Samsung Internet Browser SOP Bypass

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Samsung Internet Browser SOP Bypass', 'Description' = %q This module takes advantage of a Same-Origin Policy SOP bypass vulnerability in the...

FOGProject 1.5.9 - File Upload Remote Code Execution (Authenticated) Vulnerability

Exploit Title: FOGProject 1.5.9 - File Upload RCE Authenticated Exploit Author: email protected Vendor Homepage: https://fogproject.org Software Link: https://github.com/FOGProject/fogproject/archive/1.5.9.zip Tested on: Debian 10 On the Attacker Machine: 1 Create an empty 10Mb file. dd...

Project Expense Monitoring System 1.0 SQL Injection Vulnerability

Exploit Title: Project Expense Monitoring System | SQL Login Bypass Multiple Exploit Author: Richard Jones Vendor Homepage: https://www.sourcecodester.com/php/14001/project-expense-monitoring-system-project-php-source-code-2020.html Software Link:...

Ovidentia 6 - (id) SQL injection (Authenticated) Vulnerability

Exploit Title: Ovidentia 6 - 'id' SQL injection Authenticated Exploit Author: Felipe Prates Donato m4ud Vendor Homepage: http://www.ovidentia.org Version: 6 DORK : "Powered by Ovidentia" http://Site/ovidentia/index.php?tg=delegat&idx=mem&id=1 UNION Select select...

WordPress Mapplic 6.1 SSRF / Cross Site Scripting Vulnerability

Title : Mapplic Wordpress Plugins Stored XSS Injection via SSRF Author : Eagle Eye Vendor Homepage : https://mapplic.com/ Version Affected : 6.1 and below Tested on : Google Chrome XSS Vuln from add/edit Map and bypass with host raw.githubusercontent.com 1.Login as user 2.Add Add/Edit Map - From...

Plone CMS 5.2.3 - (Title) Stored XSS Vulnerability

Exploit Title: Plone CMS 5.2.3 - 'Title' Stored XSS Exploit Author: Piyush Patil Vendor Homepage: https://plone.com/ Software Link: https://github.com/plone/Products.CMFPlone/tags Version: 5.2.3 Tested on: Windows 10 Reference - https://github.com/plone/Products.CMFPlone/issues/3255 Steps to...

Monitoring System (Dashboard) 1.0 - uname SQL Injection Vulnerability

Exploit Title: Monitoring System Dashboard 1.0 - 'uname' SQL Injection Exploit Author: Richard Jones Vendor Homepage: https://www.sourcecodester.com/php/11741/monitoring-system-dashboard.html Software Link:...

Zenphoto CMS 1.5.7 Shell Upload Vulnerability

Authenticated arbitrary file upload to RCE Product : Zenphoto Affected : Zenphoto CMS - = 1.5.7 Attack Type : Remote login then go to plugins then go to uploader and press on the check box elFinder then press apply , after that you go to upload then FileselFinder drag and drop any malicious php...

PNPSCADA 2.200816204020 - (interf) SQL Injection (Authenticated) Vulnerability

Exploit for php platform in category web applications Exploit Title: PNPSCADA 2.200816204020 - 'interf' SQL Injection Authenticated Exploit Author: İsmail ERKEK Vendor Homepage: http://wiki.pnpscada.com/forumHome.jsp Version: 2.200816204020 Tested on: - 1. Description: ----------------------...

QiHang Media Web Digital Signage 3.0.9 Credential Disclosure Vulnerability

QiHang Media Web Digital Signage version 3.0.9 suffers from a clear-text credential disclosure vulnerability that allows an unauthenticated attacker to issue a request to an unprotected directory that hosts an XML file /xml/User/User.xml and obtain administrative login information that allows for...

Online Shopping Alphaware 1.0 - Authentication Bypass Vulnerability

Exploit for php platform in category web applications Title: Online Shopping Alphaware 1.0 - Authentication Bypass Exploit Author: Ahmed Abbas Vendor Homepage: https://www.sourcecodester.com/php/14368/online-shopping-alphaware-phpmysql.html Software Link:...

Infor Storefront B2B 1.0 - (usr_name) SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: Infor Storefront B2B 1.0 - 'usrname' SQL Injection Google Dork: inurl:storefrontb2bweb Exploit Author: ratboy Vendor Homepage: https://www.insitesoft.com/infor-storefront/ Version: Infor Storefront Tested on: Windows All Version...

Online Student Enrollment System 1.0 - Unauthenticated Arbitrary File Upload Vulnerability

Exploit for php platform in category web applications Exploit Title: Online Student Enrollment System 1.0 - Unauthenticated Arbitrary File Upload Exploit Author: BKpatron Vendor Homepage: https://www.campcodes.com/projects/php/4745/online-student-enrollment-system-in-php-mysqli/ Software Link:...

Hostel Management System 2.0 - (id) SQL Injection (Unauthenticated)

Exploit for php platform in category web applications Exploit Title: Hostel Management System 2.0 - 'id' SQL Injection Unauthenticated Exploit Author: Selim Enes 'Enesdex' Karaduman Vendor Homepage: https://phpgurukul.com/hostel-management-system/ Software Link:...

Monstra CMS 3.0.4 - Authenticated Arbitrary File Upload Vulnerability

Exploit for php platform in category web applications Exploit Title: Monstra CMS 3.0.4 - Authenticated Arbitrary File Upload Exploit Author: Kishan Lal Choudhary Vendor Homepage: https://monstra.org Software Link: https://bitbucket.org/awilum/monstra/downloads/monstra-3.0.4.zip Version: 3.0.4...

WebTareas 2.0p8 Cross Site Scripting Vulnerability

Exploit for php platform in category web applications Exploit Title: WebTareas v2.0p8 - Login Portal - Reflected Cross Site Scripting XSS Exploit Author: Bobby Cooke Vendor Homepage: http://webtareas.sf.net/ Software Link:...

NagiosXI 5.6.11 start / end / step Remote Code Execution Exploit

Exploit for php platform in category web applications Title: Postauth RCE in NagiosXI 5.6.11 Vendor: www.nagios.com Vulnerable software: https://www.nagios.com/downloads/nagios-xi/vmware/ Repo: https://github.com/c610/free/ email protected:/src/eonila/nagiospox$ cat nagiospox.py !/usr/bin/env...

WhatsApp Desktop 0.3.9308 - Persistent Cross-Site Scripting Exploit

Exploit for multiple platform in category web applications Title: WhatsApp Desktop 0.3.9308 - Persistent Cross-Site Scripting Exploit Author: Gal Weizman Vendor Homepage: https://www.whatsapp.com Software Link: https://web.whatsapp.com/desktop/windows/release/x64/WhatsAppSetup.exe Software Link:...

UADMIN Botnet SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: UADMIN Botnet - SQL Injection Vulnerability Exploit Author: n4pst3r Vendor Homepage: unkn0wn Software Link: unkn0wn Version: unkn0wn Tested on: Windows 10, Kali CVE : n/a Vuln-Code: download.php $link=$GET'link';...

Persian VIP Download Script 1.0 - (active) SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: Persian VIP Download Script 1.0 - 'active' SQL Injection Exploit Author: S3FFR Vendor HomagePage: http://download.freescript.ir/scripts/Persian-VIP-DownloadFreeScript.ir.zip Version: = 1.0 Final Version Tested on: Windows,Linux...