Realtek SDK Miniigd UPnP SOAP Command Execution

Posted on Posted in Exploit

Different devices using the Realtek SDK with the miniigd daemon are vulnerable to OS command injection in the UPnP SOAP interface. Since it is a blind OS command injection vulnerability, there is no output for the executed command. This Metasploit module has been tested successfully on a Trendnet TEW-731BR router with emulation. ## # This […]

D-Link Devices UPnP SOAPAction-Header Command Execution

Posted on Posted in Exploit

Different D-Link Routers are vulnerable to OS command injection in the UPnP SOAP interface. Since it is a blind OS command injection vulnerability, there is no output for the executed command. This Metasploit module has been tested on a DIR-645 device. The following devices are also reported as affected: DAP-1522 revB, DAP-1650 revB, DIR-880L, DIR-865L, […]

ESC 8832 Data Controller Session Hijacking

Posted on Posted in Exploit

ESC 8832 suffers from insecure user session handling and generation as well as interception and user management issues. =begin # Exploit Title: ESC 8832 Data Controller multiple vulnerabilities # Date: 2014-05-29 # Platform: SCADA / Web Application # Exploit Author: Balazs Makany # Vendor Homepage: www.envirosys.com # Version: ESC 8832 Data Controller Hardware # Tested […]

Sypex Dumper 2.0.11 Cross Site Scripting

Posted on Posted in Exploit

Sypex Dumper version 2.0.11 suffers from multiple cross site scripting vulnerabilities. Credits: John Page ( hyp3rlinx ) Domains: hyp3rlinx.altervista.org Source: http://hyp3rlinx.altervista.org/advisories/AS-SYPEX0529.txt Vendor: https://sypex.net Product: Sypex Dumper 2.0.11 is a PHP web based MySQL database management system. Advisory Information: ================================================ Sypex Dumper 2.0.11 XSS Vulnerabilities XSS Vulnerability Details: ===================== Login page input fields are vulnerable to […]