Last Login: March 23, 2020
cinzinga's Contributions (6)
I am the author of this exploit. The web application (from 2018) does not list .php7 and .phtml as illegal file extensions. Additionally, the web app has open registration so that anyone with an email can sign up. This allows for virtually anyone to obtain remote code execution on the server by uploading a malicious web shell.
Currently on the internet there are 2 live websites running this software.
POC is available on my GitHub: https://github.com/cinzinga/CVEs/tree/master/CVE-2020-10557
I am the founder of this exploit. While it is in a Hewlett-Packard product, it is a very obscure piece of software and was no longer actively maintained until this vulnerability was reported. The application is only vulnerable when the web server interface is running.
I am the author of this vulnerability. This is a stored cross site scripting vulnerability. It could be paired with CVE-2020-5307 which is an unauthenticated SQL injection to obtain login credentials, then plant the stored XSS payload.
I am the author of this vulnerability. The username parameter is vulnerable to time-based blind SQLi. This means it can be exploited without any authentication and can potentially be used to obtain a reverse shell depending on permissions.
I am the founder of this exploit. Google dorking revealed very few live instances of this web application running so I have rated the value as low. However, exploiting the reflected XSS is very trivial but would require user interaction to be effective.
Blog post: https://cinzinga.github.io/CVE-2019-19908/