19 matches found
SofaWiki 3.9.2 Shell Upload Exploit
Exploit Title: SofaWiki 3.9.2 - Remote Code Execution RCE via Open Ticket File Upload Exploit Author: Chokri Hammedi Vendor Homepage: https://www.sofawiki.com Software Link: https://www.sofawiki.com/site/files/snapshot.zip Version: 3.9.2 Tested on: Windows XP Summary: A remote code execution RCE...
SofaWiki 3.9.2 Shell Upload
Exploit Title: SofaWiki 3.9.2 - Remote Code Execution RCE via Open Ticket File Upload Date: 10/17/2024 Exploit Author: Chokri Hammedi Vendor Homepage: https://www.sofawiki.com Software Link: https://www.sofawiki.com/site/files/snapshot.zip Version: 3.9.2 Tested on: Windows XP Summary: A remote co...
FoF Pretty Mail 1.1.2 - Server Side Template Injection (SSTI)
Exploit Title: FoF Pretty Mail 1.1.2 - Server Side Template Injection SSTI Date: 03/28/2024 Exploit Author: Chokri Hammedi Vendor Homepage: https://flarum.org/ Software Link: https://github.com/FriendsOfFlarum/pretty-mail Version: 1.1.2 Tested on: Windows XP CVE: N/A Description: The FoF Pretty...
thrsrossi Millhouse-Project 1.414 - Remote Code Execution
sdsdsds ------WebKitFormBoundaryzlHN0BEvvaJsDgh8 Content-Disposition: form-data; name="files"; filename="" Content-Type: application/octet-stream ------WebKitFormBoundaryzlHN0BEvvaJsDgh8 Content-Disposition: form-data; name="category" 1 ------WebKitFormBoundaryzlHN0BEvvaJsDgh8 Content-Disposition...
Millhouse Project 1.414 thrsrossi - Remote Code Execution Exploit
sdsdsds ------WebKitFormBoundaryzlHN0BEvvaJsDgh8 Content-Disposition: form-data; name="files"; filename="" Content-Type: application/octet-stream ------WebKitFormBoundaryzlHN0BEvvaJsDgh8 Content-Disposition: form-data; name="category" 1 ------WebKitFormBoundaryzlHN0BEvvaJsDgh8 Content-Disposition...
Millhouse-Project 1.414 Shell Upload
sdsdsds ------WebKitFormBoundaryzlHN0BEvvaJsDgh8 Content-Disposition: form-data; name="files"; filename="" Content-Type: application/octet-stream ------WebKitFormBoundaryzlHN0BEvvaJsDgh8 Content-Disposition: form-data; name="category" 1 ------WebKitFormBoundaryzlHN0BEvvaJsDgh8 Content-Disposition...
GuppY CMS v6.00.10 - Remote Code Execution
Exploit Title: GuppY CMS v6.00.10 - Remote Code Execution Date: Sep 30, 2022 Exploit Author: Chokri Hammedi Vendor Homepage: https://www.freeguppy.org/ Software Link: https://www.freeguppy.org/fgy6dn.php?lng=en&pg=279927&tconfig=0z2 Version: 6.00.10 Tested on: Linux !/usr/bin/php ?php $username =...
WorkOrder CMS 0.1.0 - SQL Injection Vulnerability
Exploit Title: WorkOrder CMS 0.1.0 - SQL Injection Exploit Author: Chokri Hammedi Vendor Homepage: https://github.com/romzes13/WorkOrderCMS Software Link: https://github.com/romzes13/WorkOrderCMS/archive/refs/tags/v0.1.0.zip Version: 0.1.0 Tested on: Linux Auth Bypass: username:' or '1'='1...
GuppY CMS 6.00.10 Shell Upload Exploit
Exploit Title: GuppY 6.00.10 CMS Remote Code Execution Exploit Author: Chokri Hammedi Vendor Homepage: https://www.freeguppy.org/ Software Link: https://www.freeguppy.org/fgy6dn.php?lng=en&pg=279927&tconfig=0z2 Version: 6.00.10 Tested on: Linux !/usr/bin/php ?php $username = "Admin";...
