Full Disclosure mailing list archives
Re: New attack vector for sale, firewall bypass
From: Benji <me () b3nji com>
Date: Tue, 7 Jun 2011 11:24:56 +0100
Would you then describe this as more of a way to exploit an already known attack vector, rather than a new attack vector? On Tue, Jun 7, 2011 at 11:19 AM, Marshall Whittaker < marshallwhittaker () gmail com> wrote:
Hello, I am willing to sell a new attack vector I have devised. The proof of concept code you will receive has the ability to arbitrarily upload files to a webserver (tested on Apache), running linux with the well known perl read pipe vulnerability in many web CGI applications. This issue can also be leveraged through PHP LFI and RFI attacks, and through almost any other remote command execution vulnerability. The code has been tested on BSD, and does not seem to work stand alone, but BSD may be vulnerable as well, I just don't have a box to test it properly on. The code can upload an ASCII or binary file to the webserver, even if the firewall rules prohibit downloading. For example, if you have a linux webserver running apache and a vulnerable perl script, this proof of concept can upload a local root exploit that cannot be downloaded with the remote command execution as a local user (usually one of apache's users) due to iptables or another firewall that blocks outbound connections to other webservers/ftp/whathaveyou servers for download with wget/curl/lwp-download/ftp and other local downloading utilities, or if these utilities have been removed. Once a (modified) local root exploit has been uploaded, it can modify the iptables as the root user, then bind a shell, or spawn a reverse shell, or drop another payload as root. Please contact me if you are interested in getting the PoC code, and bid a price. Please be reasonable. When you contact me, payment details can be arranged. PoC code is written in perl, and is heavily commented. oxagast _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- New attack vector for sale, firewall bypass Marshall Whittaker (Jun 07)
- Re: New attack vector for sale, firewall bypass Benji (Jun 07)
- Re: New attack vector for sale, firewall bypass Philipp Hagemeister (Jun 07)
- Re: New attack vector for sale, firewall bypass Dan Rosenberg (Jun 07)
- Re: New attack vector for sale, firewall bypass Marshall Whittaker (Jun 07)
- Re: New attack vector for sale, firewall bypass Dan Rosenberg (Jun 07)
- Re: New attack vector for sale, firewall bypass ichib0d crane (Jun 07)
- Message not available
- Re: New attack vector for sale, firewall bypass ascii (Jun 07)
- Re: New attack vector for sale, firewall bypass Nick FitzGerald (Jun 07)
- Re: New attack vector for sale, firewall bypass Marshall Whittaker (Jun 07)