FlatL1neAPT

Remote Code Execution via File Upload (CVE-2020-12255)


The rConfig 3.9.4 is vulnerable to remote code execution due to improper checks/validation via the file upload functionality. 
The vendor.crud.php accepts the file upload by checking through content-type and it is not restricting upload by checking the file extension and header. 
Due to this flaw, An attacker can exploit this vulnerability by uploading a PHP file that contains arbitrary code (shell) and changing the content-type to `image/gif` in the vendor.crud.php. 
since the validation checks are happening through content-type the server would accept the PHP file uploaded ultimately resulting code execution upon the response when invoked. 


Steps To Reproduce-:

git2358

Bookmarklets

A Pen by Dan on CodePen.

License.

th3gundy

#!/usr/bin/env python3
# v.0.2 | twitter.com/si9int
import requests, sys
from bs4 import BeautifulSoup as bs

domain = sys.argv[1]
subdomains = []

def get_csrf_params():
    csrf_params = {}

si9int

#!/usr/bin/env python3
# v.0.3 | twitter.com/si9int
import requests, sys
from bs4 import BeautifulSoup as bs

domain = sys.argv[1]
subdomains = []

def get_csrf_params():
    csrf_params = {}

patkub

import json

with open("file.txt", "r") as f:
        data = json.load(f)
        #print(data)
        for message in data:
                print("[" + message['time'] + "] " + message['username'] + ": " + message['content'])

MarioHewardt

By default, EBPF programs will not run on WSL2 due to required kernel modules missing. The following example error is an 
indication of this problem:
  modprobe: ERROR: ../libkmod/libkmod.c:586 kmod_search_moddep() could not open moddep file '/lib/modules/4.19.84-microso
  ft-standard/modules.dep.bin'
  modprobe: FATAL: Module kheaders not found in directory /lib/modules/4.19.84-microsoft-standard
  chdir(/lib/modules/4.19.84-microsoft-standard/build): No such file or directory

To fix this you need to rebuild the WSL2 kernel with the missing kernel modules. The below instructions are for Ubuntu 18.04 WSL2.

1. git clone https://github.com/microsoft/WSL2-Linux-Kernel.git

sharunkumar

rem to disable private dns
adb shell settings put global private_dns_mode off

rem to enable private dns with hostname (example with dns.adguard.com)
adb shell settings put global private_dns_mode hostname
adb shell settings put global private_dns_specifier dns.adguard.com

sharunkumar

@echo off
rem Requires Null Keyboard https://play.google.com/store/apps/details?id=com.wparam.nullkeyboard
rem Author: Sharun Kumar

setlocal ENABLEDELAYEDEXPANSION

for /F %%i in ('adb shell settings get system screen_brightness') do set brightness=%%i
for /F %%i in ('adb shell settings get secure default_input_method') do set ime=%%i
for /F "tokens=1,2,3,4,5,6,7,8" %%G in ('adb shell media volume --get') do (
	set vol=%%J

securibee

cat urls.html | grep -Eo "(http|https)://[a-zA-Z0-9./?=_-]*" | sort -u

grep -E : is the same as egrep
grep -o : only outputs what has been grepped
(http|https) : is an either / or
a-z : is all lower case
A-Z : is all uper case
. : is dot
/ : is the slash
? : is ?

jhaddix

echo ""
echo "************ Github Dork Links (must be logged in) *******************"
echo ""
echo "  password"
echo "https://github.com/search?q=%22$1%22+password&type=Code"
echo "https://github.com/search?q=%22$without_suffix%22+password&type=Code"
echo ""
echo " npmrc _auth"