CDK

This repository is an open-sourced container penetration toolkit called CDK, designed for offering stable exploitation in different slimmed containers without any OS dependency. It comes with useful net-tools and many powerful PoCs/EXPs to help users escape container and take over K8s cluster...

CVE-2021-38753

An unrestricted file upload on Simple Image Gallery Web App can be exploited to upload a web shell and executed to gain unauthorized access to the server hosting the web app...

Unrestricted file upload

An unrestricted file upload on Simple Image Gallery Web App can be exploited to upload a web shell and executed to gain unauthorized access to the server hosting the web app...

CVE-2021-38753

The CVE-2021-38753 entry concerns Simple Image Gallery Web App, with an unrestricted file upload vulnerability that can be exploited to upload a web shell and execute it, potentially gaining unauthorized access to the hosting server. Multiple sources describe an access control/file-upload flaw en...

Simple Image Gallery Web App 代码问题漏洞

Simple Image Gallery Web App is a web-based application that can be managed by multiple users. Users can store their images in this Web application.An access control error vulnerability exists in Simple Image Gallery Web App, which stems from an unrestricted file upload of Simple Image Gallery We...

Wsh - Web Shell Generator And Command Line Interface

wsh pronounced woosh is a web shell generator and command line interface. This started off as just an http client since interacting with webshells is a pain. There's a form, to send a command you have to type in an input box and press a button. I wanted something that fits into my workflow better...

Exploit for Out-of-bounds Write in Gnu Glibc

This is a PoC exploit for CVE-2015-0235, a vulnerability in the GNU C Library glibc that allows for remote code execution RCE through a buffer overflow in the gethostbyname function. The exploit is implemented in the kadimus tool, which is a LFI Local File Inclusion scanner and exploit tool. The...

S-CMS 输入验证错误漏洞

S-CMS is a product developed by Zibo Shining Network Technology Co., Ltd. that provides solutions for building enterprise websites. a remote code execution vulnerability exists in /1.com.php in S-CMS version 3.0 PHP version. An attacker can exploit the vulnerability by modifying PHP files to get ...

WordPress Plugin Popular Posts 5.3.2 - Remote Code Execution (RCE) (Authenticated)

Exploit Title: WordPress Plugin Popular Posts 5.3.2 - Remote Code Execution RCE Authenticated Date: 15/07/2021 Exploit Author: Simone Cristofaro Vendor Homepage: https://it.wordpress.org/plugins/wordpress-popular-posts/ Software Link:...

WordPress Popular Posts 5.3.2 Shell Upload

Exploit Title: WordPress Plugin Popular Posts 5.3.2 - Remote Code Execution RCE Authenticated Date: 15/07/2021 Exploit Author: Simone Cristofaro Vendor Homepage: https://it.wordpress.org/plugins/wordpress-popular-posts/ Software Link:...

WordPress Popular Posts 5.3.2 Plugin - Remote Code Execution (Authenticated) Exploit

Exploit Title: WordPress Plugin Popular Posts 5.3.2 - Remote Code Execution RCE Authenticated Exploit Author: Simone Cristofaro Vendor Homepage: https://it.wordpress.org/plugins/wordpress-popular-posts/ Software Link: https://downloads.wordpress.org/plugin/wordpress-popular-posts.5.3.2.zip Versio...

Online Covid Vaccination Scheduler System 1.0 Shell Upload

Exploit Title: Online Covid Vaccination Scheduler System 1.0 - Arbitrary File Upload to Remote Code Execution Unauthenticated Date: 2021-07-07 Exploit Author: faisalfs10x Vendor Homepage: https://www.sourcecodester.com/ Software Link:...

CVE-2021-32630

Admidio is a free, open source user management system for websites of organizations and groups. In Admidio before version 4.0.4, there is an authenticated RCE via .phar file upload. A php web shell can be uploaded via the Documents & Files upload feature. Someone with upload permissions could...

CVE-2021-32630

Admidio is a free, open source user management system for websites of organizations and groups. In Admidio before version 4.0.4, there is an authenticated RCE via .phar file upload. A php web shell can be uploaded via the Documents & Files upload feature. Someone with upload permissions could...

Design/Logic Flaw

Admidio is a free, open source user management system for websites of organizations and groups. In Admidio before version 4.0.4, there is an authenticated RCE via .phar file upload. A php web shell can be uploaded via the Documents & Files upload feature. Someone with upload permissions could...

Admidio 代码问题漏洞

Admidio is an open source member management system from the Admidio team. The system supports member lists, event management, guestbooks, photo albums and downloads. A security vulnerability exists in versions prior to Admidio 4.0.4, which stems from the fact that someone with upload privileges c...

Magecart Hackers Now hide PHP-Based Backdoor In Website Favicons

Cybercrime groups are distributing malicious PHP web shells disguised as a favicon to maintain remote access to the compromised servers and inject JavaScript skimmers into online shopping platforms with an aim to steal financial information from their users. "These web shells known as Smilodon or...

Newly observed PHP-based skimmer shows ongoing Magecart Group 12 activity

This blog post was authored by Jérôme Segura Web skimming continues to be a real and impactful threat to online merchants and shoppers. The threat actors in this space greatly range in sophistication from amateurs all the way to nation state groups like Lazarus. In terms of security, many...

This Week in Security News - April 30, 2021

Hacktivism’s reemergence explained and Hello ransomware uses updated China Chopper web shell...

Hello Ransomware Uses Updated China Chopper Web Shell, SharePoint Vulnerability

We discuss the technical features of a Hello ransomware attack, including its exploitation of CVE-2019-0604 and the use of a modified version of the China Chopper web shell...