noraj (31)

Last Login: September 28, 2021
Assessments
12
Score
31

noraj's Latest (12) Contributions

Sort by:
Filter by:
1
Ratings
  • Attacker Value
    Very High
  • Exploitability
    High
Technical Analysis

Patch : update to OTRS 6.0.2 to fix this specific issue but updating to 6.0.32 is recommended.

1
Ratings
Technical Analysis

All exploits linked except the gist one have artifacts (3D and \n) making it unusable so use the gist cleaned version.

To patch update to v2.8+.

2
Ratings
  • Attacker Value
    Very High
  • Exploitability
    High
Technical Analysis
2
Ratings
Technical Analysis
2
Ratings
  • Attacker Value
    Very High
  • Exploitability
    Very High
Technical Analysis

This plugin is not that commonly deployed on Wordpress installations and to detected it you need the aggressive plugin mode of Wpscan enabled else wpDiscuz won’t be even detected.

1
Ratings
Technical Analysis

The file upload is totally unrestricted but an account is required.

1
Ratings
  • Attacker Value
    Very High
  • Exploitability
    High
Technical Analysis

The uploaded file must have an image magic byte (eg. GIF) in order to match getimagesize (code) then you can easily have a reverse shell on the machine.

2
Ratings
Technical Analysis

This gives the ability to create an administrator account while being unauthenticated. The admin account is rather useless because all other vulnerabilities (unrestricted file upload, information leakage) are unauthenticated too so and admin account is not required.

1
Ratings
  • Attacker Value
    Medium
  • Exploitability
    Medium
Technical Analysis

Be careful it actually modifies the code of the application.

1
Ratings
  • Attacker Value
    Medium
  • Exploitability
    Medium
Technical Analysis

Be careful it actually modifies the code of the application.

2
Ratings
  • Attacker Value
    Very High
  • Exploitability
    Very High
Technical Analysis

Unauthenticated RCE with default config, this is critical.

3
Ratings
  • Attacker Value
    Low
  • Exploitability
    High
Technical Analysis

This is just a security bypass allowing an attacker to perform a brute-force attack on the authentication form without being blocked after 10 attemps.
So 9.8 CVSS score is way too high for this vuln.