GuppY CMS 6.00.10 Shell Upload
Exploit Title: GuppY 6.00.10 CMS Remote Code Execution Date: Sep 30, 2022 Exploit Author: Chokri Hammedi Vendor Homepage: https://www.freeguppy.org/ Software Link: https://www.freeguppy.org/fgy6dn.php?lng=en&pg=279927&tconfig=0z2 Version: 6.00.10 Tested on: Linux !/usr/bin/php ?php $username =...
WorkOrder CMS 0.1.0 Cross Site Scripting / SQL Injection Vulnerabilities
Exploit Title: WorkOrder CMS 0.1.0 Cross-Site Scripting XSS Date: Sep 22, 2022 Exploit Author: Chokri Hammedi Vendor Homepage: https://github.com/romzes13/WorkOrderCMS Software Link: https://github.com/romzes13/WorkOrderCMS/archive/refs/tags/v0.1.0.zip Version: 0.1.0 Payload:...
WorkOrder CMS 0.1.0 SQL Injection
Exploit Title: WorkOrder CMS 0.1.0 SQLI Date: Sep 22, 2022 Exploit Author: Chokri Hammedi Vendor Homepage: https://github.com/romzes13/WorkOrderCMS Software Link: https://github.com/romzes13/WorkOrderCMS/archive/refs/tags/v0.1.0.zip Version: 0.1.0 Tested on: Linux Auth Bypass: username:' or '1'='...
WorkOrder CMS 0.1.0 Cross Site Scripting
Exploit Title: WorkOrder CMS 0.1.0 Cross-Site Scripting XSS Date: Sep 22, 2022 Exploit Author: Chokri Hammedi Vendor Homepage: https://github.com/romzes13/WorkOrderCMS Software Link: https://github.com/romzes13/WorkOrderCMS/archive/refs/tags/v0.1.0.zip Version: 0.1.0 Tested on: Linux Payload:...
Mobile Mouse 3.6.0.4 - Remote Code Execution (RCE)
Exploit Title: Mobile Mouse 3.6.0.4 - Remote Code Execution RCE Date: Aug 09, 2022 Exploit Author: Chokri Hammedi Vendor Homepage: https://mobilemouse.com/ Software Link: https://www.mobilemouse.com/downloads/setup.exe Version: 3.6.0.4 Tested on: Windows 10 Enterprise LTSC Build 17763 !/usr/bin/e...
PhotoSync 4.7 Local File Inclusion
Exploit Title: PhotoSync 4.7 IOS APP Local file inclusion Date: Sep 19, 2022 Exploit Author: Chokri Hammedi Vendor Homepage: https://www.photosync-app.com/home.html Software Link: https://apps.apple.com/us/app/photosync-transfer-photos/id415850124 Version: 4.7 Tested on: iPhone IOS 16.0 GET...
AirDisk 7.5.5 Cross Site Scripting
Exploit Title: AirDisk 7.5.5 File Manager Stored XSS Date: Sep 8, 2022 Exploit Author: Chokri Hammedi Vendor Homepage: https://apps.apple.com/us/developer/felix-yew/id505904424 Software Link: https://apps.apple.com/us/app/airdisk-file-manager/id566530748 Version: 7.5.5 Tested on: iPhone ios 15.6 ...
FTPManager 8.2 Local File Inclusion / Directory Traversal Exploit
Exploit Title: FTPManager 8.2 Local File inclusion Exploit Author: Chokri Hammedi Vendor Homepage: https://www.skyjos.com/ Software Link: https://apps.apple.com/us/app/ftpmanager-ftp-sftp-client/id525959186 Version: 8.2 Tested on: Ios 15.6 GET...
Wifi HD Wireless Disk Drive 11 Local File Inclusion Vulnerability
Exploit Title: Wifi HD Wireless Disk Drive Local File Inclusion Date: Aug 13, 2022 Exploit Author: Chokri Hammedi Vendor Homepage: http://www.savysoda.com Software Link: https://apps.apple.com/us/app/wifi-hd-wireless-disk-drive/ id311170976 Version: 11 Tested on: iPhone OS 155 GET...
Mobile Mouse 3.6.0.4 Remote Code Execution Exploit
Exploit Title: Mobile Mouse 3.6.0.4 Remote Code Execution Exploit Author: Chokri Hammedi Vendor Homepage: https://mobilemouse.com/ Software Link: https://www.mobilemouse.com/downloads/setup.exe Version: 3.6.0.4 Tested on: Windows 10 Enterprise LTSC Build 17763 !/usr/bin/env python3 import socket...