GetSimple CMS 3.3.16 Cross Site Scripting / Shell Upload

Exploit Title: GetSimple CMS 3.3.16 - Reflected XSS to RCE Exploit Author: Bobby Cooke boku Discovery Credits: Bobby Cooke boku & Adeeb Shah @hyd3sec Date: March 29th, 2021 CVE ID: CVE-2020-23839 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-23839 Vendor Homepage: http://get-simple.in...

GetSimple CMS 3.3.16 - Reflected XSS to RCE Exploit

Exploit Title: GetSimple CMS 3.3.16 - Reflected XSS to RCE Exploit Author: Bobby Cooke boku Discovery Credits: Bobby Cooke boku & Adeeb Shah @hyd3sec CVE ID: CVE-2020-23839 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-23839 Vendor Homepage: http://get-simple.info Software Link:...

GetSimple CMS 3.3.16 - Persistent Cross-Site Scripting

Exploit Title: GetSimple CMS 3.3.16 - Reflected XSS to RCE Exploit Author: Bobby Cooke boku Discovery Credits: Bobby Cooke boku & Adeeb Shah @hyd3sec Date: March 29th, 2021 CVE ID: CVE-2020-23839 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-23839 Vendor Homepage: http://get-simple.in...

File Upload Vulnerability in UCMS Backend

UCMS is a simple open source content management system. A file upload vulnerability exists in the UCMS backend. An attacker can exploit the vulnerability to upload webshell and gain server privileges...

Exploit for Server-Side Request Forgery in Microsoft

proxylogon Proof-of-concept exploit for CVE-2021-26855 and CV...

ProxyLogon - PoC Exploit for Microsoft Exchange

PoC Exploit for Microsoft Exchange Launche Original PoC: https://github.com/testanull How to use: python proxylogon.py Example: python proxylogon.py primary [email protected] If successful you will be dropped into a webshell. exit or quit to escape from the webshell or ctrl+c By default, it...

File upload vulnerability in We7 CMS (CNVD-2021-24741)

We7 CMS is a domestic asp.net-based at the same time with open source and open plug-in CMS system. A file upload vulnerability exists in We7 CMS. An attacker can exploit the vulnerability to upload a webshell and gain server privileges...

File Upload Vulnerability in NGFW of Netcom Next Generation Firewall (CNVD-2021-24752)

Netcom Next Generation Firewall NGFW is an application layer firewall launched by Netcom Technology that can comprehensively deal with network threats. A file upload vulnerability exists in NGFW. An attacker can exploit the vulnerability to upload a webshell and gain server privileges...

File Upload Vulnerability in Seven Bears Library System

Seven bears library system is a similar to Baidu library online document preview, selling system. A file upload vulnerability exists in the Seven Bears Library System. An attacker can exploit the vulnerability to upload a webshell and gain server privileges...

Arbitrary File Upload Vulnerability in Website Management System of Hangzhou Boce Network Technology Co.

Hangzhou Bocai Network Technology Co., Ltd. provides comprehensive digital innovation services. An arbitrary file upload vulnerability exists in the website management system login of Hangzhou Boce Network Technology Co. An attacker could use this vulnerability to upload a webshell and gain serve...

File Upload Vulnerability in NS-NGFW Backend of Netcom Next-Generation Firewalls

hereinafter referred to as Netcom was founded in 2004, is specialized in providing operators, finance, government, education, health care, enterprises, hotels, export integrated application gateway. A file upload vulnerability exists in the background of NS-NGFW. Attackers can utilize the...

File Upload Vulnerability in NGFW of Netcom NGFW

Netcom Next Generation Firewall NGFW is an application layer firewall launched by Netcom Technology that can comprehensively deal with network threats. A file upload vulnerability exists in NGFW. An attacker can exploit the vulnerability to upload a webshell and gain server privileges...

File Upload Vulnerability in NGFW of Netcom Next Generation Firewall (CNVD-2021-24366)

Netcom Next Generation Firewall NGFW is an application layer firewall launched by Netcom Technology that can comprehensively deal with network threats. A file upload vulnerability exists in NGFW. An attacker can exploit the vulnerability to upload a webshell and gain server privileges...

VMware vCenter Server File Upload / Remote Code Execution Exploit

This Metasploit module exploits an unauthenticated OVA file upload and path traversal in VMware vCenter Server to write a JSP payload to a web-accessible directory. Fixed versions are 6.5 Update 3n, 6.7 Update 3l, and 7.0 Update 1c. Note that later vulnerable versions of the Linux appliance aren'...

File upload vulnerability exists in UCMS (CNVD-2021-21601)

UCMS is a content management system written in PHP. There is a file upload vulnerability in the UCMS backend, which can be exploited by an attacker to upload arbitrary scripts to obtain a website webshell...

Exploit for Path Traversal in Microsoft

I will continue to add any new code or modify existing code ba...

Exploit for Path Traversal in Vmware Cloud_Foundation

cve-2021-21972 Usage Instructions p...

Rapid7’s InsightIDR Enables Detection And Response to Microsoft Exchange Zero-Day

Starting February 27, 2021, Rapid7 has observed a notable increase in the exploitation of Microsoft Exchange through existing detections in InsightIDR’s Attacker Behavior Analytics ABA. The Managed Detection and Response MDR identified multiple, related compromises in the past 72 hours. In most...

File Upload Vulnerability in Merchant Backend Management System of Lianyungang Bubble Network Technology Co.

Lianyungang Bubble Network Technology Co., Ltd. focuses on WeChat small program micro-mall community group purchasing, fresh food e-commerce system development, is committed to the retail industry, to provide omni-channel e-commerce solutions. Lianyungang roll bubble network technology limited...

Indiscriminate Exploitation of Microsoft Exchange Servers (CVE-2021-24085)

The following blog post was co-authored by Andrew Christian and Brendan Watters. Beginning Feb. 27, 2021, Rapid7’s Managed Detection and Response MDR team has observed a notable increase in the automated exploitation of vulnerable Microsoft Exchange servers to upload a webshell granting attackers...