Categorie
Advisories

OnionShare 2.3 >= 2.3.3 Vulnerabilities

TL;DR IHTeam undertook an independent security assessment of OnionShare CLI v2.3.3 and identified the following vulnerabilities: Unauthenticated File Upload (when using –receive in non-public mode) AKA CVE-2021-41868 Disclosure of Chat Participants to Unauthenticated Users (when using –chat option in non-public mode) AKA CVE-2021-41867 What is OnionShare? OnionShare is an open source tool that lets you […]

Categorie
Advisories

TerraMaster TOS Multiple Vulnerabilities

TerraMaster is well known for producing data storage devices (NAS and DAS) since 2010. TOS is the name of their web interface to manage functionalities of the device. The product is not new to security vulnerabilities, as Joshua M. of ISE highlighted back in 2018 (https://blog.securityevaluators.com/terramaster-nas-vulnerabilities-discovered-and-exploited-b8e5243e7a63).In 2020, IHTeam performed a security review of the current […]

Categorie
Advisories

EFront <= 3.6.9 Community Edition Multiple Vulnerabilities

Security center contact on 08 Sept 2011 Security center reply: 09 Sept 2011 Public Release: 07/10/2011 # Exploit Title: EFront # Google Dork: “eFront (version 3.6.9)” inurl:index.php?ctg=* # Date: 5/09/2011 # Author: IHTeam # Software Link: http://www.efrontlearning.net/download/download-efront.html # Tested on: efront_3.6.9_build11018 # Original Advisory: http://iht.li/FWh # Advisory code: http://iht.li/p/0VV Default username and password: student:student professor:professor […]

Categorie
Advisories Top

Make requests through Google servers +DDoS

Discovered on 10 Aug 2011 Google Security center contact: 10 Aug 2011 Response from the Google Security center: N/A Published: 29 Aug 2011 (GMT +1) How does it work? The vulnerable pages are “/_/sharebox/linkpreview/“ and “gadgets/proxy?“ Is possible to request any file type, and G+ will download and show all the content. So, if you […]

Categorie
Advisories

WordPress Wp-e-commerce plugin <= 3.8.4 Sql Injection

After 10 days from the official release of 3.8.5, we share our code with all the community. I wanna also thanks Dan for this articles and for his kindness. <?php /* WP e-Commerce <= 3.8.4 SQL Injection Download link: http://wordpress.org/extend/plugins/wp-e-commerce/ Author contact: 29/06/2011 Exploit published: 18/07/2011 Bugged code (wpsc-theme/functions/wpsc-user_log_functions.php): foreach ( (array)$_POST[‘collected_data’] as $value_id => […]

Categorie
Advisories

WordPress bSuite plugin <= 4.0.7 Permanent XSS (Add Admin)

WordPress bSuite <= 4.0.7 Permanent XSS -> Add Admin Download link: http://wordpress.org/extend/plugins/bsuite/ Author contact: 29/06/2011 POC published: 11/07/2011 Plugin is out-of-date, last update on 2009, so this is just a POC that show how to made the XSS more useful 😉 FIX: Add htmlspecialchars to output Bug found by: IHTeam Follow us on Twitter! @IHTeam […]