4149 matches found
Lost and Found Information System v1.0 - ( IDOR ) leads to Account Take over Exploit
Exploit Title: Lost and Found Information System v1.0 - idor leads to Account Take over Exploit Author: OR4NG.M4N Category : webapps CVE : CVE-2023-38965 Python p0c : import argparse import requests import time parser = argparse.ArgumentParserdescription='Send a POST request to the target server'...
Wordpress Augmented-Reality - Remote Code Execution Unauthenticated Exploit
Exploit Title: Wordpress Augmented-Reality - Remote Code Execution Unauthenticated Date: 2023-09-20 Author: Milad Karimi Ex3ptionaL Category : webapps Tested on: windows 10 , firefox import requests as req import json import sys import random import uuid import urllib.parse import urllib3 from...
Wordpress Seotheme - Remote Code Execution Unauthenticated Exploit
Exploit Title: Wordpress Seotheme - Remote Code Execution Unauthenticated Author: Milad Karimi Ex3ptionaL Category : webapps Tested on: windows 10 , firefox import sys , requests, re from multiprocessing.dummy import Pool from colorama import Fore from colorama import init initautoreset=True fr =...
WordPress Augmented-Reality Remote Code Execution
Exploit Title: Wordpress Augmented-Reality - Remote Code Execution Unauthenticated Date: 2023-09-20 Author: Milad Karimi Ex3ptionaL Category : webapps Tested on: windows 10 , firefox import requests as req import json import sys import random import uuid import urllib.parse import urllib3 from...
Wordpress 'simple urls' Plugin < 115 - XSS
Exploit Title: simple urls alertorigin...
Lepton CMS 7.0.0 Remote Code Execution Vulnerability
Exploit Title: LeptonCMS Version : 7.0.0 Remote Code Execution Exploit Author: tmrswrr Category: Webapps Vendor Homepage: https://www.lepton-cms.com/ Version : 7.0.0 Tested on: https://www.softaculous.com/apps/cms/LEPTON 1 Login with admin cred https://127.0.0.1/LEPTON/backend/login/index.php 2 G...
Lepton CMS 7.0.0 Remote Code Execution
Exploit Title: LeptonCMS Version : 7.0.0 Remote Code Execution Date: 2024-1-19 Exploit Author: tmrswrr Category: Webapps Vendor Homepage: https://www.lepton-cms.com/ Version : 7.0.0 Tested on: https://www.softaculous.com/apps/cms/LEPTON 1 Login with admin cred...
liveSite 2019.1 Remote Code Execution
Exploit Title: liveSite Version : 2019.1 Remote Code Execution Date: 2024-1-9 Exploit Author: tmrswrr Category: Webapps Vendor Homepage: https://livesite.com/ Version : 2019.1 Tested on: https://www.softaculous.com/apps/cms/liveSite 1 Login with admin cred Click Staff Home Edit Designer Region...
liveSite 2019.1 Remote Code Execution Vulnerability
Exploit Title: liveSite Version : 2019.1 Remote Code Execution Exploit Author: tmrswrr Category: Webapps Vendor Homepage: https://livesite.com/ Version : 2019.1 Tested on: https://www.softaculous.com/apps/cms/liveSite 1 Login with admin cred Click Staff Home Edit Designer Region Name:megamenu ,...
PluXml Blog 5.8.9 Remote Code Execution Vulnerability
Exploit Title: PluXml Blog Version : 5.8.9 - Remote Code Execution Authenticated Exploit Author: tmrswrr Category: Webapps Vendor Homepage: https://pluxml.org/ Version : 5.8.9 Tested on: https://www.softaculous.com/apps/cms/PluXml 1 After login Click Static pages Edit Write in content your payloa...
PluXml Blog 5.8.9 Remote Code Execution
Exploit Title: PluXml Blog Version : 5.8.9 - Remote Code Execution Authenticated Date: 2024-1-7 Exploit Author: tmrswrr Category: Webapps Vendor Homepage: https://pluxml.org/ Version : 5.8.9 Tested on: https://www.softaculous.com/apps/cms/PluXml 1 After login Click Static pages Edit Write in...
