FireShodanMap - A Realtime Map That Integrates Firebase, Google Maps And Shodan

FireShodanMap is a Realtime map that integrates Firebase and Shodan. A search is carried out using Shodan searching vulnerable devices and they are showed on the map for analysis. All data updated in Firebase are Realtime. Changes We have a file named "fireshodan.py" responsible for fill Firebase...

XATABoost 1.0.0 - SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: XATABoost CMS Sql Injection Google Dork: inurl:php?id= Powered by XATABOOST Exploit Author: MgThuraMoeMyint Vendor Homepage: http://www2.xataboost.com Version: 1.0.0 Tested on: Kali Linux SQL Injection Type: Union Based Example...

C5Scan - Vulnerability Scanner And Information Gatherer For The Concrete5 CMS

Vulnerability scanner and information gatherer for the Concrete5 CMS. Is a little out of date presently pending a refactor. concrete5 is an open-source content management system CMS for publishing content on the World Wide Web and intranets. concrete5 is designed for ease of use, for users with a...

PT-2018-6562 · Bose · Bose Soundtouch

Name of the Vulnerable Software and Affected Versions: Bose SoundTouch affected versions not specified Description: The issue allows for cross-site scripting XSS attacks through specially crafted song data from a music service. An example of such an attack is demonstrated using Pandora...

[Citrix Gateway Trace Study] – LDAP Authentication

This trace study looks at how LDAP authentication to the Citrix Gateway works, using a user called "garyca" as an example. This example trace was carried out in a practice lab environment with the following IP addresses: VIP:10.90.33.172 NSIP:10.90.41.200 SNIP:192.168.0.2 LDAP/AD server:192.168.0...

Groupon Clone Script 3.0.2 - Cross-Site Scripting Vulnerability

Exploit for php platform in category web applications Exploit Title: Slickdeals/DealNews/Groupon Clone Script 3.0.2 – Stored XSS Date: 09.02.2018 Vendor Homepage: https://www.phpscriptsmall.com/ Software Link: https://www.phpscriptsmall.com/product/groupon-clone-script/ Category: Web Application...

Automating Cracking Methodologies Through Hashcat: hate_crack

A tool for automating cracking methodologies through Hashcat from the TrustedSec team. Installation Get the latest hashcat binaries https://hashcat.net/hashcat/ OSX Install https://www.phillips321.co.uk/2016/07/09/hashcat-on-os-x-getting-it-going/ mkdir -p hashcat/deps git clone...

Cisco IOS - Remote Code Execution Exploit

Exploit for hardware platform in category remote exploits !/usr/bin/env python if False: ''' CVE-2017-6736 / cisco-sa-20170629-snmp Cisco IOS remote code execution =================== This repository contains Proof-Of-Concept code for exploiting remote code execution vulnerability in SNMP service...

Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Cisco Ios

CVE-2017-6736 / cisco-sa-20170629-snmp Cisco IOS remote code exe...

ReverShellGenerator - A Tool to Generate Various Ways to Do a Reverse Shell

A tool to generate various ways to do a reverse shell. Usage example Reverse Shell fonts http://bernardodamele.blogspot.com.br/2011/09/reverse-shells-one-liners.html http://pentestmonkey.net/cheat-sheet/shells/reverse-shell-cheat-sheet Download ReverShellGenerator...

Securimage HTML Injection Vulnerability

Securimage is an open source free PHP CAPTCHA script for generating complex CAPTCHA images and CAPTCHA code. An HTML injection vulnerability exists in Securimage 3.6.4 and earlier versions. A remote attacker can send the '$SERVER'HTTPUSERAGENT'' parameter to the exampleform.ajax.php or...

Open Redirect

Overview st is a module for serving static files. An attacker is able to craft a request that results in an HTTP 301 redirect to an entirely different domain. A request for: http://some.server.com//nodesecurity.org/%2e%2e would result in a 301 to //nodesecurity.org/%2e%2e which most browsers trea...

ALPINE-CVE-2017-14159

slapd in OpenLDAP 2.4.45 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a "kill cat /pathname" command, ...

FreeBSD : phpmailer -- XSS in code example and default exeception handler (c5d79773-8801-11e7-93f7-d43d7e971a1b)

PHPMailer reports : Fix XSS vulnerability in one of the code examples, CVE-2017-11503. The codegenerator.phps example did not filter user input prior to output. This file is distributed with a .phps extension, so it it not normally executable unless it is explicitly renamed, so it is safe by...

An ssh-agent for every domain: SSHecret

If you have an encrypted ssh key for each domain you access you should, and you keep your unlocked keys in a single ssh-agent you maybe shouldn’t, AND you’ve ever decided you need to forward your ssh-agent, then you should feel bad. If you forward an ssh-agent with all your unique keys for every...

jwt-cracker - Simple HS256 JWT Token Brute Force Cracker

Simple HS256 JWT token brute force cracker. Effective only to crack JWT tokens with weak secrets. Recommendation : Use strong long secrets or RS256 tokens. Install With npm: npm install --global jwt-cracker Usage From command line: jwt-cracker Where: token : the full HS256 JWT token string to cra...

Muviko 1.0 SQL Injection

Exploit Title: Muviko - Video CMS v1.0 a 'q' Parameter SQL Injection Date: 02.08.2017 Vendor Homepage: https://muvikoscript.com/ Exploit Author: Kaan KAMIS Contact: iletisimatk2andotcom Website: http://k2an.com Category: Web Application Exploits Overview Muviko is a movie & video content manageme...

Muviko 1.0 - q SQL Injection

Muviko 1.0 - q SQL Injection Exploit Title: Muviko - Video CMS v1.0 – 'q' Parameter SQL Injection Date: 02.08.2017 Vendor Homepage: https://muvikoscript.com/ Exploit Author: Kaan KAMIS Contact: iletisimatk2andotcom Website: http://k2an.com Category: Web Application Exploits Overview Muviko is a...

EDUMOD Pro 1.3 - SQL Injection

EDUMOD Pro 1.3 - SQL Injection Exploit Title: School Management System | EDUMOD Pro v1.3 – SQL Injection Date: 02.08.2017 Vendor Homepage: https://codecanyon.net/item/school-management-system-edumod-pro/19764430?srank=288 Exploit Author: Kaan KAMIS Contact: iletisimatk2andotcom Website:...

phpmailer -- XSS in code example and default exeception handler

PHPMailer reports: Fix XSS vulnerability in one of the code examples, CVE-2017-11503. The codegenerator.phps example did not filter user input prior to output. This file is distributed with a .phps extension, so it it not normally executable unless it is explicitly renamed, so it is safe by...