farid007
/ ios - ssh - password.txt
Created
June 8, 2023 19:18
— forked from lyqflnh/ios - ssh - password.txt
ways to change password of the root or mobile account of ur jailbreak ios device
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #if u have the root password which default is "alpine" | |
| 1.login as root, using command "ssh root@ip address" | |
| 2.type ur password: alpine | |
| 3.type command "passwd" to change ur root password | |
| 4.when it is done, type command "passwd mobile" to change the mobile passwd | |
| #if u forget ur root passwd | |
| 1.open the file named "master.password" at /private/etc on ur jailbreak ios device | |
| 2.find the string like this: | |
| root:xxxxxxxxxxxxx:0:0::0:0:System Administrator:/var/root:/bin/sh |
farid007
/ CSRF in PyroCMS
Last active
October 8, 2020 10:25
CSRF in PyroCMS which leads to deletion of plugins (CVE-2020-25263)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Product-: PyroCMS | |
| CVE: CVE-2020-25263 | |
| Version: (,3.7) 3.7 Tested | |
| Vulnerability-: Deletion of plugin via Cross-Site Request Forgery(CSRF). | |
| Download-: https://github.com/pyrocms/pyrocms |
farid007
/ CSRF in PyroCMS
Last active
October 16, 2020 21:57
CSRF in PyroCMS Which leads to deletion of pages (CVE-2020-25262)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Product-: PyroCMS | |
| CVE: CVE-2020-25262 | |
| Version: (,3.7) 3.7 Tested | |
| Vulnerability-: Deletion of pages via Cross-Site Request Forgery(CSRF). | |
| Download-: https://github.com/pyrocms/pyrocms |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| CVE-2020-14413 | |
| NeDi 1.9C is vulnerable to XSS because of an incorrect implementation of sanitize() in inc/libmisc.php. This function attempts to escape the SCRIPT tag from user-controllable values, but can be easily bypassed, as demonstrated by an onerror attribute of an IMG element as a Devices-Config.php?sta= value. | |
| Steps to reproduce : | |
| > Note: every parameters is exploitable (Which are being displayed and stored). | |
| > Login to the application. | |
| > Go to "https://ip/Devices-Config.php?sta="><img src=x onerror=alert(1)>" | |
| > Js Code will be executed. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| CVE-2020-14414 | |
| NeDi 1.9C is vulnerable to Remote Command Execution. pwsec.php improperly escapes shell metacharacters from a POST request. An attacker can exploit this by crafting an arbitrary payload (any system commands) that contains shell metacharacters via a POST request with a pw parameter. (This can also be exploited via CSRF.) | |
| Steps To Reproduce-: | |
| > | |
| > Login with the credential. | |
| > Go to https://ip/pwsec.php. | |
| > Insert any data in the first field then intercept the request. |
farid007
/ NeDI 1.9C RCE
Last active
June 28, 2020 18:29
NeDi 1.9C Authenticated RCE (CVE-2020-14412)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| CVE-2020-14412 | |
| NeDi 1.9C is vulnerable to Remote Command Execution. System-Snapshot.php improperly escapes shell metacharacters from a POST request. An attacker can exploit this by crafting an arbitrary payload (any system commands) that contains shell metacharacters via a POST request with a psw parameter. | |
| (This can also be exploited via CSRF.) | |
| Steps To Reproduce-: | |
| > Login with the credential. | |
| > Go to https://ip/System-Snapshot.php. |
farid007
/ Rconfig Multiple Vulnerabilities
Last active
May 18, 2020 04:28
Rconfig 3.9.4 Session Fixation and XSS
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 1. Cross-Site Scripting (XSS) (CVE-2020-12256) | |
| The rConfig 3.9.4 is vulnerable to cross-site scripting. The devicemgmnt.php file improperly validates the request coming from the user input. Due to this flaw, An attacker can exploit this vulnerability by crafting arbitrary javascript | |
| ("><script>alert(document.cookie)</script>) in `deviceId` GET parameter of devicemgmnt.php resulting in execution of the | |
| javascript. | |
| Step To Reproduce-: | |
| 1. Login with the credential. | |
| 2. Go to https://ip-rconfig/devicemgmt.php?deviceId="><script>alert(document.cookie)</script> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Cross-Site Request Forgery (CSRF) (CVE-2020-12257) | |
| The rConfig 3.9.4 is vulnerable to cross-site request forgery (CSRF). | |
| Due to no implementation of CSRF protection such as CSRF token. | |
| An attacker can leverage this vulnerability by creating a form (add the user or delete the user or edit user) | |
| and host this form on his server and share this form to victims through social engineering methods. | |
| once the victims who are already authenticated to the rConfig clicks upon the form, unintended actions will be performed on the victim's behalf. | |
| Steps To Reproduce-: |
farid007
/ Rconfig File Upload RCE Exploit
Last active
November 15, 2022 06:17
Rconfig 3.9.4 File Upload RCE
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Remote Code Execution via File Upload (CVE-2020-12255) | |
| The rConfig 3.9.4 is vulnerable to remote code execution due to improper checks/validation via the file upload functionality. | |
| The vendor.crud.php accepts the file upload by checking through content-type and it is not restricting upload by checking the file extension and header. | |
| Due to this flaw, An attacker can exploit this vulnerability by uploading a PHP file that contains arbitrary code (shell) and changing the content-type to `image/gif` in the vendor.crud.php. | |
| since the validation checks are happening through content-type the server would accept the PHP file uploaded ultimately resulting code execution upon the response when invoked. | |
| Steps To Reproduce-: |