This Metasploit module exploits an command injection vulnerability in Logsign. By exploiting this vulnerability, unauthenticated users can execute arbitrary code under the root user. Logsign has a publicly accessible endpoint. That endpoint takes a user input and then use it during operating system command execution without proper validation. This Metasploit module was tested against 4.4.2 and 4.4.137 versions.
514278ac234d24bce62d18b93726fb1600a3b3355c201fea7091430ea41f75e7This Metasploit module exploits object injection, authentication bypass and ip spoofing vulnerabilities all together. Unauthenticated users can execute arbitrary commands under the context of the root user. By abusing authentication bypass issue on gauge.php lead adversaries to exploit object injection vulnerability which leads to SQL injection attack that leaks an administrator session token. Attackers can create a rogue action and policy that enables to execute operating system commands by using captured session token. As a final step, SSH login attempt with a invalid credentials can trigger a created rogue policy which triggers an action that executes operating system command with root user privileges. This Metasploit module was tested against following product and versions: AlienVault USM 5.3.0, 5.2.5, 5.0.0, 4.15.11, 4.5.0 AlienVault OSSIM 5.0.0, 4.6.1
ac4cd7158b0ae42d40bce75202d5221b0347a49712ff529804a31fe058562cf0This Metasploit module exploits a command injection vulnerability in the Trend Micro IMSVA product. An authenticated user can execute a terminal command under the context of the web server user which is root. Besides, default installation of IMSVA comes with a default administrator credentials. saveCert.imss endpoint takes several user inputs and performs blacklisting. After that it use them as argument of predefined operating system command without proper sanitation. However,due to improper blacklisting rule it's possible to inject arbitrary commands into it. InterScan Messaging Security prior to 9.1.-1600 affected by this issue. This Metasploit module was tested against IMSVA 9.1-1600.
11e69f1f14c7fda2a5c79709f1ef54202402550d7f061eab772393f32c945aeaManageEngine ADManager Plus versions 6.5.40 and below suffer from cross site scripting and remote SQL injection vulnerabilities.
36dc0864e5ad5648ed2ff6d6db8913ec21e14815f7ac78a3021be4784262a697Analysis of Tuleap versions 8.18 and below remote SQL injection, cross site scripting, and insecure direct object reference vulnerabilities.
df4bf3135788d5d8e84ab9da210f008b0d2f9f9c0eb2dc4c3d5a2a9548eeacb9This Metasploit module exploits an Object Injection vulnerability in Kaltura. By exploiting this vulnerability, unauthenticated users can execute arbitrary code under the context of the web server user. Kaltura has a module named keditorservices that takes user input and then uses it as an unserialized function parameter. The constructed object is based on the SektionEins Zend code execution POP chain PoC, with a minor modification to ensure Kaltura processes it and the Zend_Log function's __destruct() method is called. Kaltura versions prior to 11.1.0-2 are affected by this issue. This Metasploit module was tested against Kaltura 11.1.0 installed on CentOS 6.8.
ba9012dd4f49aefcf4379514160c82dc80f1785189dc8f95974035d6f73830f1This Metasploit module exploits a Remote Command Execution vulnerability in Drupal CODER Module. Unauthenticated users can execute arbitrary command under the context of the web server user. CODER module doesn't sufficiently validate user inputs in a script file that has the php extension. A malicious unauthenticated user can make requests directly to this file to execute arbitrary command. The module does not need to be enabled for this to be exploited This Metasploit module was tested against CODER 2.5 with Drupal 7.5 installation on Ubuntu server.
c2f68a1f88f2debe64ed7c3bfc2c1d55da4a489cfb8fa21f908ddcc48debacb0This Metasploit module exploits a Remote PHP Code Execution vulnerability in Drupal RESTWS Module. Unauthenticated users can execute arbitrary code under the context of the web server user. RESTWS alters the default page callbacks for entities to provide additional functionality. A vulnerability in this approach allows an unauthenticated attacker to send specially crafted requests resulting in arbitrary PHP execution. RESTWS 2.x prior to 2.6 and 1.x prior to 1.7 versions are affected by issue. This Metasploit module was tested against RESTWS 2.5 with Drupal 7.5 installation on Ubuntu server.
c6c0be3f72ff30a42cf8f8c8dcd4baa257f0bf6daac321668562e0a213562cb5This Metasploit module exploits a file upload vulnerability in Tiki Wiki versions 15.1 and below which could be abused to allow unauthenticated users to execute arbitrary code under the context of the web server user. The issue comes with one of the 3rd party components. Name of that components is ELFinder -version 2.0-. This components comes with default example page which demonstrates file operations such as upload, remove, rename, create directory etc. Default configuration does not force validations such as file extension, content-type etc. Thus, unauthenticated user can upload PHP file. The exploit has been tested on Debian 8.x 64-bit and Tiki Wiki 15.1.
f88afc6f681b7accefabd167d71cdc67a68314ed8f27fa9389816223e5aa4fb6BigTree CMS version 4.2.11 and below suffer from a remote authenticated SQL injection vulnerability.
968aa637a70ad16367def25fb2cfce1ce28e8f27120df89d1a374a92fc0e4e5eBookingWizz versions prior to 5.5 suffer from having default administrative credentials, local file inclusion, cross site request forgery, cross site scripting, and remote SQL injection vulnerabilities.
ac3224164fc281f5e02e53dfd05ba5f33417eddad677f722aad191b3626730a1AfterLogic WebMail Pro ASP.NET versions prior to 6.2.7 suffer from an administrator account takeover via an XXE injection vulnerability.
285a356df0342917c10949047f0e7a8de20316652b88f7502badf4e23df2d5c3Bonefire version 0.7.1 suffers from a flaw where it allows the reinstall of the default administrative account.
b26e50b64d2e9b10b2cf8fc4979479c002a557cc7955df1050997f5a49c13900No-CMS version 0.6.6 revision 1 administrative account hijacking and remote command execution exploit that leverages a static encryption key.
ff4347a0c66d027f8e6770f6cbecc86e96fb995315da7c1bc7cadc18a6e39c73This is a whitepaper discussing source code analysis of web applications. Part II. Written in Turkish.
fe510373b10e5474bdc1acc5c1761320d2fb4d867dc1d9246c37e78241a778a4This is a brief whitepaper that discusses various types of vulnerabilities found in web applications. It is written in Turkish.
8446334b51d3002cf9d002cb56e09e3d69279e97044d49eee38394c89659e221This is a brief whitepaper that goes over web application source code analysis. It is written in Turkish.
ec3be7fcfab6dced156580a0b00c70470e3f6126135807f0a92b12ab22045febWordPress Zingiri Web Shop plugin versions 2.4.0 and below suffer from reflective and stored cross site scripting vulnerabilities.
18ed50d1ec24690a1dd37bbe47a05297e810a1d475db1cbd2c532a9a4dbb6838
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed