This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#if u have the root password which default is "alpine" | |
1.login as root, using command "ssh root@ip address" | |
2.type ur password: alpine | |
3.type command "passwd" to change ur root password | |
4.when it is done, type command "passwd mobile" to change the mobile passwd | |
#if u forget ur root passwd | |
1.open the file named "master.password" at /private/etc on ur jailbreak ios device | |
2.find the string like this: | |
root:xxxxxxxxxxxxx:0:0::0:0:System Administrator:/var/root:/bin/sh |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Product-: PyroCMS | |
CVE: CVE-2020-25263 | |
Version: (,3.7) 3.7 Tested | |
Vulnerability-: Deletion of plugin via Cross-Site Request Forgery(CSRF). | |
Download-: https://github.com/pyrocms/pyrocms |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Product-: PyroCMS | |
CVE: CVE-2020-25262 | |
Version: (,3.7) 3.7 Tested | |
Vulnerability-: Deletion of pages via Cross-Site Request Forgery(CSRF). | |
Download-: https://github.com/pyrocms/pyrocms |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
CVE-2020-14413 | |
NeDi 1.9C is vulnerable to XSS because of an incorrect implementation of sanitize() in inc/libmisc.php. This function attempts to escape the SCRIPT tag from user-controllable values, but can be easily bypassed, as demonstrated by an onerror attribute of an IMG element as a Devices-Config.php?sta= value. | |
Steps to reproduce : | |
> Note: every parameters is exploitable (Which are being displayed and stored). | |
> Login to the application. | |
> Go to "https://ip/Devices-Config.php?sta="><img src=x onerror=alert(1)>" | |
> Js Code will be executed. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
CVE-2020-14414 | |
NeDi 1.9C is vulnerable to Remote Command Execution. pwsec.php improperly escapes shell metacharacters from a POST request. An attacker can exploit this by crafting an arbitrary payload (any system commands) that contains shell metacharacters via a POST request with a pw parameter. (This can also be exploited via CSRF.) | |
Steps To Reproduce-: | |
> | |
> Login with the credential. | |
> Go to https://ip/pwsec.php. | |
> Insert any data in the first field then intercept the request. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
CVE-2020-14412 | |
NeDi 1.9C is vulnerable to Remote Command Execution. System-Snapshot.php improperly escapes shell metacharacters from a POST request. An attacker can exploit this by crafting an arbitrary payload (any system commands) that contains shell metacharacters via a POST request with a psw parameter. | |
(This can also be exploited via CSRF.) | |
Steps To Reproduce-: | |
> Login with the credential. | |
> Go to https://ip/System-Snapshot.php. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
1. Cross-Site Scripting (XSS) (CVE-2020-12256) | |
The rConfig 3.9.4 is vulnerable to cross-site scripting. The devicemgmnt.php file improperly validates the request coming from the user input. Due to this flaw, An attacker can exploit this vulnerability by crafting arbitrary javascript | |
("><script>alert(document.cookie)</script>) in `deviceId` GET parameter of devicemgmnt.php resulting in execution of the | |
javascript. | |
Step To Reproduce-: | |
1. Login with the credential. | |
2. Go to https://ip-rconfig/devicemgmt.php?deviceId="><script>alert(document.cookie)</script> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Cross-Site Request Forgery (CSRF) (CVE-2020-12257) | |
The rConfig 3.9.4 is vulnerable to cross-site request forgery (CSRF). | |
Due to no implementation of CSRF protection such as CSRF token. | |
An attacker can leverage this vulnerability by creating a form (add the user or delete the user or edit user) | |
and host this form on his server and share this form to victims through social engineering methods. | |
once the victims who are already authenticated to the rConfig clicks upon the form, unintended actions will be performed on the victim's behalf. | |
Steps To Reproduce-: |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Remote Code Execution via File Upload (CVE-2020-12255) | |
The rConfig 3.9.4 is vulnerable to remote code execution due to improper checks/validation via the file upload functionality. | |
The vendor.crud.php accepts the file upload by checking through content-type and it is not restricting upload by checking the file extension and header. | |
Due to this flaw, An attacker can exploit this vulnerability by uploading a PHP file that contains arbitrary code (shell) and changing the content-type to `image/gif` in the vendor.crud.php. | |
since the validation checks are happening through content-type the server would accept the PHP file uploaded ultimately resulting code execution upon the response when invoked. | |
Steps To Reproduce-: |