WordPress Duplicator File Read

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'WordPress Duplicator File Read Vulnerability', 'Description' = %q This module exploits an unauthenticated directory traversal vulnerability in...

Laravel 8.4.2 debug mode - Remote code execution

Exploit Title: Laravel 8.4.2 debug mode - Remote code execution Date: 1.14.2021 Exploit Author: SunCSR Team Vendor Homepage: https://laravel.com/ References: https://www.ambionics.io/blog/laravel-debug-rce https://viblo.asia/p/6J3ZgN8PKmB Version: = 8.4.2 Tested on: Ubuntu 18.04 + nginx + php 7.4...

Apache Flink 1.11.0 Arbitrary File Read / Directory Traversal

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Apache Flink File Read Vulnerability', 'Description' = %q This module exploits an unauthenticated directory traversal vulnerability in Apache Fli...

Wordpress Plugin wpDiscuz 7.0.4 - Unauthenticated Arbitrary File Upload (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'WordPress wpDiscuz Unauthen File Upload Vulnerability', 'Description' = %q This module exploits an arbitrary file upload in the WordPress wpDiscu...

Apache Flink 1.11.0 - Unauthenticated Arbitrary File Read (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Apache Flink File Read Vulnerability', 'Description' = %q This module exploits an unauthenticated directory traversal vulnerability in Apache Fli...

WordPress W3 Total Cache 0.9.3 File Read / Directory Traversal

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'WordPress W3 Total Cache File Read Vulnerability', 'Description' = %q This module exploits an unauthenticated directory traversal vulnerability i...

WordPress Envira Photo Gallery plugin <= 1.8.3.2 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability found by Minh Tuan SunCSR in WordPress Envira Photo Gallery plugin versions = 1.8.3.2. Solution Update the WordPress Envira Photo Gallery plugin to the latest available version at least 1.8.3.3...

WordPress Themify Portfolio Post plugin <= 1.1.5 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability found by Nguyen Anh Tien SunCSR in WordPress Themify Portfolio Post plugin versions = 1.1.5. Solution Update the WordPress Themify Portfolio Post plugin to the latest available version at least 1.1.6...

WonderCMS 3.1.3 - &#039;uploadFile&#039; Stored Cross-Site Scripting

Exploit Title: WonderCMS 3.1.3 - 'uploadFile' Stored Cross-Site Scripting Google Dork: "WonderCMS" Date: 2020-11-27 Exploit Author: SunCSR Sun Cyber Security Research Vendor Homepage: https://www.wondercms.com/ Software Link:...

WordPress WP Google Map Plugin <= 4.1.3 - Authenticated SQL Injection (SQLi) vulnerability

Authenticated SQL Injection SQLi vulnerability found by Nguyen Anh Tien SunCSR in WordPress WP Google Map Plugin version = 4.1.3. Solution 2020-11-25 - we were unable to find a patched version of this plugin use at your own risk, we recommend to deactivate and delete the plugin until the patched...

Apache OpenMeetings 5.0.0 - &#039;hostname&#039; Denial of Service

Exploit Title: Apache OpenMeetings 5.0.0 - 'hostname' Denial of Service Google Dork: "Apache OpenMeetings DOS" Date: 2020-08-28 Exploit Author: SunCSR ThienNV - Sun Cyber Security Research Vendor Homepage: https://openmeetings.apache.org/ Software Link: https://openmeetings.apache.org/ Version:...

Apache OpenMeetings 5.0.0 Denial Of Service

Exploit Title: Apache OpenMeetings 5.0.0 - 'hostname' Denial of Service Google Dork: "Apache OpenMeetings DOS" Date: 2020-08-28 Exploit Author: SunCSR ThienNV - Sun Cyber Security Research Vendor Homepage: https://openmeetings.apache.org/ Software Link: https://openmeetings.apache.org/ Version:...

WordPress 10Web Social Post Feed plugin <= 1.1.26 - Authenticated SQL Injection (SQLi) vulnerability

Authenticated SQL Injection SQLi vulnerability found by Vu Tien Hoa SunCSR in WordPress 10Web Social Post Feed plugin versions = 1.1.26. Solution Update the WordPress 10Web Social Post Feed plugin to the latest available version at least 1.1.27...

WordPress Constant Contact Forms plugin <= 1.8.7 - Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities

Multiple Authenticated Stored Cross-Site Scripting XSS vulnerabilities found by Nguyen Anh Tien SunCSR in WordPress Constant Contact Forms plugin versions = 1.8.7. Solution Update the WordPress Constant Contact Forms plugin to the latest available version at least 1.8.8...

WordPress ActiveCampaign plugin <= 8.0.1 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability found by Nguyen Anh Tien SunCSR in WordPress ActiveCampaign plugin versions = 8.0.1. Solution Update the WordPress ActiveCampaign plugin to the latest available version at least 8.0.2...

WordPress Autoptimize plugin <= 2.7.6 - Authenticated Arbitrary File Upload vulnerability

Authenticated Arbitrary File Upload vulnerability found by Nguyen Van Khanh SunCSR in WordPress Autoptimize plugin versions = 2.7.6. Solution Update the WordPress Autoptimize plugin to the latest available version at least = 2.7.7...

PHP-Fusion 9.03.50 SQL Injection

Exploit Title: php-fusion 9.03.50 - 'ctype' SQL Injection Exploit Author: SunCSR Sun Cyber Security Research - ThienNV Date: 2020-05-19 Vendor Homepage: https://www.php-fusion.co.uk/ Software Link: https://www.php-fusion.co.uk/phpfusion9downloads.php Version: 9.03.50 Tested On: Windows 10 + XAMPP...

Outline Service 1.3.3 - (Outline Service) Unquoted Service Path Vulnerability

Exploit Title: Outline Service 1.3.3 - 'Outline Service ' Unquoted Service Path Discovery by: Minh Tuan - SunCSR Vendor Homepage: https://getoutline.org/vi/home Software Link : https://raw.githubusercontent.com/Jigsaw-Code/outline-releases/master/client/stable/Outline-Client.exe Tested Version:...