CVE-2024-28741

Cross Site Scripting vulnerability in EginDemirbilek NorthStar C2 v1 allows a remote attacker to execute arbitrary code via the login.php component...

Metasploit Weekly Wrap-Up 05/23/2024

Infiltrate the Broadcast! A new module from Chocapikk allows the user to perform remote code execution on vulnerable versions of streaming platform AVideo 12.4 - 14.2. The multi/http/avideowwbnindexunauthrce module leverages CVE-2024-31819, a vulnerability to PHP Filter Chaining, to gain...

NorthStar C2 Cross Site Scripting / Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'NorthStar C2 XSS to Agent RCE', 'Description' = %q NorthStar C2, prior to commit 7674a44 on March 11 2024, contains a vulnerability where the log...

NorthStar C2 XSS to Agent RCE

NorthStar C2, prior to commit 7674a44 on March 11 2024, contains a vulnerability where the logs page is vulnerable to a stored xss. An unauthenticated user can simulate an agent registration to cause the XSS and take over a users session. With this access, it is then possible to run a new payload...

CVE-2024-28741

Cross Site Scripting vulnerability in EginDemirbilek NorthStar C2 v1 allows a remote attacker to execute arbitrary code via the login.php component...

CVE-2024-28741

Cross Site Scripting vulnerability in EginDemirbilek NorthStar C2 v1 allows a remote attacker to execute arbitrary code via the login.php component...

CVE-2024-28741

CVE-2024-28741 affects NorthStar C2 v1 by EnginDemirbilek. It is a stored XSS in login.php that allows an unauthenticated remote attacker to execute arbitrary code on NorthStar C2 agents via crafted agent registrations and the logs page. Public PoCs and exploits exist (GitHub PoC, Metasploit modu...

CVE-2024-28741

Cross Site Scripting vulnerability in EginDemirbilek NorthStar C2 v1 allows a remote attacker to execute arbitrary code via the login.php component...

Exploit for CVE-2024-28741

NorthStar C2 agent RCE via stored XSS Agent RCE PoC for CVE-20...

NorthStar C2 Agent 1.0 Cross Site Scripting / Remote Command Execution

Exploit Title: NorthStar C2 agent RCE via stored XSS Date: 2024-03-11 Exploit Author: @chebuya Software Link: https://github.com/EnginDemirbilek/NorthStarC2 Version: v1.0 Tested on: Ubuntu 20.04 LTS CVE: CVE-2024-28741 Description: NorthStar C2 applies insufficient sanitization on agent...

NorthStar C2 Agent 1.0 Cross Site Scripting / Remote Command Execution Exploit

NorthStar C2 agent version 1.0 applies insufficient sanitization on agent registration routes, allowing an unauthenticated attacker to send multiple malicious agent registration requests to the teamserver to incrementally build a functioning javascript payload in the logs web page. This cross sit...

PT-2024-2648 · Egindemirbilek · Northstar C2

Name of the Vulnerable Software and Affected Versions: EginDemirbilek NorthStar C2 version 1 Description: The issue allows a remote attacker to execute arbitrary code via the login.php component due to a Cross Site Scripting vulnerability. This vulnerability exists because of the lack of protecti...