ac267cb298
11 changes to exploits/shellcodes Redis 5.0 - Denial of Service ntp 4.2.8p11 - Local Buffer Overflow (PoC) Windows 10 - Desktop Bridge Activation Arbitrary Directory Creation Privilege Escalation Windows 10 - Desktop Bridge Virtual Registry CVE-2018-0880 Incomplete Fix Privilege Escalation Drupal < 7.58 / < 8.3.9 / < 8.4.6 / < 8.5.1 - 'Drupalgeddon2' Remote Code Execution Mirasys DVMS Workstation 5.12.6 - Path Traversal MaDDash 2.0.2 - Directory Listing NewMark CMS 2.1 - 'sec_id' SQL Injection TP-Link TL-WA850RE - Remote Command Execution Apache CouchDB < 2.1.0 - Remote Code Execution IPConfigure Orchid VMS 2.0.5 - Directory Traversal Information Disclosure (Metasploit) VideoInsight WebClient 5 - SQL Injection
26 lines
No EOL
893 B
Text
26 lines
No EOL
893 B
Text
# Exploit Title: MaDDash 2.0.2 - Directory Listing
|
|
# Date: 2018-06-18
|
|
# Vendor: perfSONAR
|
|
# Download Link: https://github.com/esnet/maddash/archive/master.zip
|
|
# Version: 2.0.2
|
|
# Exploit Author: ManhNho
|
|
# CVE: CVE-2018-12522,CVE-2018-12523,CVE-2018-12524,CVE-2018-12525
|
|
# Category: Webapps
|
|
# Tested on: Windows 7
|
|
|
|
--- Description ---
|
|
A directory listing is inappropriately exposed, yielding potentially
|
|
sensitive information to attackers.
|
|
A directory listing provides an attacker with the complete index of all the
|
|
resources located inside of the directory.
|
|
The specific risks and consequences vary depending on which files are
|
|
listed and accessible.
|
|
|
|
---Affected items---
|
|
http://127.0.0.1/maddash-webui/etc/
|
|
http://127.0.0.1/maddash-webui/lib/
|
|
http://127.0.0.1/maddash-webui/images/
|
|
http://127.0.0.1/maddash-webui/style/
|
|
|
|
---References---
|
|
https://pastebin.com/eA5tGKf0 |