40 matches found
Ruby: Header CRLF Injection in Ruby Net::HTTP
Vulnerability description not provided...
Selenium 3.141.59 - Remote Code Execution (Firefox/geckodriver)
Exploit Title: Selenium 3.141.59 - Remote Code Execution Firefox/geckodriver Date: 2021-05-27 Exploit Author: Jon Stratton Vendor Homepage: https://www.selenium.dev/ Software Link: https://selenium-release.storage.googleapis.com/3.141/selenium-server-standalone-3.141.59.jar Version: 3.141.59 Test...
Ruby On Rails 5.0.1 Remote Code Execution
Exploit Title: Rails 5.0.1 - Remote Code Execution Date: 2020-07-19 Exploit Author: Lucas Amorim Vendor Homepage: www.rubyonrails.org Software Link: www.rubyonrails.org Version: Rails " end if ARGV.length 3 header exit-1 end url = ARGV0 ip = ARGV1 port = ARGV2 puts " Sending payload to url" uri =...
Hootoo HT-05 - Remote Code Execution (Metasploit)
require 'msf/core' require 'net/http' require "uri" class MetasploitModule 'Hotoo HT-05 remote shell exploit', 'Description' = %q This module tries to open a door in the device by exploiting the RemoteCodeExecution by creating a backdoor inside the device This exploit was written by Andrei Manole...
Homematic CCU2 2.29.23 Remote Command Execution
!/usr/bin/ruby Exploit Title: Homematic CCU2 Remote Command Execution Date: 28-03-18 Exploit Author: Patrick Muench, Gregor Kopf Vendor Homepage: http://www.eq-3.de Software Link: http://www.eq-3.de/service/downloads.html?id=268 Version: 2.29.23 CVE : 2018-7297 Description:...
PageKit 1.0.10 - Password Reset
Exploit Title: Remote PageKit Password Reset Vulnerability Date:21-01-2017 Software Link: http://pagekit.com/ Exploit Author: Saurabh Banawar from SecureLayer7 Contact: http://twitter.com/securelayer7 Website: https://securelayer7.net Category: webapps 1. Description Anyremote user can reset...
Ruby: Ruby:HTTP Header injection in 'net/http'
Hi, I would like to report a HTTP Header injection vulnerability in 'net/http' that allows attackers to inject arbitrary headers in request even create a new evil request. PoC require 'net/http' http = Net::HTTP.new'192.168.30.214','80' res = http.get"/r.php HTTP/1.1\r\nx-injection: memeda" F1009...
Airia - Arbitrary File Upload
Airia - Arbitrary File Upload Exploit Title: Airia - Webshell Upload Vulnerability Date: 2016-06-20 Exploit Author: HaHwul Exploit Author Blog: www.hahwul.com Vendor Homepage: http://ytyng.com Software Link: https://github.com/ytyng/airia/archive/master.zip Version: Latest commit Tested on: Debia...
mygamingladder MGL Combo System <= 7.5 - SQL Injection
No description provided by source. ----------------------------Information------------------------------------------------ +Name : mygamingladder MGL Combo System = 7.5 SQL injection Vulnerability & SQL injection Exploit +Autor : Easy Laster +Date : 10.04.2010 +Script : mygamingladder MGL Combo...
Alibaba Clone Diamond Version - SQL Injection Vulnerability Exploit
No description provided by source. ----------------------------Information------------------------------------------------ +Name : Alibaba Clone Diamond Version SQL Injection Vulnerability Exploit +Autor : Easy Laster +ICQ : 11-051-551 +Date : 09.05.2010 +Script : Alibaba Clone Diamond Version...
Apache Commons FileUpload and Apache Tomcat Denial of Service
Exploit for multiple platform in category dos / poc CVE-2014-0050 Apache Commons FileUpload and Apache Tomcat Denial-of-Service Author: Oren Hafif, Trustwave SpiderLabs Research This is a Proof of Concept code that was created for the sole purpose of assisting system administrators in evaluating...
Apache Commons FileUpload and Apache Tomcat - Denial of Service
Apache Commons FileUpload and Apache Tomcat - Denial of Service CVE-2014-0050 Apache Commons FileUpload and Apache Tomcat Denial-of-Service Author: Oren Hafif, Trustwave SpiderLabs Research This is a Proof of Concept code that was created for the sole purpose of assisting system administrators in...
Woltlab Burning Board Regenbogenwiese 2007 Addon - SQL Injection
Exploit Title: Woltlab Burning Board Regenbogenwiese 2007 Addon SQL Injection Exploit Google Dork: inurl:regenbogenwiese.php wbb and more Date: 04.09.2013 Exploit Author: Easy Laster Software Name: Regenbogenwiese v1.5 © 2007 by DieKrabbe Version: 1.5 Tested on: Windows 8/Backtrack !/usr/bin/ruby...
WordPress IndiaNIC FAQs Manager Plugin 1.0 - Blind SQL Injection
The "order" and "orderby" parameter is vulnerable for SQL Injection Example URL: http://127.0.0.1:9001/wordpress/wp-admin/admin.php?page=3Din= icfaq&orderby=3D PoC take some time to finish 15min on my Testsystem. I could speed it up with Multithreading but I'm to lazy right now Vulnerable code pa...
ClanSphere 2011.3 - cs_lang Cookie Local File Inclusion
ClanSphere 2011.3 - cslang Cookie Local File Inclusion Exploit Title: ClanSphere 2011.3 cslang cookie parameter Local File Include Vulnerability Google Dork: "Copyright 2012 Seitentitel. All rights reserved." || inurl:index.php?mod=clansphere Date: 10/22/2012 Author: Marco Tulio blkhtc0rp Vendor...
Drupal CAPTCHA Logic Security Flaw
Drupal Captcha bruteforcing bypass This is a Proof Of Concept to demonstrate a logic security flow in the way drupal captcha is used to protect login forms from bruteforce. If the captcha challenge is solved, the next login attempts can be issued without solving any new captcha challenge. Usage:...
Woltlab Burning Board Userlocator 2.5 - SQL Injection
Woltlab Burning Board Userlocator 2.5 - SQL Injection ----------------------------Information------------------------------------------------ +Name : Woltlab Burning Board Userlocator V2.5 Hack = SQL injection Exploit +Autor : Easy Laster +Date : 08.11.2010 +Script : Woltlab Burning Board...
PHPKit 1.6.1 R2 SQL Injection
----------------------------Information------------------------------------------------ +Name : PHPKit = 1.6.1 R2 overview.php SQL injection Vulnerability Exploit +Autor : Easy Laster +Date : 22.10.2010 +Script : PHPKit 1.6.1 R2 +Price : free +Language : PHP +Discovered by Easy Laster +Security...
PMSoftware Simple Web Server 2.1 - From: Header Processing Remote Denial of Service
PMSoftware Simple Web Server 2.1 - From: Header Processing Remote Denial of Service source: https://www.securityfocus.com/bid/42155/info PMSoftware Simple Web Server is prone to a denial-of-service vulnerability. Remote attackers can exploit this issue to cause the application to stop responding,...
2daybiz Freelance Script SQL Injection
Demo for the Exploit-DB Admin : http://www.2daybiz.com/products/freelancer/ ----------------------------Information------------------------------------------------ +Name : 2daybiz Freelance Script = SQL Injection Vulnerability Exploit +Autor : Easy Laster +ICQ : 11-051-551 +Date : 27.06.2010...