Showing 1 - 12 of 12

Files from Craig Young

OpenSSL Server-Side ChangeCipherSpec Injection Scanner: Posted Aug 31, 2024; Authored by juan vazquez, Craig Young, Masashi Kikuchi | Site metasploit.com; This Metasploit module checks for the OpenSSL ChangeCipherSpec (CCS) Injection vulnerability. The problem exists in the handling of early CCS messages during session negotiation. Vulnerable installations of OpenSSL accepts them, while later implementations do not. If successful, an attacker can leverage this vulnerability to perform a man-in-the-middle (MITM) attack by downgrading the cipher spec between a client and server. This issue was first reported in early June, 2014.; tags | exploit; advisories | CVE-2014-0224; SHA-256 | 50d2ae16c07b123362ddd9c4123d103a1aaf098f3776f32cfd170977a46bd234; Download | Favorite | View

OpenSSL CVE-2014-0224 Detection Script: Posted Jun 6, 2014; Authored by Craig Young | Site tripwire.com; OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the "CCS Injection" vulnerability. This script tests for that vulnerability.; tags | tool, scanner; systems | unix; advisories | CVE-2014-0224; SHA-256 | f59eadbc19854f9ff9a362ab226550f4d66039b6eae733379588772f630f3b87; Download | Favorite | View

NETGEAR ReadyNAS Perl Code Evaluation: Posted Nov 25, 2013; Authored by H D Moore, juan vazquez, Craig Young | Site metasploit.com; This Metasploit module exploits a Perl code injection on NETGEAR ReadyNAS 4.2.23 and 4.1.11. The vulnerability exists on the web fronted, specifically on the np_handler.pl component, due to the insecure usage of the eval() perl function. This Metasploit module has been tested successfully on a NETGEAR ReadyNAS 4.2.23 Firmware emulated environment, not on real hardware.; tags | exploit, web, perl; advisories | CVE-2013-2751, OSVDB-98826; SHA-256 | bde67c6d5bd2eaadf289392fe66c898b1b40583f113cc479740f75c0912c0b93; Download | Favorite | View

Netgear ReadyNAS Remote Command Execution: Posted Oct 28, 2013; Authored by anonymous, Craig Young; Proof of concept exploit that demonstrates remote command execution on Netgear ReadyNAS.; tags | exploit, remote, proof of concept; SHA-256 | 7ae30b42d1addf06dce009c2571e44ead9195cf7589aebbb33dbd101756f76dd; Download | Favorite | View

Netgear ReadyNAS Complete System Takeover: Posted Oct 23, 2013; Authored by Craig Young | Site tripwire.com; Tripwire Security Advisory 2013-001 - Netgear ReadyNAS suffers from command injection and cross site request forgery vulnerabilities.; tags | advisory, vulnerability, csrf; advisories | CVE-2013-2751, CVE-2013-2752; SHA-256 | b3eefdfb27dbf2c8f6fecde888ea1eb5e5c4319117d673b20584fe6385aacbae; Download | Favorite | View

Linksys WRT110 Remote Command Execution: Posted Oct 8, 2013; Authored by juan vazquez, Craig Young, joev | Site metasploit.com; The Linksys WRT110 consumer router is vulnerable to a command injection exploit in the ping field of the web interface.; tags | exploit, web; advisories | CVE-2013-3568; SHA-256 | 44b428488518ed2abeee03160462e56c8203577c382cafa8ace86476e15928be; Download | Favorite | View

Linksys WRT110 Remote Command Execution: Posted Sep 20, 2013; Authored by Craig Young | Site metasploit.com; The Linksys WRT110 consumer router is vulnerable to a command injection exploit in the ping field of the web interface.; tags | exploit, web; advisories | CVE-2013-3568; SHA-256 | 5fdabb65539c0e2248afcba9871e415908777fb0b2f288107530f6a551406d99; Download | Favorite | View

Loftek CSRF / Memory Dump / Credential Disclosure: Posted Aug 23, 2013; Authored by Craig Young; This archive holds proof of concept code for cross site request forgery, memory dump, and wifi credential disclosure vulnerabilities in Loftek Nexus 543 IP cameras.; tags | exploit, vulnerability, proof of concept, csrf; systems | linux; advisories | CVE-2013-3311, CVE-2013-3312, CVE-2013-3313, CVE-2013-3314; SHA-256 | d8d9a9612f6d40cf5a8de4bce2dac3ab2ab4a787138a95efeac38d560c8a7206; Download | Favorite | View

Android Weblogin: Google's Skeleton Key: Posted Aug 8, 2013; Authored by Craig Young; Included in this archive is a presentation of Android Weblogin: Google's Skeleton Key along with various proof of concept code from the talk presented at DefCon 21.; tags | exploit, proof of concept; systems | linux; SHA-256 | 917ef9c7b31e3a0e0835376c951d3aec56779e5a92b79073ee01261b4a737f47; Download | Favorite | View

MiniDLNA SQL Injection / Buffer Overflow: Posted Jul 17, 2013; Authored by Craig Young; MiniDLNA versions prior to 1.1.0 suffer from heap-based buffer overflow and remote SQL injection vulnerabilities.; tags | advisory, remote, overflow, vulnerability, sql injection; advisories | CVE-2013-2738, CVE-2013-2739, CVE-2013-2745; SHA-256 | e7d1ebafa357dc3be45f9cf26f26f66c2a057c0cc51364b9154c4436a393da48; Download | Favorite | View

SilverStripe CMS Cross Site Scripting: Posted Jul 15, 2013; Authored by Craig Young; SilverStripe CMS decidedly to quietly fix multiple persistent cross site scripting vulnerabilities without informing the public. Fail.; tags | advisory, vulnerability, xss; advisories | CVE-2012-6458; SHA-256 | ba424faa00595576e5473a7a215b946162b069fd5671798ba3d039f2833caee3; Download | Favorite | View

Linksys WRT110 Command Injection / CSRF: Posted Jul 12, 2013; Authored by Craig Young; Linksys WRT110 suffers from root shell command injection and cross site request forgery vulnerabilities.; tags | advisory, shell, root, vulnerability, csrf; advisories | CVE-2013-3568; SHA-256 | 850308c35db1a6b6413065eb09749bb1a66bb16d4e5f80c535788b446adada12; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days