command – RealinfoSec.Net

SaltStack Salt REST API Arbitrary Command Execution Exploit

13 November 20201 January 2022 RiSec.Mitch 0 Comments code, command, CVE-2020-16846, CVE-2020-25592, execution, exploits, metasploit, poc, saltstack, tested

About
Latest Posts

RiSec.Mitch

Just your average information security researcher from Delaware US.

Latest posts by RiSec.Mitch (see all)

An Essential Guide to Understanding, Reporting, and Combatting Digital Threats - 28 May 2023
Busting the Myths: NCSC and ICO Expose the Truth About Incident Reporting - 11 May 2023
PHP vs Ruby vs Python vs Go: Comparing Popular Programming Languages for Web Development - 31 March 2023

Date added 12-11-2020 This Metasploit module exploits an authentication bypass and command injection in SaltStack Salt’s REST API to execute

Cybersecurity Academy

What is AppSec? A process and tools for securing software

3 November 202014 March 2022 RiSec.n0tst3 0 Comments application, appsec, command, CRLF, cross-site scripting, flaws, injection, security, sql

About
Latest Posts

Connect

RiSec.n0tst3

Hello! I'm Steve, an independent security researcher, and analyst from Scotland, UK.

I've had an avid interest in Computers, Technology and Security since my early teens. 20 years on, and, it's a whole lot more complicated...

I've assisted Governments, Individuals and Organizations throughout the world. Including; US DOJ, NHS UK, GOV UK.

I'll often reblog infosec-related articles that I find interesting. On the RiSec website, You'll also find a variety of write-ups, tutorials and much more!

Connect