Car Portal CMS 3.0 - Multiple Vulnerabilities

Car Portal CMS 3.0 - Multiple Vulnerabilities Title: ====== Car Portal CMS v3.0 - Multiple Web Vulnerabilities Date: ===== 2012-04-24 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=502 VL-ID: ===== 502 Introduction: ============= Car Portal is a php software product fo...

Car Portal CMS v3.0 - Multiple Web Vulnerabilities

Document Title: =============== Car Portal CMS v3.0 - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=502 Release Date: ============= 2012-04-23 Vulnerability Laboratory ID VL-ID: ==================================== 502...

tty from web shell

эмулятор nc -l -s ADDR -p PORT ввод/вывод которого управляется через файлы in/out написан для получения tty из под веб-шелла tty from web shell с ним из веб шела можно юзать su, запускать эксплоиты и получать рута пример работы: Код: ./ttyServer.pl Server is ready at 127.0.0.1:43157 ./ttyClient.p...

Docebo LMS 4.0.4 SQL Injection / Code Execution

if$GLOBALS'modname' != '' $modulecfg =& createModu...

P.A.S. (php web-shell)

P.A.S. v.3.0.x Возможности : - Авторизация по кукам. - Шифрование шелла по вашему паролю сразу при скачивании. - Файловый менеджер : групповое удаление, перемещение, копирование, скачка и загрузка файлов и директорий. переименование и создание файлов и директорий. правка, просмотр, изменении...

WSO Web Shell 2.5.1 Download

This utility provides a Web interface for remote operation c operating system and its service / daemon. Opportunity Description / features: Authorization for cookies Server Information File manager copy, rename, move, delete, chmod, touch, creating files and folders View, hexview, editing,...

WSO Web Shell 2.5.1 Download

This utility provides a Web interface for remote operation c operating system and its service / daemon. Opportunity Description / features: Authorization for cookies Server Information File manager copy, rename, move, delete, chmod, touch, creating files and folders View, hexview, editing,...

CMS Lokomedia 1.5 arbitrary file upload vulnerability-vulnerability warning-the black bar safety net

CMS Lokomedia is a php-based content management system. CMS Lokomedia 1.5 arbitrary file upload vulnerability that could result in an attacker access to the web shell. +info: CMS Lokomedia 1.5 Arbitary file upload vulnerability Software: CMS Lokomedia Vendor: http://bukulokomedia.com/home Vuln...

Phpbuddies arbitrary file upload vulnerability-vulnerability warning-the black bar safety net

Phpbuddies is an open-source article Directory System, Phpbuddies in the presence of arbitrary file upload vulnerability that could result in an attacker access to the web shell. +info: Phpbuddies 0day Arbitrary Upload File Vulnerability Author : Xr0b0t [email protected] Homepage :...

IF-CMS 2.07 - Local File Inclusion (1)

IF-CMS 2.07 - Local File Inclusion 1 !/usr/bin/python INFORMATION Exploit Title: If-CMS 2.07 Pre-Auth Local File Inclusion 0day Exploit Author: TecR0c Date: 13/3/2011 Software link: http://bit.ly/hh9ZB4 Tested on: Linux bt Version: 2.07 PHP.ini Settings: gpcmagicquotes = Off import...

IF-CMS 2.07 - Local File Inclusion (1)

!/usr/bin/python INFORMATION Exploit Title: If-CMS 2.07 Pre-Auth Local File Inclusion 0day Exploit Author: TecR0c Date: 13/3/2011 Software link: http://bit.ly/hh9ZB4 Tested on: Linux bt Version: 2.07 PHP.ini Settings: gpcmagicquotes = Off import...

PPS 4.0 perl-cgi web shell

PPS 4.0 perl-cgi web shell Данная утилита предназначенна для системных администраторов для удаленного управления своим сервером. Любое незаконное использование скрипта преследуется по закону. SIZE: 55.88 KB last update - 12.07.2013 09:45 Авторизация на cookies SystemInfo - информация о сервере Fi...

WSO 2.5 (web shell)

Данная утилита предоставляет веб-интерфейс для удаленной работы c операционной системой и ее службами/демонами. Описание возможностей / особенности: Авторизация на cookies Информация о сервере Файловый менеджер Копирование, переименование, перемещение, удаление, чмод, тач, создание файлов и папок...

MetInfo 3.0 (fckeditor)upload vulnerability-vulnerability warning-the black bar safety net

MetInfo enterprise website management system using PHP+MYSQL architecture, which uses the FCKeditor online Editor incorrectly configured cause the upload to be utilized, and in some cases upload 1. php. pdf can access to the web shell. Trojan: ? php / MetInfo 3.0 Arbitrary File Upload Exploit...

Как сделать впн из простого вебшелла.

Как сделать впн из вебшелла --- специально для rdot.org --- копирование только со ссылкой на источник Преамбула, или зачем это вообще нужно: Вопрос обеспечения собственной безопасности всегда актуален. Сокс цепочка соксов скрывает от жертвы IP атакующего, но траффик идёт в открытом виде, и может...

Nagios XI 2009R1.2B Multiple CSRF

Advisory Information Advisory ID: NGENUITY-2010-006 Date published: Aug. 7, 2010 Class: Cross-Site Request Forgery CSRF Software Description Nagios XI is the commercial / enterprise version of the open source Nagios project. Vulnerability Description Nagios XI 2009R1.2B is vulnerable to multiple...

Nagios XI - Multiple Cross-Site Request Forgery Vulnerabilities

source: https://www.securityfocus.com/bid/42322/info Nagios XI is prone to multiple cross-site request-forgery vulnerabilities because the application fails to properly validate HTTP requests. Successful exploit requires that the 'nagiosadmin' be logged into the web interface. Attackers can explo...

Nagios XI - Multiple Cross-Site Request Forgery Vulnerabilities

Nagios XI - Multiple Cross-Site Request Forgery Vulnerabilities source: https://www.securityfocus.com/bid/42322/info Nagios XI is prone to multiple cross-site request-forgery vulnerabilities because the application fails to properly validate HTTP requests. Successful exploit requires that the...

InterScan Web Security Virtual Appliance本地权限提升和任意文件上传/下载漏洞

BUGTRAQ ID: 41072 InterScan Web Security Virtual Appliance是一款能安装在VMware平台上的网页过滤产品。 InterScan Web Security Virtual Appliance没有正确地过滤提交给/servlet/com.trend.iwss.gui.servlet.exportreport的 exportname"参数和提交给/servlet/com.trend.iwss.gui.servlet.ConfigBackup的 pkgname参数，远程攻击者可以通过目录遍历攻击从系统下载任意文件。 InterScan W...

C99Shell 1.0 Pre-Release build 16 (Web Shell) - 'ch99.php' Cross-Site Scripting

source: https://www.securityfocus.com/bid/40134/info C99Shell is prone to a cross-site scripting vulnerability because the application fails to sufficiently sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in...