what you don't know can hurt you

Register | Login

FilesNewsUsersAuthors

Home Files News &[SERVICES_TAB]About Contact Add New

Showing 1 - 2 of 2

Files from Gareth Phillips

ServiceNow Insecure Access Control / Full Admin Compromise

Posted Jul 10, 2023

Authored by Nadeem Salim, Eldar Marcussen, Luke Symons, Jeff Thomas, Stephen Bradshaw, Tony Wu, Gareth Phillips | Site x64.sh

ServiceNow suffered from having an insecure access control that could lead to full administrative compromise. The associated link has a proof of concept.

tags | advisory, proof of concept

advisories | CVE-2022-43684

SHA-256 | 1ba72d97e5b5609910fcc6b7107bef5cb14d772f105f4a4b5e856f37da0c93f2

Download | Favorite | View

PrinterLogic Build 1.0.757 XSS / SQL Injection / Authentication Bypass

Posted May 30, 2023

Authored by Nadeem Salim, Eldar Marcussen, Luke Symons, Jeff Thomas, Stephen Bradshaw, Yianna Paris, Tony Wu, Gareth Phillips

PrinterLogic build version 1.0.757 suffers from authentication bypass, cross site request forgery, cross site scripting, session fixation, insufficient checks, impersonation, remote SQL injection, and various other vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection, bypass, csrf

SHA-256 | 1631d9ea880d645fa96e60ab35dadd9fa31ea602fc8d3ea5528a7418cc9cfc0b

Download | Favorite | View