(see attachment)
Signed,
Kingcope
/* Apache Magica by Kingcope */
/* gcc apache-magika.c -o apache-magika -lssl */
/* This is a code execution bug in the combination of Apache and PHP.
On Debian and Ubuntu the vulnerability is present in the default install
of the php5-cgi package. When the
Hello lists,
Attached is the blog post for the mentioned issues that in its shape
are not a vulnerability, still interesting to see.
http://kingcope.wordpress.com/2013/09/13/opensslopenssh-ecdsa-authentication-code-inconsistent-return-values-no-vulnerability/
Cheers,
Kingcope
Hi there!
See my blog post about the mentioned vulnerability.
http://kingcope.wordpress.com/2013/09/11/proftpd-mod_sftpmod_sftp_pam-invalid-pool-allocation-in-kbdint-authentication/
Cheers,
Kingcope
Hello lists,
here you find the analysis of a vulnerability I recently discovered.
Mikrotik RouterOS 5.* and 6.* sshd remote preauth heap corruption
http://kingcope.wordpress.com/2013/09/02/mikrotik-routeros-5-and-6-sshd-remote-preauth-heap-corruption/
Additionally it includes a way to drop
hi...
I posted the advisory to make administratos aware that it will be
still possible to read files with the apache uid even when suEXEC is
in place.
suEXEC is installed on many hosting providers. I read the cpanel site
describing the patches [1], tough standart apache httpd does not have
these
#Squid Crash PoC
#Copyright (C) Kingcope 2013
#tested against squid-3.3.5
#this seems to be the patch for the vulnerability:
#http://www.squid-cache.org/Versions/v3/3.3/squid-3.3.8.patch
#The squid-cache service will respawn, looks like a kind of assert exception:
#2013/07/15 20:48:36 kid1|
The video of my talk is online now. Happy watching.
https://www.youtube.com/watch?v=fYv5tqv1H3U
/Kingcope
2012/5/24 HI-TECH . isowarez.isowarez.isowa...@googlemail.com:
Hello lists,
you can view my slides notes for my talk entitled Uncovering
Zero-Days and advanced fuzzing held at AthCon
Hello List,
Below is a link to my new Blog Post,
http://kingcope.wordpress.com/2013/01/24/attacking-the-windows-78-address-space-randomization/
I hope you enjoy it!
Kingcope
FAST Cracking of MySQL account passwords locally or over the network (post-auth)
(to the maintainers: you don't need to patch this, looks alot like a
minor bug, prolly documented :D)
I found a method to crack mysql user passwords locally or over the
network pretty efficiently.
During Tests it
IBM System Director Remote System Level Exploit (CVE-2009-0880 extended zeroday)
Copyright (C) 2012 Kingcope
IBM System Director has the port 6988 open. By using a special request
to a vulnerable server,
the attacker can force to load a dll remotely from a WebDAV share.
The following exploit
(see attachment)
Cheerio,
Kingcope
mysql_bufferoverrun.pl
Description: Binary data
(see attachment)
Cheerio,
Kingcope
mysql_heapoverrun.pl
Description: Binary data
(see attachment)
Cheerio,
Kingcope
mysql_privilege_elevation.pl
Description: Binary data
(see attachment)
Kingcope
5.5.19-log on SuSE Linux
DoS exploit:
use Net::MySQL;
use Unicode::UTF8 qw[decode_utf8 encode_utf8];
$|=1;
my $mysql = Net::MySQL-new(
(see attachment)
Cheerio,
Kingcope
mysql_userenum.pl
Description: Binary data
...@debian.org:
On dim., 2012-12-02 at 21:17 +0100, king cope wrote:
My opinion is that the FILE to admin privilege elevation should be patched.
What is the reason to have FILE and ADMIN privileges seperated when
with this exploit
FILE privileges equate to ALL ADMIN privileges.
Maybe because you
Hi Lists,
it seems Microsoft doesn't want to patch the vulnerabilities I posted
back in June,
at least not in the July update.
The posting included some important bugs in the Internet Information
Services, one of their
flagship products:
http://seclists.org/fulldisclosure/2012/Jun/189
The July
THIS IS A GENUINE ISOWAREZ RELEASE
Title: Microsoft IIS 6.0 with PHP installed
18 matches
Mail list logo