erberkan/SonLogger-vulns

CVE-2021-27964 | SonLogger - Unauthenticated Arbitrary File Upload (Metasploit)

Date: 30-01-2021
Exploit Author: Berkan Er b3rsec@protonmail.com
Vendor Homepage: https://www.sonlogger.com/
Software Link: https://www.sonlogger.com/download
Version: 4.2.3.3
Tested on: Windows 10 Enterprise x64
CVE: 2021-27964
Disclosure Date: 01-03-2021

This module exploits an unauthenticated arbitrary file upload via insecure POST request. It has been tested on version 4.2.3.3 in Windows 10 Enterprise.

POC:

CVE-2021-27963 | SonLogger - Insecure SuperAdmin Creation (Python)

Date: 30-01-2021
Exploit Author: Berkan Er b3rsec@protonmail.com
Vendor Homepage: https://www.sonlogger.com/
Software Link: https://www.sonlogger.com/download
Version: 4.2.3.3
Tested on: Windows 10 Enterprise x64
CVE: 2021-27963
Disclosure Date: 01-03-2021

This module exploit creates user with superadmin profile and shows some information about the application via insecure POST request. It has been tested on version 4.2.3.3 in Windows 10 Enterprise.

POC:

About

SonLogger Vulns (CVE-2021-27963, CVE-2021-27964)

Languages

Language:Ruby 58.0%Language:Python 42.0%