non root user

CVE-2008-6539 EXPLOITDB python WORKING POC

DeStar 0.2.2-5 - Authenticated Static Code Injection via Pin Parameter

Static code injection vulnerability in user/settings/ in DeStar 0.2.2-5 allows remote authenticated users to add arbitrary administrators and inject arbitrary Python code into destar_cfg.py via a crafted pin parameter.

View Code

CVE-2008-6538 EXPLOITDB python WORKING POC

DeStar 0.2.2-5 - Unauthenticated Arbitrary User Addition via Direct Request

DeStar 0.2.2-5 allows remote attackers to add arbitrary users via a direct request to config/add/CfgOptUser.

View Code