51 matches found
LocalTapiola: Reflected XSS of bbe-child-starter Theme via "value"-GET-parameter
This bug is related to 324442. And xss in other url. poc: https://www.lahitapiolarahoitus.fi/wp-content/themes/bbe-child-starter/bbe-engine/assets/actions/bbeopenhtmleditorpopup.php?attribute=%27%3C/script%3E%3Cbody%20onload&value=alertdocument.cookie Impact -Make admin-user run malicious...
X (Formerly Twitter): XXE on sms-be-vip.twitter.com in SXMP Processor
Hi team, What type of issue are you reporting? Does it align to a CWE or OWASP issue? I've identified an XXE vulnerability in the cloudhopper sxmp servlet on sms-be-vip.twitter.com which discloses local files to an external attacker and allows web requests to be sent. This aligns to...
Windows PowerShell LLMNR/NBNS spoofer: Inveigh
Windows PowerShell LLMNR/NBNS spoofer Inveigh is a Windows PowerShell LLMNR/NBNS spoofer designed to assist penetration testers that find themselves limited to a Windows system. This can commonly occur while performing phishing attacks, USB drive attacks, VLAN pivoting, or simply being restricted...
A Red Teamer’s guide to pivoting
A Red Teamer’s guide to pivoting A Red Teamer's guide to pivoting Penetration testers often traverse logical network boundaries in order to gain access to client’s critical infrastracture. Common scenarios include developing the attack into the internal network after successful perimeter breach o...
[Nimbostratus] Tools for fingerprinting and exploiting Amazon cloud infrastructures
Nimbostratus are tools for fingerprinting and exploiting Amazon cloud infrastructures. Nimbostratus is the first toolset to help you in the process of pivoting in Amazon AWS clouds Features Enumerate permissions to AWS services for current IAM role Use poorly configured IAM role to create new AWS...
TP-Link TL-SC3171 Command Execution / Shell Upload / Bypass
Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ Multiple Vulnerabilities in TP-Link TL-SC3171 IP Cameras 1. Advisory Information Title: Multiple Vulnerabilities in TP-Link TL-SC3171 IP Cameras Advisory ID: CORE-2013-0618 Advisory URL:...
Valid Adobe Certificate Used to Sign Malicious Utilities Common in Targeted Attacks
Adobe announced today it was the victim of an APT-style attack after two malicious utilities commonly used in targeted attacks for privilege escalation and pivoting within a network were discovered signed by a valid Adobe digital certificate. Adobe said it will revoke the certificate next week...
Squid Proxy Port Scanner
A exposed Squid proxy will usually allow an attacker to make requests on their behalf. If misconfigured, this may give the attacker information about devices that they cannot normally reach. For example, an attacker may be able to make requests for internal IP addresses against an open Squid prox...
Wireshark 1.4.4 - DECT Dissector Remote Buffer Overflow
!/usr/bin/env python -- coding: iso-8859-15 -- a = """ \n\t-- CVE: 2011-1591 : Wireshark = 2.5 For any comments, remarks, news, please mail me : ipv at team . net \n""" import sys, struct if sys.versioninfo = 2, 5: from scapy.all import else: from scapy import align def xv: return struct.pack"I",...
UDP Service Prober
Detect common UDP services using sequential probes This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'openssl' class MetasploitModule 'UDP Service Prober', 'Description' = 'Detect common UDP services using...
TCP Port Scanner
Enumerate open TCP services by performing a full TCP connect on each port. This does not need administrative privileges on the source machine, which may be useful if pivoting. This module requires Metasploit: https://metasploit.com/download Current source:...