dnaLIMS Code Execution / XSS / Traversal / Session Hijacking （CVE-2017-6526）

dnaLIMS Code Execution / XSS / Traversal / Session Hijacking web-application Advisory URL: https://www.shorebreaksecurity.com/blog/product-security-advisory-psa0002-dnalims/ Date published: Mar 08, 2017 Vendor: dnaTools, Inc. CVE IDs: 2017-6526, 2017-6527, 2017-6528, 2017-6529 USCERT VU: 929263...

dnaLIMS Admin Module Command Execution Exploit

Usage Info msf use exploit/linux/http/dnalimsadminexec msf exploitdnalimsadminexec show targets ...targets... msf exploitdnalimsadminexec set TARGET msf exploitdnalimsadminexec show options ...show and set options... msf exploitdnalimsadminexec exploit This module requires Metasploit:...

DnaLIMS Directory Traversal

This module exploits a directory traversal vulnerability found in dnaLIMS. Due to the way the viewAppletFsa.cgi script handles the 'secID' parameter, it is possible to read a file outside the www directory. This module requires Metasploit: https://metasploit.com/download Current source:...

dnaLIMS Admin Module Command Execution

This module utilizes an administrative module which allows for command execution. This page is completely unprotected from any authentication when given a POST request. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework...