Thomas Gregory - Spentera Blog

Zahir Accounting Enterprise Plus 6 <= build 10b 0day Exploit Vulnerability Discovery

Zahir Accounting adalah software akuntansi yang sangat banyak digunakan oleh tingkatan SOHO (Small Office Home Office) di Indonesia. Selain harganya yang terjangkau, Zahir memiliki fitur yang lebih dari cukup untuk

Exploit Development

CyberLink LabelPrint: Buffer Overflow

It’s been a while since our last post about exploitation. This time, we try to explain a stack-based overflow on Cyberlink LabelPrint, a tool to assist in designing

Security Advisory

Centreon Enterprise Server 2.3.3 - 2.3.9-4: Blind SQL Injection

We discovered the vulnerability when we’re looking for alternate software in network monitoring. We know and we love Nagios, and so the Centreon, they provide a very nice

Security Advisory

PC Media Antivirus: Insecure Library Loading Vulnerability

PC Media Antivirus (PCMAV) is an AV software made in Indonesia. It’s quite popular back in 2006 since many virus creators in Indonesia actively spread viruses, and infecting

Security Advisory

SmadAV: Null Pointer Dereference Vulnerability

We discovered that SmadAV antivirus 9.1 is susceptible to null pointer exploitation. The application does not properly filter the scanner input that is processed into smadengine.dll. The successful

Security Advisory

Trend Micro Control Manager: SQL Injection Vulnerability

Trend Micro Control Manager prior to version 5.5 build 1823 (English and Japanese version) and version 6 build 1449 (English version only) are susceptible to SQL Injection. The application

Security Advisory

webERP: SQL Injection

webERP (ver. 4.08.4) is a mature open-source ERP system providing best practice, multi-user business administration and accounting tools over the web. The vulnerability we discovered sits in the WO (work order) parameter, file WorkOrderEntry.php in the Manufacturing menu.

Security Advisory

Trend Micro InterScan Messaging Security Suite: Multiple Vulnerabilities

We discovered that Trend Micro InterScan Messaging Security Suite is vulnerable to Cross Site Scripting and Cross-site Request Forgery. Proof of Concept The vulnerabilities POC are as follow: Cross-site Scripting

Security Advisory

Ezhometech Ezserver: Stack Overflow Vulnerability

EZserver version 6.4.017 or below contains a buffer overflow vulnerability which may be exploited to cause a denial of service or arbitrary code execution. Vulnerability Details Buffer overflow

Security Advisory

Hexamail Server: Persistent XSS Vulnerability

Hexamail Server version 4.4.5 or below is vulnerable to a persistent cross-site scripting (XSS) via HTML email. Vulnerability Description Hexamail Server suffers persistent XSS vulnerability in the mail

Exploit Development

CyberLink Power2Go: Unicode Stack Overflow

The proof of concept of the vulnerability has been released on 9 December 2011, and no further announcement from CyberLink. I tried to coordinate the issue until they didn’

Security Advisory

Distinct TFTP Server: Directory Traversal Vulnerability

Overview Distinct TFTP Server is part of Distinct Intranet Servers made by Distinct. Corp. We discovered that version 3.10 is susceptible to directory traversal attack. Attackers can exploit this

Tutorials

Directory Traversal with DotDotPwn (HTTPS Mode)

This is my experience when I was dealing with some applications that have a Directory Traversal vulnerability. I was using DotDotPwn by nitr0us when finding a vulnerability on Quickshare File

Security Advisory

Aviosoft DTV Player 1.x Stack Buffer Overflow

Aviosoft DTV Player is a multiple format video player application. Aviosoft DTV Player 1.0.1.2 and possibly earlier versions fail to properly handle malformed user-supplied data within a

Exploit Development

BlazeVideo HDTV Player 6.x Buffer Overflow (another version)

Hi again, we tried to make a universal DEP and ASLR bypass version on BlazeVideo HDTV Player 6.x. This exploit is already public, but we just want to make

Exploit Development

ScriptFTP <=3.3 Remote Buffer Overflow Exploit (MSF)

You might be read about the previous post ScriptFTP Remote BOF, if you are a Metasploit user, you can add this exploit module to your Metasploit Framework. Update: Metasploit has

Exploit Development

Porting Your Exploit to Metasploit

Beberapa waktu yang lalu saya udah memberikan tutorial basic exploit development (direct return technique) dan exploit development berbasis SEH. Sekarang mari kita porting exploit tersebut ke Metasploit Framework agar exploit

Security Advisory

ScriptFTP <=3.3 Remote Buffer Overflow Exploit (0day)

ScriptFTP client is vulnerable against remote buffer overflow vulnerability. The condition is triggered while processing LIST FTP command with excessive length. The vulnerability is confirmed in version 3.3. Other

Exploit Development

SEH Based Stack Overflow - The Basic

Kali ini saya akan coba tehnik lain dari stack overflow, yaitu stack overflow berbasis SEH. Apa itu SEH? silakan dibaca diliteratur-literatur berikut: Structured Exception Handling Win32 Exception handling for assembler

Tutorials

MSF Postgres Problem on BT5

If you read this post then I bet you have the same problem with me. When I tried to run the msfconsole on my BT5 I have this buggy information.

Tutorials

Silent Backdoor with Weevely

Ever think to gain access to your backdoor undetected? Well, maybe not all web administrators examine their php files? Weevely is the answer. Just follow these actions (I was doing

Exploit Development

Mel0nPlayer 1.0.11.x Denial of Service POC

Software Description Mel0n Player is a famous software in Indonesia to play songs that are provided by the Melon portal (http://www.melon.co.id). This software can play any

Tutorials

Metasploit Meterpreter Command Shell Upgrade

Seeing is believing 🙂 [email protected]:~# msfconsole =[ metasploit v3.8.0-dev [core:3.8 api:1.0] + -- --=[ 707 exploits - 359 auxiliary - 57 post + -- --=[ 225 payloads

Exploit Development

Some Documents of File Specifications/Formats

Here are some documents to help you understand some file formats/headers, for file format fuzzing purpose: WAVE PCM soundfile format (RIFF) https://ccrma.stanford.edu/courses/422/projects/WaveFormat/

Tutorials

Backtrack 5: How to install VMware Workstation 7.1.3

So I want to install VMware Workstation 7.1.3 on Backtrack 5, but there were errors after I ran the binary (e.g: ./VMware-Workstation-Full-7.1.3-324285.x86_64.bundle)