Monthly Archives: January 2008

Oracle Portal for Friends

Oracle Portal for Friends

Oracle 10g Application Server till 10.1.2 .1.0 remote exploiting of what described in: Testing_for_Oracle Bugtraq ID 16384 This example makes use of injection in ORASSO.HOME but these path also work:…
JBOSS application deploy via web

JBOSS application deploy via web

JBOSS is an application server/middleware that use Apache Tomcat as jsp engine; this paper explains how to deploy a custom application in order to operate (read, write, execute) with the…
CVE-2008-0960 Exploit

CVE-2008-0960 Exploit

Proof of Concept for CVE-2008-0960: allows you to bypass authentication on SNMP v3 (tested on CISCO and Net- SNMP) via HMAC validation error. http://lab.mediaservice.net/code/snmpv3_exp.tgz MD5: 8b361d84155829c8b08e4342f8db6aa2 SHA-1: 4f011d1dae3b28611700b2e66158ba572d4673a6
CVE-2003-0190 PoC

CVE-2003-0190 PoC

Proof of Concept for CVE-2003-0190: timing attack on OpenSSH-portable <= 3.6.1p1 with PAM. http://lab.mediaservice.net/code/ssh_brute.c MD5: 4fbc9a1fb23e828b1fe42ff7cc65d1c1 SHA-1: b57f20c0a86c20cda82e8dc169923452fc50225c http://lab.mediaservice.net/code/openssh-3.6.1p1_brute.diff MD5: de3bc1148b93ddb427f6fc721d08a1c0 SHA-1: 9cf2b8a9bcb5e526c071f18e4bd3be5c5b716e35