A couple of weeks ago I disclosed a local root privesc in Hashicorp's
vagrant-vmware-fusion plugin:
https://m4.rkw.io/blog/cve20177642-local-root-privesc-in-hashicorp-vagrantvmwarefusion--4020.html
The initial patch they released was 4.0.21 which unfortunately contained
a bug
that prevented it
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
☾ Reflected Cross-Site Scripting in IBM Worklight OAuth Server Web Api ☽
☾ Table of Contents ☽ =
0. Overview
1. Detailed Description
2. Proof Of Concept
3. Solution
4. Disclosure Timeline
PoC (runs under Linux):
https://gist.github.com/marcan/6a2d14b0e3eaa5de1795a763fb58641e
https://twitter.com/marcan42/status/892706927720808449
https://twitter.com/marcan42/status/892716247502082051
https://twitter.com/marcan42/status/892785957849645056
Original disclosure:
https://smblor
// Device : Technicolor TC7337
// Vulnerable URL : https://your.rou.ter.ip/wlscanresults.html
// XSS through SSID : '> ( Exactly 32
bytes u_u )
// ^
// 5char domains are running |'src' does not requires quotes ,
and passing the URL with ony '//'
// out, grab you