Samsung Internet Browser SOP Bypass

Samsung Internet Browser SOP Bypass

This Metasploit module takes advantage of a Same-Origin Policy (SOP) bypass vulnerability in the Samsung Internet Browser, a popular mobile browser shipping with Samsung Android devices. By default, it initiates a redirect to a child tab, and rewrites …

Polycom Command Shell Authorization Bypass

Polycom Command Shell Authorization Bypass

The login component of the Polycom Command Shell on Polycom HDX video endpoints, running software versions 3.0.5 and earlier, is vulnerable to an authorization bypass when simultaneous connections are made to the service, allowing remote network attackers to gain access to a sandboxed telnet prompt without authentication. Versions prior to 3.0.4 contain OS command injection […]

The post Polycom Command Shell Authorization Bypass appeared first on MondoUnix.

Windows Escalate UAC Protection Bypass (In Memory Injection) Abusing WinSXS

Windows Escalate UAC Protection Bypass (In Memory Injection) Abusing WinSXS

This Metasploit module will bypass Windows UAC by utilizing the trusted publisher certificate through process injection. It will spawn a second shell that has the UAC flag turned off by abusing the way “WinSxS” works in Windows systems. This Metasploit module uses the Reflective DLL Injection technique to drop only the DLL payload binary instead […]

The post Windows Escalate UAC Protection Bypass (In Memory Injection) Abusing WinSXS appeared first on MondoUnix.