what you don't know can hurt you

Register | Login

FilesNewsUsersAuthors

Home Files News &[SERVICES_TAB]About Contact Add New

Showing 1 - 2 of 2

Files from Alexander Antukh

Vizensoft Admin Panel Bypass / Backdoor / Upload / XSS / SQL Injection

Posted Oct 29, 2014

Authored by Alexander Antukh, A. Baranov | Site sec-consult.com

Vizensoft admin panel suffers from authentication bypass, cross site scripting, remote shell upload, source code disclosure, missing password policy, and remote SQL injection vulnerabilities.

tags | advisory, remote, shell, vulnerability, xss, sql injection

SHA-256 | 86c3d3136a47777dab5048f2131cfc777d265bca2bea04ee8b5d79dbaa6551d9

Download | Favorite | View

IBM Web Content Manager XPath Injection

Posted Dec 27, 2013

Authored by Alexander Antukh, S. Temnikov | Site sec-consult.com

IBM Web Content Manager versions 6.x, 7.x, and 8.x suffer from blind XPath injection attacks. This allows an attacker to get current application configuration, enumerate nodes, and extract other valuable information from vulnerable installations of Web Content Manager.

tags | exploit, web

advisories | CVE-2013-6735

SHA-256 | 69ed54de30dd34415932f287057413898bcb590a08bf4420d7b20ebaa5b7b2aa

Download | Favorite | View