This exploit allows an attacker to inject and execute arbitrary commands on the target system. The attacker creates a directory structure using the 'mkdirhier' command and then exports a variable to a specific directory. The attacker then writes a shell script to the exported directory that copies the '/bin/sh' binary to a hidden location, changes its ownership and permissions, and executes it. Finally, the attacker runs the 'lsmcode' command to execute the injected code by executing the hidden shell binary '/tmp/.shh'.
This exploit allows remote attackers to execute arbitrary code on vulnerable Windows systems using the RPC DCOM vulnerability. It includes 48 targets and has been fixed in the latest version.
This exploit takes advantage of a SQL injection vulnerability in PHP X 3.5.16. By manipulating the 'news_id' parameter in the 'news.php' file, an attacker can execute arbitrary SQL queries and potentially gain unauthorized access to the database. The exploit uses a union-based SQL injection technique to retrieve sensitive information from the 'users' table.
This is an exploit for the /usr/bin/paginit binary on AIX 5.2. It attempts to execute shellcode by overwriting a specific address (RETADDR) in the memory. If the exploit fails, it suggests using dbx to check the shellcode address and update RETADDR accordingly. The shellcode is provided in the code.
The login system in SDMS Simple Document Management System v1.1.4 (and older versions) is vulnerable to SQL injection. The system does not properly filter the user input for the password field, allowing an attacker to inject malicious SQL code. By exploiting this vulnerability, an attacker can bypass the login system and gain admin access.
This exploit targets Ultrix 4.5/MIPS dxterm. It uses a shellcode to gain root access. The shellcode is hardcoded and may need to be tweaked for versions other than 4.5. The exploit copies everything after the last slash, as it expects a path. The exploit has been tested and confirmed to work.
This exploit allows an attacker to read heap memory in phpbb2 by exploiting a vulnerability in ext/standart/var_unserializer.c. The attacker can use phpbbmemorydump.exe to dump the memory and retrieve sensitive information such as database credentials.
This exploit targets the RXcscope version 15.5 and minor. It allows an attacker to create symlinks with arbitrary names to a specified target file. The exploit takes two command line arguments: the target file and the maximum number of file creations. It then creates symlinks with names in the format cscope<process_id>.<iteration_number> in the temporary directory. The process IDs start from the current process ID and go up to the specified maximum process ID. The iteration number starts from 0 and increases by 1 for each symlink created. This exploit can be used to perform a denial of service attack by exhausting the file system with a large number of symlinks.
This is a proof of concept code for a buffer overflow vulnerability in WinRAR 3.40. The vulnerability was discovered by Vafa Khoshaein on December 10, 2004. Running this code will create a file called vulnerable_zip.zip, which can be opened in WinRAR 3.40. There is a file inside the zip that, when deleted, triggers the buffer overflow.
This is a buffer overflow exploit for WinXP SP0 RUS. The exploit uses a shellcode created by the m00 team to bind to port 61200.
Services By CQR