| Reporter | Title | Published | Views | Family All 13 |
|---|---|---|---|---|
| Hak5 WiFi Pineapple Preconfiguration Command Injection 2 | 19 Oct 201600:00 | – | zdt | |
| CVE-2015-4624 | 20 Oct 201600:00 | – | circl | |
| Hak5 WiFi Pineapple Pre-Configured Command Injection Vulnerability | 5 Apr 201700:00 | – | cnvd | |
| CVE-2015-4624 | 31 Mar 201715:00 | – | cvelist | |
| Hak5 WiFi Pineapple 2.4 - Preconfiguration Command Injection (Metasploit) | 20 Oct 201600:00 | – | exploitdb | |
| Hak5 WiFi Pineapple Preconfiguration Command Injection | 7 Sep 201600:22 | – | metasploit | |
| Hak5 WiFi Pineapple Preconfiguration Command Injection | 7 Sep 201600:18 | – | metasploit | |
| CVE-2015-4624 | 31 Mar 201716:59 | – | nvd | |
| WiFi Pineapple Predictable CSRF Token | 12 Aug 201500:00 | – | packetstorm | |
| Hak5 WiFi Pineapple Preconfiguration Command Injection 2 | 19 Oct 201600:00 | – | packetstorm |
| Source | Link |
|---|---|
| exploit-db | www.exploit-db.com/exploits/40609/ |
| packetstormsecurity | www.packetstormsecurity.com/files/139212/Hak5-WiFi-Pineapple-Preconfiguration-Command-Injection-2.html |
| packetstormsecurity | www.packetstormsecurity.com/files/133052/WiFi-Pineapple-Predictable-CSRF-Token.html |
| securityfocus | www.securityfocus.com/archive/1/536184/100/500/threaded |
| Parameter | Position | Path | Description | CWE |
|---|---|---|---|---|
| username | request body | /includes/api/login.php | Login attempt for preconfig Pineapple device (credential-based) to reach preconfigured environment. | CWE-284 |
| password | request body | /includes/api/login.php | Login attempt for preconfig Pineapple device (credential-based) to reach preconfigured environment. | CWE-284 |
| login | request body | /includes/api/login.php | Login attempt for preconfig Pineapple device (credential-based) to reach preconfigured environment. | CWE-284 |
| action | query param | /?action=verify_pineapple | Brute-force puzzle trigger endpoint used to obtain a new session for ownership verification. | CWE-284 |
| password | request body | /?action=set_password | Password change endpoint for Pineapple device after gaining access. | CWE-284 |
| password2 | request body | /?action=set_password | Password change endpoint for Pineapple device after gaining access. | CWE-284 |
| eula | request body | /?action=set_password | Password change endpoint for Pineapple device after gaining access. | CWE-284 |
| sw_license | request body | /?action=set_password | Password change endpoint for Pineapple device after gaining access. | CWE-284 |
| set_password | request body | /?action=set_password | Password change endpoint for Pineapple device after gaining access. | CWE-284 |
| _csrfToken | request body | /components/system/configuration/functions.php | Command injection vector via preconfigured configuration function with CSRF token. | CWE-284 |
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation