PHP Webshell Upload Over HTTP

An attacker might upload a webshell backdoor to a PHP server. A successful exploitation might allow the attacker to run arbitrary code, or use the server as a bot for further attacks...

HTTP Bridge - Send TCP Stream Packets Over Simple HTTP Request

I've wrote this program as a proof of concept to test the idea of be able to send tcp stream packets over simple http request like PUT, PATCH, POST, GET, without use a proxy way like CONNECT method. Also as a practice exercise to train my novice skill on rust language. Description These tool is...

Seeker v1.2.1 - Accurately Locate Smartphones Using Social Engineering

Concept behind Seeker is simple, just like we host phishing pages to get credentials why not host a fake page that requests your location like many popular location based websites. Read more on thewhiteh4t's Blog .Seeker Hosts a fake website on In Built PHP Server and uses Serveo to generate a li...

CVE-2019-15766

The KSLABS KSWEB aka ru.kslabs.ksweb application 3.93 for Android allows authenticated remote code execution via a POST request to the AJAX handler with the configFile parameter set to the arbitrary file to be written to and the configtext parameter set to the content of the file to be created...

Dolibarr ERP-CRM 8.0.4 SQL Injection

Title: Dolibarr ERP-CRM 8.0.4 - 'rowid' SQL Injection Date: 08.01.2019 Exploit Author: Mehmet Ander Key Vendor Homepage: https://www.dolibarr.org/ Software Link: https://sourceforge.net/projects/dolibarr/files/Dolibarr%20ERP-CRM/8.0.4/dolibarr-8.0.4.zip Version: v8.0.4 Category: Webapps Tested on...

Dolibarr ERP-CRM 8.0.4 - rowid SQL Injection Vulnerability

Exploit for php platform in category web applications Title: Dolibarr ERP-CRM 8.0.4 - 'rowid' SQL Injection Exploit Author: Mehmet Önder Key Vendor Homepage: https://www.dolibarr.org/ Software Link: https://sourceforge.net/projects/dolibarr/files/Dolibarr%20ERP-CRM/8.0.4/dolibarr-8.0.4.zip Versio...

CVE-2018-18921

PHP Server Monitor before 3.3.2 has CSRF, as demonstrated by a Delete action...

CVE-2018-18921

PHP Server Monitor before 3.3.2 has CSRF, as demonstrated by a Delete action...

Cross site request forgery (csrf)

PHP Server Monitor before 3.3.2 has CSRF, as demonstrated by a Delete action...

CVE-2018-18921

PHP Server Monitor before 3.3.2 has CSRF, as demonstrated by a Delete action...

PHP Server Monitor 3.3.1 Cross Site Request Forgery

Exploit Title: PHP Server Monitor 3.3.1 - Cross-Site Request Forgery Exploit Author: Javier Olmedo Website: https://www.sidertia.com Date: 2018-11-28 Google Dork: N/A Vendor: https://www.phpservermonitor.org/ Software Link: https://github.com/phpservermon/phpservermon/releases/tag/v3.3.1 Affected...

PHP Server Monitor 3.3.1 - Cross-Site Request Forgery

PHP Server Monitor 3.3.1 - Cross-Site Request Forgery Exploit Title: PHP Server Monitor 3.3.1 - Cross-Site Request Forgery Exploit Author: Javier Olmedo Website: https://www.sidertia.com Date: 2018-11-28 Google Dork: N/A Vendor: https://www.phpservermonitor.org/ Software Link:...

GHSA-8P83-68CW-943F Apache Ignite communicates to an external PHP server where sensitive information is sent

Apache Ignite 1.0.0-RC3 to 2.0 uses an update notifier component to update the users about new project releases that include additional functionality, bug fixes and performance improvements. To do that the component communicates to an external PHP server http://ignite.run where it needs to send...

Apache Ignite communicates to an external PHP server where sensitive information is sent

Apache Ignite 1.0.0-RC3 to 2.0 uses an update notifier component to update the users about new project releases that include additional functionality, bug fixes and performance improvements. To do that the component communicates to an external PHP server http://ignite.run where it needs to send...

Information disclosure

Apache Ignite 1.0.0-RC3 to 2.0 uses an update notifier component to update the users about new project releases that include additional functionality, bug fixes and performance improvements. To do that the component communicates to an external PHP server http://ignite.run where it needs to send...

CVE-2017-7686

Apache Ignite 1.0.0-RC3 to 2.0 uses an update notifier component to update the users about new project releases that include additional functionality, bug fixes and performance improvements. To do that the component communicates to an external PHP server http://ignite.run where it needs to send...

CVE-2017-7686

Apache Ignite 1.0.0-RC3 to 2.0 uses an update notifier component to update the users about new project releases that include additional functionality, bug fixes and performance improvements. To do that the component communicates to an external PHP server http://ignite.run where it needs to send...

Information Disclosure

Apache Ignite is vulnerable to information disclosure. The library contains an update notifier component to notify users about new project releases. This component sends sensitive information to an external PHP server http://ignite.run that a malicious user can observe to obtain sensitive data...

Server for PHP - BSD license, Certificates or keys found, Exported components vulnerabilities

HackApp vulnerability scanner discovered that application Server for PHP published at the 'play' market has multiple vulnerabilities...

Brave Software: Access to local file system using javascript

Hey, The browser can access the local files using iframes with a local html file. this is very normal and often used for local web development but javascript shouldn't be able to get the content of that iframe because this can be used to post the contents to the attackers server. something else I...