9ddf81331a
10 changes to exploits/shellcodes/ghdb TP-Link VN020 F3v(T) TT_V6.2.1021 - Buffer Overflow Memory Corruption TP-Link VN020 F3v(T) TT_V6.2.1021 - Denial Of Service (DOS) Angular-Base64-Upload Library 0.1.21 - Unauthenticated Remote Code Execution (RCE) Blood Bank & Donor Management System 2.4 - CSRF Improper Input Validation compop.ca 3.5.3 - Arbitrary code Execution Usermin 2.100 - Username Enumeration ABB Cylon Aspect 3.08.02 (deployStart.php) - Unauthenticated Command Execution ABB Cylon Aspect 3.08.02 (ethernetUpdate.php) - Authenticated Path Traversal AnyDesk 9.0.1 - Unquoted Service Path
26 lines
No EOL
802 B
Text
26 lines
No EOL
802 B
Text
# Exploit Title: compop.ca 3.5.3 - Arbitrary code Execution
|
|
# Google Dork: Terms of Use inurl:compop.vip
|
|
# Date: 22/12/2024
|
|
# Exploit Author: dmlino
|
|
# Vendor Homepage: https://www.compop.ca/
|
|
# Version: 3.5.3
|
|
# CVE : CVE-2024-48445
|
|
|
|
|
|
The restaurant management system implements authentication using a Unix
|
|
timestamp parameter ("ts") in the URL. This implementation is vulnerable to
|
|
manipulation as it relies solely on time-based validation without proper
|
|
authentication mechanisms.
|
|
|
|
Technical Details:
|
|
The application uses a URL parameter "ts" which accepts a Unix timestamp
|
|
value.
|
|
|
|
Steps:
|
|
1. Find a vulnerable restaurant.
|
|
|
|
2. Get the current time in the UNIX format:
|
|
Linux: $date +%s
|
|
Windows Powershell: [int](Get-Date -UFormat %s -Millisecond 0)
|
|
|
|
3. Replace parameter in url with the new value |