exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 3 of 3 RSS Feed

Files from Chris Hebert

Email addressprivate
First Active2014-05-12
Last Active2024-08-31
View User Profile
AlienVault Authenticated SQL Injection Arbitrary File Read
Posted Aug 31, 2024
Authored by Chris Hebert | Site metasploit.com

AlienVault 4.6.1 and below is susceptible to an authenticated SQL injection attack against newpolicyform.php, using the insertinto parameter. This Metasploit module exploits the vulnerability to read an arbitrary file from the file system. Any authenticated user is able to exploit this, as administrator privileges are not required.

tags | exploit, arbitrary, php, sql injection
advisories | CVE-2014-5383
SHA-256 | 47041a9a098122925ec54b3140188d51933adc560f06bb113f6adbbff41e40a1
BlueCoat CAS 1.3.7.1 Privilege Escalation
Posted Apr 3, 2017
Authored by Chris Hebert, Corey Boyd, Pete Paccione | Site metasploit.com

This Metasploit module abuses the sudo access granted to tomcat and the mvtroubleshooting.sh script to escalate privileges. In order to work, a tomcat session with access to sudo on the sudoers is needed. This Metasploit module is useful for post exploitation of BlueCoat vulnerabilities, where typically web server privileges are acquired, and this user is allowed to execute sudo on the sudoers file.

tags | exploit, web, vulnerability
advisories | CVE-2016-9091
SHA-256 | e2893d0c823a71c5e42bc07dcb197f2a382e0587c64f12ee1c7ad55690e5b7f2
AlienVault 4.6.1 SQL Injection
Posted May 12, 2014
Authored by Chris Hebert | Site metasploit.com

AlienVault 4.6.1 and below is susceptible to an authenticated SQL injection attack against newpolicyform.php using the 'insertinto' parameter. This Metasploit module exploits the lack of input filtering to read an arbitrary file from the file system. Any authenticated user is able to exploit this, as administrator privileges are not required.

tags | exploit, arbitrary, php, sql injection
SHA-256 | a9975b7a4973487f05e5a7fa0360aa22d01b19f6674d3108fcd210ec0f9bb893
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    0 Files
  • 14
    Nov 14th
    0 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close