what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 6 of 6 RSS Feed

Files from Chris Anastasio

Email address0x616e6173746173696f at illumant.com
First Active2017-06-05
Last Active2024-07-22
Softing Secure Integration Server 1.22 Remote Code Execution
Posted Jul 22, 2024
Authored by mr_me, Chris Anastasio, Imran E. Dawoodjee | Site metasploit.com

This Metasploit module chains two vulnerabilities to achieve authenticated remote code execution against Softing Secure Integration Server version 1.22. In CVE-2022-1373, the restore configuration feature is vulnerable to a directory traversal vulnerability when processing zip files. When using the "restore configuration" feature to upload a zip file containing a path traversal file which is a dll called ..\..\..\..\..\..\..\..\..\..\..\Windows\System32\wbem\wbemcomn.dll. This causes the file C:\Windows\System32\wbem\wbemcomn.dll to be created and executed upon touching the disk. In CVE-2022-2334, the planted wbemcomn.dll is used in a DLL hijacking attack when Softing Secure Integration Server restarts upon restoring configuration, which allows us to execute arbitrary code on the target system. The chain demonstrated in Pwn2Own used a signature instead of a password. The signature was acquired by running an ARP spoofing attack against the local network where the Softing SIS server was located. A username is also required for signature authentication. A custom DLL can be provided to use in the exploit instead of using the default MSF-generated one.

tags | exploit, remote, arbitrary, local, spoof, vulnerability, code execution
systems | windows
advisories | CVE-2022-1373, CVE-2022-2334
SHA-256 | 138c45447c1d3fa090b4666327e202412f377f34d7873c3c578299783f2b2a43
Moodle 3.11.5 SQL Injection
Posted Mar 16, 2022
Authored by Chris Anastasio

Moodle version 3.11.5 suffers from an authenticated remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | e3e0c7cc36660ea59837d1a1c82382ac6a351a5640124aceb9c996e84a54cefe
Quest NetVault Backup Server Code Execution / SQL Injection
Posted Feb 22, 2019
Authored by rgod, Chris Anastasio

Quest NetVault Backup Server versions prior to 11.4.5 suffer from process manager service SQL injection and remote code execution vulnerabilities.

tags | exploit, remote, vulnerability, code execution, sql injection
advisories | CVE-2017-17417
SHA-256 | d64452d985968041fdc707a0dfbae3290f40711c502eb6aaaeb24a77072e2e6a
Check Point ZoneAlarm 8.8.1.110 Local Privilege Escalation
Posted Jan 17, 2019
Authored by Chris Anastasio

Check Point ZoneAlarm version 8.8.1.110 suffers from a local privilege escalation vulnerability.

tags | exploit, local
SHA-256 | 017c4375875f7ecb9494589e5292d5ebf3aec94dc014849bbc8f8c3255eff12b
IssueTrak 7.0 SQL Injection
Posted May 29, 2018
Authored by Chris Anastasio

IssueTrak version 7.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 1ca72af0c55484ccd608194909c3cef48db5fddab1d068ca70b153fac71f0cc2
Kronos Telestaff SQL Injection
Posted Jun 5, 2017
Authored by Chris Anastasio, Mark F. Snodgrass

Kronos Telestaff versions prior to 2.92EU29 suffer from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 2026990b4ae0d270b09cc355b15de93ad0be6adf7836f695074b12d159a9b6bb
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    0 Files
  • 12
    Nov 12th
    0 Files
  • 13
    Nov 13th
    0 Files
  • 14
    Nov 14th
    0 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close