Metasploit 썸네일형 리스트형 AlienVault Authenticated SQL Injection Arbitrary File Read AlienVault Authenticated SQL Injection Arbitrary File ReadAlienVault 4.5.0 is susceptible to an authenticated SQL injection attack via a PNG generation PHP file. This module exploits this to read an arbitrary file from the file system. Any authenticated user should be able to exploit it. Administration privileges aren't required.Module Nameauxiliary/gather/alienvault_iso27001_sqliAuthorsBrandon .. 더보기 Safari User-Assisted Download and Run Attack Safari User-Assisted Download and Run AttackThis module abuses some Safari functionality to force the download of a zipped .app OSX application containing our payload. The app is then invoked using a custom URL scheme. At this point, the user is presented with Gatekeeper's prompt: "APP_NAME" is an application downloaded from the internet. Are you sure you want to open it? If the user clicks "Ope.. 더보기 LifeSize UVC Authenticated RCE via Ping LifeSize UVC Authenticated RCE via PingWhen authenticated as an administrator on LifeSize UVC 1.2.6, an attacker can abuse the ping diagnostic functionality to achieve remote command execution as the www-data user (or equivalent)Module Nameexploit/linux/http/lifesize_uvc_ping_rceAuthorsBrandon Perry ReferencesEDB-32437TargetsLifeSize UVC version use exploit/linux/http/lifesize_uvc_ping_rce msf e.. 더보기 FreePBX config.php Remote Code Execution FreePBX config.php Remote Code ExecutionThis module exploits a vulnerability found in FreePBX version 2.9, 2.10, and 2.11. It's possible to inject arbitrary PHP functions and commands in the "/admin/config.php" parameters "function" and "args".Module Nameexploit/unix/webapp/freepbx_config_execAuthorsi-Hmx0x00stringxistence ReferencesCVE-2014-1903OSVDB-103240EDB-32214URL: http://issues.freepbx.or.. 더보기 Katello (Red Hat Satellite) users/update_roles Missing Authorization Katello (Red Hat Satellite) users/update_roles Missing AuthorizationThis module exploits a missing authorization vulnerability in the "update_roles" action of "users" controller of Katello and Red Hat Satellite (Katello 1.5.0-14 and earlier) by changing the specified account to an administrator account. Module Nameauxiliary/admin/http/katello_satellite_priv_escAuthorsRamon de C Valle ReferencesC.. 더보기 Firefox Gather Cookies from Privileged Javascript Shell Firefox Gather Cookies from Privileged Javascript ShellThis module allows collection of cookies from a Firefox Privileged Javascript Shell.Module Namepost/firefox/gather/cookiesAuthorsjoev ReliabilityNormalDevelopmentSource CodeHistoryModule OptionsTo display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced': msf > use pos.. 더보기 quantum vmPRO backdoor Quantum vmPRO Backdoor CommandThis module abuses a backdoor command in vmPRO 3.1.2. Any user, even without admin privileges, can get access to the restricted SSH shell. By using the hidden backdoor "shell-escape" command it's possible to drop to a real root bash shell.ReferencesURL: http://packetstormsecurity.com/files/125760/quantumvmpro-backdoor.txtTargetsQuantum vmPRO 3.1.2PlatformsunixArchit.. 더보기 Firefox Exec Shellcode from Privileged Javascript Shell Firefox Exec Shellcode from Privileged Javascript ShellThis module allows execution of native payloads from a privileged Firefox Javascript shell. It places the specified payload into memory, adds the necessary protection flags, and calls it, which can be useful for upgrading a Firefox javascript shell to a Meterpreter session without touching the disk.Module Nameexploit/firefox/local/exec_shell.. 더보기 Yokogawa CENTUM CS 3000 BKHOdeq.exe Buffer Overflow Yokogawa CENTUM CS 3000 BKHOdeq.exe Buffer OverflowThis module exploits a stack based buffer overflow in Yokogawa CENTUM CS 3000. The vulnerability exists in the service BKHOdeq.exe when handling specially crafted packets. This module has been tested successfully on Yokogawa CENTUM CS 3000 R3.08.50 over Windows XP SP3 and Windows 2003 SP2.Module Nameexploit/windows/scada/yokogawa_bkhodeq_bofAuth.. 더보기 Safari User-Assisted Download and Run Attack Safari User-Assisted Download and Run AttackThis module abuses some Safari functionality to force the download of a zipped .app OSX application containing our payload. The app is then invoked using a custom URL scheme. At this point, the user is presented with Gatekeeper's prompt: "APP_NAME" is an application downloaded from the internet. Are you sure you want to open it? If the user clicks "Ope.. 더보기 이전 1 2 3 4 5 다음