Skip to main content

🎉    We recently published 2 CVE's

foo

CVE-2021-35956
Stored cross-site scripting (XSS) in the embedded webserver of AKCP sensorProbe before SP480-20210624 enables remote authenticated attackers to introduce arbitrary JavaScript via the Sensor Description, Email (from/to/cc), System Name, and System Location fields.

foo

CVE-2021-3441
Stored cross-site scripting (XSS) in the embedded webserver of certain HP OfficeJet Printers—including the 4630 e-All-in-One Printer and 7110 Wide Format ePrinter— enables remote unauthenticated attackers to introduce arbitrary JavaScript via the printer name and printer location fields.

Obsrva Proof of Concepts

Obsrva develops proof of concept exploits for discovered vulnerabilities and publishes them on the exploit database (exploit-db.com). PoC’s can also be found on GitHub where PR’s are welcome for the community to collaborate.

Latest PoC's

Each proof of concept includes an embedded link to a GitHub Gist exploit

...
CVE-2021-3441 Proof of Concept Exploit

POC Proof of concept exploit for CVE-2021-3441- HP OfficeJet 4630 Unauthenticated Stored Cross-Site Scripting (XSS)


...
AKCP sensorProbe SPX476 - 'Multiple' Cross-Site Scripting (XSS)

POC Proof of concept exploit for AKCP sensorProbe SPX476 - 'Multiple' Cross-Site Scripting (XSS)


...
PHP Timeclock 1.04 - 'Multiple' Cross Site Scripting (XSS)

POC Proof of concept exploit for PHP Timeclock 1.04 - 'Multiple' Cross Site Scripting (XSS)


...
PHP Timeclock 1.04 - Time and Boolean Based Blind SQL Injection

POC Proof of concept exploit for PHP Timeclock 1.04 - Time and Boolean Based Blind SQL Injection


Connect on Twitter