Pumps are under attack!!!

Ten vulnerabilities in Osprey pump controllers discovered by Zero Science Lab in February remain unpatched. The list of disclosed vulnerabilities includes RCE and Administrator Backdoor Access. Osprey: door-mounted, irrigation and landscape pump controllers.

Osprey pumps on Netlas.io:
👉🏼 Search: nt.ls/upZRN
👉🏼 Dork: http.noscript:(Osprey Controller)

https://www.zeroscience.mk/en/vulnerabilities/

#Friday_Horrors

Adobe ColdFusion RCE vulnerabilities:

Adobe ColdFusion 2018 Update 15 and earlier and 2021 Update 5 and earlier affected to critical CVE-2023-26359 and CVE-2023-26360. Arbitrary code execution exploited in the wild.

Netlas.io gives about 180,000 instances:
👉🏼 Dork: tag.name:"adobe_coldfusion"
👉🏼 Search link: nt.ls/adbcf

Technical analysis by Rapid7: https://attackerkb.com/topics/1iRdvtUgtW/cve-2023-26359/rapid7-analysis

An awesome guide to create a fast passive one-shot recon noscript with Netlas CLI tools.
Do not miss the github link at the end of the article!

https://link.medium.com/q5F85TIESyb

Both Domain Whois and IP Whois Datasets are finally published at https://app.netlas.io/datastore/.

Carefully collected and parsed by Netlas.io from major internet routing registries and domain registrants.

✓ IP WHOIS Database covers all existing IPv4 addresses (more than 4 billion addresses). Each entry contains both parsed data structure and raw text records.

✓ Domain WHOIS Database covers more than 270 millions active domains, including just registered, published and parked domains, domains on redeption grace period (waiting for renewal), and domains pending delete.

☝️All datasets and updates to them are available to Corporate and Enterprise subscribers for free.

SecurePoint Authentication vulnerability

"If you sit on the river bank for a long time, you can see how the sessionId of the administrator floats by"
- Sun Tzu.

CVE-2023-22620 requires a bit of patience as the attacker has to wait for the administrator to log in, catch his sessionId, and brute force the User-Agent. However, after that, this will give full control over the root panel of the firewall.

Look at Netlas.io:
👉🏻 Dork: http.favicon.hash_sha256:ebaaed8ab7c21856f888117edaf342f6bc10335106ed907f95787b69878d9d9e
👉🏻 Search: nt.ls/k9W35

Original article: https://www.rcesecurity.com/2023/04/securepwn-part-1-bypassing-securepoint-utms-authentication-cve-2023-22620/

CVE-2023-25135: pre-authentication RCE in vBulletin with 9.8 rating 🔥

More than a month ago specialists from LexfoSecurite discovered an interesting vulnerability. It is still highly relevant.
‼️POC was published two days ago ‼️

Search on Netlas.io:
👉🏻 Dork: tag.vbulletin.version:<=5.6.9
👉🏻 Search: https://nt.ls/14sXQ

Original article: https://www.ambionics.io/blog/vbulletin-unserializable-but-unreachable

A big list of dorks for Netlas.io has been published on GitHub!

Link: https://github.com/netlas-io/netlas-dorks
☝️ Use it to find IoT elements, monitoring systems, and more.

Over time, this list will grow. You can also send us your dorks, and we will add them. Good hunting! 🔍

🔥🖨🔥 PaperCut MF/NG RCE, rating 9.8

Vulnerabilities CVE-2023-27350 and CVE-2023-27351 discovered a few days ago allows unauthorized code execution in the SYSTEM context for PaperCut print management software. The software is used internally in most cases. And yet there are 1,1K instances exposed to the Internet.

Search on Netlas.io:
👉🏻 Link: https://nt.ls/ZGjrR

Vendor’s advisory: https://www.papercut.com/kb/Main/PO-1216-and-PO-1219

Netlas Plugin for Maltego

We are happy to announce that Netlas data is now available in Maltego!

Toturial and demo in the article:
https://netlas.medium.com/using-maltego-with-netlas-io-plugin-b3b17bd0881b

CVE-2023-27524: session validation attacks on Apache Superset with 8.9 ratings ‼️

Search vuln on Netlas.io:
👉🏻 Dork: (http.noscript:superset http.body:SUPERSET_WEBSERVER*) OR http.favicon.hash_sha256:e186603e51173d86bfc680eee24345d67c7a1d945a8e76dc4b218bbfabed666e
👉🏻 Link: https://nt.ls/XdO7p

Check if your software is vulnerable with a noscript from Horizon3 researchers: https://github.com/horizon3ai/CVE-2023-27524

Netlas module for Uncover

We hasten to share with you a short instruction on using the Netlas.io module integrated into Uncover from ProjectDiscovery.

