what you don't know can hurt you

Register | Login

FilesNewsUsersAuthors

Home Files News &[SERVICES_TAB]About Contact Add New

Showing 1 - 3 of 3

Files from Alexandr Polyakov

SAP CTC Service Verb Tampering User Management

Posted Sep 1, 2024

Authored by Alexandr Polyakov, nmonkee | Site metasploit.com

This Metasploit module exploits an authentication bypass vulnerability in SAP NetWeaver CTC service. The service is vulnerable to verb tampering allowing for unauthorised OS user management. Information about resolution should be available at SAP notes 1589525 and 1624450 (authentication required).

tags | exploit, bypass

SHA-256 | 93f676088b4bc7377e1f0804692d7f6fbe7d6fe554f223e42bf5907a14bb549d

Download | Favorite | View

2zproject-multi.txt

Posted Dec 29, 2007

Authored by Alexandr Polyakov, Stas Svistunovich

2z project version 0.9.6.1 suffers from cross site scripting and disclosure vulnerabilities.

tags | exploit, vulnerability, xss

SHA-256 | a0ec19357f22d28af67d23b22d541023cf8a0a2e6b2e1c052b35ec02d9164937

Download | Favorite | View

runcms-multi.txt

Posted Dec 28, 2007

Authored by Alexandr Polyakov, Stas Svistunovich

RunCMS version 1.6 suffers from SQL injection, cross site scripting, predictable session id, and other vulnerabilities.

tags | exploit, vulnerability, xss, sql injection

SHA-256 | b34064ee0c706c075f901c12c5c8b27b5a55a34e60ddfb7d5e9ef73515abbee1

Download | Favorite | View