Amin'z Tech CMS Shell Upload / SQL Injection

---------------------------------------------- Exploit Title : Amin'z Tech Login Page SQL Injection Bypass / Upload shell vulnerability Exploit Author : ACC3SS Vendor Homepage : http://www.aminztech.com Google Dork : intext:"AMIN'Z TECH" inurl:panel Date: 2014-01-16 Tested on: Windows 7...

WordPress Amerisale-Re Remote Shell Upload

Exploit Title : Wordpress amerisale-re Remote Shell Upload Exploit Author : T3rm!nat0r5 Vendor Homepage : http://wordpress.org/ Google Dork : inurl:/wp-content/plugins/amerisale-re Date : 2014/01/30 Tested on : Windows 8 , Linux This module requires Metasploit: http//metasploit.com/download Curre...

Imageview 6.x Shell Upload

Author: TUNISIAN CYBER + Exploit Title: Imageview File Upload vulnerability + Date: 20-01-2014 + Category: WebApp + Google Dork: : + Tested on: KaliLinux + Friendly Sites: na3il.com,th3-creative.com +Exploit: Imageview Suffers from a File Upload Vulnerability which allows the attacker to upload a...

Joomla Aclsfgpl Shell Upload

Author: TUNISIAN CYBER + Exploit Title: Joomla Component comaclsfgpl File Upload Vulnerability + Date: 07-01-2014 + Category: WebApp + Google Dork: :inurl:"index.php?option=comaclsfgpl" addform + Tested on: KaliLinux + Friend's blog: www.na3il.com +Exploit: You can upload file .php/.php.jpg...

Citadel Backconnect Server 1.3.5.1 Remote Code Execution vulnerability

start "backgroundexec" cbcs.exe listen -cp:faggot -bp:hacker | echo "" shell.php Usage Info Edit the code and run ! import urllib import urllib2 Citadel Backconnect Server 1.3.5.1 Remote Code Execution vulnerability Work only on windows box def requesturl, params=None, method='GET': if method ==...

PHPSurveyor Shell Upload

-= G4eL =- Exploit Title: PHPSurveyor - Shell Upload Exploit Author: G4eL Date: 26/12/2013 Product: PHPSurveyor Official Site: http://www.limesurvey.org/ Risk Level: High /admin/templates.php - File Upload URL SITE = Default directory of PHPSurveyor Example : http://site.com/survey/ File Uploaded...

Phone Drive Eightythree 4.1.1 XSS / Command Injection / Shell Upload

Document Title: =============== Phone Drive Eightythree 4.1.1 iOS - Multiple Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1168 Release Date: ============= 2013-12-11 Vulnerability Laboratory ID VL-ID: ==================================...

Telmanik CMS 1.01 Shell Upload

/ Exploit title : telmanik cms v1.01 File Upload Date : 12/12/2013 Author : JoKeRStEx Software Link : http://www.telmanik.com/open-source.php Tested On : WinXP PRO SP3 CVE : Version : 1.01 / 1 File Upload P.O.C "@".$shell; curlsetopt$dz,CURLOPTPOSTFIELDS,$jxarray; $exec=curlexec$dz;...

Photo Video Album Transfer 1.0 Local File Inclusion / Shell Upload

Document Title: =============== Photo Video Album Transfer 1.0 iOS - Multiple Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1166 Release Date: ============= 2013-12-10 Vulnerability Laboratory ID VL-ID:...

osCmax e-Commerce 2.5.3 Cross Site Scripting / Shell Upload

Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 + Site : 1337day.com 0 1 + Support e-mail : submitat1337day.com 1 0 0 1 1 0 I'm KedAns-Dz member from Inj3ct0r Team 1 1 0 0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1 Title : osCmax...

Vibo world CMS background get shell-vulnerability warning-the black bar safety net

Keywords: Powered by CNKSYS Background address: admin Default account password: admin admin Get the shell methods: Just find a place to upload a word picture of the horse, renamed to xx. asp ps:back Diamondback found: this app looks like Is makeover。。。。...

osCmax e-Commerce v2.5.3 (FU/ObjectInject) Multiple Vulnerabilities

osCmax e-Commerce v2.5.3 is suffer from multiple vulnerabilities remote attacker can upload file/shell via header attacks or exec a JavaScript Code & Inject a remote Object see also : CVE-2013-4144 Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 + Site :...

WordPress Page Flip Image Gallery Shell Upload

Exploit Title: Wordpress page-flip-image-gallery plugins Remote File Upload Vulnerability Author: Ashiyane Digital Security Team Date: 12/06/2013 Vendor Homepage: http://pageflipgallery.com Software Link : http://downloads.wordpress.org/plugin/page-flip-image-gallery.zip Google dork:...

Imagam iFiles 1.16.0 File Inclusion / Shell Upload / Command Injection

Document Title: =============== Imagam iFiles v1.16.0 iOS - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1160 Release Date: ============= 2013-12-03 Vulnerability Laboratory ID VL-ID: ====================================...

Joomla Hotornot2 Shell Upload

Title : Joomla comhotornot2 Remote Code Execution Author : DevilScreaM Date : 4 Desember 2013 Category : Web Applications Version : 2.0.0 Type : PHP Greetz : 0day-id.com | newbie-security.or.id | Borneo Security | Indonesian Security Indonesian Hacker | Indonesian Exploiter | Indonesian Cyber...

Joomla Alphauserpoints phpThumb.php Shell Upload

Title : Joomla comalpahuserpoints Remote Code Execution Author : DevilScreaM Date : 1 Desember 2013 Category : Web Applications Type : PHP Vendor : http://alphaplug.com/ Greetz : 0day-id.com | newbie-security.or.id | Borneo Security | Indonesian Security Indonesian Hacker | Indonesian Exploiter |...

Joomla Alphacontent phpThumb.php Shell Upload

Title : Joomla comalphacontent Remote Code Execution Author : DevilScreaM Date : 1 Desember 2013 Category : Web Applications Type : PHP Vendor : http://alphaplug.com/ Greetz : 0day-id.com | newbie-security.or.id | Borneo Security | Indonesian Security Indonesian Hacker | Indonesian Exploiter |...

Joomla JMultimedia Command Execution Exploit

Joomla JMultimedia component remote shell upload exploit. !/usr/bin/perl Exploit Title: comjmultimedia Remote Command Execution Author: Deepankar Arora and Rafay Baloch Vendor: http://joomlacode.org/gf/project/denvideo/ Enter the target in this form -- http://victim.com/ Change shell path to your...

Joomla JMultimedia Command Execution

!/usr/bin/perl Exploit Title: comjmultimedia Remote Command Execution Author: Deepankar Arora and Rafay Baloch Vendor: http://joomlacode.org/gf/project/denvideo/ Enter the target in this form -- http://victim.com/ Change shell path to your own, if needed use LWP::UserAgent; use HTTP::Request;...

Elastix Voip system 2.x , Php code injection / Data dump Exploit

Elastix is famous asterisk voip system interface dist. it's vulnerable to php code injection vuln , which can be used to dump all data including - SIP Extention Data - Plain text admin password - Moderators passwords - All trunks data - shell upload Usage Info just add the ip list to "list.txt"...