exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 12 of 12 RSS Feed

Files from Dmitry Chastuhin

First Active2011-01-25
Last Active2021-03-26
SAP Solution Manager 7.2 Remote Command Execution
Posted Mar 26, 2021
Authored by Dmitry Chastuhin, Pablo Artuso, Vladimir Ivanov, Yvan Genuer | Site metasploit.com

This Metasploit module exploits the CVE-2020-6207 vulnerability within the SAP EEM servlet of SAP Solution Manager (SolMan) running version 7.2. The vulnerability occurs due to missing authentication checks when submitting a SOAP request to the /EemAdminService/EemAdmin page to get information about connected SMDAgents allowing an attacker to send HTTP requests (SSRF) and execute OS commands on the connected SMDAgent. Works stable in connected SMDAgent with Java version 1.8. Successful exploitation will allow unauthenticated remote attackers to get a reverse shell from connected to the SolMan agent as the user under which it runs SMDAgent service, which is usually daaadm.

tags | exploit, java, remote, web, shell
advisories | CVE-2020-6207
SHA-256 | 0d5122d6fb0ba7f681b7229fc5c197780b51710c6395404115ad8686072b2b08
Oracle Hospitality Simphony (MICROS) 2.9 Directory Traversal
Posted Feb 3, 2018
Authored by Dmitry Chastuhin

Oracle Hospitality Simphony (MICROS) versions 2.7 through 2.9 suffer from a directory traversal vulnerability.

tags | exploit, file inclusion
advisories | CVE-2018-2636
SHA-256 | 6570490d9880f31aeb7fdbff964f9a9005e9983ee73dd712856ca52a42a37078
Oracle E-Business Suite 12.2.3 SQL Injection
Posted Apr 20, 2017
Authored by Dmitry Chastuhin

Oracle E-Business Suite version 12.2.3 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2017-3549
SHA-256 | fdf11a3dbf17bfa298933d15dd12fc9860d85cbb06c02b150b5ba4663131b3fa
SAP MII 15.0 Directory Traversal
Posted May 16, 2016
Authored by Dmitry Chastuhin

SAP MII version 15.0 suffers from a directory traversal vulnerability.

tags | exploit
SHA-256 | 3d47db897ab0c13589383048d607feb517d5192140c1fe1fec6f7b1c71e770f9
SAP Security Notes August 2015
Posted Aug 13, 2015
Authored by Dmitry Chastuhin, Vahagn Vardanyan, Roman Bejan

SAP has released the monthly critical patch update for August 2015. This patch update closes 22 vulnerabilities in SAP products, 15 have high priority, some of them belong to the SAP HANA security area. The most popular vulnerability is cross site scripting.

tags | advisory, vulnerability, xss
SHA-256 | ee31bc13be4242371858e63b399fe7e6e376803421f553b15b566f75b404d801
SAP ConfigServlet Remote Code Execution
Posted Apr 29, 2013
Authored by Dmitry Chastuhin, Andras Kabai | Site metasploit.com

This Metasploit module allows remote code execution via operating system commands through the SAP ConfigServlet without any authentication. This Metasploit module has been tested successfully with SAP NetWeaver 7.00 and 7.01 on Windows Server 2008 R2.

tags | exploit, remote, code execution
systems | windows
advisories | OSVDB-92704
SHA-256 | 62e0a4607ddec7e5f1da4c772ef23ba8583944002abf5e96e995e6da403c5361
SAP ConfigServlet OS Command Execution
Posted Apr 19, 2013
Authored by Dmitry Chastuhin, Andras Kabai | Site metasploit.com

This Metasploit module allows execution of operating system commands through the SAP ConfigServlet without any authentication.

tags | exploit
SHA-256 | bd22164e93c481f2adee97758ca447db0d47658f7a4544609432a32799d8b8d3
SAP Crystal Report Server Cross Site Scripting
Posted Sep 16, 2011
Authored by Dmitry Chastuhin

SAP Crystal Report Server 2008 suffers from a cross site scripting vulnerability.

tags | advisory, xss
SHA-256 | 5d317ae48eb94648a5577e2a7ecbcc8a552c5f1dd2741d04fd386f0cc7d2d72f
SAP Crystal Reports 2008 Cross Site Scripting
Posted Mar 16, 2011
Authored by Sh2kerr, Dmitry Chastuhin

Multiple cross site scripting vulnerabilities have been discovered in the PerformanceManagement application module in SAP Crystal Reports Server 2008.

tags | exploit, vulnerability, xss
SHA-256 | 51f030365393b65a3456ecb53c5f5e39b1847584605dc54abbe2141bcba154a8
SAP Crystal Report Server 2008 Active-X Insecure Methods
Posted Jan 25, 2011
Authored by Sh2kerr, Dmitry Chastuhin | Site dsecrg.com

Insecure practices where found in the library scriptinghelpers.dll from SAP Crystal Report Server 2008. An attacker could construct a html-page containing a call insecure functions.

tags | advisory
SHA-256 | 29926d9586641116eb339bef4f9eb33eae55dfcd24cd7eb87a02a1fbbd8d02b7
SAP Crystal Report Server 2008 Directory Traversal
Posted Jan 25, 2011
Authored by Sh2kerr, Dmitry Chastuhin | Site dsecrg.com

SAP Crystal Report Server 2008 suffers from a directory traversal vulnerability.

tags | exploit
SHA-256 | 5bebb637d7e51e2a0d9d84df5f7b28a6a33af536f8f0ea29e3bf80b431a7af0a
SAP Crystal Report Server 2008 Cross Site Scripting
Posted Jan 25, 2011
Authored by Sh2kerr, Dmitry Chastuhin | Site dsecrg.com

SAP Crystal Report Server 2008 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 5bb33dcb865e51328736f78871bcaf01a2e663aac535fd2aa2d1af81cdfe13cd
Page 1 of 1
Back1Next

File Archive:

December 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    2 Files
  • 2
    Dec 2nd
    12 Files
  • 3
    Dec 3rd
    0 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close