Wordpress Smart Product Review 1.0.4 Plugin - Shell Upload Exploit

Exploit Title: Wordpress Plugin Smart Product Review 1.0.4 - Arbitrary File Upload Google Dork: inurl: /wp-content/plugins/smart-product-review/ Exploit Author: Keyvan Hardani Vendor Homepage: https://demo.codeflist.com/wordpress-plugins/smart-product-review/ Version: = 1.0.4 Tested on: Kali Linu...

Online Student Admission System 代码问题漏洞

Online Student Admission System is an online student admission system. It is used to computerize all pre- and post-admission activities of an institution. A security vulnerability exists in Online Student Admission System version 1.0, which stems from the software's lack of effective restrictions...

Online Student Admission System SQL注入漏洞

Online Student Admission System is an online student admission system. It is used to computerize all pre- and post-admission activities of an institution. A security vulnerability exists in Online Student Admission System version 1.0, which stems from the software's lack of effective restrictions...

Exploit for Unrestricted Upload of File with Dangerous Type in Apache Activemq

This is a Python script for exploiting a vulnerability in Apache ActiveMQ. The script is designed to upload a shell to the server using the PUT method. The vulnerability being exploited is CVE-2016-3088. The script requires the user to provide the URL of the ActiveMQ server, the username, and the...

Metasploit Wrap-Up

An Especially Spooky Season for Moodle This release has not one, two, or three, but FOUR authenticated Moodle exploit modules, or should I say moodules? H00die comes through again with not just modules, but also an artisanal, bespoke library to support further work. Two target the spell check...

Moodle Admin Shell Upload

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Moodle Admin Shell Upload', 'Description' = %q This module will generate a plugin which can receive a malicious payload request and upload it to ...

WordPress MStore API 2.0.6 Shell Upload

Exploit Title: Wordpress Plugin MStore API 2.0.6 - Arbitrary File Upload Google Dork: inurl:/wp-content/plugins/mstore-api/ Date: 22/09/2021 Exploit Author: spacehen Vendor Homepage: https://wordpress.org/plugins/mstore-api/ Version: 2.0.6, possibly higher Tested on: Ubuntu 20.04.1 import os.path...

Vehicle Service Managment System 1.0 Shell Upload

Exploit Title: Vehicle Service Managment 1.0 - RCE Unauthenticated Date: 2021-10-02 Exploit Author: RICHARD JONES Vendor Homepage: https://www.sourcecodester.com/php/14972/vehicle-service-management-system-php-free-source-code.html Software Link:...

Pet Shop Management System 1.0 Privilege Escalation / Shell Upload

!/usr/bin/python3 Exploit Title: Pet Shop Management System v1.0 - Authenticated Privilege Escalation to Remote Code Execution Exploit Author: Oscar Gutierrez m4xp0w3r Date: October 01, 2021 Vendor Homepage:...

Vehicle Service Management System 1.0 - Remote Code Execution (Unauthenticated) Exploit

Exploit Title: Vehicle Service Management System 1.0 - Remote Code Execution RCE Unauthenticated Exploit Author: Fikrat Ghuliev Ghuliev Vendor Homepage: https://www.sourcecodester.com/php/14972/vehicle-service-management-system-php-free-source-code.html Software Link:...

Vehicle Service Management System 1.0 Shell Upload

Exploit Title: Vehicle Service Management System 1.0 - Remote Code Execution RCE Unauthenticated Date: 30.09.2021 Exploit Author: Fikrat Ghuliev Ghuliev Vendor Homepage: https://www.sourcecodester.com/php/14972/vehicle-service-management-system-php-free-source-code.html Software Link:...

Storage Unit Rental Management System 1.0 - Remote Code Execution (RCE) (Unauthenticated)

Exploit Title: Storage Unit Rental Management System 1.0 - Remote Code Execution RCE Unauthenticated Date: 28.09.2021 Exploit Author: Fikrat Ghuliev Ghuliev Vendor Homepage: https://www.sourcecodester.com/php/14932/storage-unit-rental-management-system-using-php-free-source-code.html Software Lin...

Storage Unit Rental Management System 1.0 - Remote Code Execution (Unauthenticated) Exploit

Exploit Title: Storage Unit Rental Management System 1.0 - Remote Code Execution RCE Unauthenticated Exploit Author: Fikrat Ghuliev Ghuliev Vendor Homepage: https://www.sourcecodester.com/php/14932/storage-unit-rental-management-system-using-php-free-source-code.html Software Link:...

Pet Shop Management System 1.0 Shell Upload

Title: Pet Shop Management System 1.0 - Remote Code Execution RCE Unauthenticated Date: 28.09.2021 Author: Mr.Gedik Vendor Homepage: https://www.sourcecodester.com Software Link: https://www.sourcecodester.com/php/14962/petshop-management-system-using-phppdo-oop-full-source-code-complete.html...

WordPress 3DPrint Lite 1.9.1.4 Shell Upload

Exploit Title: Wordpress Plugin 3DPrint Lite 1.9.1.4 - Arbitrary File Upload Google Dork: inurl:/wp-content/plugins/3dprint-lite/ Date: 22/09/2021 Exploit Author: spacehen Vendor Homepage: https://wordpress.org/plugins/3dprint-lite/ Version: spacehen www.github.com/spacehen" def printusage:...

Zenitel AlphaCom XE Audio Server 11.2.3.10 Shell Upload

Exploit Title: AlphaWeb XE - Authenticated Insecure File Upload leading to RCE CVE-2021-40845 Date: 09/09/2021 Exploit Author: Ricardo Ruiz @ricardojoserf Vendor website: https://www.zenitel.com/ Product website: https://wiki.zenitel.com/wiki/AlphaWeb CVE: CVE-2021-40845...

Zenitel AlphaCom XE Audio Server 11.2.3.10 Shell Upload Vulnerability

Zenitel AlphaCom XE Audio Server versions up to 11.2.3.10 have a web interface called AlphaWeb XE that allows for a remote shell upload. I. VULNERABILITY ------------------------- AlphaWeb XE - Authenticated Insecure File Upload leading to RCE II. CVE REFERENCE -------------------------...

CVE-2021-36582

In Kooboo CMS 2.1.1.0, it is possible to upload a remote shell e.g., aspx to the server and then call upon it to receive a reverse shell from the victim server. The files are uploaded to /Content/Template/root/reverse-shell.aspx and can be simply triggered by browsing that URL...

Design/Logic Flaw

In Kooboo CMS 2.1.1.0, it is possible to upload a remote shell e.g., aspx to the server and then call upon it to receive a reverse shell from the victim server. The files are uploaded to /Content/Template/root/reverse-shell.aspx and can be simply triggered by browsing that URL...

CVE-2021-36582

Kooboo CMS 2.1.1.0 is affected by a vulnerability that allows uploading a remote shell (aspx) to the server and then triggering it to receive a reverse shell from the victim server. The uploaded file is placed at /Content/Template/root/reverse-shell.aspx and can be invoked by visiting that URL. P...