Basic Contact Form <= 1.0.3 - Potential Unauthenticated Shell Upload

Uploading attachments in the contact form allows to run any kind of PHP code depending on the server config. The issue is related to this https://www.exploit-db.com/exploits/10089/ one. Explanation there will help to understand the problem. Following code is part of the function...

Aerohive Networks HiveManager Remote Shell Upload

I. BACKGROUND Aerohive Networks HiveManager Classic Online NMS is a cloud-enabled enterprise-class management system for Aerohive networking products. HiveManager Classic Online offers simple policy creation, firmware upgrades, and centralized monitoring of thousands of Aerohive access points,...

VehicleWorkshop Arbitrary File Upload

Exploit Title: VehicleWorkshop Unrestricted File Upload or Shell Upload Exploit Author: Touhid M.Shaikh Date: 1/08/2017 Vendor Homepage: https://github.com/spiritson/VehicleWorkshop Tested on : Kali Linux 2.0 64 bit and Windows 7 =================== Vulnerable Page: ===================...

VehicleWorkshop - Arbitrary File Upload

Exploit Title: VehicleWorkshop Unrestricted File Upload or Shell Upload Exploit Author: Touhid M.Shaikh Date: 1/08/2017 Vendor Homepage: https://github.com/spiritson/VehicleWorkshop Tested on : Kali Linux 2.0 64 bit and Windows 7 =================== Vulnerable Page: ===================...

VehicleWorkshop - Arbitrary File Upload Vulnerability

Exploit for php platform in category web applications Exploit Title: VehicleWorkshop Unrestricted File Upload or Shell Upload Exploit Author: Touhid M.Shaikh Date: 1/08/2017 Vendor Homepage: https://github.com/spiritson/VehicleWorkshop Tested on : Kali Linux 2.0 64 bit and Windows 7...

DotCMS 4.1.1 Shell Upload Vulnerability

DotCMS version 4.1.1 suffers from a remote shell upload vulnerability. ========================== Advisory: DotCMS /servlets/ajaxfileupload Arbitrary File Upload Vulnerability Author: email protected From DBAppSecurity Security Lab Email: email protected Affected Version: 4.1.1 the latest version...

Apache ActiveMQ 5.x Web Shell Upload

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'ActiveMQ web shell upload', 'Description' = %q The Fileserver web application in Apache ActiveMQ 5.x before 5.14.0 allows remote attackers to uplo...

Code Execution Vulnerability in Axublog Blogging System

axublog is a PHP personal blog system. A code execution vulnerability exists in the Axublog blog system. The vulnerability is caused due to the failure to validate the reloaded files, which can be exploited by an attacker to construct a specially crafted file, upload a shell, and gain...

ActiveMQ web shell upload

The Fileserver web application in Apache ActiveMQ 5.x before 5.14.0 allows remote attackers to upload and execute arbitrary files via an HTTP PUT followed by an HTTP MOVE request. This module requires Metasploit: https://metasploit.com/download Current source:...

ModX CMS Proof Of Concept Shell Upload

c@kali:/src/Napalm2.2/libs$ cat shell-modxcms.py !/usr/bin/env python shell-modxcms.py - upload shell for modx 2.5.6-pl !! we need rwx in modx-webdir to go ;Z 30.05.217 @ code610 blogspot com import requests import re target=rawinput"Hostname " print '+ Preparing tests for ' + strtarget session =...

DokuWiki Proof Of Concept Shell Upload

c@kali:/src/napalm2.2/modules$ cat shell-dokuwiki.py !/usr/bin/env python shell-dokuwiki.py - module to upload shell, based on previous version created 28.04.2017. Bug 'feature' is exploitable only when you will have a valid credentials. for this proof-of-concept you'll also need host with...

Joomla 3.x Proof Of Concept Shell Upload

c@kali:/src/napalm2.2/modules$ cat shell-joomla.py !/usr/bin/env python joomlashellup.py - small script to upload shell in Joomla 02.05.2017, rewrited: 27.05 -- hint -- To exploit this "feature" you will need valid credentials.' Based on latest 3.6.5-1 version.' Tested also on: 3.7.x import...

File upload vulnerability in BEESCMS admin/upload.php page

BEESCMS is a content management system. A file upload vulnerability exists in the BEESCMS admin/upload.php page, which allows attackers to exploit the vulnerability and upload a shell by modifying the filename suffix to php...

webnetseo CMS Multiple Vulnerabilities

Exploit for php platform in category web applications Exploit Title : webnetseo CMS Multiple Vulnerabilities Exploit Author : Ashiyane Digital Security Team Vendor Homepage: webnetseo.net Date : 2017 07 May Category : WebApp MY HOME : Ashiyane.org CWE : CWE-89 - CWE-276 And ... Video :...

Lcnt Team Shell Upload Vulnerability

Exploit for php platform in category web applications xBADGIRL21 N3W PUBLIC 3XPL0IT , 0day T == -- /-' // x21 Exploit Title : Lcnt Team Shell Upload Vulnerability Exploit Author : xBADGIRL21 Dork : CopyRight 2006-2017 温州龙诚互联科技有限公司 Lcnt Team Vendor : http://icnt.net Tested on: WIN7 MyBlog :...

Pixie 1.0.4 - Arbitrary File Upload Vulnerability

Exploit for php platform in category web applications Exploit Title: File Extension Filter Bypass in File Manager Pixie 1.0.4 With Low Privilege Google Dork: no Date: 02-April-2017 Exploit Author: @runggareksya, @dvnrcy, @dickysofficial Vendor Homepage: http://www.getpixie.co.uk Software Link:...

Pixie 1.0.4 Shell Upload

Exploit Title: File Extension Filter Bypass in File Manager Pixie 1.0.4 With Low Privilege Google Dork: no Date: 02-April-2017 Exploit Author: @runggareksya, @dvnrcy, @dickysofficial Vendor Homepage: http://www.getpixie.co.uk Software Link:...

WPForce - Wordpress Attack Suite

WPForce is a suite of Wordpress Attack tools. Currently this contains 2 scripts - WPForce, which brute forces logins via the API, and Yertle, which uploads shells once admin credentials have been found. Yertle also contains a number of post exploitation modules. For more information, visit the bl...

Wordpress Multimedia1 Themes CSRF Vulnerability

Exploit for php platform in category web applications Wordpress Themes Multimedia1 Shell Upload Vulnerability | CSRF Author : Berandal Google Dork: inurl:/wp-content/themes/multimedia1/ Tested on: Win 7, Linux Blog : http://www.maxteroit.com/ +-+-+-+-+-+-+-+-+ |B|e|r|a|n|d|a|l| +-+-+-+-+-+-+-+-+ ...

HumHub 0.20.1 / 1.0.0-beta.3 Shell Upload

Security Advisory - Curesec Research Team 1. Introduction Affected Product: HumHub 0.20.1 / 1.0.0-beta.3 Fixed in: 1.0.0 Fixed Version https://www.humhub.org/en/download/default/form?version=1.0.0 Link: &type=zip Vendor Website: https://www.humhub.org/ Vulnerability Code Execution Type: Remote Ye...