This module exploits a mass assignment vulnerability in the 'create' action of 'users' controller of Foreman and Red Hat OpenStack/Satellite (Foreman 1.2.0-RC1 and earlier) by creating an arbitrary administrator account. For this exploit to work, your account must have 'create_users' permission (e.g., Manager role).
This PoC exploit is for the CVE-2013-4776 vulnerability in Netgear ProSafe. It allows an attacker to inject arbitrary commands into the vulnerable web interface, which can be used to gain access to the system.
This PoC exploit allows an attacker to remotely execute code on a vulnerable Netgear ProSafe device. The exploit is triggered by sending a specially crafted HTTP request to the device's web interface. The request contains a malicious payload which is then executed on the device.
A vulnerability exists in Hotel Software and Booking system 1.8 which allows an attacker to inject malicious SQL commands and Cross Site Scripting payloads into the application. The vulnerable files are http://localhost/cbadm/reservations/index.php?ac=search and http://localhost/cbadm/clients/edit_client.php?id=1. The PoC for Cross Site Scripting is http://server/cbadm/reservations/index.php?ac=search with the payload s=%22%22%3E%3Cimg+src%3Dx+onerror%3Dprompt%28%2FXSS%2F%29%3B%3E%3E&button2=search&ss=ok.
Input passed via several parameters is not properly sanitized before being returned to the user or used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code and HTML/script code in a user's browser session in context of an affected site.
The firmware running on the affected devices is prone to multiple security issues that allow attackers to bypass existing authentication mechanisms and gain administrative access to the device, with root privileges. In detail, affected firmware versions generate the default WPA2 key and access credentials starting from publicly-accessible information, such as the MAC address for the Wi-Fi interface. In addition, there is an undocumented URL that enables the Telnet service on the WAN site; attackers can then login using an hard-coded (and unchangeable) username/password combination.
The BytePackedRaster.verify() method in Oracle Java versions prior to 7u25 is vulnerable to a signed integer overflow that allows bypassing of "dataBitOffset" boundary checks. This vulnerability allows for remote code execution. User interaction is required for this exploit in that the target must visit a malicious page or open a malicious file.
Samsung provides a wide range of DVR products, all working with nearly the same firmware. The firmware it's a Linux embedded system that expose a web interface through the lighttpd webserver and CGI pages. The authenticated session is tracked using two cookies, called DATA1 and DATA2, containing respectively the base64 encoded username and password. So, the first advise for the developers is to don't put the user credentials into the cookies! Anyway, the critical vulnerability is that in most of the CGI, the session check is made in a wrong way, that allows to access protected pages simply putting an arbitrary cookie into the HTTP request. This vulnerability allows remote unauthenticated users to get/set/delete username/password of local users, get/set DVR/Camera general configuration, get info about the device/storage, get/set the NTP server, get/set many other settings.
Contact form ID can be easily understood from HTML page source, <input type="hidden"" value=""[ID]"" name=""toit-form-id""></input>
Proof of concepts for the base attacks against the Bitbot panel. By: Brian Wallace (bwall) @botnet_hunter. The attack can be used to get information about the botter, or used to change configuration values, such as which mining pool the bots are sending to. There is very limited room for the XSS. Since very few of the values go through any sanitization, it would be possible to implement the attack across multiple parameters. The attack can also be used to potentially dump the database, write a web shell and read files from the host.
Services By CQR