A New Approach to Discover, Monitor, and Reduce Your Modern Web Attack Surface

Web applications reign the internet universe, but also bring new risks that let attackers poke holes in an ever-expanding attack surface. Stolen credentials have been the historical culprit. Recent analysis saw a spike in exploits targeting web applications directly through specially-crafted...

Active eCommerce CMS 6.3.0 Arbitrary File Download

Exploit Title: Active eCommerce CMS Arbitrary File Download Exploit Author: th3d1gger Vendor Homepage: https://codecanyon.net Software Link: https://codecanyon.net/item/active-ecommerce-cms/23471405 Version: Version 6.3.0 Tested on Ubuntu 18.04 without authentication with for loop user can downlo...

Academy Learning Management System 5.7 Shell Upload Exploit

Exploit Title: Academy Learning Management System 5.7 Shell Upload Exploit Author: th3d1gger Vendor Homepage: https://codecanyon.net Software Link: https://codecanyon.net/item/academy-course-based-learning-management-system/22703468 Version: 5.7 Tested on Ubuntu 18.04 Totally wrong architecture f...

DOM-based Cross-Site Scripting (XSS) in OpenEMR 7.0.0 and below at White list files

Description We would like to report the vulnerability we found during software testing. The OpenEMR 7.0.0 latest version and below version; Open Source electronic health records and medical practice management application; has DOM-based Cross-Site Scripting XSS vulnerability in the...

Schlix CMS 2.2.6-6 Cross Site Scripting

Exploit Title: Schlix CMS 2.2.6-6 - 'title' Persistent Cross-Site Scripting Authenticated Date: 2021-05-05 Exploit Author: Emircan Baş Vendor Homepage: https://www.schlix.com/ Software Link: https://www.schlix.com/downloads/schlix-cms/schlix-cms-v2.2.6-6.zip Version: 2.2.6-6 Tested on: Windows &...

Schlix CMS 2.2.6-6 - 'title' Persistent Cross-Site Scripting (Authenticated)

Exploit Title: Schlix CMS 2.2.6-6 - 'title' Persistent Cross-Site Scripting Authenticated Date: 2021-05-05 Exploit Author: Emircan Baş Vendor Homepage: https://www.schlix.com/ Software Link: https://www.schlix.com/downloads/schlix-cms/schlix-cms-v2.2.6-6.zip Version: 2.2.6-6 Tested on: Windows &...

Schlix CMS 2.2.6-6 - (title) Persistent Cross-Site Scripting (Authenticated) Vulnerability

Exploit Title: Schlix CMS 2.2.6-6 - 'title' Persistent Cross-Site Scripting Authenticated Exploit Author: Emircan Baş Vendor Homepage: https://www.schlix.com/ Software Link: https://www.schlix.com/downloads/schlix-cms/schlix-cms-v2.2.6-6.zip Version: 2.2.6-6 Tested on: Windows & WampServer ==...

Online Reviewer Management System 1.0 SQL Injection Vulnerability

Exploit Title: Online Reviewer Management System Authentication ByPass Exploit Author: th3d1gger Vendor Homepage: https://sourcecodester.com Software Link: https://www.sourcecodester.com/sites/default/files/download/janobe/reviewer0.zip Version: 1.0 Tested on Windows 10 Vulnerable Source Code...

osCommerce 2.3.4.1 Cross Site Scripting

Exploit Title: osCommerce 2.3.4.1 - 'title' Persistent Cross-Site Scripting Date: 2020-11-19 Exploit Author: Emre Aslan Vendor Homepage: https://www.oscommerce.com/ Version: 2.3.4.1 Tested on: Windows & XAMPP == Tutorial https://HOST/catalog/admin/newsletters.php?action=new 3- Enter the XSS paylo...

House Rental 1.0 SQL Injection Exploit

Exploit for php platform in category web applications Exploit Title: House Rental v1.0 - PDO Bypass SQL Injection - Unauthenticated Code Execution - Change Admin Password Exploit Author: Bobby Cooke boku & Adeeb Shah @hyd3sec Vendor Homepage: https://projectworlds.in Software Link:...

Travel Management System 1.0 SQL Injection

Exploit Title: Travel Management System v1.0 - SQLi Authentication Bypass Exploit Author: Adeeb Shah @hyd3sec and Bobby Cooke boku Date: August 10, 2020 Vendor Homepage: https://www.projectsworld.in Software Link: https://projectworlds.in/wp-content/uploads/2019/06/travel.zip Version: 1.0 Tested...

Stock Management System 1.0 SQL Injection

Exploit Title: Stock Management System 1.0 - Authentication Bypass Exploit Author: Adeeb Shah @hyd3sec Date: August 1, 2020 Vendor Homepage: https://www.sourcecodester.com/ Software Link: https://www.sourcecodester.com/php/14366/stock-management-system-php.html Version: 1.0 Tested On: Windows 10...

Daily Tracker System 1.0 SQL Injection

Exploit Title: Daily Tracker System 1.0 - Authentication Bypass Exploit Author: Adeeb Shah @hyd3sec Credit to Bobby Cooke Date: July 29th, 2020 Vendor Homepage: https://www.sourcecodetester.com Software Link:...

Savsoft Quiz 5 - Persistent Cross-Site Scripting

Exploit Title: Savsoft Quiz 5 - Persistent Cross-Site Scripting Date: 2020-07-09 Exploit Author: Ogulcan Unverenth3d1gger Vendor Homepage: https://savsoftquiz.com/ Software Link: https://github.com/savsofts/savsoftquizv5.git Version: 5.0 Tested on: Kali Linux ---Vulnerable Source Code---- functio...

Bold CMS 3.6.4 Cross Site Scripting

Exploit Title: Bold CMS - 3.6.4 - Cross-Site Scripting Date: 2019-03-04 Exploit Author: Ismail Tasdelen Vendor Homepage: https://bolt.cm/ Software Link : https://github.com/bolt/bolt Software : Bold CMS - v 3.6.4 Version : v 3.6.4 Vulernability Type : Cross-site Scripting Vulenrability : Stored X...

WordPress Ultimate-Member 2.0.38 Cross Site Request Forgery / Shell Upload

Exploit Title : WordPress Ultimate-Member Plugins 2.0.38 CSRF Shell Upload Author Discovered By : KingSkrupellos Team : Cyberizm Digital Security Army Date : 05/02/2019 Vendor Homepage : ultimatemember.com Software Download Link : downloads.wordpress.org/plugin/ultimate-member.2.0.38.zip Software...

Photogallery Project 1.0 - SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: Photogallery Project 1.0 - Multiple Vulnerabilities Dork: N/A Date: 17.08.2017 Vendor Homepage : http://surajkumar.in/ Software Link: http://surajkumar.in/product/photogallery-project-in-php/ Demo: http://surajkumar.in/ Version:...

ZineBasic 1.1 - Arbitrary File Disclosure

Title: ZineBasic 1.1 Remote File Disclosure Exploit Author: bd0rk || East Germany former GDR Tested on: Ubuntu-Linux Vendor: http://w2scripts.com/news-publishing/ Download:...

Elastix 2.x - Blind SQL Injection

Elastix 2.x - Blind SQL Injection Title: Elastix v2.x Blind SQL Injection Vulnerability Author: Ahmed Aboul-Ela Twitter: https://twitter.com/aboul3la Vendor : http://www.elastix.org Version: v2.5.0 and prior versions should be affected too - Vulnerable Source Code snippet in...