Bigcart - Ecommerce Multivendor System 1.0 - SQL Injection

Bigcart - Ecommerce Multivendor System 1.0 - SQL Injection Exploit Title: Bigcart - Ecommerce Multivendor System 1.0 - SQL Injection Dork: N/A Date: 2019-01-14 Exploit Author: Ihsan Sencan Vendor Homepage: http://ocsolutions.co.in/ Software Link:...

xorg-x11-server Local Privilege Escalation

!/bin/sh Exploit Title: xorg-x11-server A flaw was found in xorg-x11-server before 1.20.3. An incorrect permission check for -modulepath and -logfile options when starting Xorg. X server allows unprivileged users with the ability to log in to the system via physical console to escalate their...

Internet Bug Bounty: imagecolormatch Out Of Bounds Write on Heap

The link to the PHP bug: https://bugs.php.net/bug.php?id=77270 This is possible to exploit in PHP 7.0.33 and 5.6.39. I used this vulnerability to write a local safe mode bypass exploit. It is possible to write up to 1200 bytes over the boundaries of a buffer allocated in the imagecolormatch...

Apache CouchDB 2.3.0 Cross Site Request Forgery Vulnerability

Apache CouchDB version 2.3.0 suffers from cross site request forgery vulnerabilities providing there's a loose CORs policy. Exploit Title: Apache CouchDB 2.3.0 Cross Site Request Forgery Exploit Author: Ozer Goker Vendor Homepage: http://couchdb.apache.org Software Link:...

Voyager 1.1.3 Shell Upload

Exploit Title: Voyager 1.1.3 - Arbitrary File Upload Google Dork: N/A Date: 1 Jan 2019 Exploit Author: Deyaa Muhammad Author EMail: contact at deyaa.me Author Blog: http://deyaa.me Poc Video: https://youtu.be/5GnHbFqRP9M Vendor Homepage: https://laravelvoyager.com/ Software Link:...

Voyager 1.1 Shell Upload

Exploit Title: Voyager 1.1 - Arbitrary File Upload Google Dork: N/A Date: 1 Jan 2019 Exploit Author: Deyaa Muhammad Author EMail: contact at deyaa.me Author Blog: http://deyaa.me Poc Video: https://youtu.be/5GnHbFqRP9M Vendor Homepage: https://laravelvoyager.com/ Software Link:...

Netatalk 3.1.12 - Authentication Bypass (PoC)

Netatalk 3.1.12 - Authentication Bypass PoC import socket import struct import sys if lensys.argv != 3: sys.exit0 ip = sys.argv1 port = intsys.argv2 sock = socket.socketsocket.AFINET, socket.SOCKSTREAM print "+ Attempting connection to " + ip + ":" + sys.argv2 sock.connectip, port dsipayload =...

Rukovoditel Project Management CRM 2.3.1 Remote Code Execution

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'uri' class MetasploitModule 'Rukovoditel Project Management/CRM 2.3.1 - Authenticated Remote Code Execution', 'Description' = %q This module...

CVE-2018-20148

CVE-2018-20148 affects WordPress versions prior to 4.9.9 and 5.x prior to 5.0.1. The issue stems from mishandling of serialized data at phar:// URLs in wp-includes/post.php: wp_get_attachment_thumb_file can mishandle metadata and lead to PHP object injection via crafted wp.getMediaItem XMLRPC cal...

Linux - userfaultfd Bypasses tmpfs File Permissions Exploit

Using the userfaultfd API, it is possible to first register a userfaultfd region for any VMA that fulfills vmacanuserfault: It must be an anonymous VMA -vmops==NULL, a hugetlb VMA VMHUGETLB, or a shmem VMA -vmops==shmemvmops. This means that it is, for example, possible to register userfaulfd...

