Posts Tagged ‘bypass’

Dasan Networks GPON ONT WiFi Router H64X Series Authentication Bypass

Dasan Networks GPON ONT WiFi Router H64X Series does not properly perform authentication and authorization, allowing it to be bypassed through cookie manipulation. Setting the Cookie ‘Grant’ with value 1 (user) or 2 (admin) will bypass security controls in place enabling the attacker to take full control of the device management interface. Source: Dasan Networks […]

GoAutoDial 3.3 Authentication Bypass / Command Injection

This Metasploit module exploits a SQL injection flaw in the login functionality for GoAutoDial version 3.3-1406088000 and below, and attempts to perform command injection. This also attempts to retrieve the admin user details, including the cleartext password stored in the underlying database. Command injection will be performed with root privileges. The default pre-packaged ISO builds […]

Windows UAC Protection Bypass (Via FodHelper Registry Key)

This Metasploit module will bypass Windows 10 UAC by hijacking a special key in the Registry under the current user hive, and inserting a custom command that will get invoked when the Windows fodhelper.exe application is launched. It will spawn a second shell that has the UAC flag turned off. This Metasploit module modifies a […]

WiMAX CPE Authentication Bypass

Various WiMAX CPEs are vulnerable to an authentication bypass. An attacker can set arbitrary configuration values without prior authentication. The vulnerability is located in commit2.cgi (implemented in Source: WiMAX CPE Authentication Bypass