],
remote shell [+],
read [+],
protection mechanism [+],
proof of concept [+],
power [+],
php scripting language [+],
php script [+],
php header [+],
pbot [+],
news script [+],
news [+],
metasploit [+],
memory [+],
mandriva linux [+],
malicious user [+],
linux security [+],
linux distributions [+],
joseph [+],
jay turla [+],
irc [+],
ip board [+],
infosec institute [+],
imanager [+],
header [+],
funeral [+],
framework [+],
foxypress [+],
forum php [+],
forum [+],
flaw [+],
elastix [+],
egallery [+],
cve [+],
crypt function [+],
com [+],
classifieds ads [+],
classifieds [+],
checkinstall [+],
board [+],
blogging software [+],
basedir [+],
attacker [+],
astium [+],
application testing [+],
ajaxplorer [+],
accessable [+],
access violation [+],
access [+],
Support [+],
code execution [+],
web root [+],
visapi [+],
unserialize [+],
sql injection [+],
sapi [+],
request [+],
remote [+],
profile [+],
php source code [+],
openconstructor [+],
nagios [+],
money books [+],
money [+],
mobilecartly [+],
mbb [+],
jobsite [+],
fuzzing [+],
fuzz [+],
framework version [+],
format string [+],
file php [+],
extension [+],
ext [+],
exploits [+],
empirecms [+],
dokeos [+],
bypass [+],
action [+],
code [+],
script [+],
zero [+],
zenphoto [+],
wget [+],
vulnerability note [+],
vulnerabilities [+],
vertrigoserv [+],
unzip [+],
traversal [+],
tomatocart [+],
stefan esser [+],
statusfilter [+],
ssl certificates [+],
sql commands [+],
spl [+],
spip [+],
spellchecker [+],
source code analysis [+],
source [+],
sonicwall [+],
smarty [+],
site php [+],
site [+],
security audits [+],
scrutinizer [+],
savepage [+],
sapid cms [+],
saltos [+],
root path [+],
root [+],
ron [+],
request headers [+],
remote file include vulnerability [+],
register [+],
read vulnerability [+],
q parameter [+],
projectpier [+],
poc [+],
pillage [+],
phptax [+],
phpmyfaq [+],
phpmyadmin [+],
php gallery [+],
php api [+],
paw [+],
path parameter [+],
path [+],
patch [+],
parameter [+],
pagee [+],
page [+],
owncloud [+],
news articles [+],
nbsp [+],
moneris [+],
lostpasswd [+],
json [+],
installation path [+],
input validation [+],
index files [+],
hash collision [+],
git [+],
gallery [+],
full disclosure [+],
form [+],
flogr [+],
flash [+],
filemanager [+],
fckeditor [+],
exif [+],
execution [+],
empire [+],
embryocore [+],
editpost [+],
easyitsp [+],
dsa [+],
drawimage [+],
download [+],
dokuwiki [+],
directory traversal vulnerability [+],
directory traversal [+],
directory [+],
denial [+],
dell sonicwall [+],
debian [+],
crypt [+],
core [+],
configuration file [+],
component [+],
cli [+],
classified ads [+],
classified [+],
church [+],
chaos communication congress [+],
bugtraq [+],
bookmark [+],
book group [+],
book [+],
autoload [+],
authentication [+],
attackers [+],
arbitrary web [+],
arbitrary [+],
api [+],
apc [+],
android [+],
alternative [+],
album [+],
address [+],
adam [+],
Pentesting [+],
arbitrary code execution [+],
script php [+],
denial of service [+],
security [+],
file [+],
command execution [+],
buffer overflow vulnerability [+],
web [+],
upload [+],
php code [+],
event [+],
zylone,
ziparchive,
zip extension,
zip,
zephyrus cms,
zephyrus,
zend engine,
zend,
zaki cms,
zaki,
zabbix,
ypninc,
y serendipity,
xss,
xor,
xoops,
xmlrpc,
xml rpc,
xml,
xigroup,
xcat,
xbtit,
xampp,
x86 linux,
x links,
wsh,
wscms,
wp lytebox,
wp admin,
win,
whmcs,
whizzy,
whitepaper,
wespa,
webthaiapp,
website,
webrcsdiff,
webkatalog,
webinspire,
webid,
weberp,
webedition,
webdav,
webcms,
webcalendar,
webboard,
web sql,
web solutions,
web solution,
web server,
web scripts,
web script,
web products,
web photo album,
web monitor,
web messenger,
web interface,
web art,
web application security,
web application,
wares,
wafer,
vuln,
volunteer management system,
volunteer management,
volunteer,
visitor logger,
visitor,
virus detection,
virtuemart,
virtualismi,
village,
viewver,
viewtopic,
viewpost,
view,
vidiscript,
video script,
video,
versions,
version,
vbulletin,
vbseo,
validator,
validate,
v cms,
usn,
user,
use,
usa,
url,
uri,
uploadvideos,
uploader,
upload php,
upgrade,
unserializer,
universal web,
universal,
ultravintage,
ultimate,
ugia,
ubuntu,
txt,
try,
trojans,
trixbox,
triburom,
traverser,
transliterate,
transfer manager,
transfer,
trainers,
traidnt,
trading,
traceable,
topbiz,
top,
timthumb,
timeclock software,
ticket system,
ticket,
thumb,
thehostingtool,
tgz,
textpattern,
tempnam,
technology,
tcw,
target,
tar gz,
tactivefileupload,
systems,
system versions,
system v1,
system modules,
system input,
system 1,
system,
syrian,
syntax,
synology,
symlink,
svn,
survey creator,
supernews,
suite,
suhosin,
substr,
subkarma,
strtod,
string type,
strcut,
str,
storefronts,
store,
stonedetails,
step,
statistics,
station photo,
state,
stack buffer,
stack,
sst,
ssa,
squadra,
sqlite,
sqlinfospider,
sql queries,
sql news,
sql code,
splobjectstorage,
spidanews,
sphider,
speedy,
southburn,
source code,
sonucozet,
solution,
software sql,
softbiz,
socket,
socialware,
snortreport,
snooping,
snografx,
snapproof,
smartplugs,
smartcms,
small,
slooze,
slogin,
slogan,
slideshowpro,
sleep mode,
skadate,
sites,
siteframe,
site software,
simploo,
simplephpweb,
silverplane,
signatures,
sid,
showgallery,
show,
shoutcms,
shortcms,
shopzilla,
shopping,
shop cart,
shop,
shmop,
shipkey,
sheller,
shell metacharacters,
shell,
sezioni,
