{"vulnerability": "cve-2019-6447", "sightings": [{"uuid": "a308d4e5-b734-4e0c-a616-ca73ff519bbb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-6447", "type": "seen", "source": "MISP/5c46110e-2440-446b-b832-1f920a021402", "content": "", "creation_timestamp": "2019-01-21T18:38:24.000000Z"}, {"uuid": "6ba03c83-fe77-49ef-9ec0-dbb0f2428f79", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-6447", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-06T03:13:44.000000Z"}, {"uuid": "81e83a91-add6-46d6-a0ba-f00951396325", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-6447", "type": "seen", "source": "https://t.me/pwnwiki_zhchannel/724", "content": "CVE-2019-6447 ES File Explorer 4.1.9.7.4 \u4efb\u610f\u6587\u4ef6\u5beb\u5165\u6f0f\u6d1e\nhttps://www.pwnwiki.org/index.php?title=CVE-2019-6447_ES_File_Explorer_4.1.9.7.4_%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E5%AF%AB%E5%85%A5%E6%BC%8F%E6%B4%9E", "creation_timestamp": "2021-09-21T04:42:21.000000Z"}, {"uuid": "4cd0e019-50ed-47e4-a7d6-90c3d12da401", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-6447", "type": "published-proof-of-concept", "source": "https://t.me/arm1tage/129", "content": "HackTheBox:\n\n\u2014Easy Machines\u2014\n\nDriver - WinRM (evil-winrm), printnightmare CVE-2021-1675 (https://habr.com/ru/sandbox/156538/)\nhttps://0xdf.gitlab.io/2022/02/26/htb-driver.html\n\nSecret - JWT, Git source (tig), crush-dumps\nhttps://0xdf.gitlab.io/2022/03/26/htb-secret.html\n\nBackDoor - Wordpress eBook Dir Trav (https://www.exploit-db.com/exploits/39575), gdb exploit (https://www.exploit-db.com/exploits/50539, https://www.rapid7.com/db/modules/exploit/multi/gdb/gdb_server_exec/) \nhttps://0xdf.gitlab.io/2022/04/23/htb-backdoor.html\n\nPrevise - Backup, Site Reverse Shell, low-encrypted passwords\nhttps://0xdf.gitlab.io/2022/01/08/htb-previse.html\n\nBountyHunter - XXE, (root) NOPASSWD python code\nhttps://0xdf.gitlab.io/2021/11/20/htb-bountyhunter.html\n\nHorizontal - Strapi CMS 3.0.0 CVE-2019-18818/CVE-2019-19609 (https://www.exploit-db.com/exploits/50239, https://github.com/diego-tella/CVE-2019-19609-EXPLOIT), Laravel v8 (https://www.exploit-db.com/exploits/49424)\nhttps://0xdf.gitlab.io/2022/02/05/htb-horizontall.html\n\nOptimum - Windows 2012 (https://www.rapid7.com/db/modules/exploit/windows/http/rejetto_hfs_exec/, https://www.rapid7.com/db/modules/exploit/windows/local/ms16_032_secondary_logon_handle_privesc/)\nhttps://0xdf.gitlab.io/2021/03/17/htb-optimum.html\n\nLame - FTP Anonymous, SAMBA exploit (https://github.com/amriunix/CVE-2007-2447)\nhttps://0xdf.gitlab.io/2020/04/07/htb-lame.html\n\nJerry - Tomcat Default Cred, shell via .WAR\nhttps://0xdf.gitlab.io/2018/11/17/htb-jerry.html\n\nBlue - Win7 eternalblue (https://www.rapid7.com/db/modules/exploit/windows/smb/ms17_010_eternalblue/)\nhttps://0xdf.gitlab.io/2021/05/11/htb-blue.html\n\nDevel - Microsoft IIS httpd 7.5 reverse shell via .ASPX, MS11-046 or ms10_015_kitrap0d (https://github.com/abatchy17/WindowsExploits/tree/master/MS11-046)\nhttps://0xdf.gitlab.io/2019/03/05/htb-devel.html\n\nNetmon - PRTG Network Monitor 18.1.37.13946, Backup credentials, CVE-2018-9276 (https://github.com/A1vinSmith/CVE-2018-9276) / (https://www.exploit-db.com/exploits/46527) + evil-winrm\nhttps://0xdf.gitlab.io/2019/06/29/htb-netmon.html\n\nExplore (Android) - 59777 port CVE-2019-6447 (https://www.exploit-db.com/exploits/50070), SSH Creds on Photo, adb shell\nhttps://0xdf.gitlab.io/2021/10/30/htb-explore.html\n\nAntique - Telnet password via snmpget (https://www.irongeek.com/i.php?page=security/networkprinterhacking#JetDirect%20password%20notes), CUPS 1.6.1 (https://github.com/jpillora/chisel) \nhttps://0xdf.gitlab.io/2022/05/03/htb-antique.html\n\nReturn - evil-winrm, Server Operators in net user svc-printer /domain, sc.exe\nhttps://0xdf.gitlab.io/2022/05/05/htb-return.html\n\nGrandpa - CVE-2017-7269 (https://www.rapid7.com/db/modules/exploit/windows/iis/iis_webdav_scstoragepathfromurl/), SEImpersonalPrivilege Churrasco (https://github.com/Re4son/Churrasco/)\nhttps://0xdf.gitlab.io/2020/05/28/htb-grandpa.html\n\nBeep - ShellShock or Elastix 2.2.0 - 'graph.php' Local File Inclusion, (root) NOPASSWD nmap\nhttps://0xdf.gitlab.io/2021/02/23/htb-beep.html\n\nPandora - snmpwalk creds, CVE-2021-32099, Site Reverse Shell\nhttps://0xdf.gitlab.io/2022/05/21/htb-pandora.html\n\nPaper - WPS 5.2.3 - Cve-2019-17671 (https://www.exploit-db.com/exploits/47690, https://0day.work/proof-of-concept-for-wordpress-5-2-3-viewing-unauthenticated-posts/), Chat Bot Dir Trav, CVE-2021-3560 (https://github.com/Almorabea/Polkit-exploit/blob/main/CVE-2021-3560.py)\nhttps://0xjin.medium.com/paper-hackthebox-write-up-2abca22d3b54\n\n\n#hackthebox #ctf", "creation_timestamp": "2022-06-18T10:22:36.000000Z"}, {"uuid": "c0ce1ce6-0efa-4808-962b-6e668353f7f9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-6447", "type": "published-proof-of-concept", "source": "https://t.me/white_hat2/56", "content": "\u062b\u063a\u0631\u0629 \u0641\u064a \u062a\u0637\u0628\u064a\u0642 ES file Explorer \u062a\u0633\u0645\u062d \u0644\u0644\u0645\u062e\u062a\u0631\u0642 \u0627\u0644\u0645\u062a\u0635\u0644 \u0628\u0646\u0641\u0633 \u0645\u0639\u0643 \u0627\u0644\u0634\u0628\u0643\u0629 \u0628\u0627\u0644\u0648\u0635\u0648\u0644 \u0627\u0644\u0649 \u0645\u0644\u0641\u0627\u062a\u0643 \n\u0645\u0639 \u0639\u062f\u062f \u062a\u062d\u0645\u064a\u0644\u0627\u062a \u062a\u062a\u062c\u0627\u0648\u0632 \u0627\u0644100 \u0645\u0644\u064a\u0648\u0646 \u062a\u062d\u0645\u064a\u0644 \u0641\u064a \u0645\u062a\u062c\u0631 \u0628\u0644\u0627\u064a \u0644\u062a\u0637\u0628\u064a\u0642 ES File Explorer\n\u0627\u062d\u062f \u0627\u0634\u0647\u0631 \u062a\u0637\u0628\u064a\u0642\u0627\u062a \u0627\u062f\u0627\u0631\u0629 \u0627\u0644\u0645\u0644\u0641\u0627\u062a \u0644\u0644\u0627\u0646\u062f\u0631\u0648\u064a\u062f \n\u0648\u0627\u0644\u0645\u0641\u0627\u062c\u0623\u0629 \u0647\u064a \u0627\u0646\u0643 \u0627\u0630\u0627 \u0634\u063a\u0644\u062a \u0627\u0644\u062a\u0637\u0628\u064a\u0642 \u0644\u0645\u0631\u0629 \u0648\u0627\u062d\u062f\u0629 \u0639\u0644\u0649 \u0627\u0644\u0627\u0642\u0644 \n\u0627\u064a \u0634\u062e\u0635 \u0645\u062a\u0635\u0644 \u0645\u0639\u0643 \u0628\u0646\u0641\u0633 \u0627\u0644\u0634\u0628\u0643\u0629 \u064a\u0645\u0643\u0646\u0647 \u0627\u0646 \u064a\u0623\u062e\u0630 \u0645\u0644\u0641\u0627\u062a \u0645\u0646 \u062c\u0647\u0627\u0632\u0643 \u062f\u0648\u0646 \u0639\u0644\u0645\u0643\nWith more than 100,000,000 downloads ES File Explorer is one of the most famous #Android file manager.\nThe surprise is: if you opened the app at least once, anyone connected to the same local network can remotely get a file from your phone  \n\n\n\u0631\u0627\u0628\u0637 \u0627\u0644\u0641\u064a\u062f\u064a\u0648\nvideo link\nwww.youtube.com/embed/z6hfgnPNBRE\n\n\n\u0633\u0643\u0631\u0628\u062a \u0627\u0644\u0627\u0633\u062a\u063a\u0644\u0627\u0644 \u0628\u0627\u0644\u0648\u0635\u0641\nthe script link is in the description\n\nNow, you can call this vulnerability CVE-2019-6447 \n\u0627\u0644\u062b\u063a\u0631\u0629 \u0627\u0635\u0628\u062d\u062a \u062a\u062d\u062a \u0645\u0633\u0645\u0649 CVE-2019-6447\n\n===================\nProMast3r035\n----------------------------------------\n@PM035 | Virtual]\u2022[Wolrd]\u2022[Kings\n________________________\n@white_hat2 | white hat\n====================", "creation_timestamp": "2019-01-16T16:18:53.000000Z"}, {"uuid": "fa9a779a-8704-41d2-9008-86019e2e58de", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-6447", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-23T04:10:17.000000Z"}, {"uuid": "46513e43-cacc-4284-bbd0-536a482ba528", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-6447", "type": "seen", "source": "https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/http/es_file_explorer_open_port.rb", "content": "", "creation_timestamp": "2019-03-29T20:54:37.000000Z"}, {"uuid": "d243f621-2a40-49e2-a212-9222acb57a80", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-6447", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/396", "content": "#Whitepaper\nCVE-2019-6447:\nAndroid Vulnerability in ES File Explorer\n(ES File Explorer Open Port Vulnerability)\n\n]-> PoC: https://github.com/fs0c131y/ESFileExplorerOpenPortVuln", "creation_timestamp": "2023-09-06T02:40:41.000000Z"}, {"uuid": "ff1cc565-95fa-4fc0-91f6-8d046ef33332", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-6447", "type": "seen", "source": "https://t.me/CyberSecurityTechnologies/156", "content": "#exploit\n1. CVE-2019-6447:\nES File Explorer Open Port Vulnerability\nhttps://github.com/fs0c131y/ESFileExplorerOpenPortVuln\n\n2. CVE-2018-0708:\nCommand injection in networking of QNAP Q'center Virtual Appliance <=1.7.1063 could allow authenticated users to run arbitrary commands\nhttps://github.com/ntkernel0/CVE-2019-0708\n\n3. CVE-2019-0604:\nMicrosoft SharePoint RCE Vulnerability\nhttps://www.zerodayinitiative.com/blog/2019/3/13/cve-2019-0604-details-of-a-microsoft-sharepoint-rce-vulnerability", "creation_timestamp": "2024-10-10T11:12:45.000000Z"}]}