[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

Crypttech CryptoLog Remote Code Execution Exploit

[ 0Day-ID-27727 ]
Full title
Crypttech CryptoLog Remote Code Execution Exploit [ Highlight ]
Highlight - is paid service, that can help to get more visitors to your material.

Price: 10
Date add
Category
Platform
Verified
Price
free
Risk
[
Security Risk Critical
]
Rel. releases
Description
This Metasploit module exploits the sql injection and command injection vulnerability of CryptoLog. An un-authenticated user can execute a terminal command under the context of the web user. login.php endpoint is responsible for login process. One of the user supplied parameter is used by the application without input validation and parameter binding. Which cause a sql injection vulnerability. Successfully exploitation of this vulnerability gives us the valid session. logshares_ajax.php endpoint is responsible for executing an operation system command. It's not possible to access this endpoint without having a valid session. One user parameter is used by the application while executing operating system command which cause a command injection issue. Combining these vulnerabilities gives us opportunity execute operation system command under the context of the web user.
Other Information
Abuses
0
Comments
0
Views
5 036
We DO NOT use Telegram or any messengers / social networks! We DO NOT use Telegram or any messengers / social networks! Please, beware of scammers!
free
Open Exploit
You can open this source code for free
Open Exploit
Open Exploit
You can open this source code for free
Verified by 0day Admin
Verified by 0day Admin
This material is checked by Administration and absolutely workable.
Author
BL
29
Exploits
26
Readers
0
[ Comments: 0 ]
Terms of use of comments:
  • Users are forbidden to exchange personal contact details
  • Haggle on other sites\projects is forbidden
  • Reselling is forbidden
Punishment: permanent block of user account with all Gold.

Login or register to leave comments