setup script,
setup php,
setsymbol,
seti home,
seti,
session management,
session files,
session encryption,
session,
services menu,
service,
serendipity,
seo,
sell,
security vulnerability,
security vulnerabilities,
security summary,
security measures,
securimage,
secureurl,
section,
searchresult,
searchautocomplete,
search bible,
search,
script version,
script sql,
script injection,
script gallery,
script error,
script directory,
script code,
scheda,
scanners,
scanner,
sardus,
sana,
sajax,
sahana,
safe mode,
saa,
s.a.r.l el mithak,
s parameter,
rus,
runtime,
rubrique,
rop,
rogiobiz,
rng,
ringtone,
ricetta,
rhinos,
rfi,
retired,
restriction,
resin,
reset password,
rental,
remote security,
remote exploit,
remote admin,
reminder,
regression,
registry,
register globals,
recipes,
realty,
realestate,
realadmin,
real estate listing,
real estate,
real,
read id,
ravviva,
rapidkill,
raphael geisert,
random number generator,
quotes,
quickphp,
quickdev,
quick,
question,
query string,
query function,
query engine,
query,
quadri,
qry,
punbb,
publifarm,
pseudorandom number generator,
protecting,
property,
proof,
promiscuous,
project,
program,
proftp,
profileinfo,
product list,
product catalog,
product,
prodotto,
prodotti,
process,
proc,
pro forum,
privilege,
privat,
printview,
print,
precision products,
precision,
preauth,
pre,
posix,
portals,
portal script,
portal,
popup,
poll index,
poll,
poisoning,
pointter,
pointer,
point,
pmwiki,
plus,
player,
play,
platinum,
place,
picture,
phuploader,
phpscheduleit,
phprs,
phpplanner,
phportal,
phpmv,
phpmoneybooks,
phplist,
phpldapadmin,
phpkit,
phpjackal,
phpid,
phpfk,
phpdirector,
phpcoin,
phpcms,
phpbb2,
phpbb,
phpauctionsystem,
php5,
php zend,
php web,
php vulnerability,
php versions,
php variables,
php uploader,
php upload,
php sql,
php shell,
php session,
php scripts,
php project,
php nuke modules,
php nuke module,
php nuke,
php news,
php mailer,
php kit,
php interpreter,
php index,
php guestbook,
php gd,
php fusion,
php functions,
php forum script,
php forum,
php form,
php files,
php extension,
php email,
php content management system,
php content management,
php captcha,
php board,
php asp,
php applications,
php 5,
php 4,
photopost,
photogallery,
photo station,
photo one,
photo gallery,
photo album,
photo,
phonecdirectory,
phonebook,
phalbum,
ph5,
pfd,
pec,
pdf,
payload,
password,
papeeteonline,
pagina,
pages,
padasoft,
oxygen,
overflow vulnerability,
overflow,
osticket,
osdate,
oscommerce,
optimized c,
openx,
openconf,
opcode,
online,
onepound,
omnitec,
omegabill,
olonet,
object c,
nusoap,
numberformatter,
null pointer,
null character,
null bytes,
null,
nuke,
novatek,
norinco,
niveldigital,
newsletter version,
newsletter administrator,
newsletter,
newsdettaglio,
newsdesc,
news php,
news item,
new,
networld,
netvidade,
netstart,
netcatphpshell,
name,
nabernet,
mysqlnd,
mysql,
myphpnuke,
myldlinker,
mybusinessadmin,
muzedon,
multiple buffer overflow,
multiple,
multimedia,
multibyte character,
multibyte,
multi,
mrw,
mrcgiguy,
mops,
month,
module,
modelbook,
model kits,
mode restriction,
mode,
mod,
mktba,
mkfifo,
mjb,
misc,
minicms,
mini,
mime decode,
mike silverman,
midicart,
mevin,
metinfo,
methodologies,
memory usage,
memory limit,
memory leak,
memory corruption,
membership,
member profile,
member,
megavideo,
mediawiki,
mdvsa,
mblogger,
may,
max,
maticmarket,
mateusz kocielski,
matchmaker,
mass mailer,
martin barbella,
mantisbt,
manager version,
manager v1,
manager script,
manager pro,
manager plugin,
manager component,
manager,
management version,
management,
mambohelpdesk,
malicious users,
malicious payload,
malformed,
makemedia,
mainick,
main,
mailers,
mailer,
mail,
lowbids,
loop,
login script,
login attempts,
login,
logger,
log,
local resources,
local,
lob,
load,
llc,
live,
listing,
listevents,
listendifferent,
list,
lionwiki,
links,
link manager,
link directory,
link ads,
link,
lightopencms,
lightneasy,
license,
lfi,
lcg,
lava,
langchoice,
lab,
kreativity,
krazy,
koobi,
kolang,
knull,
knowledgetree,
knowledgebase,
kleinanzeigenmarkt,
keyword parameter,
kayako,
kategori,
justvisual,
jtl shop,
jtiny,
jportal,
jpg jpeg,
journal,
joomla,
jokesite,
joke,
jobs,
jedit,
jce tech,
javascript event handler,
javascript,
irealty,
iphone,
ip range,
inyourlife,
inventory,
intl,
interruption,
internet based,
interactive shell,
integer overflow vulnerability,
integer overflow,
integer,
instances,
install,
inputserialitemsfile,
input variables,
input validation vulnerabilities,
inline image,
infotel,
information leak,
informacion,
indiacon,
inclusion,
inc news,
inc,
imedia,
imap,
images,
image processing,
image manager,
image host,
image,
ignition,
ideas factory,
icloudcenter,
ibrowser,
iboutique,
ibby sql,
ibby,
ibase,
hym,
hyip,
hunter,
httpd daemon,
http referer,
htmlspecialchars,
htmlentities,
html,
htb,
hotel booking system,
hosting directory,
hosting,
horoscopes,
horde,
home web,
home,
homap cms,
holocms,
hlstatsx,
hlstats,
hijacking,
hexjector,
help,
heap corruption,
heap,
header php,
hat,
hastymail,
hashtables,
hash values,
hash value,
hash table,
hash,
hacks,
gunaysoft,
guestbook php,
grzegorz stachowiak,
gruppo,
group,
graphy,
grapheme,
granet,
gradient,
grade book,
grade,
gpc,
goran sql,
goran cross,
goran,
goo gallery,
goo,
globals,
glob,
gist,
gift registry,
gift,
getsymbol,
getpic,
getopt,
getimagesize,
