Online Examination System Project 1.0 SQL Injection

Title: Online Examination System Project 1.0 SQL - Injections Author: nu11secur1ty Date: 01.10.2022 Vendor: https://projectworlds.in/free-projects/php-projects/ Software: https://projectworlds.in/free-projects/php-projects/online-examination/ Description: The eid parameter in account.php from...

Exploit for SQL Injection in Engineers_Online_Portal_Project Engineers_Online_Portal

CVE-2021-42666 CVE-2021-42666 - SQL Injection vulnerability in...

CMSmap

This is an open-source Python tool called CMSmap, designed to automate the process of detecting security flaws in popular Content Management Systems CMSs such as WordPress, Joomla, Drupal, and Moodle. The tool is still in its early stages and may contain bugs or flaws. The primary purpose of CMSm...

SmartFoxServer 2X 2.17.0 God Mode Console Remote Code Execution

Summary SmartFoxServer SFS is a comprehensive SDK for rapidly developing multiplayer games and applications with Adobe Flash/Flex/Air, Unity, HTML5, iOS, Universal Windows Platform, Android, Java, C++ and more. SmartFoxServer comes with a rich set of features, an impressive documentation set, ten...

OpenEMR 5.0.1 - Remote Code Execution (Authenticated) (2)

Title: OpenEMR 5.0.1 - Remote Code Execution Authenticated 2 Exploit Author: Alexandre ZANNI Date: 2020-07-16 Vendor Homepage: https://www.open-emr.org/ Software Link: https://github.com/openemr/openemr/archive/v5013.tar.gz Dockerfile:...

Dup Scout Enterprise 10.0.18 - 'online_registration' Remote Buffer Overflow

Dup Scout Enterprise 10.0.18 - 'onlineregistration' Remote Buffer Overflow Requires web service to be enabled. Tested on Windows 10 Pro x64 Based on: https://www.exploit-db.com/exploits/43145 and https://www.exploit-db.com/exploits/40457 Credits: Tulpa and SICKNESS for original exploits Modified:...

Sphider Search Engine 1.3.6 Remote Code Execution

Exploit Title: Sphider Search Engine 1.3.6 - 'wordupperbound' RCE Authenticated Google Dork: intitle:"Sphider Admin Login" Date: 2014-07-28 Exploit Author: Gurkirat Singh Vendor Homepage: http://www.sphider.eu/ Software Link: http://www.sphider.eu/sphider-1.3.6.zip Version: v1.3.6 Tested on:...

MTN Group: Disclosure of internal information using hidden NTLM authentication leading to an exploit server

By using a request get on the url http://www.mtncongo.net/fr/Pages/ of the blog. we collect sensitive information from blogs step Typically, when visiting a website http://www.mtncongo.net/ or directory http://www.mtncongo.net/fr/Pages/ requiring privileged access, the server will initiate a logi...

Counter Strike : GO - (.bsp) Memory Control Exploit

So I’ve been holding onto this neat little gem of a .bsp that has four bytes very close to the end of the file that controls the memory allocator. See above picture. Works on all supported operating systems last I checked so Linux, Windows, and macOS, even after a few years. Download...

Windows Kernel - Information Disclosure Vulnerability

PoC for the SWAPGS attack CVE-2019-1125 This holds the sources for the SWAPGS attack PoC publicly shown at Black Hat USA, 2019. Contents leakgsbkva - variant 1 look for random values in kernel memory; limited to PE kernel image header leakgsbkvat - variant 2 extract random values from kernel...

Remote Desktop Gateway - BlueGate Denial of Service (PoC)

Remote Desktop Gateway - BlueGate Denial of Service PoC include "BlueGate.h" / EDB Note: - Download Binary https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/47964-1.exe - Download Source...

Sony Playstation 4 (PS4) < 6.72 - WebKit Code Execution Exploit

Exploit for hardware platform in category web applications / Sony Playstation 4 PS4 6.72 - WebKit Code Execution Exploit badhoist ============ Exploit implementation of CVE-2018-4386. Obtains addrof/fakeobj and arbitrary read/write primitives. Supports PS4 consoles on 6.XX. May also work on older...

Mozilla FireFox (Windows 10 x64) - Full Chain Client Side Attack Exploit

// Axel '0vercl0k' Souchet - November 19 2019 // EDB Note: Download https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/47752.zip // 0:000 ? xul!sAutomationPrefIsSet - xul // Evaluate expression: 85724947 = 00000000051c0f13 const XulsAutomationPrefIsSet = 0x051c0f13...

Microsoft Windows 10 - WSReset UAC Protection Bypass (propsys.dll)

Microsoft Windows 10 - WSReset UAC Protection Bypass propsys.dll // ref : https://medium.com/tenable-techblog/uac-bypass-by-mocking-trusted-directories-24a96675f6e include // uac bypass via wsreset.exe // @404death // EDB Note: Download...

DetExploit - Software That Detect Vulnerable Applications, Not-Installed OS Updates And Notify To User

DetExploit is software that detect vulnerable applications and not-installed important OS updates on the system, and notify them to user. As we know, most of cyberattacks uses vulnerability that is released out year before. I thought this is huge problem, and this kind of technology should be mor...

Webmin 1.920 Remote Command Execution

!/bin/sh CVE-2019-15107 Webmin Unauhenticated Remote Command Execution based on Metasploit module https://www.exploit-db.com/exploits/47230 Original advisory: https://pentest.com.tr/exploits/DEFCON-Webmin-1920-Unauthenticated-Remote-Command-Execution.html Alternative advisory spanish:...

macOS iMessage - Heap Overflow when Deserializing

There is a heap overflow in NSURL initWithCoder: that can be reached via iMessage and likely other paths. When an NSURL is deserialized, one property its plist can contain is NS.minimalBookmarkData, which is then used as a parameter for NSURL...

Exploit for CVE-2019-14339

CVE-2019-14339 Content Provider URI Injection on Canon PRINT...

Microsoft Windows - AppX Deployment Service Local Privilege Escalation (3)

CVE-2019-0841 BYPASS 2 There is a second bypass for CVE-2019-0841. This can be triggered as following: Delete all files and subfolders within "c:\users%username%\appdata\local\packages\Microsoft.MicrosoftEdge8wekyb3d8bbwe" atleast the ones we can delete as user Try to launch edge. It will crash...

Microsoft Windows 10 (17763.379) - Install DLL

Microsoft Windows 10 17763.379 - Install DLL edit: Figure out how this works for yourself. I can't be bothered. It's a really hard race, doubt anyone will be able to repro anyway. Could be used with malware, you could programmatically trigger the rollback. Maybe you can even pass the silent flag ...