IRIS Citations Management Tool (post auth) Remote Command Execution

IRIS Citations Management Tool (post auth) Uzaktan komut çalıştırma açığı bulunmuş olup aşağıdaki url den exploit dosyasını indirip test edebilirsiniz.

Here is a bug that I finally found time to write about 🙂

https://infosecabsurdity.wordpress.com/2013/02/09/iris-citations-management-tool-post-auth-remote-command-execution/

The attached contains my mini framework, exploit and screenshot.

Cheers!

~ aeon

# I Read It Somewhere (IRIS) <= v1.3 (post auth) Remote Command Execution # download: http://ireaditsomewhere.googlecode.com # Notes: # - Found this in my archive, duno how long this has been 0Day for... but I had no use for it obviously. # - Yes! ..the code is disgusting, but does the job # - Sorry if I ripped your code, it worked for me and I dont reinvent wheels so thank you! # ~ aeon (https://infosecabsurdity.wordpress.com/) # # Exploit requirements: # ~~~~~~~~~~~~~~~~~~~~~ # # - A valid account as at least a user # - The target to have outgoing internet connectivity Exploit: http://www.exploit-db.com/sploits/24480.tar.gz [/sourcecode]

Bir Cevap Yazın

E-posta hesabınız yayımlanmayacak. Gerekli alanlar * ile işaretlenmişlerdir