getarchivecomment,
gen,
gd extension,
gbook,
garde,
gamepage,
game id,
game,
gallery script,
gallarific,
galette,
fusion,
funnel web,
funnel,
funkgallery,
functions,
function php,
function,
fulci,
friend,
fremens,
freenas,
free,
fpm,
forum 1,
format string bug,
format,
form php,
forgery,
fns,
flaws,
flash chat,
fixed,
finweb,
filter,
file uploads,
file uploader,
file sharing system,
fiche,
fasites,
faq,
family connections,
family,
false sense of security,
factory,
facebook,
extract,
extcalendar,
exploit,
exhaustive search,
exhaustion,
exec,
evento,
eurosito,
esupport,
estate,
esa,
error,
erotik,
eros,
eremetia,
eregi,
entropy,
enthusiast,
engine,
encoder,
encode,
encaps,
employee timeclock,
empeng,
emlak,
email,
elenco,
elements,
el mithak,
edgephp,
ecshop,
ecocms,
eclosion,
ecard,
e107,
e mall,
e mail,
dynpage,
dynamic program analysis,
dynamic php,
dutch book,
druckansicht,
dpconsulenze,
dpage,
downloadfile,
downloader,
dowgroup,
dow,
dos vulnerability,
dos,
dork,
dompdf,
dolphin,
dolibarr,
discovery,
directory version,
directory software,
directory pathnames,
directory listing,
director,
directive,
diagnose,
devs,
dev,
deutf,
dettaglio,
detalhe,
detail,
designer,
design property,
design flaws,
design,
deltascripts,
dedacom,
decode,
decoda,
dcms,
dbcms,
db connection,
datriks,
dataville,
datasouth,
database access,
database,
data gallery,
dan rosenberg,
d tekweb,
d link,
cultbooking,
cucina,
cubecart,
csrf,
cryptography,
cruxcms,
crs,
cron,
creso,
credentials,
creative content,
crawlability,
crackers,
cpassman,
coupon,
cotonti,
controller class,
contentpage,
content models,
content manager,
content management system,
content management framework,
content,
contact,
consulweb,
connections,
configuration php,
config,
conf,
concrete,
concern over safety,
concern,
concept,
complete system,
communications design,
common,
command shell,
command,
collision,
collections,
coherendz,
cmf,
cmd,
clubpage,
clone,
clearsite,
clearbudget,
classified ads software,
classificados,
class,
cityadmin,
city portal,
city,
cid,
churchinfo,
churchcms,
chrome,
chezola,
checker,
chatlakturk,
chat,
character,
cgi,
cgcraft,
cc checker,
caucho technology,
catalogo,
cat id,
cat,
cart,
carfari,
carbylamine,
car,
captcha,
candid view,
candid,
call time,
call for papers,
calendars,
calendar version,
c format string,
bvcom,
buzlab,
business directory,
business,
build,
bug,
buffer overflow vulnerabilities,
buffer overflow,
bt4,
bsi,
bruteforcer,
brotherscripts,
breach,
boy,
botlu,
boomer,
bookmarks,
booking calendar,
booking,
book 6,
blogging,
blog,
blind,
black box test,
bind,
bigware,
bigthink,
big,
bible search,
bible,
bexfront,
better,
beta,
best real estate,
bbzl,
bbmedia,
bbcode,
battle,
bassanonet,
basic,
base web,
base question,
base interface,
base,
banner,
backdoor,
b classic,
automobile,
auto,
authentication system,
authentication mechanism,
auracms,
auktionshaus,
auktion,
auctions,
auction script,
auction forum,
auction,
atividades,
atacimo,
asp,
askme,
articolo,
article,
art studio,
art info,
array variables,
array,
argument,
arduino,
ardeacore,
arcade,
arbitrary values,
arbitrary html,
arbitrary commands,
arbitrary code,
apt webshop system,
apps,
apprain,
application crash,
aphpkb,
apboard,
ap 7,
answer,
annuaire,
ani shell,
ani,
andy,
altogrado,
alstrasoft,
alpha1,
alpha,
alibaba,
akmed,
ajax,
agenda 2,
agenda,
affiliate script,
affiliate,
advisory,
advertising software,
advanced,
advance,
administrator,
administrative privileges,
administrative password,
administrative,
admin index,
admin,
adherents,
address book view,
address book,
addon,
addiction,
addglob,
addcomment,
activecollab,
access control,
about,
ablespace,
a blog,
Software,
Related,
Newbie,
Issues,
General,
BackTrack,
Area,
4images
Skip to page:
1
2
3
...
8
-
-
16:00
»
SecuriTeam
Dell SonicWALL Scrutinizer 9.0.1 (statusFilter.php q parameter) suffers from SQL Injection vulnerability
-
16:00
»
SecuriTeam
PHP 5.3.10 spl_autoload() Local suffers from denial of service vulnerability.
-
-
16:00
»
SecuriTeam
BuyClassifiedScript suffers from PHP code injection vulnerability
-
4:22
»
Packet Storm Security Exploits
Astium is prone to multiple vulnerabilities. This exploit uses SQL injection to bypass authentication on the login page and get access as an administrator. After that it uploads and executes a PHP script that will modify the "/usr/local/astium/web/php/config.php" script with a reverse shell and run a "sudo /sbin/service astcfgd reload". Version 2.1 build 25399 is affected.
-
4:22
»
Packet Storm Security Recent Files
Astium is prone to multiple vulnerabilities. This exploit uses SQL injection to bypass authentication on the login page and get access as an administrator. After that it uploads and executes a PHP script that will modify the "/usr/local/astium/web/php/config.php" script with a reverse shell and run a "sudo /sbin/service astcfgd reload". Version 2.1 build 25399 is affected.
-
4:22
»
Packet Storm Security Misc. Files
Astium is prone to multiple vulnerabilities. This exploit uses SQL injection to bypass authentication on the login page and get access as an administrator. After that it uploads and executes a PHP script that will modify the "/usr/local/astium/web/php/config.php" script with a reverse shell and run a "sudo /sbin/service astcfgd reload". Version 2.1 build 25399 is affected.
