This Metasploit module exploits two NoSQL injection vulnerabilities to retrieve the user list and password reset tokens from the system Next, the USER is targeted to reset their password Then, a command injection vulnerability is used to execute the payload While it is possible to upload a payload and execute it, the command injection provides a ...
CMSpit
export IP=101024011
Konstantinos Pap - Fri 06 Aug 2021 07:47:38 AM CDT
My script initialized all kinds of enumerations (gobuster, nikto and nmap)
Nmap detected 2 open ports port 22 and 80
Opening firefox on the server we get a login page No matter what we type in we always end up on the login page This means we need to authenticate or bypass the authentication s
Cockpit CMS NoSQL Injection (CVE-2020-35847, CVE-2020-35848)
Cockpit CMS before version 0112 is vulnerable to a NoSQL Injection vulnerability in the /auth/resetpassword and /auth/newpassword that allows extraction of password reset tokens which allow for user details enumeration as well as password reset
Read More - swarmptsecuritycom/rce-cockpit-cms/
This python
Cockpit CMS 0.11.1 NoSQL Injection to Remote Code Execution
Cockpit CMS NoSQL Injection to Remote Code Execution : CVE-2020-35846
Description
Cockpit CMS has some NoSQL Vulnerabilities which can be used to dump users' information, This information disclosures can be chained together to change users' passwords and which leads to Remote Code Execution on the Server
A brief description of all these vulnerabilities can be found
Vulmon