[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] New attack vector for sale, firewall bypass

To: Marshall Whittaker <marshallwhittaker@xxxxxxxxx>
Subject: Re: [Full-disclosure] New attack vector for sale, firewall bypass
From: Benji <me@xxxxxxxxx>
Date: Tue, 7 Jun 2011 11:24:56 +0100

Would you then describe this as more of a way to exploit an already known
attack vector, rather than a new attack vector?

On Tue, Jun 7, 2011 at 11:19 AM, Marshall Whittaker <
marshallwhittaker@xxxxxxxxx> wrote:

> Hello,
> I am willing to sell a new attack vector I have devised.  The proof of
> concept code you will receive has the ability to arbitrarily upload files to
> a webserver (tested on Apache), running linux with the well known perl read
> pipe vulnerability in many web CGI applications.  This issue can also be
> leveraged through PHP LFI and RFI attacks, and through almost any other
> remote command execution vulnerability.  The code has been tested on BSD,
> and does not seem to work stand alone, but BSD may be vulnerable as well, I
> just don't have a box to test it properly on.  The code can upload an ASCII
> or binary file to the webserver, even if the firewall rules prohibit
> downloading.  For example, if you have a linux webserver running apache and
> a vulnerable perl script, this proof of concept can upload a local root
> exploit that cannot be downloaded with the remote command execution as a
> local user (usually one of apache's users) due to iptables or another
> firewall that blocks outbound connections to other
> webservers/ftp/whathaveyou servers for download with
> wget/curl/lwp-download/ftp and other local downloading utilities, or if
> these utilities have been removed.  Once a (modified) local root exploit has
> been uploaded, it can modify the iptables as the root user, then bind a
> shell, or spawn a reverse shell, or drop another payload as root.  Please
> contact me if you are interested in getting the PoC code, and bid a price.
>  Please be reasonable.  When you contact me, payment details can be
> arranged.  PoC code is written in perl, and is heavily commented.
>
> oxagast
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

References:
- [Full-disclosure] New attack vector for sale, firewall bypass
  - From: Marshall Whittaker

Prev by Date: [Full-disclosure] New attack vector for sale, firewall bypass
Next by Date: [Full-disclosure] [ MDVSA-2011:107 ] fetchmail
Previous by thread: [Full-disclosure] New attack vector for sale, firewall bypass
Next by thread: Re: [Full-disclosure] New attack vector for sale, firewall bypass
Index(es):
- Date
- Thread