ShopSite 14.0 Cross Site Scripting Vulnerability
Exploit Title: ShopSite Version: 14.0 - Stored XSS Exploit Author: tmrswrr Category : Webapps Vendor Homepage: https://www.shopsite.com/ Version: 14.0 Tested on: https://www.shopsite.com/demo.html 1 Upload poc.svg file here : https://demo.shopsite.com/cgi-bin/ssdemos/stores/alsdemo/ss/mediam.cgi...
WhatACart 2.0.7 Cross Site Scripting Vulnerability
Exploit Title: WhatACart Version: 2.0.7 - Reflected XSS Date: 2023-12-27 Exploit Author: tmrswrr Category : Webapps Vendor Homepage: https://whatacart.com Version: 2.0.7 Tested on: https://whatacart.com/demo 1 Go to this page : https://demo.whatacart.com/ 2 Write search field this payload :...
WhatACart 2.0.7 Cross Site Scripting
Exploit Title: WhatACart Version: 2.0.7 - Reflected XSS Date: 2023-12-27 Exploit Author: tmrswrr Category : Webapps Vendor Homepage: https://whatacart.com Version: 2.0.7 Tested on: https://whatacart.com/demo 1 Go to this page : https://demo.whatacart.com/ 2 Write search field this payload :...
ShopSite 14.0 Cross Site Scripting
Exploit Title: ShopSite Version: 14.0 - Stored XSS Date: 2023-12-25 Exploit Author: tmrswrr Category : Webapps Vendor Homepage: https://www.shopsite.com/ Version: 14.0 Tested on: https://www.shopsite.com/demo.html 1 Upload poc.svg file here :...
CE Phoenix 1.0.8.20 Remote Code Execution
Exploit Title: CE Phoenix v1.0.8.20 - Remote Code Execution RCE Authenticated Date: 2023-11-25 Exploit Author: tmrswrr Category: Webapps Vendor Homepage: CE Phoenix Version: v1.0.8.20 Tested on: Softaculous Demo - CE Phoenix EXPLOIT : import requests from bs4 import BeautifulSoup import sys impor...
CE Phoenix 1.0.8.20 Remote Code Execution Exploit
Exploit Title: CE Phoenix v1.0.8.20 - Remote Code Execution RCE Authenticated Date: 2023-11-25 Exploit Author: tmrswrr Category: Webapps Vendor Homepage: CE Phoenix Version: v1.0.8.20 Tested on: Softaculous Demo - CE Phoenix EXPLOIT : import requests from bs4 import BeautifulSoup import sys impor...
CE Phoenix 1.0.8.20 Remote Command Execution Vulnerability
Exploit Title: CE Phoenix v1.0.8.20 - Remote Code Execution RCE Authenticated Date: 2023-11-25 Exploit Author: tmrswrr Category: Webapps Vendor Homepage: CE Phoenix Version: v1.0.8.20 Tested on: Softaculous Demo - CE Phoenix POC: 1. Login to admin panel: - Visit:...
CE Phoenix 1.0.8.20 Remote Command Execution
Exploit Title: CE Phoenix v1.0.8.20 - Remote Code Execution RCE Authenticated Date: 2023-11-25 Exploit Author: tmrswrr Category: Webapps Vendor Homepage: CE Phoenix Version: v1.0.8.20 Tested on: Softaculous Demo - CE Phoenix POC: 1. Login to admin panel: - Visit:...
PyroCMS 3.0.1 Cross Site Scripting
Exploit Title: PyroCMS v3.0.1 - Stored XSS Date: 2023-11-25 Exploit Author: tmrswrr Category : Webapps Vendor Homepage: https://pyrocms.com/ Version: v3.0.1 Tested on: https://www.softaculous.com/apps/cms/PyroCMS...