2 matches found
Cerberus Helpdesk User Hash Disclosure
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Cerberus Helpdesk User Hash Disclosure', 'Description' = %q This module extracts usernames and password hashes from the Cerberus Helpdesk through...
NewStatPress <= 1.0.4 - SQL Injection
The Search functionality is susceptible to a SQL Injection attack due to usage of user input without sanitation. In particular, at line 98 of 'includes/nspsearch.php'. Utilising a specially crafted SQL query, we can trigger disclosure of user hashes through an IMG tag as the data channel. PoC The...