exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 12 of 12 RSS Feed

Files from Dmitry Chastuhin

First Active2011-01-25
Last Active2021-03-26
SAP Solution Manager 7.2 Remote Command Execution
Posted Mar 26, 2021
Authored by Dmitry Chastuhin, Pablo Artuso, Vladimir Ivanov, Yvan Genuer | Site metasploit.com

This Metasploit module exploits the CVE-2020-6207 vulnerability within the SAP EEM servlet of SAP Solution Manager (SolMan) running version 7.2. The vulnerability occurs due to missing authentication checks when submitting a SOAP request to the /EemAdminService/EemAdmin page to get information about connected SMDAgents allowing an attacker to send HTTP requests (SSRF) and execute OS commands on the connected SMDAgent. Works stable in connected SMDAgent with Java version 1.8. Successful exploitation will allow unauthenticated remote attackers to get a reverse shell from connected to the SolMan agent as the user under which it runs SMDAgent service, which is usually daaadm.

tags | exploit, java, remote, web, shell
advisories | CVE-2020-6207
SHA-256 | 0d5122d6fb0ba7f681b7229fc5c197780b51710c6395404115ad8686072b2b08
Oracle Hospitality Simphony (MICROS) 2.9 Directory Traversal
Posted Feb 3, 2018
Authored by Dmitry Chastuhin

Oracle Hospitality Simphony (MICROS) versions 2.7 through 2.9 suffer from a directory traversal vulnerability.

tags | exploit, file inclusion
advisories | CVE-2018-2636
SHA-256 | 6570490d9880f31aeb7fdbff964f9a9005e9983ee73dd712856ca52a42a37078
Oracle E-Business Suite 12.2.3 SQL Injection
Posted Apr 20, 2017
Authored by Dmitry Chastuhin

Oracle E-Business Suite version 12.2.3 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2017-3549
SHA-256 | fdf11a3dbf17bfa298933d15dd12fc9860d85cbb06c02b150b5ba4663131b3fa
SAP MII 15.0 Directory Traversal
Posted May 16, 2016
Authored by Dmitry Chastuhin

SAP MII version 15.0 suffers from a directory traversal vulnerability.

tags | exploit
SHA-256 | 3d47db897ab0c13589383048d607feb517d5192140c1fe1fec6f7b1c71e770f9
SAP Security Notes August 2015
Posted Aug 13, 2015
Authored by Dmitry Chastuhin, Vahagn Vardanyan, Roman Bejan

SAP has released the monthly critical patch update for August 2015. This patch update closes 22 vulnerabilities in SAP products, 15 have high priority, some of them belong to the SAP HANA security area. The most popular vulnerability is cross site scripting.

tags | advisory, vulnerability, xss
SHA-256 | ee31bc13be4242371858e63b399fe7e6e376803421f553b15b566f75b404d801
SAP ConfigServlet Remote Code Execution
Posted Apr 29, 2013
Authored by Dmitry Chastuhin, Andras Kabai | Site metasploit.com

This Metasploit module allows remote code execution via operating system commands through the SAP ConfigServlet without any authentication. This Metasploit module has been tested successfully with SAP NetWeaver 7.00 and 7.01 on Windows Server 2008 R2.

tags | exploit, remote, code execution
systems | windows
advisories | OSVDB-92704
SHA-256 | 62e0a4607ddec7e5f1da4c772ef23ba8583944002abf5e96e995e6da403c5361
SAP ConfigServlet OS Command Execution
Posted Apr 19, 2013
Authored by Dmitry Chastuhin, Andras Kabai | Site metasploit.com

This Metasploit module allows execution of operating system commands through the SAP ConfigServlet without any authentication.

tags | exploit
SHA-256 | bd22164e93c481f2adee97758ca447db0d47658f7a4544609432a32799d8b8d3
SAP Crystal Report Server Cross Site Scripting
Posted Sep 16, 2011
Authored by Dmitry Chastuhin

SAP Crystal Report Server 2008 suffers from a cross site scripting vulnerability.

tags | advisory, xss
SHA-256 | 5d317ae48eb94648a5577e2a7ecbcc8a552c5f1dd2741d04fd386f0cc7d2d72f
SAP Crystal Reports 2008 Cross Site Scripting
Posted Mar 16, 2011
Authored by Sh2kerr, Dmitry Chastuhin

Multiple cross site scripting vulnerabilities have been discovered in the PerformanceManagement application module in SAP Crystal Reports Server 2008.

tags | exploit, vulnerability, xss
SHA-256 | 51f030365393b65a3456ecb53c5f5e39b1847584605dc54abbe2141bcba154a8
SAP Crystal Report Server 2008 Active-X Insecure Methods
Posted Jan 25, 2011
Authored by Sh2kerr, Dmitry Chastuhin | Site dsecrg.com

Insecure practices where found in the library scriptinghelpers.dll from SAP Crystal Report Server 2008. An attacker could construct a html-page containing a call insecure functions.

tags | advisory
SHA-256 | 29926d9586641116eb339bef4f9eb33eae55dfcd24cd7eb87a02a1fbbd8d02b7
SAP Crystal Report Server 2008 Directory Traversal
Posted Jan 25, 2011
Authored by Sh2kerr, Dmitry Chastuhin | Site dsecrg.com

SAP Crystal Report Server 2008 suffers from a directory traversal vulnerability.

tags | exploit
SHA-256 | 5bebb637d7e51e2a0d9d84df5f7b28a6a33af536f8f0ea29e3bf80b431a7af0a
SAP Crystal Report Server 2008 Cross Site Scripting
Posted Jan 25, 2011
Authored by Sh2kerr, Dmitry Chastuhin | Site dsecrg.com

SAP Crystal Report Server 2008 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 5bb33dcb865e51328736f78871bcaf01a2e663aac535fd2aa2d1af81cdfe13cd
Page 1 of 1
Back1Next

File Archive:

May 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    44 Files
  • 2
    May 2nd
    5 Files
  • 3
    May 3rd
    11 Files
  • 4
    May 4th
    0 Files
  • 5
    May 5th
    0 Files
  • 6
    May 6th
    28 Files
  • 7
    May 7th
    3 Files
  • 8
    May 8th
    4 Files
  • 9
    May 9th
    54 Files
  • 10
    May 10th
    12 Files
  • 11
    May 11th
    0 Files
  • 12
    May 12th
    0 Files
  • 13
    May 13th
    17 Files
  • 14
    May 14th
    11 Files
  • 15
    May 15th
    17 Files
  • 16
    May 16th
    13 Files
  • 17
    May 17th
    22 Files
  • 18
    May 18th
    0 Files
  • 19
    May 19th
    0 Files
  • 20
    May 20th
    0 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    0 Files
  • 24
    May 24th
    0 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close