Skip to content
View pak0s's full-sized avatar
3 followers · 0 following

Block or report pak0s

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Please don't include any personal information such as legal names or email addresses. Maximum 100 characters, markdown supported. This note will be visible to only you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse

Pinned Loading

  1. FiberHome VDSL2 Modem HG 150-UB Logi... FiberHome VDSL2 Modem HG 150-UB Login Bypass.txt
    1 
    # Exploit Title: FiberHome VDSL2 Modem HG 150-UB Login Bypass
    2 
    # Date: 04/03/2018
    3 
    # Exploit Author: Noman Riffat
    4 
    # Vendor Homepage: http://www.fiberhome.com/
    5 
    
              
    
          
    
    
    
  
    

    2. 

      

  2. 
  
    
    
    
      
    
        
        
          gps-server.net SAAS CMS multiple vul...
gps-server.net SAAS CMS multiple vulnerabilities.txt      
    

          
    
              
    
                1
                
    1. Remote Code Injection in gps-server.net SAAS CMS (<=3.0)
    
              
    
              
    
                2
                
    The writeLog function in fn_common.php in gps-server.net GPS Tracking Software (self hosted) through 3.0 allows remote attackers to inject arbitrary PHP code via a crafted request that is mishandled during admin log viewing, as demonstrated by
    
              
    
              
    
                3
                
    <?php system($_GET[cmd]); ?>
    
              
    
              
    
                4
                
    in a login request. Each POST request goes through mysql_real_escape_string() function which will add slashes behind quotes so the payload code shouldn't include any quote. The header of the file where code is injected allows only Admin to view the file which makes it less of a RCE. But there is another vulnerability (explained below) which allows an attacker to hijack account hence making the RCE exploitable with 100% success.
    
              
    
              
    
                5
                
    
              
    
          
    
    
    
  
    

    3.