- Date: 30-01-2021
- Exploit Author: Berkan Er b3rsec@protonmail.com
- Vendor Homepage: https://www.sonlogger.com/
- Software Link: https://www.sonlogger.com/download
- Version: 4.2.3.3
- Tested on: Windows 10 Enterprise x64
- CVE: 2021-27964
- Disclosure Date: 01-03-2021
This module exploits an unauthenticated arbitrary file upload via insecure POST request. It has been tested on version 4.2.3.3 in Windows 10 Enterprise.
- Date: 30-01-2021
- Exploit Author: Berkan Er b3rsec@protonmail.com
- Vendor Homepage: https://www.sonlogger.com/
- Software Link: https://www.sonlogger.com/download
- Version: 4.2.3.3
- Tested on: Windows 10 Enterprise x64
- CVE: 2021-27963
- Disclosure Date: 01-03-2021
This module exploit creates user with superadmin profile and shows some information about the application via insecure POST request. It has been tested on version 4.2.3.3 in Windows 10 Enterprise.