Operating System (OS) Detection (RTSP)

RTSP server based Operating System OS detection. Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Netgear DGN2200 - dnslookup.cgi Command Injection Exploit

Exploit for cgi platform in category remote exploits This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'net/http' require "base64" class MetasploitModule "Netgear DGN2200 dnslookup.cgi Command Injection",...

VLC Media Player Detection (HTTP)

Detects the installed version of VLC Media Player. This script sends an HTTP GET request and tries to get the version from the response. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right...

C99.php Shell - Authentication Bypass

No description provided by source. Exploit Title: C99 Shell Authentication Bypass via Backdoor Google Dork: inurl:c99.php Date: June 23, 2014 Exploit Author: mandatory Matthew Bryant Vendor Homepage: http://ccteam.ru/ Software Link: https://www.google.com/ Version: 1.00 beta Tested on:Linux CVE:...

Firefox “Basic Realm”基础认证头欺骗漏洞

BUGTRAQ ID: 27111 Firefox是一款开源的WEB浏览器。 Firefox会在所访问的Web服务器返回401状态代码时显示认证对话和WWW-Authenticate头。如果要指定基础认证，WWW-Authenticate头必须设置了Basic realm="XXX"值，然后会在认证对话窗口中显示Realm的值（也就是XXX）。 尽管Firefox不会显示双引号（"）后WWW-Authenticate头Realm值中的字符，但没有过滤单引号（'）和空格，因此攻击者就可以创建特制的Realm值，使认证对话看起来好像来自于可信任的站点，这样就可以执行网络钓鱼攻击。 Mozil...