Advantech WebAccess 8.1 Post Authentication Credential Collector

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Advantech WebAccess 8.1 Post Authentication Credential Collector", 'Description' = %q This module allows you to log into Advantech WebAccess 8.1,...

CVE-2017-5152

An issue was discovered in Advantech WebAccess Version 8.1. By accessing a specific uniform resource locator URL on the web server, a malicious user is able to access pages unrestricted AUTHENTICATION BYPASS...

Advantech WebAccess 8.1 Post Authentication Credential Collector

This module allows you to log into Advantech WebAccess 8.1, and collect all of the credentials. Although authentication is required, any level of user permission can exploit this vulnerability. Note that 8.2 is not suitable for this. This module requires Metasploit: https://metasploit.com/downloa...

CVE-2016-0856

CVE-2016-0856 affects Advantech WebAccess (pre-8.1). The root cause is a stack-based buffer overflow in the bwconn.dll RpcWebClientConnect path (IoRequest structure) that can be triggered remotely to execute arbitrary code. Public PoCs and PoC-style repositories on Gitee describe a Python/ctypes-...