WebKit JIT - Int32/Double Arrays can have Proxy Objects in the Prototype Chains Exploit

didBecomePrototype; if structurevm-hasMonoProto DeferredStructureTransitionWatchpointFire deferredvm, structurevm; Structure newStructure = Structure::changePrototypeTransitionvm, structurevm, prototype, deferred; setStructurevm, newStructure; else putDirectvm, knownPolyProtoOffset, prototype; if...

phpBB 3.2.3 - Remote Code Execution

// All greets goes to RIPS Tech // Run this JS on Attachment Settings ACP page var pluploadsalt = ''; var formtoken = ''; var creationtime = ''; var filepath = 'phar://./../files/plupload/$saltaaae9cba5fdadb1f0c384934cd20d11czip.part'; // md5'evil.zip' = aaae9cba5fdadb1f0c384934cd20d11czip // you...

DomainMOD 4.11.01 - Custom SSL Fields Cross-Site Scripting

Exploit Title: DomainMOD 4.11.01 - Cross-Site Scripting Date: 2018-11-22 Exploit Author: Mohammed Abdul Raheem Vendor Homepage: domainmod https://domainmod.org/ Software Link: domainmod https://github.com/DomainMod/DomainMod Version: v4.09.03 to v4.11.01 CVE : CVE-2018-19751 A Stored Cross-site...

Fleetco Fleet Maintenance Management 1.2 - Remote Code Execution Exploit

Exploit for php platform in category web applications Exploit Title: Fleetco Fleet Maintenance Management 1.2 - Remote Code Execution Exploit Author: Özkan Mustafa Akkuş AkkuS Contact: https://pentest.com.tr Vendor Homepage: https://www.fleetco.space Software Link:...

BitZoom 1.0 - rollno SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: BitZoom 1.0 - 'rollno' SQL Injection Exploit Author: Ihsan Sencan Vendor Homepage: https://bitzoom.sourceforge.io/ Software Link: https://excellmedia.dl.sourceforge.net/project/bitzoom/bitzoom-master.zip Version: 1.0 Category:...

Simple E-Document 1.31 - username SQL Injection

Simple E-Document 1.31 - username SQL Injection Exploit Title: Simple E-Document 1.31 - 'username' SQL Injection Dork: N/A Date: 2018-11-14 Exploit Author: Ihsan Sencan Vendor Homepage:...

WordPress Ninja Forms 3.3.17 Cross Site Scripting

Exploit Title: Wordpress Plugin Ninja Forms 3.3.17 - Cross-Site Scripting Date: 2018-11-15 Exploit Author: MTK Vendor Homepage: https://ninjaforms.com Softwae Link: https://wordpress.org/plugins/ninja-forms/ Version: Up to V3.3.17 Tested on: Debian 9 - Apache2 - Wordpress 4.9.8 - Firefox CVE :...

Tina4 Stack 1.0.3 - Cross-Site Request Forgery (Update Admin)

Exploit Title: Tina4 Stack 1.0.3 - Cross-Site Request Forgery Update Admin Dork: N/A Date: 2018-11-09 Exploit Author: Ihsan Sencan Vendor Homepage: http://tina4.com/ Software Link: https://ayera.dl.sourceforge.net/project/tina4stack/v1.0.3/Release%20V1.0.3.zip Version: 1.0.3 Category: Webapps...

PHP Proxy 3.0.3 - Local File Inclusion Exploit

Exploit for php platform in category web applications Exploit Title: PHP-Proxy 3.0.3 - Local File Inclusion Exploit Author: Özkan Mustafa Akkuş AkkuS Contact: https://pentest.com.tr Vendor Homepage: https://www.php-proxy.com/ Software Link: https://github.com/Athlon1600/php-proxy-app Version:...

PHP Proxy 3.0.3 - Local File Inclusion

PHP Proxy 3.0.3 - Local File Inclusion Exploit Title: PHP-Proxy 3.0.3 - Local File Inclusion Date: 04.11.2018 Exploit Author: Özkan Mustafa Akkuş AkkuS Contact: https://pentest.com.tr Vendor Homepage: https://www.php-proxy.com/ Software Link: https://github.com/Athlon1600/php-proxy-app Version:...