what you don't know can hurt you

Register | Login

FilesNewsUsersAuthors

Home Files News &[SERVICES_TAB]About Contact Add New

Showing 1 - 2 of 2

Files from Nicolas Mattiocco

Geutebruck simple_loglistjs.cgi Remote Command Execution

Posted Jul 2, 2018

Authored by Davy Douhine, Nicolas Mattiocco | Site metasploit.com

This Metasploit module exploits a an arbitrary command execution vulnerability. The vulnerability exists in the /uapi-cgi/viewer/simple_loglistjs.cgi page and allows an anonymous user to execute arbitrary commands with root privileges. Firmware <= 1.12.0.19 are concerned. Tested on 5.02024 G-Cam/EFD-2250 running 1.12.0.4 firmware.

tags | exploit, arbitrary, cgi, root

advisories | CVE-2018-7520

SHA-256 | b06cdd72647a3c5ae361e51c53891472ce5c21a9a290972228f38c754cae44d6

Download | Favorite | View

HP Smart Storage Administrator 2.30.6.0 Remote Command Injection

Posted Feb 10, 2017

Authored by Nicolas Mattiocco | Site metasploit.com

This Metasploit module exploits a vulnerability found in HP Smart Storage Administrator. By supplying a specially crafted HTTP request, it is possible to control the 'command' variable in function isDirectFileAccess (found in ipcelmclient.php), which will be used in a proc_open() function. Versions prior to HP SSA 2.60.18.0 are vulnerable.

tags | exploit, web, php

advisories | CVE-2016-8523

SHA-256 | 2def32fe02d755ad11317dd47474037a1faca567366fe70d7255b7709aebb8ec

Download | Favorite | View