exploit the possibilities

Register | Login

Home Files News &[SERVICES_TAB]About Contact Add New

Showing 1 - 2 of 2

CVE-2020-35847

Status Candidate

Overview

Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php resetpassword function.

Related Files

Cockpit CMS 0.11.1 NoSQL Injection: Posted Aug 10, 2021; Authored by Brian Ombongi; Cockpit CMS version 0.11.1 username enumeration and password reset NoSQL injection exploit.; tags | exploit, sql injection; advisories | CVE-2020-35847, CVE-2020-35848; SHA-256 | 6debd598ed60fd7113eefa3dd16534a89ff8de59b195a5d4f144f59fa41618bb; Download | Favorite | View

Cockpit CMS 0.11.1 NoSQL Injection / Remote Command Execution: Posted Apr 21, 2021; Authored by h00die, Nikita Petrov | Site metasploit.com; This Metasploit module exploits two NoSQL injection vulnerabilities to retrieve the user list and password reset tokens from the system. Next, the USER is targeted to reset their password. Then, a command injection vulnerability is used to execute the payload. While it is possible to upload a payload and execute it, the command injection provides a no disk write method which is more stealthy. Cockpit CMS versions 0.10.0 through 0.11.1, inclusive, contain all the necessary vulnerabilities for exploitation.; tags | exploit, vulnerability, sql injection; advisories | CVE-2020-35846, CVE-2020-35847; SHA-256 | 4d68ac3e666ed9ff71dca71ddb5b25a40d4998c467a0dc4dc723c054ae9043cc; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 242 files
Ubuntu 93 files
Gentoo 31 files
Debian 21 files
tmrswrr 9 files
Sina Kheirkhah 7 files
bRpsd 4 files
Amit Roy 4 files
Aslam Anwar Mahimkar 3 files
nu11secur1ty 3 files

File Tags

File Archives

Systems

AIX (429)
Apple (2,090)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,075)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,531)
HPUX (880)
iOS (376)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (50,322)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (489)
RedHat (16,252)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,647)
UNIX (9,424)
UnixWare (187)
Windows (6,665)
Other

packet storm

© 2022 Packet Storm. All rights reserved.

Site Links: News by Month; News Tags; Files by Month; File Tags; File Directory

About Us: History & Purpose; Contact Information; Terms of Service; Privacy Statement; Copyright Information

Services: Security Services
Hosting By: Rokasec