👉🏻 Read how to use it here:
https://netlas.medium.com/using-uncover-with-netlas-io-module-77b82157ccc4

Netlas is the sponsor of osintomatico conference

Do you love OSINT? So, then we have great news for you: Netlas became one of the sponsors of the osintomatico conf!

Soon, 10 CTF winners will receive certificates from us for a thousand bonus points to immerse deeper in research using our tool. Good luck to the participants!

Explore the event 👉 2023.osintomatico.com

CVE-2023-25717: Ruckus Wireless Admin RCE with 9.8 rating 🔥

An old vulnerability that got a second chance with the advent of a new botnet type running through it.

Search on Netlas.io:
👉🏻 Dork: http.favicon.hash_sha256:44648ca99e1d18589d4b72b19156bf61117c09e311b9f26fa771d9acf5cf463f
👉🏻 Link: https://nt.ls/s1WYE

Read more about new botnet in the Fortinet article: https://www.fortinet.com/blog/threat-research/andoryubot-new-botnet-campaign-targets-ruckus-wireless-admin-remote-code-execution-vulnerability-cve-2023-25717

Netlas module for OWASP Amass

We continue to tell you about the tools in which Netlas.io is integrated in one way or another.
And today, the well-known OWASP Amass is next in line!

Read here 👉🏻 https://netlas.medium.com/using-owasp-amass-with-netlas-io-module-cb7308669ecd

CVE-2023-20159, CVE-2023-20160, CVE-2023-20161, CVE-2023-20189: Multiple vulns on the Cisco Small Business Switches. 8.6 rating ❗️

An attacker can cause DoS or perform remote code execution with root user rights. POC is available!

Search on Netlas.io:
👉🏻 Link: https://nt.ls/eIvyW
👉🏻 Dork: http.favicon.perceptual_hash:ffdb0113090009ff~1 AND http.body:"Small Business"

CVE-2023-25690: Request Smuggling attack on Apache HTTP Server with 9.8 rating 🔥

An old vulnerability, but a POC has been published today.

Search on Netlas.io (over 20 million results):
👉🏻 Link (with tags): https://nt.ls/bGPCz
👉🏻 Link (without tags): https://nt.ls/0Xh1g
👉🏻 Dork: tag.name:"apache" AND (tag.apache.version:>=2.4.0 AND tag.apache.version:<=2.4.55)

This Friday we want to share an interesting guide to using Netlas.io for bug bounties. The authors have done a big job, and now you can look at the results of their labor and appreciate possibilities of Netlas.

👉🏻 Part 1: https://youtu.be/lJFXNthSVko
👉🏻 Part 2: https://youtu.be/wHrn0EJOFfI
👉🏻 Part 3: https://youtu.be/pwUrHGg53Jw

Thanks to ValluvarSploit and _mohd_saqlain for creating the guide and permission to post it!

Using Netlas.io within Tines automations

This time we will tell you about working with Tines platform and the Netlas.io tools integrated into it. A little automation never hurt anyone :)

Read here 👉🏻
https://medium.com/@netlas/using-netlas-io-within-tines-automations-31518289e5e3

Dork list for Netlas.io has been updated on GitHub!

Two new categories: "Web cameras" and "VoIP", have been added, and old ones have been supplemented.

👉🏻 Link: https://github.com/netlas-io/netlas-dorks

Some new queries just waiting for you to test them.

CVE-2023-25157: SQL injection for GeoServer, 9.8 rating 🔥

An old vulnerability with working PoC.

Search at Netlas.io:
👉🏻 Dork: http.noscript:"geoserver"
👉🏻 Link: https://nt.ls/g7sTM

Vendor's advisory: https://github.com/geoserver/geoserver/security/advisories/GHSA-7g5f-wrx8-5ccf

CVE-2023-33778: Hard-coded creds in Draytek Vigor Routers, 9.8 rating 🔥

Attackers can bind any affected device to their own account. PoC is available!

Search at Netlas.io:
👉🏻 Dork: http.favicon.hash_sha256:0af4f089d58e919f4ee421727e9ac54d885d6b3b05ec16e4d94b703f45c7eef9
👉🏻 Link: https://nt.ls/NbBpK

PoC and more information: https://gist.github.com/Ji4n1ng/6d028709d39458f5ab95b3ea211225ef