textpattern cross-site scripting vulnerability (CNVD-2022-34638)

Textpattern CMS is a Php-based content management system from the Textpattern team. textpattern is vulnerable to cross-site scripting, which can be exploited by unauthenticated remote attackers to trigger remote code execution using XSS by uploading a webshell...

Atom CMS 2.0 - Remote Code Execution (RCE)

Exploit Title: Atom CMS 2.0 - Remote Code Execution RCE Date: 22.03.2022 Exploit Author: Ashish Koli Shikari Vendor Homepage: https://thedigitalcraft.com/ Software Link: https://github.com/thedigicraft/Atom.CMS Version: 2.0 Tested on: Ubuntu 20.04.3 LTS CVE: CVE-2022-25487 Description This script...

Atom CMS 1.0.2 Shell Upload

Exploit Title: Atom CMS 2.0 - Remote Code Execution RCE Date: 22.03.2022 Exploit Author: Ashish Koli Shikari Vendor Homepage: https://thedigitalcraft.com/ Software Link: https://github.com/thedigicraft/Atom.CMS Version: 2.0 Tested on: Ubuntu 20.04.3 LTS CVE: CVE-2022-25487 Description This script...

Atom CMS 2.0 - Remote Code Execution Exploit

Exploit Title: Atom CMS 2.0 - Remote Code Execution RCE Exploit Author: Ashish Koli Shikari Vendor Homepage: https://thedigitalcraft.com/ Software Link: https://github.com/thedigicraft/Atom.CMS Version: 2.0 Tested on: Ubuntu 20.04.3 LTS CVE: CVE-2022-25487 Description This script uploads...

Fingerprint Attendance 1.0 SQL Injection Vulnerability

Title: Fingerprint Attendance 1.0 Blind boolean SQLi To Rce Author: Hejap Zairy Vendor: https://www.vetbossel.in/fingerprint-attendance-project-php/ Software: https://app.box.com/s/xlyqalhvayq8oi25tqykcbouzrrjytqy Reference: https://github.com/Matrix07ksa Tested on: Windows, MySQL, Apache Steps 1...

CVE-2021-44082

textpattern 4.8.7 is vulnerable to Cross Site Scripting XSS via /textpattern/index.php,Body. A remote and unauthenticated attacker can use XSS to trigger remote code execution by uploading a webshell. To do so they must first steal the CSRF token before submitting a file upload request...

CVE-2021-44082

textpattern 4.8.7 is vulnerable to Cross Site Scripting XSS via /textpattern/index.php,Body. A remote and unauthenticated attacker can use XSS to trigger remote code execution by uploading a webshell. To do so they must first steal the CSRF token before submitting a file upload request...

Cross site scripting

textpattern 4.8.7 is vulnerable to Cross Site Scripting XSS via /textpattern/index.php,Body. A remote and unauthenticated attacker can use XSS to trigger remote code execution by uploading a webshell. To do so they must first steal the CSRF token before submitting a file upload request...

CVE-2021-44082

textpattern 4.8.7 is vulnerable to Cross Site Scripting XSS via /textpattern/index.php,Body. A remote and unauthenticated attacker can use XSS to trigger remote code execution by uploading a webshell. To do so they must first steal the CSRF token before submitting a file upload request...

Fingerprint Attendance 1.0 SQL Injection

Title: Fingerprint Attendance 1.0 Blind boolean SQLi To Rce Author: Hejap Zairy Date: 28.07.2022 Vendor: https://www.vetbossel.in/fingerprint-attendance-project-php/ Software: https://app.box.com/s/xlyqalhvayq8oi25tqykcbouzrrjytqy Reference: https://github.com/Matrix07ksa Tested on: Windows, MySQ...

Textpattern CMS 跨站脚本漏洞

Textpattern CMS is a Php-based content management system from the Textpattern team. textpattern is vulnerable to cross-site scripting, which can be exploited by unauthenticated remote attackers to trigger remote code execution using XSS by uploading a webshell...

Home Owners Collection Management System 1.0 SQL Injection

Exploit Title: Home Owners Collection Management System 1.0 - Remote Code Execution Blind SQLi to RCE Date: 9/03/2022 Exploit Author: Hejap Zairy Vendor Homepage: https://www.sourcecodester.com/ Software Link:...

TaoCMS Code Injection Vulnerability (CNVD-2022-33839)

TaoCMS is a CMS web content management system with perfect support for multiple databases Sqlite/Mysql. TaoCMS has a code injection vulnerability that can be exploited by attackers to execute code injection by arbitrarily editing .htaccess files to execute malicious code or write malicious code...

Taocms 代码注入漏洞

TaoCMS is a CMS web content management system with perfect support for multiple databases Sqlite/Mysql. TaoCMS has a code injection vulnerability that can be exploited by attackers to execute code injection by arbitrarily editing .htaccess files to execute malicious code or write malicious code...

BuilderTorCTPHPRAT.b Shell Upload

Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/838f67d7a4b6824ec59892057aab3bb7B.txt Contact: [email protected] Media: twitter.com/malvuln Threat: BuilderTorCTPHPRAT.b Vulnerability: Arbitrary File Upload - RCE Family: TorCTPHPRAT Type: WebUI MD5...

Pluck CMS 4.7.16 Shell Upload

Exploit Title: Pluck CMS 4.7.16 - Remote Code Execution RCE Authenticated Date: 13.03.2022 Exploit Author: Ashish Koli Shikari Vendor Homepage: https://github.com/pluck-cms/pluck Version: 4.7.16 Tested on Ubuntu 20.04.3 LTS CVE: CVE-2022-26965 Usage : python3 exploit.py Example: python3 exploit.p...

Laravel Media Library Pro 2.1.6 Shell Upload

Exploit Title: Laravel Media Library Pro Vendor Homepage: https://spatie.be/ Software Link: https://spatie.be/products/media-library-pro Version: =1.17.10 & =2.1.6 Tested on: Laradock PHP 8.0 inside Ubuntu 20.04 CVE : CVE-2021-45040 Description: The Spatie media-library-pro library through 1.17.1...

Insecure deserialization of not validated module file

Description In recent Crater version 18507ddb tag: 6.0.6 highly privileged user can upload malicious module file and run insecure deserialization, which can lead to remote code execution. Proof of Concept 1. Prepare PHAR file - php --define phar.readonly=0 phar.php PHP data = $data; function...

Prophet Spider exploits Log4j and Citrix vulnerabilities to deploy webshells

THREAT LEVEL: Red. For a detailed advisory, download the pdf file here Prophet Spider is a well-known Initial Access Broker IAB group. Prophet Spiders tradecraft continues to grow while exploiting known web-server vulnerabilities such as Citrix and Log4j. A remote code execution RCE...

PyShell - Multiplatform Python WebShell

PyShell is Multiplatform Python WebShell. This tool helps you to obtain a shell-like interface on a web server to be remotely accessed. Unlike other webshells, the main goal of the tool is to use as little code as possible on the server side, regardless of the language used or the operating syste...