6 matches found
CVE-2020-13166
The management tool in MyLittleAdmin 3.8 allows remote attackers to execute arbitrary code because machineKey is hardcoded the same for all customers' installations in web.config, and can be used to send serialized ASP code...
Plesk/myLittleAdmin - ViewState .NET Deserialization Exploit
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule VIEWSTATEGENERATOR = 'CA0B0334'.freeze VIEWSTATEVALIDATIONKEY = "\x5c\x7e\xef\x66\x50\x63\x9d\x2c\xb8\xfa\xa0\xda\x36\xaf\x24\x45\x2d\xcf" ...
CVE-2020-13166
creationtimestamp| type| source ---|---|--- 2020-05-22 16:03:00+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/pleskmylittleadminviewstate.rb 2020-05-25 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/48513 2022-12-09...
Plesk / myLittleAdmin ViewState .NET Deserialization
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule VIEWSTATEGENERATOR = 'CA0B0334'.freeze VIEWSTATEVALIDATIONKEY = "\x5c\x7e\xef\x66\x50\x63\x9d\x2c\xb8\xfa\xa0\xda\x36\xaf\x24\x45\x2d\xcf" ...
CVE-2020-13166
The management tool in MyLittleAdmin 3.8 allows remote attackers to execute arbitrary code because machineKey is hardcoded the same for all customers' installations in web.config, and can be used to send serialized ASP code...
CVE-2020-13166
CVE-2020-13166 affects MyLittleAdmin 3.8 and earlier when the web.config contains a hardcoded machineKey shared among installations. This enables unauthenticated remote code execution via serialized ASP.NET code through the ViewState/ deserialization pathway. Public references describe an in-brow...