Here is my proof-of-concept exploit for the Cisco Security Agent Management st_upload Remote Code Execution Vulnerability (ZDI-11-088) I reported to ZDI a little while back. CVE ID: CVE-2011-0364
Started cleaning out some old code and found this. It was a quick little trick to decrypt (some) FiOS WEP keys, not sure if it still works.
iriStatAppend() // URL (requested) $urlRequested = iri_StatPress_URL(); … $referrer = (isset($_SERVER[‘HTTP_REFERER’]) ? htmlentities($_SERVER[‘HTTP_REFERER’]) : ”); … $insert = “INSERT INTO ” . $table_name . ” (date, time, ip, urlrequested, agent, referrer, search,nation,os,browser,searchengine,spider,feed,user,timestamp) ” . “VALUES (‘$vdate’,’$vtime’,’$ipAddress’,’$urlRequested’,'” . addslashes(strip_tags($userAgent)) . “‘,’$referrer’,'” READ MORE
The WP Contact Form III 1.4.1 WordPress plugin by ‘KristinKWangen’ is vulnerable to multiple cross site scripting attacks. Note to developers, this does not stop script injection attacks: From wp-contactform.php line 105: $_POST[‘wpcf_your_name’] = stripslashes(trim($_POST[‘wpcf_your_name’])); Also note that this is READ MORE
Mozilla marked Bug ID 413250 as ‘RESOLVED FIXED’ on Tuesday. I got a chance to check out the fix today, and found that the fix is inadequate in stopping the attack. Here’s another demo that reads your session store, and READ MORE