exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 5 of 5 RSS Feed

Files from Naveen Sunkavally

First Active2022-08-08
Last Active2024-09-24
Traccar 5.12 Remote Code Execution
Posted Sep 24, 2024
Authored by Naveen Sunkavally, Michael Heinzl, yiliufeng168 | Site metasploit.com

This Metasploit module exploits a remote code execution vulnerability in Traccar versions 5.1 through 5.12. Remote code execution can be obtained by combining path traversal and an unrestricted file upload vulnerabilities. By default, the application allows self-registration, enabling any user to register an account and exploit the issues. Moreover, the application runs by default with root privileges, potentially resulting in a complete system compromise. This Metasploit module, which should work on any Red Hat-based Linux system, exploits these issues by adding a new cronjob file that executes the specified payload.

tags | exploit, remote, root, vulnerability, code execution, file upload
systems | linux, redhat
advisories | CVE-2024-24809, CVE-2024-31214
SHA-256 | 0bc1add3ef020b8c6e70e1d2ec3bfd3d9c59d68531db58229710061c08ef8c2e
Apache Superset Signed Cookie Privilege Escalation
Posted Aug 31, 2024
Authored by h00die, Spencer McIntyre, Naveen Sunkavally, paradoxis | Site metasploit.com

Apache Superset versions less than or equal to 2.0.0 utilize Flask with a known default secret key which is used to sign HTTP cookies. These cookies can therefore be forged. If a user is able to login to the site, they can decode the cookie, set their user_id to that of an administrator, and re-sign the cookie. This valid cookie can then be used to login as the targeted user and retrieve database credentials saved in Apache Superset.

tags | exploit, web
advisories | CVE-2023-27524
SHA-256 | d2f3f49f545f08316164ead81d35121c2e2d9bcf18db08e5892b4b09ada13936
Mirth Connect 4.4.0 Remote Command Execution
Posted Jan 31, 2024
Authored by r00t, Spencer McIntyre, Naveen Sunkavally | Site metasploit.com

A vulnerability exists within Mirth Connect due to its mishandling of deserialized data. This vulnerability can be leveraged by an attacker using a crafted HTTP request to execute OS commands within the context of the target application. The original vulnerability was identified by IHTeam and assigned CVE-2023-37679. Later, researchers from Horizon3.ai determined the patch to be incomplete and published a gadget chain which bypassed the deny list that the original had implemented. This second vulnerability was assigned CVE-2023-43208 and was patched in Mirth Connect version 4.4.1. This Metasploit module has been tested on versions 4.1.1, 4.3.0 and 4.4.0.

tags | exploit, web
advisories | CVE-2023-37679, CVE-2023-43208
SHA-256 | c858fd93ded0a54a221c8cbb76027c1a54979c692f2f5ec5173f8b90a63ff30f
Apache Superset 2.0.0 Remote Code Execution
Posted Oct 13, 2023
Authored by h00die, Spencer McIntyre, Naveen Sunkavally, paradoxis | Site metasploit.com

Apache Superset versions 2.0.0 and below utilize Flask with a known default secret key which is used to sign HTTP cookies. These cookies can therefore be forged. If a user is able to login to the site, they can decode the cookie, set their user_id to that of an administrator, and re-sign the cookie. This valid cookie can then be used to login as the targeted user. From there the Superset database is mounted, and credentials are pulled. A dashboard is then created. Lastly a pickled python payload can be set for that dashboard within Superset's database which will trigger the remote code execution. An attempt to clean up ALL of the dashboard key values and reset them to their previous values happens during the cleanup phase.

tags | exploit, remote, web, code execution, python
advisories | CVE-2023-27524, CVE-2023-37941, CVE-2023-39265
SHA-256 | 0cf3211c0a88b94f22c56bd68535a69b15419a4e9c97ce50b1d180e75e44b6be
ManageEngine ADAudit Plus Path Traversal / XML Injection
Posted Aug 8, 2022
Authored by Ron Bowes, Naveen Sunkavally | Site metasploit.com

This Metasploit module exploits CVE-2022-28219, which is a pair of vulnerabilities in ManageEngine ADAudit Plus versions before build 7060. They include a path traversal in the /cewolf endpoint along with a blind XML external entity injection vulnerability to upload and execute a file.

tags | exploit, vulnerability
advisories | CVE-2022-28219
SHA-256 | 19ca84f8e53083cacedb632dc26e16f78047ee8e6573a717d22be7336e613cdb
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    44 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close