-
-
16:00
»
SecuriTeam
EasyITSP is prone to a security-bypass vulnerability.
-
-
16:00
»
SecuriTeam
Drupal is prone to an arbitrary PHP code-execution and an information-disclosure vulnerability.
-
-
16:00
»
SecuriTeam
Empire CMS is prone to a remote PHP code-execution vulnerability because it fails to properly sanitize user-supplied input.
-
16:00
»
SecuriTeam
PHP Server Monitor is prone to an HTML-injection vulnerability because it fails to properly sanitize user-supplied input before using it in dynamically generated content.
-
-
16:00
»
SecuriTeam
Dokeos is prone to multiple HTML-injection vulnerabilities because the application fails to properly sanitize user-supplied input.
-
-
16:00
»
SecuriTeam
The PHP API of Moneris eSelectPlus is prone to a security-bypass vulnerability because the application fails to properly validate SSL certificates from a server.
-
13:42
»
Packet Storm Security Recent Files
PHP Secure Communications Library is a set of pure PHP implementations of DES, 3DES, RC4, Rijndael, AES, RSA (PKCS#1 compliant [v2.1]), SSH-1, SSH-2, and SFTP.
-
13:42
»
Packet Storm Security Misc. Files
PHP Secure Communications Library is a set of pure PHP implementations of DES, 3DES, RC4, Rijndael, AES, RSA (PKCS#1 compliant [v2.1]), SSH-1, SSH-2, and SFTP.
-
-
15:50
»
Packet Storm Security Exploits
This Metasploit module exploits a php unserialize() vulnerability in Invision IP.Board versions 3.3.4 and below which could be abused to allow unauthenticated users to execute arbitrary code under the context of the webserver user. The dangerous unserialize() exists in the '/admin/sources/base/core.php' script, which is called with user controlled data from the cookie. The exploit abuses the __destruct() method from the dbMain class to write arbitrary PHP code to a file on the Invision IP.Board web directory. The exploit has been tested successfully on Invision IP.Board 3.3.4.
-
15:50
»
Packet Storm Security Recent Files
This Metasploit module exploits a php unserialize() vulnerability in Invision IP.Board versions 3.3.4 and below which could be abused to allow unauthenticated users to execute arbitrary code under the context of the webserver user. The dangerous unserialize() exists in the '/admin/sources/base/core.php' script, which is called with user controlled data from the cookie. The exploit abuses the __destruct() method from the dbMain class to write arbitrary PHP code to a file on the Invision IP.Board web directory. The exploit has been tested successfully on Invision IP.Board 3.3.4.
-
15:50
»
Packet Storm Security Misc. Files
This Metasploit module exploits a php unserialize() vulnerability in Invision IP.Board versions 3.3.4 and below which could be abused to allow unauthenticated users to execute arbitrary code under the context of the webserver user. The dangerous unserialize() exists in the '/admin/sources/base/core.php' script, which is called with user controlled data from the cookie. The exploit abuses the __destruct() method from the dbMain class to write arbitrary PHP code to a file on the Invision IP.Board web directory. The exploit has been tested successfully on Invision IP.Board 3.3.4.
-
-
16:00
»
SecuriTeam
EmpireCMS is prone to a Remote PHP Code Execution Vulnerability
-
-
6:00
»
Carnal0wnage
Ron over at SkullSecurity put out a post on
Using "Git Clone" to get Pwn3DWorth a read if you havent. Unfortunately the key to his post relied on wget and directory listings making it possible to download everything in the /.git/* folders.
unfortunately(?) I dont run into this too often. What i do see is the presence of the /.git/ folder sometimes the config or index files it there but certainly no way to know what's in the object folders (where the good stuff lives)[or so i thought].
So i posed the following to twitter

to which i got two great replies.


The first one pointed me to:
https://github.com/evilpacket/DVCS-Pillage(thanks Kos)
and the second was a shortcut to using the tool by the author (thanks Adam)
DVCS is pretty handy. With it you can pillage accessible GIT, GS and BZR repos. Similar functionality for svn already exists in
metasploit Does it work? yes mostly...an example:
user@ubuntu:~/pentest/DVCS-Pillage$ ./gitpillage.sh www.site.com/.git/
Initialized empty Git repository in /home/user/pentest/DVCS-Pillage/www.site.com/.git/
Getting refs/heads/master
Getting objects/ef/72174d7a5d893XXXXXXXXXXXXXXXXXXXX
Getting index
Getting .gitignore
curl: (22) The requested URL returned error: 404
About to make 245 requests to www.site.com; This could take a while
Do you want to continue? (y/n)y
Getting objects/01/f0d130adf04d66XXXXXXXXXXXXXXXX9e4ddb41
Getting objects/49/403ecc2d8a343da9XXXXXXXXXXXXXXX3f094d9
Getting objects/d3/1195ab0e695f8b89XXXXXXXXXXXXXXXXXa3af5
Getting objects/f9/b926f07XXXXXXXXXXXXXXXXXXXX567cf438c6a
Getting objects/57/78a12e2edebXXXXXXXXXXXXXXXXXXX3f3a0e8d
---snip---
trying to checkout files
error: git checkout-index: unable to read sha1 file of wp-register.php (caad4f2b21c37bXXXXXXXXXXXXXXX81c7949ec4f74e)
#### Potentially Interesting Files ####
wp-admin/export.php - [CHECKED OUT]
wp-admin/includes/export.php - [CHECKED OUT]
wp-admin/setup-config.php - [CHECKED OUT]
wp-config-sample.php - [CHECKED OUT]
wp-config.php - [CHECKED OUT]
wp-settings.php - [CHECKED OUT]
anything useful in there?
user@ubuntu:~/pentest/DVCS-Pillage/www.site.com$ more wp-config.php
/**
* The base configurations of the WordPress.
*
* This file has the following configurations: MySQL settings, Table Prefix,
* Secret Keys, WordPress Language, and ABSPATH. You can find more information b
y
* visiting {@link http://codex.wordpress.org/Editing_wp-config.php Editing
* wp-config.php} Codex page. You can get the MySQL settings from your web host.
*
* This file is used by the wp-config.php creation script during the
* installation. You don't have to use the web site, you can just copy this file
* to "wp-config.php" and fill in the values.
