Weaver Xtreme Theme Support < 6.3.1 - Admin+ PHP Object Injection

Description The plugin unserialises the content of an imported file, which could lead to PHP object injections issues when a high privilege user import a malicious file and a suitable gadget chain is present on the blog. PoC To simulate a gadget chain, put the following code in a plugin: class Te...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS due to improper user-input sanitization by allowing an attacker to upload a malicious file via the Choose File feature. Details Cross-site scripting or XSS is a code vulnerability that occurs when an attacker...

PHPnuke 8.2 - Remote Upload File Exploit

Title : PHPnuke 8.2 Remote Upload File Exploit Author : Net.Edit0r Location : Iran Dork : "POWERED BY PHPNUKE.IR" Category : Remote Email : [email protected] [email protected] Special Thanks To :NetQurd For help in finding bugs Email :[email protected] InformatioN 1.Save code html format ...

Fluidgalleries Photo Upload Shell Upload

In The Name Of Allah + Exploit Title : fluidgalleries Photo Upload Remote Shell Upload Vulnerability + Google Dork 1 : inurl:"fluidgalleries/dat/info.dat" + Google Dork 2 : inurl:"/fluidgalleries/php/" + Date : 01/08/2013 + Exploit Author : IranianDarkCodersTeam + Home : www.idc-team.net +...

SoftXMLCMS Shell Upload Vulnerability

Exploit for asp platform in category web applications Exploit Title : softxmlcms Shell Upload Vulnerability Google Dork : Powered by softxmlcms Author : Alexander Software Link : http://www.softxml.com Test On : Windows/asp/php CVE : Web Applications === Exploit ===...