Showing 1 - 3 of 3

Files from Chris Hebert

AlienVault Authenticated SQL Injection Arbitrary File Read: Posted Aug 31, 2024; Authored by Chris Hebert | Site metasploit.com; AlienVault 4.6.1 and below is susceptible to an authenticated SQL injection attack against newpolicyform.php, using the insertinto parameter. This Metasploit module exploits the vulnerability to read an arbitrary file from the file system. Any authenticated user is able to exploit this, as administrator privileges are not required.; tags | exploit, arbitrary, php, sql injection; advisories | CVE-2014-5383; SHA-256 | 47041a9a098122925ec54b3140188d51933adc560f06bb113f6adbbff41e40a1; Download | Favorite | View

BlueCoat CAS 1.3.7.1 Privilege Escalation: Posted Apr 3, 2017; Authored by Chris Hebert, Corey Boyd, Pete Paccione | Site metasploit.com; This Metasploit module abuses the sudo access granted to tomcat and the mvtroubleshooting.sh script to escalate privileges. In order to work, a tomcat session with access to sudo on the sudoers is needed. This Metasploit module is useful for post exploitation of BlueCoat vulnerabilities, where typically web server privileges are acquired, and this user is allowed to execute sudo on the sudoers file.; tags | exploit, web, vulnerability; advisories | CVE-2016-9091; SHA-256 | e2893d0c823a71c5e42bc07dcb197f2a382e0587c64f12ee1c7ad55690e5b7f2; Download | Favorite | View

AlienVault 4.6.1 SQL Injection: Posted May 12, 2014; Authored by Chris Hebert | Site metasploit.com; AlienVault 4.6.1 and below is susceptible to an authenticated SQL injection attack against newpolicyform.php using the 'insertinto' parameter. This Metasploit module exploits the lack of input filtering to read an arbitrary file from the file system. Any authenticated user is able to exploit this, as administrator privileges are not required.; tags | exploit, arbitrary, php, sql injection; SHA-256 | a9975b7a4973487f05e5a7fa0360aa22d01b19f6674d3108fcd210ec0f9bb893; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days