*
* @package WordPress
*/
// ** MySQL settings - You can get this info from your web host ** //
/** The name of the database for WordPress */
define('DB_NAME', 'site_wordpress');
/** MySQL database username */
define('DB_USER', 'site_wp');
/** MySQL database password */
define('DB_PASSWORD', 'XXXXXXXX');
another way to turn a low to pwned :-)
-
-
14:53
»
Packet Storm Security Advisories
Drupal versions prior to 7.16 suffer from arbitrary PHP code execution and information disclosure vulnerabilities. Version 6 is not affected.
-
14:53
»
Packet Storm Security Misc. Files
Drupal versions prior to 7.16 suffer from arbitrary PHP code execution and information disclosure vulnerabilities. Version 6 is not affected.
-
-
17:00
»
SecuriTeam
This allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) gallery_e.php, (2) pageE.php, or (3) pageH.php.
-
-
17:00
»
SecuriTeam
This allow remote attackers to inject arbitrary web script or HTML via the (1) PATH_INFO to calc.php, (2) chat.php, (3) register.php, or (4) index.php in libs/smarty_ajax/; or the (5) page parameter to libs/smarty_ajax/index.php.
-
8:36
»
Packet Storm Security Exploits
This Metasploit module exploits an arbitrary command execution vulnerability in the AjaXplorer 'checkInstall.php' script. All versions of AjaXplorer prior to 2.6 are vulnerable.
-
8:36
»
Packet Storm Security Recent Files
This Metasploit module exploits an arbitrary command execution vulnerability in the AjaXplorer 'checkInstall.php' script. All versions of AjaXplorer prior to 2.6 are vulnerable.
-
8:36
»
Packet Storm Security Misc. Files
This Metasploit module exploits an arbitrary command execution vulnerability in the AjaXplorer 'checkInstall.php' script. All versions of AjaXplorer prior to 2.6 are vulnerable.
-
-
17:00
»
SecuriTeam
This allows remote attackers to obtain sensitive information via (1) a direct request to plugins/visiblehookpoints/index.php, an invalid (2) page or (3) cat parameter to thumbnails.php, an invalid (4) page parameter to usermgr.php, or an invalid (5) newer_than or (6) older_than parameter to search.inc.php, which reveals the installation path in an error message.
-
-
17:00
»
SecuriTeam
This allow remote attackers to execute arbitrary PHP code via a URL in the (1) GLOBALS[root_path] parameter to usr/extensions/get_tree.inc.php or (2) root_path parameter to usr/extensions/get_infochannel.inc.php.
-
-
19:55
»
Packet Storm Security Exploits
This Metasploit module exploits a file upload vulnerability found in XODA 0.4.5. Attackers can abuse the "upload" command in order to upload a malicious PHP file without any authentication, which results in arbitrary code execution. The module has been tested successfully on XODA 0.4.5 and Ubuntu 10.04.
-
19:55
»
Packet Storm Security Recent Files
This Metasploit module exploits a file upload vulnerability found in XODA 0.4.5. Attackers can abuse the "upload" command in order to upload a malicious PHP file without any authentication, which results in arbitrary code execution. The module has been tested successfully on XODA 0.4.5 and Ubuntu 10.04.
-
19:55
»
Packet Storm Security Misc. Files
This Metasploit module exploits a file upload vulnerability found in XODA 0.4.5. Attackers can abuse the "upload" command in order to upload a malicious PHP file without any authentication, which results in arbitrary code execution. The module has been tested successfully on XODA 0.4.5 and Ubuntu 10.04.
-
-
17:00
»
SecuriTeam
The Debian patch for PHP is prone to a security-bypass vulnerability.
-
-
17:00
»
SecuriTeam
ownCloud is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied text.
-
-
17:00
»
SecuriTeam
am4ss is prone to a remote PHP code-injection vulnerability.
-
17:00
»
SecuriTeam
PHP is prone to a remote denial-of-service vulnerability.
-
-
17:00
»
SecuriTeam
MobileCartly is prone to a remote code-execution vulnerability because the application fails to sufficiently sanitize user-supplied input.
-
-
7:34
»
Packet Storm Security Exploits
This Metasploit module allows remote command execution on the PHP IRC bot pbot by abusing the usage of eval() in the implementation of the .php command. In order to work, the data to connect to the IRC server and channel where find pbot must be provided. The module has been successfully tested on the version of pbot analyzed by Jay Turla, and published on Infosec Institute, running over Ubuntu 10.04 and Windows XP SP3.
-
7:34
»
Packet Storm Security Recent Files
This Metasploit module allows remote command execution on the PHP IRC bot pbot by abusing the usage of eval() in the implementation of the .php command. In order to work, the data to connect to the IRC server and channel where find pbot must be provided. The module has been successfully tested on the version of pbot analyzed by Jay Turla, and published on Infosec Institute, running over Ubuntu 10.04 and Windows XP SP3.
-
7:34
»
Packet Storm Security Misc. Files
This Metasploit module allows remote command execution on the PHP IRC bot pbot by abusing the usage of eval() in the implementation of the .php command. In order to work, the data to connect to the IRC server and channel where find pbot must be provided. The module has been successfully tested on the version of pbot analyzed by Jay Turla, and published on Infosec Institute, running over Ubuntu 10.04 and Windows XP SP3.
-
-
17:27
»
Packet Storm Security Exploits
This Metasploit module exploits a vulnerability found in WebPageTest's Upload Feature. By default, the resultimage.php file does not verify the user-supplied item before saving it to disk, and then places this item in the web directory accessable by remote users. This flaw can be abused to gain remote code execution.
-
17:27
»
Packet Storm Security Recent Files
This Metasploit module exploits a vulnerability found in WebPageTest's Upload Feature. By default, the resultimage.php file does not verify the user-supplied item before saving it to disk, and then places this item in the web directory accessable by remote users. This flaw can be abused to gain remote code execution.
-
17:27
»
Packet Storm Security Misc. Files
This Metasploit module exploits a vulnerability found in WebPageTest's Upload Feature. By default, the resultimage.php file does not verify the user-supplied item before saving it to disk, and then places this item in the web directory accessable by remote users. This flaw can be abused to gain remote code execution.
-
-
17:00
»
SecuriTeam
SPIP is prone to a remote PHP code-injection vulnerability.
