CS-Cart-POC

CS-Cart RCE & LFI Exploit Developed by: Strikoder Tes...

Rezgo Online Booking < 4.1.8 - Reflected Cross-Site-Scripting

The plugin does not sanitise and escape some parameters before outputting them back in a page, leading to a Reflected Cross-Site Scripting, which can be exploited either via a LFI in an AJAX action, or direct call to the affected file Direct call:...

Amministrazione Aperta < 3.8 - Admin+ LFI

The plugin does not validate the open parameter before using it in an include statement, leading to a Local File Inclusion issue. The original advisory mentions that unauthenticated users can exploit this, however the affected file generates a fatal error when accessed directly and the affected...

Cost Calculator <= 1.4 - Contributor+ Local File Inclusion

The plugin allows users with a role as low as Contributor to perform path traversal and local PHP file inclusion on Windows Web Servers via the Cost Calculator post's Layout As a contributor, create a Cost Calculator post, set the Layout to /../../../../../../../../../../file assuming the file to...

vBulletin LFI

Local file include vulnerability in vBulletin routestring parameter Vulnerability Type: Local File Include For the exploit source code contact DSquare Security sales team...

Elasticsearch < 1.6.1 LFI

LFI on snapshot Vulnerability Type: Local File Include For the exploit source code contact DSquare Security sales team...

Tiki Wiki CMS 15.0 LFI

Local file include vulnerability in Tiki Wiki CMS flvstream Vulnerability Type: Local File Include For the exploit source code contact DSquare Security sales team...

Joomla Component com_hikashop LFI

Local file include vulnerability in Joomla Component comhikashop Vulnerability Type: Local File Include For the exploit source code contact DSquare Security sales team...

ManageEngine ServiceDesk Plus 9.1 LFI

Local file include vulnerability in ManageEngine ServiceDesk Plus Vulnerability Type: Local File Include For the exploit source code contact DSquare Security sales team...

Joomla Component com_bca-rss-syndicator LFI Vulnerability

No description provided by source...

AneCMS v.2e2c583 LFI exploit

No description provided by source. Exploit Title: AneCMS v.2e2c583 LFI exploit Date: 03.04.2012 Author: I2sec-PJH Software Link: https://github.com/AneGroup/AneCMS Version: v.2e2c583 ----------------------------------------------------- -Description vulnerabilities have been discovered in the ind...

PHPDirector Game Edition 0.1 - Multiple Vulnerabilities (LFI/SQLi/Xss)

No description provided by source. Exploit Title: PHPDirector Game Edition Multiple Vulnerabilities LFI/SQLi/Xss Date: 2010-01-05 Author: Zer0 Thunder Site : http://www.play-online.bzh.be/forum/ Version: v0.1 Tested on: Windows XP sp2 WampServer 2.0i / LinuxBox Ubuntu Server 9.10 CVE : Code : Loc...

NIBE heat pump LFI exploit

No description provided by source. !/usr/bin/python import socket,sys,os,base64 NIBE heat pump LFI exploit Written by Jelmer de Hen Published at http://h.ackack.net/?p=302 Special thanks to Fredrik Nordberg Almroth and Mathias Karlsson for obtaining this information http://h.ackack.net/?p=274 whi...

w3blabor CMS 3.0.5 - Arbitrary File Upload & LFI Exploit

No description provided by source. !/usr/bin/perl use LWP::UserAgent; use HTTP::Request::Common qwPOST; use Getopt::Long; '/ -.- ------------------oOO------OOo----------------- | | | / / / / | | / / / / / / / / / / / | | // // / / / // / // / // | | ///,// /./,/, // | | Security Research...

TomatoCart 1.1.8 LFI

Local file include vulnerability in TomatoCart rpc.php Vulnerability Type: Local File Include For the exploit source code contact DSquare Security sales team...

Elastix 2.2.0 LFI Exploit

Exploit for php platform in category web applications !/usr/bin/perl -w ------------------------------------------------------------------------------------ Elastix is an Open Source Sofware to establish Unified Communications. About this concept, Elastix goal is to incorporate all the...

Elastix 2.2.0 Local File Inclusion

!/usr/bin/perl -w ------------------------------------------------------------------------------------ Elastix is an Open Source Sofware to establish Unified Communications. About this concept, Elastix goal is to incorporate all the communication alternatives, available at an enterprise level, in...

LFI local include exploit tips-vulnerability warning-the black bar safety net

0×0 0 digression Hey Hey, hope that you get to explore technology. 0×0 1 PHP Input/Ouput Wrapper remote include function command execution Details: the PHP includefunction there is a design flaw, a remote attacker can exploit this vulnerability may be in the WEB permissions to execute arbitrary...

Zen Cart 1.3.9f LFI

Local file include vulnerability in Zen Cart typefilter parameter Vulnerability Type: Local File Include For the exploit source code contact DSquare Security sales team...

MODx Revolution 2.0.2-pl LFI

Local file include vulnerability in MODx classkey parameter Vulnerability Type: Local File Include For the exploit source code contact DSquare Security sales team...