Menu

Search for hundreds of thousands of exploits

"Hipergate 4.0.12 - Multiple Vulnerabilities"

Author

Exploit author

"Nahuel Grisolia"

Platform

Exploit platform

jsp

Release date

Exploit published date

2010-02-03

Download file

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
Permanent XSS:

Advisory Name: Permanent Cross-Site Scripting (XSS) in Hipergate 4.0.12

Vulnerability Class: Permanent Cross-Site Scripting (XSS)

Release Date: 2010-02-02

Affected Applications: Confirmed in Hipergate 4.0.12. Other versions may also be affected

Affected Platforms: Multiple

Local / Remote: Remote

Severity: Medium  CVSS: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)

Researcher: Nahuel Grisolía

Vendor Status: Still Vulnerable  No Patch Available at the moment

Vulnerability Description:
A permanent Cross Site Scripting vulnerability was found in Hipergate 4.0.12, because the application
fails to sanitize user-supplied input. Any logged-in user who is able to add a New Campaign can trigger
the vulnerability.

Proof of Concept:
* Add <script>alert(XSS in Campaign);</script> as a new campaign.

Impact:

An affected user may unintentionally execute scripts or actions written by an attacker. In addition, an
attacker may obtain authorization cookies that would allow him to gain unauthorized access to the
application.
Solution: Maybe in Build 5.5 (Future Release, information provided by the vendor)
Vendor Response: Last Contact on January 12, 2010. They said that no more patches would be
provided since Build 5.5 will be released soon.
Contact Information:
For more information regarding the vulnerability feel free to contact the researcher at
nahuel.grisolia <at> gmail <dot> com

Reflected XSS:

Advisory Name: Reflected Cross-Site Scripting (XSS) in Hipergate

Vulnerability Class: Reflected Cross-Site Scripting (XSS)

Release Date: 2010-02-02

Affected Applications: Confirmed in Hipergate 4.0.12. Other versions may also be affected

Affected Platforms: Multiple

Local / Remote: Remote

Severity: Medium  CVSS: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)

Researcher: Nahuel Grisolía

Vendor Status: Still Vulnerable  No Patch Available at the moment

Vulnerability Description:

A reflected Cross Site Scripting vulnerability was found in Hipergate 4.0.12, because the application
fails to sanitize user-supplied input. Any logged-in user can trigger the vulnerability.

Proof of Concept:

http://x.x.x.x:8080/hipergate/common/errmsg.jsp?title=%3Cscript%3Ealert%28%22titleXSS%22%29;
%3C/script%3E&desc=%3Cscript%3Ealert%28%22descXSS%22%29;%3C/script%3E&resume=_bac
k
Script pwd_errmsg.jsp is also affected.

Impact:

An affected user may unintentionally execute scripts or actions written by an attacker. In addition, an
attacker may obtain authorization cookies that would allow him to gain unauthorized access to the
application.
Solution: Maybe in Build 5.5 (Future Release, information provided by the vendor)
Vendor Response: Last Contact on January 12, 2010. They said that no more patches would be
provided since Build 5.5 will be released soon.
Contact Information:
For more information regarding the vulnerability feel free to contact the researcher at
nahuel.grisolia <at> gmail <dot> com

SQL Command Exec:

Advisory Name: SQL Command Exec in Hipergate

Vulnerability Class: SQL Command Exec

Release Date: 2010-02-02

Affected Applications: Confirmed in Hipergate 4.0.12. Other versions may also be affected.

Affected Platforms: Multiple

Local / Remote: Remote

Severity: High  CVSS: 10 (AV:N/AC:L/Au:N/C:C/I:C/A:C)

Researcher: Nahuel Grisolía

Vendor Status: Still Vulnerable  No Patch Available at the moment

Vulnerability Description:
A vulnerability has been discovered in Hipergate, which can be exploited by malicious people to
conduct SQL Command Execution Attacks.
The vulnerability is confirmed in version 4.0.12. Other versions may also be affected.

Proof of Concept:

http://x.x.x.x:8080/hipergate/admin/sql.htm

Impact: Execute arbitrary SQL queries.

Solution: Maybe in Build 5.5 (Future Release, information provided by the vendor)

Vendor Response: Last Contact on January 12, 2010. They said that no more patches would be
provided since Build 5.5 will be released soon.

Contact Information:

