uploader.php vulnerability

Uploader Version 1.1 which is available from http://www.phpscriptcenter.com/uploader.php includes "uploader.php", which lets you upload ANY file (even scripts eg. in PHP) onto the server if no password protection is specified in the configuration file (default set to off). The supplied files will b

RE: [Full-disclosure] Question Regarding IIS 6.0 / Is this a DoS???

, Kingcope -Original Message- From: 3APA3A [mailto:[EMAIL PROTECTED] Sent: Wednesday, May 23, 2007 10:41 AM To: kingcope Cc: Full-Disclosure; bugtraq@securityfocus.com Subject: Re: [Full-disclosure] Question Regarding IIS 6.0 / Is this a DoS??? Dear kingcope, It's vulnerability regardle

Re: [Full-disclosure] nginx exploit documentation, about a generic way to exploit Linux targets

elayed = payload >print data > # Just DROP the packet and the local TCP stack will send it again > because won't get the ACK. >payload.set_verdict(nfqueue.NF_DROP) >else: >data_count = 0 > > &

Re: Apache suEXEC privilege elevation / information disclosure

oon our Data on your boxes. Time to Write a Real Root exploit and dont waste the Time with sysadmins that know how to set a flag in httpd.conf , apache devs included. Am 09.08.2013 um 14:29 schrieb Kingcope : > So what your Emails Tell me is better ignore this vulnerability. I dont Claim &g

Re: Apache suEXEC privilege elevation / information disclosure

iscovered by Kingcope/Aug 2013 > > The suEXEC feature provides Apache users the ability to run CGI and SSI > programs > under user IDs different from the user ID of the calling web server. Normally, > when a CGI or SSI program executes, it runs as the same user who is running &g

Todd Miller Sudo local root exploit discovered by Slouching

Just for the record. ---snip--- #!/bin/sh # Tod Miller Sudo 1.6.x before 1.6.9p21 and 1.7.x before 1.7.2p4 # local root exploit # March 2010 # automated by kingcope # Full Credits to Slouching echo Tod Miller Sudo local root exploit echo by Slouching echo automated by kingcope if [ $# != 1 ] then

Re: Todd Miller Sudo local root exploit discovered by Slouching

Hello Andy, I am referring to the following forum posts. http://www.linuxquestions.org/questions/linux-security-4/the-use-of-sudoedit-command-question-785442/ /kcope Am Mittwoch, den 03.03.2010, 12:03 + schrieb a...@hotmail.com: > Hi Kingcope, > > but if the 'su

The father of all bombs - another webdav fiasco

Apache mod_dav / svn Remote Denial of Service Exploit Google Dorks: inurl:svn inurl:trunk "powered by subversion version" Information on the bug (XML Bomb): http://blog.didierstevens.com/2008/09/23/dismantling-an-xml-bomb/ Enjoy! -

MySQL <= 5.0.45 post auth format string vulnerability

MySQL (tested: Version 5.0.45 on CentOS (Linux)) Format String Vulnerability MySQL General Available (GA) Release is vulnerable. Latest MySQL Version is not vulnerable since the bug if ifdef'ed off. from mysql-5.0.75 source (mysql-5.0.75.tar.gz) in the file libmysqld/sql_parse.cc this source code

NcFTPd <= 2.8.5 remote jail breakout

NcFTPd <= 2.8.5 remote jail breakout Discovered by: Kingcope Contact: kcope2googlemail.com / http://isowarez.de Date: 27th July 2009 Greetings: Alex,Andi,Adize,wY!,Netspy,Revoguard Prerequisites: Valid user account. Demonstration on FreeBSD

Re: NcFTPd <= 2.8.5 remote jail breakout

Hello list. Just to clarify the NcFTPd vulnerability affects all operating systems that NcFTPd runs on, not just FreeBSD. Cheers, kcope 2009/7/27 Kingcope : > NcFTPd <= 2.8.5 remote jail breakout > > Discovered by: >        Kingcope >        Contact: kcope2googlemail.com /

Re: THISISNOTMYEXPLOIT

Hello again (I always forget something XD), the dos poc uses inet_addr() so u have to use an IP address as , example: ping ./bind 192.168.2.4 Cheers, kcope 2009/7/30 Kingcope : > I own nothing. > > Cheers, > > kcope >

Re: THISISNOTMYEXPLOIT

Hello again, the default setting of 127.in-addr.arpa is a bit weird try ./bind localhost lewls XD kcope 2009/7/30 Kingcope : > I own nothing. > > Cheers, > > kcope >

Microsoft Internet Information Services 5.0/6.0 FTP SERVER DENIAL OF SERVICE ("Stack Exhaustion")

* MS IIS FTPD DoS ZER0DAY * There is a DoS vulnerability in the globbing functionality of IIS FTPD. Anonymous users can exploit this if they have read access to a directory!!! Normal users can exploit this too if they can read a directory. Example session where the anonymous user has read

nginx - low risk webdav destination bug

uot;upload" permissions. Here is a sample request for the bug: COPY /index.html HTTP/1.1 Host: localhost Destination: http://localhost/../../../../../../../tmp/nginx.html Thanks for your time, Kingcope - kco...@googlemail.com

** FreeBSD local r00t zeroday

** FreeBSD local r00t 0day Discovered & Exploited by Nikolaos Rangos also known as Kingcope. Nov 2009 "BiG TiME" "Go fetch your FreeBSD r00tkitz" // http://www.youtube.com/watch?v=dDnhthI27Fg There is an unbelievable simple local r00t bug in recent FreeBSD versions. I a

Samba Remote Zero-Day Exploit

Hello list, this is Kingcope. You can view a demonstration of the zeroday entitled 'Samba Remote Zero-Day Exploit' with full details on youtube. The bug is a logic fuckup. http://www.youtube.com/watch?v=NN50RtZ2N74 I added some nice greek tune so turn your speakers on (or off). Gr

Re: Samba Remote Zero-Day Exploit

Samba Remote Directory Traversal logic fuckup discovered & exploited by Kingcope in 2010 It seems there was a quite similar bug found back in 2004: http://marc.info/?l=bugtraq&m=109658688505723&w=2 A remote attacker can read, list and retrieve nearly all files on the System remote

Re: Samba Remote Zero-Day Exploit

he default configuration of my Ubuntu Desktop System and CentOS Server allowed me to conduct the attack out of the box. Turning off symlink support in samba closes the hole but then no access to symlinks created by the administrator is possible or am I wrong? With Respect, Kingcope Am Sa