LWP::UserAgent 安全漏洞

LWP::UserAgent is a web user agent class open source from libwww-perl, used for sending HTTP requests. Versions of LWP::UserAgent prior to version 6.83 have security vulnerabilities. These vulnerabilities stem from improper handling of the Authorization and Proxy-Authorization headers during...

SecuSTATION SC-831 HD Camera Remote Configuration Disclosure

!/usr/bin/perl SecuSTATION SC-831 HD Camera Remote Configuration Disclosure Copyright 2020 c Todor Donev https://donev.eu/ Disclaimer: This or previous programs are for Educational purpose ONLY. Do not use it without permission. The usual disclaimer applies, especially the fact that Todor Donev i...

xmlrpc.php Library <= 1.3.0 - Remote Command Execute Exploit (3)

No description provided by source. !/usr/bin/perl -w XML-RPC Remote Command Execution Exploit By Mike Rifone This works on da phpxmlrpc, and da PEAR XMLRPC too! All you need is to put the url to the server and u get shell Dis is my first exploit but hey it works :D Mike@Rifone use LWP::UserAgent;...

LE.CMS <= 1.4 - Remote Arbitrary File Upload Exploit

No description provided by source. !/usr/bin/perl use strict; use warnings; use LWP::UserAgent; use HTTP::Request::Common; print INTRO; - - - - - - - - - - - - - - - - - - - - - - - - - - - - - LE.CMS = 1.4 Remote Arbitrary File Upload Exploit - - - - - - Discovered && Coded By: t0pP8uZz - -...

Typo3 3.5 b5 HTML Hidden Form Field Information Disclosure Weakness (1)

No description provided by source. source: http://www.securityfocus.com/bid/6993/info Clients of TYPO3 systems may access potentially sensitive data that have been obfuscated through hidden form fields. This may aid in exploiting other known issues in the software. !/usr/bin/perl use...

Oxygen2PHP <= 1.1.3 (member.php) Blind SQL Injection Exploit

Exploit for php platform in category web applications ============================================================ Oxygen2PHP 'Mozilla/5.0', maxredirect = 0, cookiejar = $Cookies, or die $!; my $Get = $UserAgent-get$HostName.SQLInjection$UserName; if$Get-content = /0-91,5 : a-zA-Z0-9-.2,15 :...

phpFanfiction SQL Injection Exploit

!/usr/bin/perl phpFanfiction Remote SQL injection Greetz www.MainHack.com - www.ServerIsDown.org - www.sux0r.net VOP Crew Vaksin13 OoNBoy Paman R3VANBASTARD Kecemplungkalen eminem Shiro zxvf Pizzyroot iwannine Jupe Crew makasih buat ngenet gratisnya wkwkwk use HTTP::Request; use LWP::UserAgent;...

Fhimage 1.2.1 - Remote Command Execution (mq = off)

!/usr/bin/perl ----------------------------------------------------------------------------------------------- INFORMATIONS ----------------------------------------------------------------------------------------------- Fhimage 1.2.1 http://www.flash-here.com/downloads/download.php?id=9 Remote...

7Shop 1.1 - Arbitrary File Upload

7Shop 1.1 - Arbitrary File Upload !/usr/bin/perl use warnings; use strict; use LWP::UserAgent; use HTTP::Request::Common; my $fname = rand1000 . ".php"; int.. yes i know PU! print Spoofing + + Discovered && Coded By: t0pP8uZz + + + + Contact IRC: irc.rizon.net sectalk + + Vendor not notified! Lat...

Telephone Directory 2008 Arbitrary Delete Contact Exploit

Exploit for unknown platform in category web applications ========================================================= Telephone Directory 2008 Arbitrary Delete Contact Exploit ========================================================= !/usr/bin/perl -w Telephone Directory 2008 see down Greetz :...

Alt-N MDaemon 9.6.5 - Multiple Remote Buffer Overflows (PoC)

MDaemon == v9.6.5 Multiple Remote Buffer Overflow Vendor Site: http://altn.com Risk : Highly Critical hehe funny bugs here .. the worldclient use the port 3000 for a webmail like it use also an admin webmail located at port 1000 by default both are opened this file unfortunatly contain multiple...

PHP Booking Calendar 10 d Remote SQL Injection Exploit

Exploit for unknown platform in category web applications ====================================================== PHP Booking Calendar 10 d Remote SQL Injection Exploit ====================================================== Portal :PHP Booking Calendar 10 d sql/upload Exploit Modified 2008 exploit...

Archangel Weblog 0.90.02 - &#039;post_id&#039; SQL Injection

!/usr/bin/perl -w Portal : Archangel Weblog 0.90.02 Download : http://www.archangelmgt.com/ArchangelWeblogv09002.zip exploit aported password crypted mgharba :d:d:d:d Founded & Exploited by : Stack-Terrorist v40 Contact: Ev!L = see down Greetz : Houssamix & Djekmani & Jadi & iuoisn & Str0ke & All...

Simple CMS &lt;= 1.0.3 &#40;indexen.php area&#41; Remote SQL Injection Exploit

!/usr/bin/perl Simple CMS = 1.0.3 ?area= Remote SQL Injection Exploit Code by JosS | Jose Luis Gуngora Fernбndez Contact: sys-projectathotmail.com Spanish Hackers Team / Sys - Project http://www.spanish-hackers.com special thanks to ka0x print "ttnn"; print "tt Simple CMS = 1.0.3 Remote SQL...

journalness-exec.txt

!/usr/bin/perl Vendor url: journalness.sourceforge.net note: exploit requires Registerglobals = On in php.ini Iron http://www.randombase.com require LWP::UserAgent; print " Journalness ; if$target ! /^http:/// $target = "http://".$target; if$target ! //$/ $target .= "/"; print "PHP code to...

Journalness <= 4.1 (last_module) Remote Code Execution exploit

Exploit for unknown platform in category web applications ============================================================== Journalness ; if$target ! /^http:/// $target = "http://".$target; if$target ! //$/ $target .= "/"; print "PHP code to evaluate? "; chomp$code=; $code = s/|new; $ua-timeout10;...

WordPress 1.5.1.2 - xmlrpc Interface SQL Injection

WordPress 1.5.1.2 - xmlrpc Interface SQL Injection !/usr/bin/perl -w sorry for the late posting, had to test it. /str0ke Wordpress 1.5.1.2 Strayhorn // XMLRPC Interface SQL Injection By James Bercegay // http://www.gulftech.org/ // June 21 2005 Quick and dirty proof of concept that uses the XML R...