Skip to content

mefulton/asustorexploit

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits

LICENSE

LICENSE

 
 

README.md

README.md

 
 

asustor.py

asustor.py

 
 

Repository files navigation

A chained exploit that leverages a persistent cross site scripting and ends up with a root shell. I had attempted to work with Asustor in order to disclose this through their security team as it states to do so via Mitre as they are a CNA, however I had zero luck in receiving contact with the security team there. Link to a write up: https://www.purehacking.com/blog/matthew-fulton/back-to-the-future-asustor-web-exploitation

Update - 22 May 2018, Mitre has assigned some CVE identifiers for the bugs detailed in the blog post:

CVE-2018-11340 CVE-2018-11341 CVE-2018-11342 CVE-2018-11343 CVE-2018-11344 CVE-2018-11345 CVE-2018-11346

About

No description, website, or topics provided.

Resources

Readme

License

GPL-3.0 license
Activity

Stars

0 stars

Watchers

0 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Languages