Wp2Fac 1.0 Code Injection

Wp2Fac version 1.0 proof of concept code injection exploit that takes advantage of a flaw originally discovered by Ahmet Ümit Bayram in 2023. ============================================================================================================================================= | Title :...

PHP CPMS 2.0 Shell Upload Exploit

PHP CPMS version 2.0 suffers from a remote shell upload vulnerability...

PT-2024-2991

The software that is vulnerable is the GNU C Library glibc versions 2.39 and older, specifically the iconv function when converting strings to the ISO-2022-CN-EXT character set. This vulnerability can be exploited through PHP-based web applications. The vulnerability is a buffer overflow in the...

php <5.3.6 phar扩展phar_object.c拒绝服务和信息泄露漏洞

No description provided by source...

DB[CMS] - &#039;article.php&#039; SQL Injection

DBCMS article.php SQL Injection Vulnerability ------------------------------------------------------------------------------------------- Author: blackraptor Mail: [email protected] Script Home: http://www.debliteck.com/how.php Dork: "Designed and Developed by Debliteck Ltd"...

PHP 4.4.5/4.4.6 - &#039;session_decode()&#039; Double-Free (PoC)

?php //////////////////////////////////////////////////////////////////////// // // // | || | | | | | | | || || \ // // | |/ || '|/ |/ -| ' \ / -/ |||| /| || / // // ||||,||| ,|||||||,| || |||||| // // // // Proof of concept code from the Hardened-PHP Project // // C Copyright 2007 Stefan...

PHP &lt; 4.4.5 / 5.2.1 _SESSION unset() Local Exploit

No description provided by source. ?php //////////////////////////////////////////////////////////////////////// // // // | || | | | | | | | || || \ // // | |/ || '|/ |/ -| ' \ / -/ |||| /| || / // // ||||,||| ,|||||||,| || |||||| // // // // Proof of concept code from the Hardened-PHP...

Moskool Component Admin.Moskool.PHP远程文件包含漏洞

MamboXChange Moskool是一款基于Mambo的应用模块程序。 MamboXChange Moskool不正确过滤用户提交的URI数据，远程攻击者可以利用漏洞以WEB进程权限执行任意命令。 问题是'admin.moskool.php'脚本对用户提交的"mosConfigabsolutepath"参数缺少过滤，提交恶意的远程服务器作为包含对象，可导致以WEB进程权限执行任意PHP代码 MamboXChange Moskool 1.5 http://mamboxchange.com/projects/moskool/...

PHP 4.3.9 + phpBB 2.x - Unserialize() Remote Information Leak

PHP 4.3.9 + phpBB 2.x - Unserialize Remote Information Leak // Compiled version: https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/697.rar phpbbmemorydump.rar // Source serv.cpp is at the bottom of the page - str0ke // Notes from author: // compile with borland c+...

Дырка во многих реализациях PHP

Из-за того, что сервер не сбрасывает некоторые переменные, которые могут задаваться пользователем, пользователь может указать временный файл, используемый при загрузке, что позволяет скомпрометировать системные файлы...