Git All The Payloads! A Collection Of Web Attack Payloads

Git All the Payloads! A collection of web attack payloads. Pull requests are welcome! Usage run ./get.sh to download external payloads and unzip any payload files that are compressed. Payload Credits fuzzdb - https://github.com/fuzzdb-project/fuzzdb SecLists -...

Microsoft IIS - WebDav 'ScStoragePathFromUrl' Remote Overflow (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule ' Microsoft IIS WebDav ScStoragePathFromUrl Overflow', 'Description' = %q Buffer overflow in the ScStoragePathFromUrl function in the WebDAV servic...

Linux Kernel 2.6.22 < 3.9 - 'Dirty COW' 'PTRACE_POKEDATA' Race Condition Privilege Escalation (/etc/passwd Method)

// // This exploit uses the pokemon exploit of the dirtycow vulnerability // as a base and automatically generates a new passwd line. // The user will be prompted for the new password when the binary is run. // The original /etc/passwd file is then backed up to /tmp/passwd.bak // and overwrites t...

WordPress Connections Business Directory plugin <= 8.5.8 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by firefart in WordPress Connections Business Directory plugin versions = 8.5.8. Solution Update the WordPress Connections Business Directory plugin to the latest available version at least 8.5.9...

WordPress Plugin SEO by Yoast 1.7.3.3 - Blind SQL Injection

WordPress Plugin SEO by Yoast 1.7.3.3 - Blind SQL Injection Title: WordPress SEO by Yoast = 1.7.3.3 - Blind SQL Injection Version/s Tested: 1.7.3.3 Patched Version: 1.7.4 CVSSv2 Base Score: 9 AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:OF/RC:C CVSSv2 Temporal Score: 7...