add: Crestron_Hd_Md4X2_Credential_Disclosure_CVE_2022_23178

add: MCMS_5_2_4_Arbitrary_File_Upload
2025-05-05 10:16:59 +00:00 · 2022-01-26 16:04:16 +08:00 · 2022-01-26 16:04:16 +08:00 · 586acfdb0a
commit 586acfdb0a
parent 50d1daad3d
4 changed files with 18 additions and 0 deletions
--- a/Crestron/Hd-Md4X2/Crestron_Hd_Md4X2_Credential_Disclosure_CVE_2022_23178.gif
+++ b/Crestron/Hd-Md4X2/Crestron_Hd_Md4X2_Credential_Disclosure_CVE_2022_23178.gif
--- a/Crestron/Hd-Md4X2/README.md
+++ b/Crestron/Hd-Md4X2/README.md
@ -0,0 +1,9 @@
+# Crestron Hd-Md4X2 Credential Disclosure (CVE-2022-23178)
+
+restron Hd-Md4X2-4K-E is a simple-to-use UHD signal switcher with four HDMI inputs and two HDMI outputs from Crestron, USA.Crestron Hd-Md4X2-4K-E has an information disclosure vulnerability, attackers can obtain WEB user login credentials and further control the system.
+
+FOFA **query rule**: [body="js/top.js" && body="document.onmousedown = ReCalculate;"](https://fofa.so/result?qbase64=Ym9keT0ianMvdG9wLmpzIiAmJiBib2R5PSJkb2N1bWVudC5vbm1vdXNlZG93biA9IFJlQ2FsY3VsYXRlOyI%3D)
+
+# Demo
+
+![Crestron_Hd_Md4X2_Credential_Disclosure_CVE_2022_23178](Crestron_Hd_Md4X2_Credential_Disclosure_CVE_2022_23178.gif)
--- a/MCms/MCMS_5_2_4_Arbitrary_File_Upload.gif
+++ b/MCms/MCMS_5_2_4_Arbitrary_File_Upload.gif
--- a/MCms/README.md
+++ b/MCms/README.md
@ -0,0 +1,9 @@
+# MCMS 5.2.4 Arbitrary File Upload
+
+Mingfei MCms is a complete open source content management system.MCms 5.2.4 version /file/upload.do has arbitrary file upload vulnerabilities. Attackers can upload malicious Trojan horses to control server permissions.
+
+FOFA **query rule**: [body="ms/1.0.0/ms.js" || body="铭飞MCMS"](https://fofa.so/result?qbase64=Ym9keT0ibXMvMS4wLjAvbXMuanMiIHx8IGJvZHk9IumTremjnk1DTVMi)
+
+# Demo
+
+![MCMS_5_2_4_Arbitrary_File_Upload](MCMS_5_2_4_Arbitrary_File_Upload.gif)