Merge pull request #16 from xiaoheihei1107/master

Add
2025-06-20 09:50:49 +00:00 · 2021-08-09 18:13:27 +08:00 · 2021-08-09 18:13:27 +08:00 · 0710f169bb
commit 0710f169bb
parent 3236d7ab1f d7941364a8
8 changed files with 40 additions and 0 deletions
--- a/Escalation/NuCom_11N_Wireless_Router_V5_07_Remote_Privilege_Escalation.gif
+++ b/Escalation/NuCom_11N_Wireless_Router_V5_07_Remote_Privilege_Escalation.gif
--- a/Escalation/README.md
+++ b/Escalation/README.md
@ -0,0 +1,10 @@
 # NuCom 11N Wireless Router v5.07.90 Remote Privilege Escalation
 The application suffers from a privilege escalation vulnerability. The non-privileged default user (user:user) can elevate his privileges by sending a HTTP GET request to the configuration backup endpoint and disclose the http super password (admin credentials) in Base64 encoded value. Once authenticated as admin, an attacker will be granted access to the additional and privileged pages.
 FOFA **query rule**: [title="NuCom 11N Wireless Router"||body="NuCom 11N Wireless Router"](https://fofa.so/result?qbase64=dGl0bGU9Ik51Q29tIDExTiBXaXJlbGVzcyBSb3V0ZXIifHxib2R5PSJOdUNvbSAxMU4gV2lyZWxlc3MgUm91dGVyIg%3D%3D)
 # Demo
 ![](NuCom_11N_Wireless_Router_V5_07_Remote_Privilege_Escalation.gif)
--- a/RCE/README.md
+++ b/RCE/README.md
@ -0,0 +1,10 @@
 # Ricon Industrial Cellular Router apply.cgi RCE
 The router suffers from an authenticated OS command injection vulnerability, This can be exploited to inject and execute arbitrary shell commands as the admin user via the ping_server_ip POST parameter. Also vulnerable to Heartbleed.
 FOFA **query rule**: [body="Industrial Cellular" && server="WEB-ROUTER"](https://fofa.so/result?qbase64=Ym9keT0iSW5kdXN0cmlhbCBDZWxsdWxhciIgJiYgc2VydmVyPSJXRUItUk9VVEVSIg%3D%3D)
 # Demo
 ![](Ricon_Industrial_Cellular_Router_apply_cgi_RCE.gif)
--- a/RCE/Ricon_Industrial_Cellular_Router_apply_cgi_RCE.gif
+++ b/RCE/Ricon_Industrial_Cellular_Router_apply_cgi_RCE.gif
--- a/1.0/README.md
+++ b/1.0/README.md
@ -0,0 +1,10 @@
 # ZBL EPON ONU Broadband Router 1.0 Remote Privilege Escalation
 The limited administrative user admin:admin can elevate her privileges by sending a HTTP GET request to the configuration backup endpoint or the password page and disclose the http super user password. Once authenticated as super, an attacker will be granted access to additional and privileged functionalities.
 FOFA **query rule**: [body="HG104B-ZG-E"](https://fofa.so/result?qbase64=Ym9keT0iSEcxMDRCLVpHLUUi)
 # Demo
 ![](ZBL_EPON_ONU_Broadband_Router_1_0_Remote_Privilege_Escalation.gif)
--- a/1.0/ZBL_EPON_ONU_Broadband_Router_1_0_Remote_Privilege_Escalation.gif
+++ b/1.0/ZBL_EPON_ONU_Broadband_Router_1_0_Remote_Privilege_Escalation.gif
--- a/leakage/README.md
+++ b/leakage/README.md
@ -0,0 +1,10 @@
 # qdPM 9.2 Database Information leakage
 The password and connection string for the database are stored in a yml file. To access the yml file you can go to /core/config/databases.yml file and download.
 FOFA **query rule**: [body="qdPM"](https://fofa.so/result?qbase64=Ym9keT0icWRQTSI%3D)
 # Demo
 ![](qdPM_9_2_Database_Information_leakage.gif)
--- a/leakage/qdPM_9_2_Database_Information_leakage.gif
+++ b/leakage/qdPM_9_2_Database_Information_leakage.gif