New Proof of Concept for the 2 week old Drupal vulnerability The Drupal Security team says that you should assume every Drupal website not patched on October 15th was infected. A SQL injection attack went around the Internet in an automated fashion. And the details are: In this code we see, that Drupal gives the … Read more
this is interesting: https://shellshocker.net/ Is an interesting site… You can enter your domain name and they will tell you if you have the Bash Shellcode vulnerability. At this time they found 1767 vulnerable hosts: 107760 Total tests to date. 1767 Total vulnerable hosts found. It is also called the Shellshock vulnerability. As I mentioned in previous posts: … Read more
So there is a wget vulnerability … big deal? Metasploit developer – Rapid7 has a page discussing the exploit Specifically: GNU Wget is a command-line utility designed to download files via HTTP, HTTPS, and FTP. Wget versions prior to 1.16 are vulnerable a symlink attack (CVE-2014-4877) when running in recursive mode with a FTP target. … Read more
This is a fix to a long outstanding remote code execution bug – post from Threatpost Dennis Fisher discusses the basics of this issue this is a bug from 2011 (sic) and could cause someone to access your older Cisco router pax-pentest.com has a list of the telnet Metasploit payloads Here are the relevant entries: … Read more
Wednesday evening we ran a bash script command against a lab computer which was designed to be vulnerable Downloaded a system .iso file from http://www.vulnhub.com It is from the Pentester Lab section https://twitter.com/PentesterLab/status/515079459284594688 then started the computer (now I had a test lab computer system) Then ran the above command on a Kali Linux machine … Read more