-
17:00
»
SecuriTeam
php MBB is prone to multiple cross-site scripting and SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data.
-
-
16:17
»
Packet Storm Security Advisories
Mandriva Linux Security Advisory 2012-108 - Unspecified vulnerability in the _php_stream_scandir function in the stream implementation in PHP before 5.3.15 and 5.4.x before 5.4.5 has unknown impact and remote attack vectors, related to an overflow. The SQLite functionality in PHP before 5.3.15 allows remote attackers to bypass the open_basedir protection mechanism via unspecified vectors. The updated packages have been upgraded to the 5.3.15 version which is not vulnerable to these issues. Additionally the php-timezonedb packages has been upgraded to the latest version as well.
-
16:17
»
Packet Storm Security Recent Files
Mandriva Linux Security Advisory 2012-108 - Unspecified vulnerability in the _php_stream_scandir function in the stream implementation in PHP before 5.3.15 and 5.4.x before 5.4.5 has unknown impact and remote attack vectors, related to an overflow. The SQLite functionality in PHP before 5.3.15 allows remote attackers to bypass the open_basedir protection mechanism via unspecified vectors. The updated packages have been upgraded to the 5.3.15 version which is not vulnerable to these issues. Additionally the php-timezonedb packages has been upgraded to the latest version as well.
-
16:17
»
Packet Storm Security Misc. Files
Mandriva Linux Security Advisory 2012-108 - Unspecified vulnerability in the _php_stream_scandir function in the stream implementation in PHP before 5.3.15 and 5.4.x before 5.4.5 has unknown impact and remote attack vectors, related to an overflow. The SQLite functionality in PHP before 5.3.15 allows remote attackers to bypass the open_basedir protection mechanism via unspecified vectors. The updated packages have been upgraded to the 5.3.15 version which is not vulnerable to these issues. Additionally the php-timezonedb packages has been upgraded to the latest version as well.
-
15:37
»
Packet Storm Security Exploits
This Metasploit module exploits a vulnerability found in EGallery 1.2 By abusing the uploadify.php file, a malicious user can upload a file to the egallery/ directory without any authentication, which results in arbitrary code execution. The module has been tested successfully on Ubuntu 10.04.
-
15:37
»
Packet Storm Security Recent Files
This Metasploit module exploits a vulnerability found in EGallery 1.2 By abusing the uploadify.php file, a malicious user can upload a file to the egallery/ directory without any authentication, which results in arbitrary code execution. The module has been tested successfully on Ubuntu 10.04.
-
15:37
»
Packet Storm Security Misc. Files
This Metasploit module exploits a vulnerability found in EGallery 1.2 By abusing the uploadify.php file, a malicious user can upload a file to the egallery/ directory without any authentication, which results in arbitrary code execution. The module has been tested successfully on Ubuntu 10.04.
-
-
17:00
»
SecuriTeam
EmbryoCore CMS is prone to multiple directory-traversal vulnerabilities because it fails to properly sanitize user-supplied input.
-
12:22
»
Packet Storm Security Recent Files
Weevely is a stealth PHP web shell that simulates a telnet-like connection. It is an essential tool for web application testing post exploitation, and can be used as a stealth backdoor web shell to manage legit web accounts, even free hosted ones. Is currently included in Backtrack and Backbox and other Linux distributions for penetration testing.
-
12:22
»
Packet Storm Security Tools
Weevely is a stealth PHP web shell that simulates a telnet-like connection. It is an essential tool for web application testing post exploitation, and can be used as a stealth backdoor web shell to manage legit web accounts, even free hosted ones. Is currently included in Backtrack and Backbox and other Linux distributions for penetration testing.
-
12:22
»
Packet Storm Security Misc. Files
Weevely is a stealth PHP web shell that simulates a telnet-like connection. It is an essential tool for web application testing post exploitation, and can be used as a stealth backdoor web shell to manage legit web accounts, even free hosted ones. Is currently included in Backtrack and Backbox and other Linux distributions for penetration testing.
-
-
7:01
»
Packet Storm Security Recent Files
PHP Secure Communications Library is a set of pure PHP implementations of DES, 3DES, RC4, Rijndael, AES, RSA (PKCS#1 compliant [v2.1]), SSH-1, SSH-2, and SFTP.
-
7:01
»
Packet Storm Security Misc. Files
PHP Secure Communications Library is a set of pure PHP implementations of DES, 3DES, RC4, Rijndael, AES, RSA (PKCS#1 compliant [v2.1]), SSH-1, SSH-2, and SFTP.
-
-
16:13
»
Packet Storm Security Exploits
This Metasploit module abuses a metacharacter injection vulnerability in the diff.php script. This flaw allows an unauthenticated attacker to execute arbitrary commands as the www-data user account.
-
16:13
»
Packet Storm Security Recent Files
This Metasploit module abuses a metacharacter injection vulnerability in the diff.php script. This flaw allows an unauthenticated attacker to execute arbitrary commands as the www-data user account.
-
16:13
»
Packet Storm Security Misc. Files
This Metasploit module abuses a metacharacter injection vulnerability in the diff.php script. This flaw allows an unauthenticated attacker to execute arbitrary commands as the www-data user account.
-
-
20:31
»
Packet Storm Security Advisories
Red Hat Security Advisory 2012-1046-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. It was discovered that the PHP XSL extension did not restrict the file writing capability of libxslt. A remote attacker could use this flaw to create or overwrite an arbitrary file that is writable by the user running PHP, if a PHP script processed untrusted eXtensible Style Sheet Language Transformations content. Note: This update disables file writing by default. A new PHP configuration directive, "xsl.security_prefs", can be used to enable file writing in XSLT.
-
20:31
»
Packet Storm Security Recent Files
Red Hat Security Advisory 2012-1046-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. It was discovered that the PHP XSL extension did not restrict the file writing capability of libxslt. A remote attacker could use this flaw to create or overwrite an arbitrary file that is writable by the user running PHP, if a PHP script processed untrusted eXtensible Style Sheet Language Transformations content. Note: This update disables file writing by default. A new PHP configuration directive, "xsl.security_prefs", can be used to enable file writing in XSLT.
