Webapp-Exploit-Payloads v.1.0 Released

Posted by deepquest on June 9, 2012 – 11:59 am

Webapp-Exploit-Payloads is a collection of payloads for common webapps. For example Joomla and WordPress. From the hundreds of different Web Application Vulnerabilities that can be found on any website, only a smallpercentage gives the intruder a direct way for executing operating system commands. And if we keepdigging into that group we‟ll identify only one or two that under normal circumstances might give the intruderelevated privileges.

The basic problem solved by any payload is pretty simple: “I have access,what now?”. In memory corruption exploits it’s pretty easy to perform arbitrary tasks because after successfulexploitation the attacker is able to control the remote CPU and memory, which allow for execution of arbitraryoperating system calls. With this power it‟s possible to create a new user, run arbitrary commands or uploadfiles.

Web Application Payloads are small pieces of code that are run in the intruder‟s box, and then translated bythe Web Application exploit to a combination of GET and POST requests to be sent to the remote Web server

Usage:

$ python bin/genpayload.py src/js/wordpress/newadmin/ -o out.js

Download Webapp-Exploit-Payloads v.1.0

This post is under “OSX security tools, tools” and has no respond so far.
If you enjoy this article, make sure you subscribe to my RSS Feed.

Post a reply

You must be logged in to post a comment.

« http://phichitlocal.go.th/images/ [dos / poc] – PEamp Null Pointer Dereference PoC »

:: Deepquest ::

This site contains information which could be considered illegal in some countries. It is provided here for educational use only and is not intended to be used for illegal activities.

Webapp-Exploit-Payloads v.1.0 Released

Post a reply

Tabs Switcher

Categories

Archives

Meta

BLOGROLL