V-SOL GPON/EPON OLT Platform 2.03 - Cross-Site Request Forgery

Exploit Title: V-SOL GPON/EPON OLT Platform 2.03 - Cross-Site Request Forgery Author: LiquidWorm Discovery Date: 2019-09-26 Vendor: Guangzhou V-SOLUTION Electronic Technology Co., Ltd. Product web page: https://www.vsolcn.com Tested on: GoAhead-Webs Advisory ID: ZSL-2019-5536 Advisory URL:...

CableTEL Triple Play 1.0 SQL Injection

CableTEL's Triple Play v1.0 login.php Remote Login Bypass SQL Injection Exploit 21.12.2009 by Gjoko 'LiquidWorm' Krstic Zero Science Lab http://www.zeroscience.mk Advisory: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4925.php PoC: https://clients.site/clients/index.php user and pass: '+...

CableTEL's Triple Play v1.0 (login.php) Remote Login Bypass SQL Injection Vuln

Summary Triple Play is a PHP script that CableTEL offers its clients to check their internet traffic status. Description Triple Play suffers from a security bypass vulnerability login.php with sql injection attack. The login page can be accessed only by CableTEL's users. The script fails to...