-
20:31
»
Packet Storm Security Misc. Files
Red Hat Security Advisory 2012-1046-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. It was discovered that the PHP XSL extension did not restrict the file writing capability of libxslt. A remote attacker could use this flaw to create or overwrite an arbitrary file that is writable by the user running PHP, if a PHP script processed untrusted eXtensible Style Sheet Language Transformations content. Note: This update disables file writing by default. A new PHP configuration directive, "xsl.security_prefs", can be used to enable file writing in XSLT.
-
20:31
»
Packet Storm Security Advisories
Red Hat Security Advisory 2012-1045-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. It was discovered that the PHP XSL extension did not restrict the file writing capability of libxslt. A remote attacker could use this flaw to create or overwrite an arbitrary file that is writable by the user running PHP, if a PHP script processed untrusted eXtensible Style Sheet Language Transformations content. Note: This update disables file writing by default. A new PHP configuration directive, "xsl.security_prefs", can be used to enable file writing in XSLT.
-
20:31
»
Packet Storm Security Recent Files
Red Hat Security Advisory 2012-1045-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. It was discovered that the PHP XSL extension did not restrict the file writing capability of libxslt. A remote attacker could use this flaw to create or overwrite an arbitrary file that is writable by the user running PHP, if a PHP script processed untrusted eXtensible Style Sheet Language Transformations content. Note: This update disables file writing by default. A new PHP configuration directive, "xsl.security_prefs", can be used to enable file writing in XSLT.
-
20:31
»
Packet Storm Security Misc. Files
Red Hat Security Advisory 2012-1045-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. It was discovered that the PHP XSL extension did not restrict the file writing capability of libxslt. A remote attacker could use this flaw to create or overwrite an arbitrary file that is writable by the user running PHP, if a PHP script processed untrusted eXtensible Style Sheet Language Transformations content. Note: This update disables file writing by default. A new PHP configuration directive, "xsl.security_prefs", can be used to enable file writing in XSLT.
-
20:31
»
Packet Storm Security Advisories
Red Hat Security Advisory 2012-1047-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. It was discovered that the PHP XSL extension did not restrict the file writing capability of libxslt. A remote attacker could use this flaw to create or overwrite an arbitrary file that is writable by the user running PHP, if a PHP script processed untrusted eXtensible Style Sheet Language Transformations content. Note: This update disables file writing by default. A new PHP configuration directive, "xsl.security_prefs", can be used to enable file writing in XSLT.
-
20:31
»
Packet Storm Security Recent Files
Red Hat Security Advisory 2012-1047-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. It was discovered that the PHP XSL extension did not restrict the file writing capability of libxslt. A remote attacker could use this flaw to create or overwrite an arbitrary file that is writable by the user running PHP, if a PHP script processed untrusted eXtensible Style Sheet Language Transformations content. Note: This update disables file writing by default. A new PHP configuration directive, "xsl.security_prefs", can be used to enable file writing in XSLT.
-
20:31
»
Packet Storm Security Misc. Files
Red Hat Security Advisory 2012-1047-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. It was discovered that the PHP XSL extension did not restrict the file writing capability of libxslt. A remote attacker could use this flaw to create or overwrite an arbitrary file that is writable by the user running PHP, if a PHP script processed untrusted eXtensible Style Sheet Language Transformations content. Note: This update disables file writing by default. A new PHP configuration directive, "xsl.security_prefs", can be used to enable file writing in XSLT.
-
7:36
»
Packet Storm Security Recent Files
This Metasploit module exploits a php unserialize() vulnerability in SugarCRM versions 6.3.1 and below which could be abused to allow authenticated SugarCRM users to execute arbitrary code with the permissions of the webserver. The dangerous unserialize() exists in the 'include/MVC/View/views/view.list.php' script, which is called with user controlled data from the 'current_query_by_page' parameter. The exploit abuses the __destruct() method from the SugarTheme class to write arbitrary PHP code to a 'pathCache.php' on the web root.
-
7:36
»
Packet Storm Security Misc. Files
This Metasploit module exploits a php unserialize() vulnerability in SugarCRM versions 6.3.1 and below which could be abused to allow authenticated SugarCRM users to execute arbitrary code with the permissions of the webserver. The dangerous unserialize() exists in the 'include/MVC/View/views/view.list.php' script, which is called with user controlled data from the 'current_query_by_page' parameter. The exploit abuses the __destruct() method from the SugarTheme class to write arbitrary PHP code to a 'pathCache.php' on the web root.
-
-
19:58
»
Packet Storm Security Advisories
Ubuntu Security Notice 1481-1 - It was discovered that PHP incorrectly handled certain Tidy::diagnose operations on invalid objects. A remote attacker could use this flaw to cause PHP to crash, leading to a denial of service. It was discovered that PHP incorrectly handled certain multi-file upload filenames. A remote attacker could use this flaw to cause a denial of service, or to perform a directory traversal attack. Rubin Xu and Joseph Bonneau discovered that PHP incorrectly handled certain Unicode characters in passwords passed to the crypt() function. A remote attacker could possibly use this flaw to bypass authentication. Various other issues were also addressed.
-
19:58
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1481-1 - It was discovered that PHP incorrectly handled certain Tidy::diagnose operations on invalid objects. A remote attacker could use this flaw to cause PHP to crash, leading to a denial of service. It was discovered that PHP incorrectly handled certain multi-file upload filenames. A remote attacker could use this flaw to cause a denial of service, or to perform a directory traversal attack. Rubin Xu and Joseph Bonneau discovered that PHP incorrectly handled certain Unicode characters in passwords passed to the crypt() function. A remote attacker could possibly use this flaw to bypass authentication. Various other issues were also addressed.
-
19:58
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1481-1 - It was discovered that PHP incorrectly handled certain Tidy::diagnose operations on invalid objects. A remote attacker could use this flaw to cause PHP to crash, leading to a denial of service. It was discovered that PHP incorrectly handled certain multi-file upload filenames. A remote attacker could use this flaw to cause a denial of service, or to perform a directory traversal attack. Rubin Xu and Joseph Bonneau discovered that PHP incorrectly handled certain Unicode characters in passwords passed to the crypt() function. A remote attacker could possibly use this flaw to bypass authentication. Various other issues were also addressed.
-
8:58
»
Packet Storm Security Exploits
This Metasploit module exploits a stack based buffer overflow in the CGI version of PHP 5.4.x before 5.4.3. The vulnerability is due to the insecure handling of the HTTP headers. This Metasploit module has been tested against the thread safe version of PHP 5.4.2, from "windows.php.net", running with Apache 2.2.22 from "apachelounge.com".
