Weevely3 - Weaponized Web Shell

Weevely is a command line web shell dynamically extended over the network at runtime designed for remote administration and pen testing. It provides a weaponized telnet-like console through a PHP script running on the target, even in restricted environments. The low footprint agent and over 30...

Stealthy PHP Web Shell Backdoor: Weevely

Stealthy PHP Web Shell Backdoor Weevely is a command line web shell dinamically extended over the network at runtime used for administration and pen testing of remote web accesses. It provides a weaponized telnet-like console through a PHP script running on the target, even in restricted...

ZTE SOHO ROUTER WEB_SHELL_CMD.GCH 远程命令执行

1、漏洞概要2014 年 3 月 3 日，Rapid7 团队发布了中兴 F460 / F660 后门信息1，任何可以访问设备的用户都可以直接访问一个命令执行的 Web 界面，以 root 权限执行任意命令。上述设备在中国境内被广泛应用，俗称“电信光猫”。2.1漏洞描述ZTE 生产的 SOHO Router 的一些型号中，Web 根目录（/home/httpd ）下存在 /webshellcmd.gch 文件，没有任何访问控制，可以直接执行任意系统命令。以下几点值得注意：Rapid7 于 2014 年 3 月 3 日公布此漏洞，但是根据搜索结果，此问题早在 2012...

PHP Web Shells Malicious Known Variables

There are known Variables of an attempt to upload a web shell backdoor to a PHP server. A successful exploitation might allow the attacker to run arbitrary code, or use the server as a bot for further attacks...

ArcSight Logger - Arbitrary File Upload Code Execution

ArcSight Logger - Arbitrary File Upload Code Execution Exploit Title: ArcSight Logger - Arbitrary File Upload Code Execution Date: 13.03.2015 Exploit Author: Julian Horoszkiewicz Vendor Homepage: www.hp.com Software Link:...

Seagate Business NAS 2014.00319 - Remote Code Execution

!/usr/bin/env python Seagape ======= Seagate Business NAS pre-authentication remote code execution exploit as root user. by OJ Reeves @TheColonial - for full details please see https://beyondbinary.io/advisory/seagate-nas-rce/ Usage ===== seagape.py -c ua - ip : ip or host name of the target NAS ...

IBM Tivoli Service Automation Manager 7.2.4 - Remote Code Execution Vulnerability

Exploit for jsp platform in category web applications Exploit Title: IBM Tivoli Service Automation Manager Remote Code Execution Date: 12\12\2014 Exploit Author: Jakub Palaczynski Vendor Homepage: http://www.ibm.com/ Version: All versions of IBM Tivoli Service Automation Manager up to 7.2.4 VU/CV...

DAws - Advanced Web Shell (Windows/Linux)

There's multiple things that makes DAws better than every Web Shell out there: 1. Bypasses Disablers; DAws isn't just about using a particular function to get the job done, it uses up to 6 functions if needed, for example, if shellexec was disabled it would automatically use exec or passthru or...

PHP Web Shell Generic Backdoor (CVE-2020-24186)

An attacker might upload a web shell backdoor to a PHP server. A successful exploitation might allow the attacker to run arbitrary code, or use the server as a bot for further attacks...

IBM Tivoli Service Automation Manager 7.2.4 - Remote Code Execution

Exploit Title: IBM Tivoli Service Automation Manager Remote Code Execution Date: 12\12\2014 Exploit Author: Jakub Palaczynski Vendor Homepage: http://www.ibm.com/ Version: All versions of IBM Tivoli Service Automation Manager up to 7.2.4 VU/CVE: VU782708, CVE-2015-0104 1. Create report 2. Browse...

C99Shell (Web Shell) - c99.php Authentication Bypass

C99Shell Web Shell - c99.php Authentication Bypass Exploit Title: C99 Shell Authentication Bypass via Backdoor Google Dork: inurl:c99.php Date: June 23, 2014 Exploit Author: mandatory Matthew Bryant Vendor Homepage: http://ccteam.ru/ Software Link: https://www.google.com/ Version: ", " ",...

CSSearch 2.3 - Remote Command Execution Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/4368/info csSearch is a website search script, written in Perl. It will run on most Unix and Linux variants, as well as Microsoft operating systems. csSearch is prone to an issue which may enable an attacker to execute Pe...

PHD Help Desk 2.12 - SQL Injection Vulnerability

No description provided by source. Exploit Title: PHD Help Desk 2.12 SQLi Date: 05/24/2013 Exploit Author: drone @dronesec More information: http://forelsec.blogspot.com/2013/06/phd-help-desk-212-sqli-and-xss.html Vendor Homepage: http://www.p-hd.com.ar/ Software Link:...

STUNSHELL Web Shell Remote PHP Code Execution

No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3...

Bitbot C2 Panel gate2.php - Multiple Vulnerabilities

No description provided by source. Exploit Title: Bitbot C2 Panel gate2.php SQLi + XSS Date: 08/19/2013 Exploit Author: Brian Wallace bwall aka @botnethunter Software Link: https://sourceforge.net/p/flippingbitbot/wiki/Home/ Vulnerable Virtual Machine including Bitbot Tested on: Debian/Ubuntu fro...

Dolibarr ERP/CMS 3.4.0 (exportcsv.php, sondage param) - SQL Injection

No description provided by source. Exploit Title: Dolibarr 3.4.0 SQLi Date: 10/7/2013 Exploit author: drone @dronesec More information: http://forelsec.blogspot.com/2013/10/dolibarr-340-multiple-vulnerabilities.html Vendor homepage: http://www.dolibarr.org/ Software link: Version: 3.4.0 Fixed in:...

File Upload Manager 1.3

No description provided by source. Version: v1.3 ============================================================ www.sec-war.com ============================================================ 1- upload shell with: shell.php.jpg shell.php.gif shell.php.htm shell.htm shell.php.jpeg shell.php.bmp 2- Go t...

Bluetooth Photo Share Pro 2.0 iOS - Multiple Vulnerabilities

No description provided by source. Document Title: =============== Bluetooth Photo Share Pro v2.0 iOS - Multiple Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1218 Release Date: ============= 2014-02-27 Vulnerability Laboratory ID VL-ID...

XODA Document Management System 0.4.5 - XSS & Arbitrary File Upload

No description provided by source. Exploit Title: XODA Document Management System Stored XSS & Arbitrary File Upload Vulnerability. Date: 21/08/2012 Exploit Author: Shai rod @NightRang3r Vendor Homepage: http://xoda.org/ Software Link: http://sourceforge.net/projects/xoda/files/xoda/xoda-0.4.5/...

Collabtive 1.0 (manageuser.php, task param) - SQL Injection Vulnerability

No description provided by source. Exploit Title: Collabtive 1.0 SQLi Date: 06/17/2013 Exploit Author: drone @dronesec More information: http://forelsec.blogspot.com/2013/06/collabtive-10-sqli.html Vendor homepage: http://collabtive.o-dyn.de/ Software link:...