Apache Tomcat VirtualDirContext Information Disclosure (CVE-2017-12616)

An information disclosure vulnerability exists in Apache Tomcat. By crafting a malicious request an attacker may view the source code of jsp files for resources...

Gratipay: Adding Used Primary Email Address to attacker account and Account takeover

Summary I just found that the Gratipay is vulnerable for adding used Primary Email Address to attacker account and Account takeover of the Gratipay. Description I was looking at the source code of the application and I found that, "If the email address [email protected] is already added in the X...

youke365_SQL_Injection#1

优客365 v2.9版本 后台存在SQL注入，可导致获取后台管理员账号密码 1，一个单引号引发的血案 爆出了表名dirusers和一些列名 2，源码审计，问题代码在.\module\login.php 代码处理不严谨。根据上图，经测试，用户名可以用1' or '1'='1进行绕过 密码进行了md5加密，所以不能进行简单绕过 3，sql注入 将爆破后的密码进行md5解密，即可得到管理员密码。当然，也可以顺便爆破管理员账号。（所以通过管理员账号认证是有两种姿势） 4，愉快地登陆后台 最后附上payload payload = ' and select 1 fromselect...

Zomato: SSRF in https://www.zomato.com████ allows reading local files and website source code

@nbsp found a SSRF vulnerability which leads to read local files from the web server source code & system files. We have resolved the issue quickly and rewarded the researcher...

MGASA-2017-0352 Updated tomcat packages fix security vulnerability

The CORS Filter did not add an HTTP Vary header indicating that the response varies depending on Origin. This permitted client and server side cache poisoning in some circumstances CVE-2017-7674. When using a VirtualDirContext it was possible to bypass security constraints and/or view the source...

Tomcat information disclosure Vulnerability(CVE-2017-12616 )analysis

Several recent Tomcat CVE CVE-2017-5664 Tomcat Security Constraint Bypass CVE-2017-12615 remote code execution vulnerability CVE-2017-12616 information disclosure vulnerability Common Is tasteless With JspServlet and DefaultServlet about the system. CVE-2017-12615 this remote code execution are...

Design/Logic Flaw

When using a VirtualDirContext with Apache Tomcat 7.0.0 to 7.0.80 it was possible to bypass security constraints and/or view the source code of JSPs for resources served by the VirtualDirContext using a specially crafted request...

CVE-2017-12616

When using a VirtualDirContext with Apache Tomcat 7.0.0 to 7.0.80 it was possible to bypass security constraints and/or view the source code of JSPs for resources served by the VirtualDirContext using a specially crafted request...

theZoo - A repository of LIVE malwares for your own joy and pleasure

theZoo is a project created to make the possibility of malware analysis open and available to the public. Since we have found out that almost all versions of malware are very hard to come by in a way which will allow analysis, we have decided to gather all of them for you in an accessible and saf...

JGI CMS 1.0 - Multiple Vulnerabilities

Exploit for php platform in category web applications JGI CMS 1.0 - Multiple Vulnerabilities 1---------------------------------- A Directory Traversal vulnerability has been discovered in the JCI CMS web-application. The vulnerability is located in the 'arquivo' parameter of thedl.php action GET...

JGI CMS 1.0 Script Source Code Disclosure

Title: ======= JGI CMS - Script Source Code Disclosure Introduction: ============== A content management system CMS is a computer application that supports the creation and modification of digital content. It is often used to support multiple users working in a collaborative environment. CMS...

how2heap vulnerability technical research and analysis summary of-under-vulnerability warning-the black bar safety net

"how2heap"is shellphish team at Github on the open source stack flaws tutorial series. I this period of time non-stop in the refresher heap of flaws in the application of common sense,to see these applied skills in the future feel rewarding. This article is my training this tutorial series after ...

Joomla Component com_phpbridge SQL Injection

SQL Injection vulnerability in Joomla PHP Bridge component id parameter Vulnerability Type: SQL Injection For the exploit source code contact DSquare Security sales team...

[SECURITY] Fedora 25 Update: cvs-1.11.23-41.fc25

CVS Concurrent Versions System is a version control system that can record the history of your files usually, but not always, source code. CVS only stores the differences between versions, instead of every version of every file you have ever created. CVS also keeps a log of who, when, and why...

Revamped Nukebot Malware Changes Targets, Adds Functions

A revamped version of the Nukebot banking trojan dubbed Jimmy Nukebot has shifted focus from stealing bankcard data and now acts as a conduit for quietly downloading malicious payloads for web-injects, cryptocurrency mining, and taking screenshots of targeted systems. The code is a modification o...

Linux Meterpreter, Reverse TCP Stager

Inject the mettle server payload staged. Connect back to the attacker This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework ReverseTcp ---------- Linux reverse TCP stager. module MetasploitModule CachedSize = 228 include...

Threat Round-up for Aug 11 - Aug 18

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between August 11 and August 18. As with previous round-ups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavior...

Photogallery Project 1.0 - SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: Photogallery Project 1.0 - Multiple Vulnerabilities Dork: N/A Date: 17.08.2017 Vendor Homepage : http://surajkumar.in/ Software Link: http://surajkumar.in/product/photogallery-project-in-php/ Demo: http://surajkumar.in/ Version:...

jadx - Dex to Java Decompiler

jadx - Dex to Java decompiler Command line and GUI tools for produce Java source code from Android Dex and Apk files. Building from source git clone https://github.com/skylot/jadx.git cd jadx ./gradlew dist on Windows, use gradlew.bat instead of ./gradlew Scripts for run jadx will be placed in...

Information disclosure

An information disclosure vulnerability in Fortinet FortiWeb 5.8.2 and below versions allows logged-in admin user to view SNMPv3 user password in cleartext in webui via the HTML source code...