Notes Manager 1.0 Shell Upload

Exploit Title: Notes Manager 1.0 - Arbitrary File Upload Dork: N/A Date: 2018-10-30 Exploit Author: Ihsan Sencan Vendor Homepage: https://www.webprojectbuilder.com/item/notes-management Software Link: https://astuteinternet.dl.sourceforge.net/project/notes-manager/notesmanagement.zip Version: 1.0...

Notes Manager 1.0 - Arbitrary File Upload

Notes Manager 1.0 - Arbitrary File Upload Exploit Title: Notes Manager 1.0 - Arbitrary File Upload Dork: N/A Date: 2018-10-30 Exploit Author: Ihsan Sencan Vendor Homepage: https://www.webprojectbuilder.com/item/notes-management Software Link:...

SIM-PKH 2.4.1 Shell Upload

Exploit Title: SIM-PKH 2.4.1 - Arbitrary File Upload Dork: N/A Date: 2018-10-22 Exploit Author: Ihsan Sencan Vendor Homepage: https://simpkh.sourceforge.io/ Software Link: https://sourceforge.net/projects/simpkh/files/latest/download Version: 2.4.1 Category: Webapps Tested on: WiN7x64/KaLiLinuXx6...

SIM-PKH 2.4.1 - Arbitrary File Upload

SIM-PKH 2.4.1 - Arbitrary File Upload Exploit Title: SIM-PKH 2.4.1 - Arbitrary File Upload Dork: N/A Date: 2018-10-22 Exploit Author: Ihsan Sencan Vendor Homepage: https://simpkh.sourceforge.io/ Software Link: https://sourceforge.net/projects/simpkh/files/latest/download Version: 2.4.1 Category:...

phpinfo() Output Detection (HTTP)

HTTP based detection of files containing the output of the phpinfo PHP function. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

The Offensive Web Application Penetration Testing Framework: TIDoS

TIDoS Framework is a comprehensive web-app audit framework. TIDoS is made to be comprehensive and versatile. It is a highly flexible framework where you just have to select and use modules. But before that, you need to set your own API KEYS for various OSINT purposes. To do so, open up APIKEYS.py...

WAScan v0.2.1 - Web Application Scanner

WAScan Web Application Scanner is a Open Source web application security scanner. It is designed to find various vulnerabilities using "black-box" method, that means it won't study the source code of web applications but will work like a fuzzer, scanning the pages of the deployed web application,...

seacms 后台getshell

作为只是审计过几次CTF线下赛的代码审计小菜鸟，暑假决定正式开始练习一些CMS的代码审计，于是便挑了SeaCMS这样一款cms进行审计，由于缺乏经验于是选择首先审计后台方面的漏洞，说实话在SeaCMS的后台部分的防护确实较少，发现了许多后台的SQL注入。。。。。后来参考SeaCMS之前的一些漏洞，终于找到了这样一个后台插入if标签从而getshell的后台getshell漏洞点。 首先演示一下整个getshell的流程： 登录面板，进入添加电影的界面，在此界面添加电影，设置图片url为if:1$GLOBALS'G'.'ET'a;//end if;...

PHPinfo Information Disclosure

Many PHP installation tutorials instruct the user to create a PHP file that calls the PHP function 'phpinfo' for debugging purposes, and various PHP applications may also include such a file by default. By accessing it, a remote attacker can discover a large amount of information about the remote...

saofrancisco.alphaeditora.com.br Improper Access Control vulnerability

Open Bug Bounty ID: OBB-636697 Description| Value ---|--- Affected Website:| saofrancisco.alphaeditora.com.br Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| IAC Improper Access Control / CWE-284 CVSSv3 Score:...

Starbucks: PHPinfo page

GET /test.php HTTP/1.1 Host: 52.90.193.152 Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 Windows NT 6.1; WOW64 AppleWebKit/537.21 KHTML, like Gecko Chrome/41.0.2228.0 Safari/537.21 Accept: / Impact This file may expose sensitive information that may help an maliciou...

ProfileGrid – User Profiles, Groups and Communities <= 2.8.5 - Authenticated Code Execution

The plugin ProfileGrid – User Profiles, Groups and Communities versions prior to 2.8.6 is vulnerable to Arbitrary Code Execution. An authenticated user with a role as low as Subscriber can execute arbitrary PHP code on websites using the plugin. Send an authenticated POST request to...

Mail.ru: Открытая информация phpinfo() на сайте https://agent.mail.ru

phpinfo was available on agent.mail.ru. agent.mail.ru is not currently covered with bug bounty program...

lydian.astro.ulg.ac.be Improper Access Control vulnerability

Open Bug Bounty ID: OBB-593281 Description| Value ---|--- Affected Website:| lydian.astro.ulg.ac.be Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| IAC Improper Access Control / CWE-284 CVSSv3 Score:| 6.5...

CVE-2018-8966

An issue was discovered in zzcms 8.2. It allows PHP code injection via the siteurl parameter to install/index.php, as demonstrated by injecting a phpinfo call into /inc/config.php...

CVE-2017-11167

FineCMS 2.1.0 allows remote attackers to execute arbitrary PHP code by using a URL Manager "Add Site" action to enter this code after a ', sequence in a domain name, as demonstrated by the ',phpinfo input value...

Fedora 24 : phpMyAdmin (2017-294c23bb1d)

Welcome to phpMyAdmin 4.6.6, a release containing security and bug fixes. This release includes many security fixes of various levels of severity. We recommend all users upgrade to this release immediately. For full information on the vulnerabilities fixed and mitigation factors for users who are...

emlog personal blog system background there is privilege elevation vulnerability

Impact version emlog = 5.1.2 Prerequisites: need to log in the background Exploit Log in the background after a visit to admin/? action=phpinfo page, get website physical path In the database backup page to back up the database, export to a local computer, and then edit the exported . sql format ...

Zend Framework / zend-mail 2.4.11 - Remote Code Execution Exploit

Exploit for php platform in category web applications 09607 09607 09607 See the full advisory URL for the exploit details. / // Attacker's input coming from untrusted source such as $GET , $POST etc. // For example from a Contact form with sender field $emailfrom = '"attac...

Zend Framework / zend-mail &lt; 2.4.11 - Remote Code Execution

09607 09607 09607 See the full advisory URL for the exploit details. / // Attacker's input coming from untrusted source such as $GET , $POST etc. // For example from a Contact form with sender field $emailfrom = '"attacker" -oQ/tmp/ -X/var/www/cache/phpcode.php "@email.com'; // encoded phpinfo...