The vulnerability (CVE-2017-2641) allows an attacker to execute PHP code at the vulnerable Moodle server. This vulnerability actually consists of many small vulnerabilities, as described further in the blog post. Moodle is a very popular learning management system, deployed in many universities around the world, including top institutes such as MIT, Stanford, the University of Cambridge, […]
Magento – Re-Installation & Account Hijacking Vulnerabilities
Before discovering my latest Magento RCE, I’ve found two different vulnerabilities, both resulting in the complete compromise of customer data and/or the server. As they are far less complicated, I’m presenting both of them in this single blog post for your convenience.
Magento – Unauthenticated Remote Code Execution
The vulnerability (CVE-2016-4010) allows an attacker to execute PHP code at the vulnerable Magento server unauthenticated. This vulnerability actually consists of many small vulnerabilities, as described further in the blog post. Magento is an extremely popular eCommerce platform with a 30% share in the eCommerce market. It is used by major corporations, such as Rosetta Stone, […]
TWiki – Arbitrary File Upload (Windows)
The vulnerability (CVE-2014-7237) allows an attacker to execute arbitrary system code on any TWiki installed on a Windows based server, with the only requirement of being able to upload files to the system (Enabled by default). TWiki is an open-source web platform used to create and maintain wikis. It allows its users to upload files into the […]
GenieACS – Unauthenticated Remote Code Execution
The vulnerability (CVE-2014-4956) allows an attacker to execute JS code (the system utilizes Node.js) at a vulnerable GenieACS server, resulting in complete server compromise. GenieACS is an open sourced implementation of an ACS (Auto Configuration Server) written in Node.js. It is popular in the ISP industry as a convenient way of cheaply implementing the TR-069 protocol.
MediaWiki (wikipedia.org) – Unauthenticated Remote Code Execution
The vulnerability (CVE-2014-1610) allows an unauthenticated attacker to execute code remotely on a vulnerable MediaWiki installation. It requires the DjVu file format in order to be exploited (built in by default). MediaWiki is an open-source web platform used to create and maintain wikis. One of the major sites using the system is Wikipedia.org and alongside the rest […]