what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 3 of 3 RSS Feed

Files from Chris Hebert

Email addressprivate
First Active2014-05-12
Last Active2024-08-31
View User Profile
AlienVault Authenticated SQL Injection Arbitrary File Read
Posted Aug 31, 2024
Authored by Chris Hebert | Site metasploit.com

AlienVault 4.6.1 and below is susceptible to an authenticated SQL injection attack against newpolicyform.php, using the insertinto parameter. This Metasploit module exploits the vulnerability to read an arbitrary file from the file system. Any authenticated user is able to exploit this, as administrator privileges are not required.

tags | exploit, arbitrary, php, sql injection
advisories | CVE-2014-5383
SHA-256 | 47041a9a098122925ec54b3140188d51933adc560f06bb113f6adbbff41e40a1
BlueCoat CAS 1.3.7.1 Privilege Escalation
Posted Apr 3, 2017
Authored by Chris Hebert, Corey Boyd, Pete Paccione | Site metasploit.com

This Metasploit module abuses the sudo access granted to tomcat and the mvtroubleshooting.sh script to escalate privileges. In order to work, a tomcat session with access to sudo on the sudoers is needed. This Metasploit module is useful for post exploitation of BlueCoat vulnerabilities, where typically web server privileges are acquired, and this user is allowed to execute sudo on the sudoers file.

tags | exploit, web, vulnerability
advisories | CVE-2016-9091
SHA-256 | e2893d0c823a71c5e42bc07dcb197f2a382e0587c64f12ee1c7ad55690e5b7f2
AlienVault 4.6.1 SQL Injection
Posted May 12, 2014
Authored by Chris Hebert | Site metasploit.com

AlienVault 4.6.1 and below is susceptible to an authenticated SQL injection attack against newpolicyform.php using the 'insertinto' parameter. This Metasploit module exploits the lack of input filtering to read an arbitrary file from the file system. Any authenticated user is able to exploit this, as administrator privileges are not required.

tags | exploit, arbitrary, php, sql injection
SHA-256 | a9975b7a4973487f05e5a7fa0360aa22d01b19f6674d3108fcd210ec0f9bb893
Page 1 of 1
Back1Next

File Archive:

October 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    39 Files
  • 2
    Oct 2nd
    23 Files
  • 3
    Oct 3rd
    18 Files
  • 4
    Oct 4th
    20 Files
  • 5
    Oct 5th
    0 Files
  • 6
    Oct 6th
    0 Files
  • 7
    Oct 7th
    0 Files
  • 8
    Oct 8th
    0 Files
  • 9
    Oct 9th
    0 Files
  • 10
    Oct 10th
    0 Files
  • 11
    Oct 11th
    0 Files
  • 12
    Oct 12th
    0 Files
  • 13
    Oct 13th
    0 Files
  • 14
    Oct 14th
    0 Files
  • 15
    Oct 15th
    0 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close