exploit the possibilities

Register | Login

FilesNewsUsersAuthors

Home Files News &[SERVICES_TAB]About Contact Add New

Showing 1 - 2 of 2

Files from Frederic Cikala

Geutebruck testaction.cgi Remote Command Execution

Posted Feb 17, 2017

Authored by Davy Douhine, Frederic Cikala, Florent Montel | Site metasploit.com

This Metasploit module exploits a an arbitrary command execution vulnerability. The vulnerability exists in the /uapi-cgi/viewer/testaction.cgi page and allows an anonymous user to execute arbitrary commands with root privileges. Firmware <= 1.11.0.12 are concerned. Tested on 5.02024 G-Cam/EFD-2250 running 1.11.0.12 firmware.

tags | exploit, arbitrary, cgi, root

advisories | CVE-2017-5173, CVE-2017-5174

SHA-256 | 1a871ca3aa7b2e6e423f8d9e8cda9e0aa977c1488a8441163c46f083da5f5f3c

Download | Favorite | View

SPIP Connect Parameter PHP Injection

Posted Aug 29, 2013

Authored by Davy Douhine, Arnaud Pachot, Frederic Cikala | Site metasploit.com

This Metasploit module exploits a PHP code injection in SPIP. The vulnerability exists in the connect parameter and allows an unauthenticated user to execute arbitrary commands with web user privileges. Branches 2.0, 2.1 and 3 are concerned. This module works only against branch 2.0 and has been tested successfully with SPIP 2.0.11 and SPIP 2.0.20 with Apache on Ubuntu and Fedora linux distributions.

tags | exploit, web, arbitrary, php

systems | linux, fedora, ubuntu

advisories | OSVDB-83543

SHA-256 | d27325e9d83bde4fc580a0bfde93a3bfbc111c65ffc0b7db562ca093df580462

Download | Favorite | View