20th December 2010
Since we took up the torch of the Google Hacking Database from Johnny Long, we have introduced some changes that we feel provides a great deal of added value to our database of dorks. To make it easier for our visitors to identify changes in the database, there is a ‘New’ graphic that will appear next to a category name where new entries have been added.
(more…)
14th November 2010
Some time ago, when Adobe Reader 0days were dropping left, right, and centre, Foxit Reader was frequently mentioned as a safer alternative to using Adobe. While it may be true that there are not as many exploits available for Foxit, that does not mean that it is invincible.
(more…)
25th August 2010
Due to the overwhelming number of submissions we are receiving for applications that are vulnerable to DLL Hijacking, we will continue to update this post with submissions we receive rather than continuing to create a separate entry for each one.
28th June 2010
This post is a continuation of part 1 of exploiting UFO: Alien Invasion. When I was downloading this game, I noticed that they had a version for Mac OSX as well and since public Mac exploits are few and far between, it seemed like a good idea to see if this attack could be extended to target OSX as well. Exploiting a Mac also gives us the opportunity to practice our GNU Debugger (GDB) skills.
We begin our journey by launching UFOAI on the victim and attaching to the process with the GDB.
28th June 2010
In addition to accepting submissions, we at the Exploit Database also have the opportunity to verify the exploits that we post on the site. Recently, I came across an exploit advisory by Jason Geffner targeting the open-source game, UFO: Alien Invasion that I subsequently posted on the Exploit Database. UFO: Alien Invasion (UFOAI) contains an IRC client and in version 2.2.1 and below, when a user is coerced into connecting to a malicious IRC server, remote code execution is possible due to the fact that the irc_server_msg_t structure does not perform proper input sanitization allowing its 512-byte buffer to be over-run by a malicious server response.