POSNIC Unauthenticated Remote Code Execution Vulnerability

POSNIC versions prior to 1.03 suffer from a code execution vulnerability when set up to trust data from a compromised mysql instance. Exploit Title : POSNIC all versiontill 1.03 unauthenticated remote code execution Author : Manish Kishan Tanwar AKA error1046 https://twitter.com/IndiShell1046 Dat...

JSP Web Shell Detection (China Chopper)

Binary data 9488.prm...

PHP Web Shell Detection (China Chopper)

Binary data 9487.prm...

ASP Web Shell Detection (China Chopper)

Binary data 9489.prm...

X (Formerly Twitter): reverb.twitter.com redirects to vulnerable reverb.guru

Hi! http://reverb.twitter.com redirects requests to http://reverb.guru which hosts a vulnerable PHP application. I managed to get RCE there which allows to modify the contents of this site, so that reverb.twitter.com will redirect to a phishing page or force a malicious file download. I was able ...

Hacker Installed a Secret Backdoor On Facebook Server to Steal Passwords

How to Hack Facebook? That’s the most commonly asked question during this decade. It’s a hacker dream to hack Facebook website for earning bug bounty or for any malicious purpose. Facebook security team recently found that someone, probably a blackhat hacker with malicious intent, has breached in...

JMX2 Email Tester - save_email.php Arbitrary File Upload Exploit

Exploit for multiple platform in category web applications Exploit Title: JMX2 Email Tester - Web Shell Uploadsaveemail.php Date: 2016-02-15 Blog: http://www.hahwul.com Vendor Homepage: https://github.com/johnfmorton/jmx2-Email-Tester Software Link:...

JMX2 Email Tester - save_email.php Arbitrary File Upload

JMX2 Email Tester - saveemail.php Arbitrary File Upload Exploit Title: JMX2 Email Tester - Web Shell Uploadsaveemail.php Date: 2016-02-15 Blog: http://www.hahwul.com Vendor Homepage: https://github.com/johnfmorton/jmx2-Email-Tester Software Link:...

JMX2 Email Tester - 'save_email.php' Arbitrary File Upload

Exploit Title: JMX2 Email Tester - Web Shell Uploadsaveemail.php Date: 2016-02-15 Blog: http://www.hahwul.com Vendor Homepage: https://github.com/johnfmorton/jmx2-Email-Tester Software Link: https://github.com/johnfmorton/jmx2-Email-Tester/archive/master.zip Tested on: debian wheezy CVE : none...

JMX2 Email Tester Remote Shell Upload

Exploit Title: JMX2 Email Tester - Web Shell Uploadsaveemail.php Date: 2016-02-15 Blog: http://www.hahwul.com Vendor Homepage: https://github.com/johnfmorton/jmx2-Email-Tester Software Link: https://github.com/johnfmorton/jmx2-Email-Tester/archive/master.zip Tested on: debian wheezy CVE : none...

File Sharing Manager 1.0 iOS - Multiple Web Vulnerabilities

Document Title: =============== File Sharing Manager 1.0 iOS - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1715 Release Date: ============= 2016-02-09 Vulnerability Laboratory ID VL-ID: ===================================...

File Manager PRO 1.3 Local File Inclusion / File Upload

Document Title: =============== File Manager PRO v1.3 iOS - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1704 Release Date: ============= 2016-02-03 Vulnerability Laboratory ID VL-ID: ====================================...

Remote Code Execution in Exponent

High-Tech Bridge Security Research Lab discovered critical vulnerability in Exponent CMS, which can be exploited to inject and execute arbitrary PHP code on the vulnerable system with the privileges of the web server. The vulnerability resides within "/install/index.php" script, when handling...

ZTE SOHO ROUTERWEB_SHELL_CMD.GCH 远程命令执行漏洞

漏洞概要 2014 年 3 月 3 日，Rapid7 团队发布了中兴 F460 / F660 后门信息1，任何可以访问设备的用户都可以直接访问一个命令执行的 Web 界面，以 root 权限执行任意命令。 上述设备在中国境内被广泛应用，俗称“电信光猫”。 漏洞描述 ZTE 生产的 SOHO Router 的一些型号中，Web 根目录（/home/httpd ）下存在 /webshellcmd.gch 文件，没有任何访问控制，可以直接执行任意系统命令。 以下几点值得注意： Rapid7 于 2014 年 3 月 3 日公布此漏洞，但是根据搜索结果，此问题早在 2012...

Chinese Caidao Backdoor Bruteforce

This module attempts to bruteforce chinese caidao asp/php/aspx backdoor. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'metasploit/framework/credentialcollection' require...

Backshell Web Shell Cross Site Request Forgery

================================================================================ Backshell Web Shell - CSRF Command Injection ================================================================================ Vendor Homepage: https://github.com/neitanod/backshell Date: 25/12/2015 Software Link:...

b374k 3.2.32.8 (Web Shell) - Cross-Site Request Forgery Command Injection

b374k 3.2.32.8 Web Shell - Cross-Site Request Forgery Command Injection + Credits: hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/AS-B374K-CSRF-CMD-INJECTION.txt Vendor: ============================================ github.com/b374k/b374k...

b374k 3.2.3/2.8 (Web Shell) - Cross-Site Request Forgery / Command Injection

Credits: hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/AS-B374K-CSRF-CMD-INJECTION.txt Vendor: ============================================ github.com/b374k/b374k code.google.com/p/b374k-shell/downloads/list...

OWASP Mth3l3m3nt Framework

OWASP Mth3l3m3nt Framework is a penetration testing aiding tool and exploitation framework. Mth3l3m3nt provides the ability to create or do custom LFI and RFI exploits fast with little or no effort at all. It also enables you to store all your quick wins based on its ability to manage HTTP bots,...

China Chopper Caidao PHP Backdoor Code Execution

This module takes advantage of the China Chopper Webshell that is commonly used by Chinese hackers. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'China Chopper Caidao PHP Backdoor Code...