Author: 0x90
-
Archive: Assessing Web Application Firewalls (WAFs)
In the past few years I have done several web application firewall assessments and have been very successful in bypassing them. So, thought to share some of the things that I learnt. Let me just clarify what this post is NOT about: This post is not about, how to detect web application firewall (WAFs) on…
-
Archive: ZTE Home Gateway vdsl CPE admin control bypass
Hi Folks, There is a vulnerability in the ZTE home-router, installed in many homes (in millions) throughout the country, provided by Pakistan Telecommunication Company Limited (PTCL), which enables an attacker to bypass admin portal authentication and display and/or change the WIFI password. Furthermore, the attacker can reset the router to its factory settings and/or restart…
-
Archive: Huawei LTE router unauthenticated resource access
Disclaimer: [This POC is for Educational Purposes , I would Not be responsible for any misuse of the information mentioned in this blog post] Hi folks, Several vulnerabilities were identified in the Huawei LTE router. These are described in detail below: Product Family: LTE Model B315s – 22 Firmware version: 21.318.01.00.26 Author: Usman Saeed (usman…
-
Archive: TP-Link wireless router Archer C1200 – Cross-Site Scripting
Disclaimer: [This POC is for Educational Purposes , I would Not be responsible for any misuse of the information mentioned in this blog post] Hello folks. An Input validation vulnerability was found in TP-Link Archer c1200 v1.0, which results in client side code execution. [CVE-2018-13134] [+] Unauthenticated [+] Author: Usman Saeed (usman [at] xc0re.net) [+]…