Most zero-day exploits in web applications are usually easier to find, study, and attack than actual services like a webserver due to the fact that a hacker does not need to create shellcode, debug the service over and over or even know about the memory layout of the target machine. Furthermore, there are no opcodes to worry about, but there are usually some other sort of security mechanisms in place instead.

We are constantly improving the Exploit Databse and adding more functionality to it. Our latest upgrade brings some exciting features, such as searching security articles by language, and a new “Free Text Exploit Search” feature.

This post is a continuation of part 1 of Winamp 5.58 from Denial of Service to Code Execution.

The solution we used on the first Winamp in_mod_plugin exploit was not as elegant as we would like. First of all, it used a lot of code and secondly, the work that was required to change the shellcode was not a trivial undertaking. So in this post, we present a way to improve the second flaw and make this script kiddie friendly.

Some days ago, we posted a proof of concept published by Luigi Auriemma outlining Multiple Denial Of Service Vulnerabilities in Winamp. Unlike most submissions we receive, the PoC posted by the author didn’t contain a script to replicate the attack, but only contained files ready to be loaded into Winamp.

After some days we got an e-mail from ryujin…

Joomla Automated Exploitation – Most people know or have heard about Joomla. It’s probably the only CMS with the most exploits and vulnerable addons ever made, and sometimes I wonder who creates all these.

That however, isn’t important. What matters is that once an addon is installed, there’s a high chance it contains unsanitized code aka a security hole for us to target, (ab)use and exploit.