2032 matches found
Rukovoditel 2.6.1 Shell Upload / Local File Inclusion
Exploit Title: Rukovoditel v2.6.1, RCE Date: 2020-06-11 Exploit Author: coiffeur Write Up: https://therealcoiffeur.github.io/c1010 Vendor Homepage: https://www.rukovoditel.net/ Software Link: https://www.rukovoditel.net/download.php Version: v2.6.1 set -e function usage echo "NAME: Rukovoditel...
Task Management System 1.0 Shell Upload
Exploit Title: Task Management System 1.0 - Unrestricted File Upload to Remote Code Execution Exploit Author: Saeed Bala Ahmed r0b0tG4nG Date: 2020-12-08 Google Dork: N/A Vendor Homepage: https://www.sourcecodester.com/php/14615/task-management-system-using-phpmysqli-source-code.html Software Lin...
Exploit for Unrestricted Upload of File with Dangerous Type in Apache Activemq
This repository is an offensive tool for collecting or writing various vulnerability PoCs proofs of concept and exploits. The primary vulnerability addressed by the repository is CNVD-2020-10487, a Tomcat-Ajp local file inclusion LFI vulnerability. The repository contains two main files:...
Exploit for Missing Authentication for Critical Function in Oracle Weblogic_Server
简易说明 + 命令执行并回显 + 直接上传shell + linux下weblogic 10.3.6.0测试OK...
Complaint Management System 1.0 Shell Upload
Title: Complaint Management System v1.0- unrestricted file upload leading to RCE Exploit Author: Mohamed Elobeid 0b3!d Date: 2020-08-21 Vendor Homepage: https://www.sourcecodester.com/php/14206/complaint-management-system.html Software Link:...
Gila CMS File Upload Vulnerability
Gila CMS is an open source content management system CMS based on PHP and MySQL. A file upload vulnerability exists in Gila CMS 1.16.0. An attacker can exploit this vulnerability to upload a shell to the tmp directory, which can then be used to execute PHP files using .htaccess via the logging...
CVE-2020-28692
In Gila CMS 1.16.0, an attacker can upload a shell to tmp directy and abuse .htaccess through the logs function for executing PHP files...
CVE-2020-28692
In Gila CMS 1.16.0, an attacker can upload a shell to tmp directy and abuse .htaccess through the logs function for executing PHP files...
Code Projects Artworks Gallery Code Issues Vulnerabilities
Code Projects Artworks Gallery is an online artwork management builder system organized by Code Projects. A security vulnerability exists in Artworks Gallery version 1.0 that stems from multiple remote shell upload vulnerabilities...
Gila CMS 代码问题漏洞
Gila CMS is an open source content management system CMS based on PHP and MySQL. A file upload vulnerability exists in Gila CMS 1.16.0. An attacker can exploit this vulnerability to upload a shell to the tmp directory, which can then be used to execute PHP files using .htaccess via the logging...
WordPress Simple File List 5.4 Shell Upload
!/usr/bin/python -- coding: utf-8 -- Exploit Title: Wordpress Plugin Simple File List 5.4 - Arbitrary File Upload Date: 2020-11-01 Exploit Author: H4rk3nz0 based off exploit by coiffeur Original Exploit: https://www.exploit-db.com/exploits/48349 Vendor Homepage: https://simplefilelist.com/ Softwa...
Apache Flink 1.9.x Shell Upload
!/usr/bin/env python3 coding: utf-8 Exploit Title: Apache Flink 1.9.x - File Upload RCE Unauthenticated Google Dork: None Date: 2020.11.01 Exploit Author: bigger.wing Vendor Homepage: https://flink.apache.org/ Software Link: https://flink.apache.org/downloads.html Version: 1.9.x Tested on:...
File Upload Vulnerability in Kaixin Procurement System
Qixing Purchasing System is a system for material purchasing and management, which is developed using ASP.NET language. A file upload vulnerability exists in the Qixing Procurement System. An attacker can exploit the vulnerability to upload a webshell and gain server privileges...
GOautodial 4.0 - Authenticated Shell Upload
Exploit Title: GOautodial 4.0 - Authenticated Shell Upload Author: Balzabu Discovery Date: 07-23-2020 Vendor Homepage: https://goautodial.org/ Software Link: https://goautodial.org/GOautodial-4-x8664-Final-20191010-0150.iso.html Tested Version: 4.0 Last relase as of today Tested on OS: CentOS 7...
GOautodial 4.0 Shell Upload
Exploit Title: GOautodial 4.0 - Authenticated Shell Upload Author: Balzabu Discovery Date: 07-23-2020 Vendor Homepage: https://goautodial.org/ Software Link: https://goautodial.org/GOautodial-4-x8664-Final-20191010-0150.iso.html Tested Version: 4.0 Last relase as of today Tested on OS: CentOS 7...
WordPress HS Brand Logo Slider 2.1 Shell Upload
Exploit Title: WordPress Plugin HS Brand Logo Slider 2.1 - 'logoupload' File Upload Date: 2020-10-20 Exploit Author: Net-Hunter Google Dork: N/A Software Link: https://ms.wordpress.org/plugins/hs-brand-logo-slider/ Vendor Homepage: https://www.heliossolutions.co/ Tested on: Linux Apache / Wordpre...
WordPress SuperStoreFinder 6.1 CSRF / Shell Upload
Exploit Title : SuperStoreFinder Wordpress Plugins CSRF File Upload Wordpress Plugins Affected : Super Store Finder | Super Interactive Maps | Super Logo Showcase Exploit Type : Cross Site Request Forgery Plugin URI: http://www.superstorefinder.net/ Version : All versions from 6.1 and below , sho...
Online Student's Management System 1.0 Shell Upload
Exploit Title: Online Student's Management System 1.0 - Remote Code Execution Authenticated Google Dork: N/A Date: 2020/10/18 Exploit Author: Akıner Kısa Vendor Homepage: https://www.sourcecodester.com/php/14490/online-students-management-system-php-full-source-code-2020.html Software Link:...
Online Bike Rental 1.0 Shell Upload Vulnerability
Exploit for php platform in category web applications Exploit Title: Online Bike Rental v1.0 – Authenticated Arbitrary File Upload / Remote Code Execution Exploit Author: Adeeb Shah @hyd3sec Vendor Homepage: https:/www.sourcecodester.com Software Link:...
Online Bike Rental 1.0 Shell Upload
Exploit Title: Online Bike Rental v1.0 – Authenticated Arbitrary File Upload / Remote Code Execution Date: July 31, 2020 Exploit Author: Adeeb Shah @hyd3sec Vendor Homepage: https:/www.sourcecodester.com Software Link: https://www.sourcecodester.com/php/14374/online-bike-rental-phpmysql.html...