lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <COL119-W715FA530FA0FA4F95B26DA85C90@phx.gbl>
Date: Thu, 29 Jan 2009 18:18:12 +0100
From: Perforin <broken-error@...mail.com>
To: <bugtraq@...urityfocus.com>
Subject: PerlSoft Guestbook v1.7b Bruteforcer + RCE!


Typ: Bruter & RCE
Name: PerlSoft GB Pwner
Affected Software: PerlSoft Gästebuch
Version: 1.7b
Coder/Bugfounder: Perforin 
 
 
------> the RCE is only once possible, do not waste your command!
 
STEP1: Use my script to bruteforce the admin login from the guestbook.
STEP2: If we gain access, you can decide to get in the ACP with the login OR to use the RCE!
STEP3: Deface or root the server ;)
 
------> Infos about the Exploit
 
Unfortunaly, the RCE is only once possible and only after gaining acces to the admincenter... so choose your command usefull. (I tried to make a RFI out of it but the results were shitty because most of the webserver are secured against including php file from other webservers.)
The RCE is possible due a security hole when you change the Username. The script doesn´t check the input so we can manipulate the script.=)
 
-----> The Exploit Code
 
Get it here:
http://virii.lu/Perl-Scripts/GB_Pwner.txt
 
-----> Visit & Greetings
 
Visit my Blog virii.lu and of course vxnet!
Greetings to all vxer out there.
_________________________________________________________________
http://redirect.gimas.net/?n=M0902xWLM2009_DE
Neu: Messenger 2009! Hier kostenlos downloaden!

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