179 matches found
GHSA-WXJX-R2J2-96FX AVideo: Full-Read SSRF Through Unvalidated statsURL Parameter in plugin/Live/test.php
Summary The plugin/Live/test.php endpoint accepts a URL via the statsURL parameter and fetches it server-side using filegetcontents, curlexec, or wget, returning the full response content in the HTML output. The only validation is a trivial regex /^http/ that does not block requests to...
PT-2026-26400
Summary isPrivateIpv4 in bundled SSRF guard code missed several IPv4 special-use/non-global ranges, so web fetch could allow targets that should be blocked by SSRF policy. Affected Packages / Versions - Package: openclaw npm - Latest published affected version: 2026.2.21-2 published 2026-02-21 -...
CVE-2026-27730
esm.sh (a no-build CDN for web development) versions up to and including 137 contain an SSRF (CWE-918) in the /http(s) fetch route. The service validates against localhost/internal targets using hostname string checks, which can be bypassed with DNS alias domains, allowing an external requester t...
HTTP Fetch, Linux Command Shell, Bind TCP Inline
Fetch and execute an RISC-V 32-bit payload from an HTTP server. Listen for a connection and spawn a command shell Module Options msf use payload/cmd/linux/http/riscv32le/shellbindtcp msf payloadshellbindtcp show actions ...actions... msf payloadshellbindtcp set ACTION msf payloadshellbindtcp show...
HTTP Fetch, Linux Reboot
Fetch and execute an RISC-V 64-bit payload from an HTTP server. A very small shellcode for rebooting the system using the reboot syscall. This payload is sometimes helpful for testing purposes. Requires CAPSYSBOOT privileges. Module Options msf use payload/cmd/linux/http/riscv64le/reboot msf...
HTTPS Fetch, Linux Chmod
Fetch and execute an RISC-V 64-bit payload from an HTTPS server. Runs chmod on the specified file with specified mode. Module Options msf use payload/cmd/linux/https/riscv64le/chmod msf payloadchmod show actions ...actions... msf payloadchmod set ACTION msf payloadchmod show options ...show and s...
HTTP Fetch, Linux Chmod
Fetch and execute an RISC-V 32-bit payload from an HTTP server. Runs chmod on the specified file with specified mode. Module Options msf use payload/cmd/linux/http/riscv32le/chmod msf payloadchmod show actions ...actions... msf payloadchmod set ACTION msf payloadchmod show options ...show and set...
HTTPS Fetch, Linux Command Shell, Bind TCP Inline
Fetch and execute an MIPSLE payload from an HTTPS server. Listen for a connection and spawn a command shell Module Options msf use payload/cmd/linux/https/ppc/shellbindtcp msf payloadshellbindtcp show actions ...actions... msf payloadshellbindtcp set ACTION msf payloadshellbindtcp show options...
EUVD-2018-1865
Malware in sbrugna...
HTTP Fetch, Linux Command Shell, Find Port Inline
Fetch and execute an PPC64 payload from an HTTP server. Spawn a shell on an established connection Module Options msf use payload/cmd/linux/http/ppc64/shellfindport msf payloadshellfindport show actions ...actions... msf payloadshellfindport set ACTION msf payloadshellfindport show options ...sho...
HTTP Fetch, Linux Command Shell, Reverse TCP Stager
Fetch and execute an MIPSLE payload from an HTTP server. Spawn a command shell staged. Connect back to the attacker Module Options msf use payload/cmd/linux/http/mipsle/shell/reversetcp msf payloadreversetcp show actions ...actions... msf payloadreversetcp set ACTION msf payloadreversetcp show...
HTTP Fetch, Linux Execute Command
Fetch and execute an MIPSLE payload from an HTTP server. A very small shellcode for executing commands. This module is sometimes helpful for testing purposes as well as on targets with extremely limited buffer space. Module Options msf use payload/cmd/linux/http/mipsle/exec msf payloadexec show...
HTTP Fetch
Fetch and execute an AARCH64 payload from an HTTP server. Module Options msf use payload/cmd/linux/http/aarch64/meterpreterreversehttps msf payloadmeterpreterreversehttps show actions ...actions... msf payloadmeterpreterreversehttps set ACTION msf payloadmeterpreterreversehttps show options ...sh...
HTTP Fetch, Linux Command Shell, Reverse TCP Inline
Fetch and execute an PPC64 payload from an HTTP server. Connect back to attacker and spawn a command shell Module Options msf use payload/cmd/linux/http/ppc64/shellreversetcp msf payloadshellreversetcp show actions ...actions... msf payloadshellreversetcp set ACTION msf payloadshellreversetcp sho...
HTTP Fetch
Fetch and execute an ARMLE payload from an HTTP server. Module Options msf use payload/cmd/linux/http/armle/meterpreterreversetcp msf payloadmeterpreterreversetcp show actions ...actions... msf payloadmeterpreterreversetcp set ACTION msf payloadmeterpreterreversetcp show options ...show and set...
HTTP Fetch
Fetch and execute an MIPSBE payload from an HTTP server. Module Options msf use payload/cmd/linux/http/mipsbe/meterpreterreversetcp msf payloadmeterpreterreversetcp show actions ...actions... msf payloadmeterpreterreversetcp set ACTION msf payloadmeterpreterreversetcp show options ...show and set...
HTTP Fetch
Fetch and execute an AARCH64 payload from an HTTP server. Module Options msf use payload/cmd/linux/http/aarch64/meterpreterreversetcp msf payloadmeterpreterreversetcp show actions ...actions... msf payloadmeterpreterreversetcp set ACTION msf payloadmeterpreterreversetcp show options ...show and s...
HTTP Fetch
Fetch and execute an MIPSLE payload from an HTTP server. Module Options msf use payload/cmd/linux/http/mipsle/meterpreterreversehttps msf payloadmeterpreterreversehttps show actions ...actions... msf payloadmeterpreterreversehttps set ACTION msf payloadmeterpreterreversehttps show options ...show...
HTTP Fetch, Linux Command Shell, Reverse TCP Inline
Fetch and execute an ARMLE payload from an HTTP server. Connect to target and spawn a command shell Module Options msf use payload/cmd/linux/http/armle/shellbindtcp msf payloadshellbindtcp show actions ...actions... msf payloadshellbindtcp set ACTION msf payloadshellbindtcp show options ...show a...
HTTP Fetch
Fetch and execute an ARMLE payload from an HTTP server. Module Options msf use payload/cmd/linux/http/armle/meterpreterreversehttps msf payloadmeterpreterreversehttps show actions ...actions... msf payloadmeterpreterreversehttps set ACTION msf payloadmeterpreterreversehttps show options ...show a...