Agentejo Cockpit <0.12.0 - NoSQL Injection

Agentejo Cockpit prior to 0.12.0 is vulnerable to NoSQL Injection via the newpassword method of the Auth controller, which is responsible for displaying the user password reset form. id: CVE-2020-35848 info: name: Agentejo Cockpit 0.12.0 - NoSQL Injection author: dwisiswant0 severity: critical...

Waf-Bypass - Check Your WAF Before An Attacker Does

WAF bypass Tool is an open source tool to analyze the security of any WAF for False Positives and False Negatives using predefined and customizable payloads. Check your WAF before an attacker does. WAF Bypass Tool is developed by Nemesida WAF team with the participation of community. How to run I...

Cockpit CMS NoSQLi to RCE

This module exploits two NoSQLi vulnerabilities to retrieve the user list, and password reset tokens from the system. Next, the USER is targetted to reset their password. Then a command injection vulnerability is used to execute the payload. While it is possible to upload a payload and execute it...

Cockpit CMS 0.11.1 NoSQL Injection / Remote Command Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'metasploit/framework/hashes/identify' class MetasploitModule 'Cockpit CMS NoSQLi to RCE', 'Description' = %q This module exploits two NoSQLi vulnerabilities to...

NoSQLi - NoSql Injection CLI Tool

NoSQL scanner and injector. About Nosqli I wanted a better nosql injection tool that was simple to use, fully command line based, and configurable. To that end, I began work on nosqli - a simple nosql injection tool written in Go. It aims to be fast, accurate, and highly usable, with an easy to...