Robert Gilbert
i
amroot.com:/# echo '
>
# profile
>
https://www.linkedin.com/in/robertgilbert808
>
>
# bugs
>
CVE-2021- 41528
> Flexera / RISC Networks - Vulnerable Authorization Schema
>
>
CVE-2021- 41527
> Flexera - Multi Factor Authentication (MFA) Bypass
>
>
CVE-2014-4980
> Parameter Tampering in Nessus Web UI - Remote Information Disclosure
> OSVDB | July 17, 2014
>
>
CVE-2013-3734
> JBoss AS Administration Console - Password Returned in Later Response
> Security Focus | June 4, 2013
>
>
CVE-2012-6493
> Nexpose Security Console CSRF Vulnerability
> The Exploit Database (EDB) | January 2, 2013
>
>
CVE-2012-6494
> Nexpose Security Console - Session Hijacking
> Security Focus | January 2, 2013
>
>
CVE-2012-6342
> Atlassian Confluence - Multiple Cross-Site Request Forgery (CSRF) Vulnerabilities
> Security Focus | September 19, 2012
>
>
CVE-2013-1402
> DigiLIBE Management Console | Execution After Redirect (EAR) Vulnerability
> Security Focus - January 18, 2013
> Reference:
https://www.securityfocus.com/bid/57499/
>
>
CVE-2011-5251
> vBulletin - Multiple Unvalidated Redirects
> National Vulnerability Database
> Reference:
https://medium.com/@amroot/cve-2011-5251-vbulletin-unvalidated-redirect-1db2461d8c05
>
>
# code
>
https://github.com/amroot/
> miscellaneous publicly available scripts.
'> ./index.htm
#!/usr/bin/lua
local socket = require("socket") -- this is only for sleep :|
local io = require("io")
local ltn12 = require("ltn12")
local curl = require("curl")
local par_url = require("socket.url") -- this is only to parse urls :|
local work_dir = string.match(arg[0],[[^@?(.*[\/])[^\/]-$]])
if (work_dir == nil) then work_dir = "." end
package.path = work_dir .. "?.lua;" .. work_dir .. "lib/?.lua;" .. package.path
require ("getopt_alt")
require ("string_fun")
function getum(cur_url,red)
if verbose >= 3 then verbosie=1 else verbosie=0 end
local head_text = {}
local body_text = {}
local function WriteMemoryCallbackH(s)
head_text[#head_text+1] = s
return string.len(s)
end
local function WriteMemoryCallbackB(s)
body_text[#body_text+1] = s
return string.len(s)
end
local c = curl.easy_init()
c:setopt(curl.OPT_COOKIEJAR, cookiejar)
c:setopt(curl.OPT_COOKIEFILE, cookiejar) -- cookies from previous session if exist
c:setopt(curl.OPT_VERBOSE, verbosie)
c:setopt(curl.OPT_URL,cur_url)
c:setopt(curl.OPT_FOLLOWLOCATION,1)
--c:setopt(curl.OPT_HEADERFUNCTION,WriteMemoryCallbackH)
c:setopt(curl.OPT_WRITEFUNCTION, WriteMemoryCallbackB)
c:setopt(curl.OPT_USERAGENT, agent99)
c:setopt(curl.OPT_MAXREDIRS,10) --max 10 to stop redirect loops
c:setopt(curl.OPT_AUTOREFERER,1)
c:setopt(curl.OPT_SSL_VERIFYHOST,0) --don't care about your certs
c:setopt(curl.OPT_SSL_VERIFYPEER,0)
code,h_err=c:perform()
if curl.close then c:close() end
if h_err then
print("Error getting: ".. h_err .. "\n")
return 0
end
--print(table.concat(head_text,'')) -- see header note above
return table.concat(body_text,'')
end
function fform(linkf)
for forms in string.gmatch(page, "