-
8:58
»
Packet Storm Security Recent Files
This Metasploit module exploits a stack based buffer overflow in the CGI version of PHP 5.4.x before 5.4.3. The vulnerability is due to the insecure handling of the HTTP headers. This Metasploit module has been tested against the thread safe version of PHP 5.4.2, from "windows.php.net", running with Apache 2.2.22 from "apachelounge.com".
-
8:58
»
Packet Storm Security Misc. Files
This Metasploit module exploits a stack based buffer overflow in the CGI version of PHP 5.4.x before 5.4.3. The vulnerability is due to the insecure handling of the HTTP headers. This Metasploit module has been tested against the thread safe version of PHP 5.4.2, from "windows.php.net", running with Apache 2.2.22 from "apachelounge.com".
-
-
20:36
»
Packet Storm Security Advisories
Mandriva Linux Security Advisory 2012-093 - There is a programming error in the DES implementation used in crypt() in ext/standard/crypt_freesec.c when handling input which contains characters that can not be represented with 7-bit ASCII. When the input contains characters with only the most significant bit set (0x80), that character and all characters after it will be ignored. An integer overflow, leading to heap-based buffer overflow was found in the way Phar extension of the PHP scripting language processed certain fields by manipulating TAR files. A remote attacker could provide a specially-crafted TAR archive file, which once processed in an PHP application using the Phar extension could lead to denial of service , or, potentially arbitrary code execution with the privileges of the user running the application. The updated php packages have been upgraded to the 5.3.14 version which is not vulnerable to these issues.
-
20:36
»
Packet Storm Security Recent Files
Mandriva Linux Security Advisory 2012-093 - There is a programming error in the DES implementation used in crypt() in ext/standard/crypt_freesec.c when handling input which contains characters that can not be represented with 7-bit ASCII. When the input contains characters with only the most significant bit set (0x80), that character and all characters after it will be ignored. An integer overflow, leading to heap-based buffer overflow was found in the way Phar extension of the PHP scripting language processed certain fields by manipulating TAR files. A remote attacker could provide a specially-crafted TAR archive file, which once processed in an PHP application using the Phar extension could lead to denial of service , or, potentially arbitrary code execution with the privileges of the user running the application. The updated php packages have been upgraded to the 5.3.14 version which is not vulnerable to these issues.
-
20:36
»
Packet Storm Security Misc. Files
Mandriva Linux Security Advisory 2012-093 - There is a programming error in the DES implementation used in crypt() in ext/standard/crypt_freesec.c when handling input which contains characters that can not be represented with 7-bit ASCII. When the input contains characters with only the most significant bit set (0x80), that character and all characters after it will be ignored. An integer overflow, leading to heap-based buffer overflow was found in the way Phar extension of the PHP scripting language processed certain fields by manipulating TAR files. A remote attacker could provide a specially-crafted TAR archive file, which once processed in an PHP application using the Phar extension could lead to denial of service , or, potentially arbitrary code execution with the privileges of the user running the application. The updated php packages have been upgraded to the 5.3.14 version which is not vulnerable to these issues.
-
17:00
»
SecuriTeam
phpMyAdmin is prone to a remote PHP code-injection vulnerability.
-
17:00
»
SecuriTeam
VertrigoServ is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data.
-
-
15:41
»
Packet Storm Security Exploits
This Metasploit module exploits an arbitrary PHP code execution flaw in the WordPress blogging software plugin known as Foxypress. The vulnerability allows for arbitrary file upload and remote code execution via the uploadify.php script. The Foxypress plug-in versions 0.4.2.1 and below are vulnerable.
-
15:41
»
Packet Storm Security Recent Files
This Metasploit module exploits an arbitrary PHP code execution flaw in the WordPress blogging software plugin known as Foxypress. The vulnerability allows for arbitrary file upload and remote code execution via the uploadify.php script. The Foxypress plug-in versions 0.4.2.1 and below are vulnerable.
-
15:41
»
Packet Storm Security Misc. Files
This Metasploit module exploits an arbitrary PHP code execution flaw in the WordPress blogging software plugin known as Foxypress. The vulnerability allows for arbitrary file upload and remote code execution via the uploadify.php script. The Foxypress plug-in versions 0.4.2.1 and below are vulnerable.
-
-
14:41
»
Packet Storm Security Exploits
This Metasploit module exploits a file upload vulnerability found in Symantec Web Gateway's HTTP service. Due to the incorrect use of file extensions in the upload_file() function, this allows us to abuse the spywall/blocked_file.php file in order to upload a malicious PHP file without any authentication, which results in arbitrary code execution.
-
14:41
»
Packet Storm Security Recent Files
This Metasploit module exploits a file upload vulnerability found in Symantec Web Gateway's HTTP service. Due to the incorrect use of file extensions in the upload_file() function, this allows us to abuse the spywall/blocked_file.php file in order to upload a malicious PHP file without any authentication, which results in arbitrary code execution.
-
14:41
»
Packet Storm Security Misc. Files
This Metasploit module exploits a file upload vulnerability found in Symantec Web Gateway's HTTP service. Due to the incorrect use of file extensions in the upload_file() function, this allows us to abuse the spywall/blocked_file.php file in order to upload a malicious PHP file without any authentication, which results in arbitrary code execution.
-
-
21:36
»
SecDocs
Authors:
Stefan Esser Tags:
web application vulnerability PHP Event:
Chaos Communication Congress 25th (25C3) 2008 Abstract: Security audits of PHP applications are usually performed on a source code basis. However sometimes vendors protect their source code by encrypting their applications with runtime (bytecode-)encryptors. When these tools are used source code analysis is no longer possible and because these tools change how PHP works internally, several greybox security scanning/fuzzing techniques relying on hooks fail, too.
-
-
19:28
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 12-090 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Symantec Web Gateway. Authentication is not required to exploit this vulnerability. The specific flaw exists due to insufficiently filtered user-supplied data used in a call to exec() in multiple script pages. The affected scripts are located in '/spywall/ipchange.php' and 'network.php'. There is also a flaw in '/spywall/download_file.php' that allows unauthenticated users to download and delete any file on the server.
Skip to page:
1
2
3
...
8