bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/hardware/webapps/50339.txt
Offensive Security d2b0bf596b DB: 2021-09-29 
10 changes to exploits/shellcodes

Apache James Server 2.3.2 - Remote Command Execution (RCE) (Authenticated) (2)
FatPipe Networks WARP/IPVPN/MPVPN 10.2.2 - 'Add Admin' Cross-Site Request Forgery (CSRF)
FatPipe Networks WARP 10.2.2 - Authorization Bypass
FatPipe Networks WARP/IPVPN/MPVPN 10.2.2 - Config Download (Unauthenticated)
FatPipe Networks WARP/IPVPN/MPVPN 10.2.2 - Hidden Backdoor Account (Write Access)
FatPipe Networks WARP/IPVPN/MPVPN 10.2.2 - Remote Privilege Escalation
WordPress Plugin TranslatePress 2.0.8 - Stored Cross-Site Scripting (XSS) (Authenticated)
WordPress Plugin Contact Form 1.7.14 - Reflected Cross-Site Scripting (XSS)
WordPress Plugin Ultimate Maps 1.2.4 - Reflected Cross-Site Scripting (XSS)
WordPress Plugin Popup 1.10.4 - Reflected Cross-Site Scripting (XSS)
2021-09-29 05:02:13 +00:00

81 lines
No EOL
2.5 KiB
Text
Raw Permalink Blame History

# Exploit Title: FatPipe Networks WARP 10.2.2 - Authorization Bypass
# Date: 25.07.2021
# Exploit Author: LiquidWorm
# Vendor Homepage: https://www.fatpipeinc.com
FatPipe Networks WARP 10.2.2 Authorization Bypass
Vendor: FatPipe Networks Inc.
Product web page: https://www.fatpipeinc.com
Affected version: WARP
10.2.2r38
10.2.2r25
10.2.2r10
10.1.2r60p82
10.1.2r60p71
10.1.2r60p65
10.1.2r60p58s1
10.1.2r60p58
10.1.2r60p55
10.1.2r60p45
10.1.2r60p35
10.1.2r60p32
10.1.2r60p13
10.1.2r60p10
9.1.2r185
9.1.2r180p2
9.1.2r165
9.1.2r164p5
9.1.2r164p4
9.1.2r164
9.1.2r161p26
9.1.2r161p20
9.1.2r161p17
9.1.2r161p16
9.1.2r161p12
9.1.2r161p3
9.1.2r161p2
9.1.2r156
9.1.2r150
9.1.2r144
9.1.2r129
7.1.2r39
6.1.2r70p75-m
6.1.2r70p45-m
6.1.2r70p26
5.2.0r34
Summary: FatPipe Networks invented the concept of router-clustering,
which provides the highest level of reliability, redundancy, and speed
of Internet traffic for Business Continuity and communications. FatPipe
WARP achieves fault tolerance for companies by creating an easy method
of combining two or more Internet connections of any kind over multiple
ISPs. FatPipe utilizes all paths when the lines are up and running,
dynamically balancing traffic over the multiple lines, and intelligently
failing over inbound and outbound IP traffic when ISP services and/or
components fail.
Desc: Improper access control occurs when the application provides direct
access to objects based on user-supplied input. As a result of this vulnerability
attackers can bypass authorization and access resources behind protected
pages.
Tested on: Apache-Coyote/1.1
Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
@zeroscience
Advisory ID: ZSL-2021-5682
Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5682.php
30.05.2016
25.07.2021
--
$ curl -vk "https://10.0.0.9/fpui/jsp/index.jsp"
Reference in a new issue View git blame Copy permalink