For more information regarding the vulnerability feel free to contact the researcher at
nahuel.grisolia <at> gmail <dot> com
Release Date Title Type Platform Author
2020-12-02 "Mitel mitel-cs018 - Call Data Information Disclosure" remote linux "Andrea Intilangelo"
2020-12-02 "aSc TimeTables 2021.6.2 - Denial of Service (PoC)" local windows "Ismael Nava"
2020-12-02 "NewsLister - Authenticated Persistent Cross-Site Scripting" webapps multiple "Emre Aslan"
2020-12-02 "Anuko Time Tracker 1.19.23.5311 - No rate Limit on Password Reset functionality" webapps php "Mufaddal Masalawala"
2020-12-02 "Ksix Zigbee Devices - Playback Protection Bypass (PoC)" remote multiple "Alejandro Vazquez Vazquez"
2020-12-02 "DotCMS 20.11 - Stored Cross-Site Scripting" webapps multiple "Hardik Solanki"
2020-12-02 "ChurchCRM 4.2.0 - CSV/Formula Injection" webapps multiple "Mufaddal Masalawala"
2020-12-02 "ChurchCRM 4.2.1 - Persistent Cross Site Scripting (XSS)" webapps multiple "Mufaddal Masalawala"
2020-12-02 "Artworks Gallery 1.0 - Arbitrary File Upload RCE (Authenticated) via Edit Profile" webapps multiple "Shahrukh Iqbal Mirza"
2020-12-02 "IDT PC Audio 1.0.6433.0 - 'STacSV' Unquoted Service Path" local windows "Manuel Alvarez"
Release Date Title Type Platform Author
2019-11-12 "Atlassian Confluence 6.15.1 - Directory Traversal" webapps jsp max7253
2019-11-12 "Atlassian Confluence 6.15.1 - Directory Traversal (Metasploit)" webapps jsp max7253
2019-09-16 "NetGain EM Plus 10.1.68 - Remote Command Execution" webapps jsp azams
2019-07-26 "Ahsay Backup 7.x - 8.1.1.50 - Authenticated Arbitrary File Upload / Remote Code Execution" webapps jsp "Wietse Boonstra"
2019-07-26 "Ahsay Backup 7.x - 8.1.1.50 - Authenticated Arbitrary File Upload / Remote Code Execution (Metasploit)" webapps jsp "Wietse Boonstra"
2019-07-26 "Ahsay Backup 7.x - 8.1.1.50 - XML External Entity Injection" webapps jsp "Wietse Boonstra"
2019-06-11 "Liferay Portal 7.1 CE GA=3 / SimpleCaptcha API - Cross-Site Scripting" webapps jsp "Valerio Brussani"
2019-06-05 "Zimbra < 8.8.11 - XML External Entity Injection / Server-Side Request Forgery" webapps jsp k8gege
2019-05-10 "dotCMS 5.1.1 - HTML Injection" webapps jsp "Ismail Tasdelen"
2019-03-11 "OpenKM 6.3.2 < 6.3.7 - Remote Command Execution (Metasploit)" webapps jsp AkkuS
Release Date Title Type Platform Author
2012-11-26 "Websense Proxy - Filter Bypass" dos multiple "Nahuel Grisolia"
2012-04-09 "Dolibarr ERP/CRM < 3.2.0 / < 3.1.1 - OS Command Injection" webapps php "Nahuel Grisolia"
2010-12-09 "VMware Tools - Update OS Command Injection" remote multiple "Nahuel Grisolia"
2010-10-13 "Oracle Virtual Server Agent - Command Injection" remote unix "Nahuel Grisolia"
2010-05-19 "McAfee Email Gateway - Web Administration Broken Access Control" webapps freebsd "Nahuel Grisolia"
2010-05-19 "McAfee Email Gateway 6.7.1 - 'systemWebAdminConfig.do' Remote Security Bypass" remote windows "Nahuel Grisolia"
2010-04-22 "Cacti 0.8.7e - SQL Injection" webapps php "Nahuel Grisolia"
2010-04-22 "Cacti 0.8.7e - OS Command Injection" webapps php "Nahuel Grisolia"
2010-04-06 "McAfee Email Gateway (formerly IronMail) - Denial of Service" dos hardware "Nahuel Grisolia"
2010-04-06 "McAfee Email Gateway (formerly IronMail) - Cross-Site Scripting" webapps hardware "Nahuel Grisolia"
2010-04-06 "McAfee Email Gateway (formerly IronMail) - Local Privilege Escalation" local freebsd "Nahuel Grisolia"
2010-04-06 "McAfee Email Gateway (formerly IronMail) - Internal Information Disclosure" local freebsd "Nahuel Grisolia"
2010-04-06 "McAfee Email Gateway < 6.7.2 Hotfix 2 - Multiple Vulnerabilities" dos windows "Nahuel Grisolia"
2010-03-18 "ManageEngine ServiceDesk Plus 7.6 - woID SQL Injection" webapps jsp "Nahuel Grisolia"
2010-03-16 "OSSIM 2.2 - Multiple Vulnerabilities" webapps php "Nahuel Grisolia"
2010-03-16 "eGroupWare 1.6.002 and eGroupWare premium line 9.1 - Multiple Vulnerabilities" webapps php "Nahuel Grisolia"
2010-03-02 "IBM Lotus Domino 7.0.2 - 'readme.nsf' Cross-Site Scripting" remote multiple "Nahuel Grisolia"
2010-02-09 "osTicket 1.6 RC5 - Multiple Vulnerabilities" webapps php "Nahuel Grisolia"
2010-02-04 "KnowGate hipergate 4.0.12 - Multiple Cross-Site Scripting Vulnerabilities" webapps jsp "Nahuel Grisolia"
2010-02-03 "Hipergate 4.0.12 - Multiple Vulnerabilities" webapps jsp "Nahuel Grisolia"
2009-12-16 "OSSIM 2.1.5 - SQL Injection" webapps php "Nahuel Grisolia"
2009-12-16 "OSSIM 2.1.5 - Arbitrary File Upload" webapps php "Nahuel Grisolia"
2009-12-16 "OSSIM 2.1.5 - Remote Command Execution" webapps php "Nahuel Grisolia"
2009-12-04 "Achievo 1.4.2 - Arbitrary File Upload" webapps php "Nahuel Grisolia"
2009-12-04 "Achievo 1.4.2 - Persistent Cross-Site Scripting" webapps php "Nahuel Grisolia" 
import requests
response = requests.get('http://127.0.0.1:8181?format=json')

For full documentation follow the link above

Cipherscan. Find out which SSL ciphersuites are supported by a target.

Cipher Protocols Sigalg Trusted

Identify and fingerprint Web Application Firewall (WAF) products protecting a website.

Host WAF detected