what you don't know can hurt you

Register | Login

FilesNewsUsersAuthors

Home Files News &[SERVICES_TAB]About Contact Add New

Showing 1 - 3 of 3

Files from JAS502N

Grafana Arbitrary File Reading

Posted Dec 8, 2021

Authored by JAS502N | Site github.com

Grafana suffers from an unauthorized arbitrary file reading vulnerability. Version 8.3.1 addresses this issue.

tags | exploit, arbitrary

advisories | CVE-2021-43798

SHA-256 | 03758847d1cc50b64ba0545bbeb672ab0dab351105fe1fa058b3f6cde6f77d15

Download | Favorite | View

Apache Solr 8.3.0 Velocity Template Remote Code Execution

Posted Apr 3, 2020

Authored by Imran Dawoodjee, JAS502N, s00py, AleWong | Site metasploit.com

This Metasploit module exploits a vulnerability in Apache Solr versions 8.3.0 and below which allows remote code execution via a custom Velocity template. Currently, this module only supports Solr basic authentication. From the Tenable advisory: An attacker could target a vulnerable Apache Solr instance by first identifying a list of Solr core names. Once the core names have been identified, an attacker can send a specially crafted HTTP POST request to the Config API to toggle the params resource loader value for the Velocity Response Writer in the solrconfig.xml file to true. Enabling this parameter would allow an attacker to use the Velocity template parameter in a specially crafted Solr request, leading to remote code execution.

tags | exploit, remote, web, code execution

advisories | CVE-2019-17558

SHA-256 | 04c5dd5b8815196c9a380f26b4389f5a970acbe465ccd84df68c9cd5c9543808

Download | Favorite | View

LibSSH 0.7.6 / 0.8.4 Unauthorized Access

Posted Feb 3, 2019

Authored by JAS502N

LibSSH versions 0.7.6 and 0.8.4 unauthorized access proof of concept exploit.

tags | exploit, proof of concept

advisories | CVE-2018-10933

SHA-256 | c5b8fd0e5cbaa3811a98a28383bb380c8a42e3dea1a7a2195ac4e5790302813f

Download | Favorite | View