Subscribe via feed.

MobileTogether Server 7.3 XML Injection

Posted by deepcore on August 10, 2021 – 10:10 pm

RedTeam Pentesting discovered a vulnerability in the MobileTogether server which allows users with access to at least one application to read arbitrary, non-binary files from the file system and perform server-side requests. The vulnerability can also be used to deny availability of the system. As an example, this advisory shows the compromise of the server’s certificate and private key. Versions 7.0 through 7.3 are affected.


This post is under “exploit” and has no respond so far.
If you enjoy this article, make sure you subscribe to my RSS Feed.

Post a reply

You must be logged in to post a comment.