Tp-link EAP Controller does not handle privilege management correctly so a non privileged user can execute privileged actions. This module will try to change the device's settings and enable ssh in order to take control of the managed Access Points.
This module exploits an authentication vulnerability in Wordpress 2.5. An attacker, able to register a specially crafted username on a Wordpress 2.5 installation, will also be able to generate authentication cookies for other chosen accounts. This vulnerability exists because it is possible to modify authentication cookies without invalidating the cryptographic integrity protection. The proper way to exploit this vulnerability is to use a Wordpress account which its username starts with the word "admin", for example "admin99".
A weakness has been reported in WordPress which can be exploited to bypass certain security restrictions. The weakness is due to a bug within the password reset functionality when verifying the secret key. This can be exploited to reset the password of the first user without a key in the database (usually administrator) without providing the correct secret key.
This module exploits an authentication vulnerability in OpenSite 2.1. The function init in origin/libs/user.php checks for a matching origin_hash cookie. However, this cookie can be bruteforced in at most 2^32 tries for a known username. Actually, the number of attempts could be significantly reduced knowing that we do not have to check for time in the future, and long past. This works for OpenSite 2.1 and below. It has to be executed against the root directory of OpenSite. The resulting SHA1 cookie has to be used to impersonate the admin on OpenSite putting it on the origin_hash cookie, setting all the others cookies with the default value.
Subscribe to Authentication Weakness