2126 matches found
slopShell - The Only Php Webshell You Need
php webshell Since I derped, and forgot to talk about usage. Here goes. For this shell to work, you need 2 things, a victim that allows php file uploadyourself, in an educational environment and a way to send http requests to this webshell. Basic Usage VideoHosted on Youtube: Current VT Detection...
Pluck CMS suffers from a file upload vulnerability (CNVD-2021-40249)
Pluck CMS is a PHP-based content management system. Pluck CMS suffers from a file upload vulnerability that can be exploited by an attacker to upload a webshell and gain server privileges...
Cross site scripting
vFairs 3.3 is affected by Insecure Permissions. Any user logged in to a vFairs virtual conference or event can modify any other users profile information or profile picture. After receiving any user's unique identification number and their own, an HTTP POST request can be made update their profil...
Pluck CMS 4.7.13 Remote Shell Upload
Exploit Title: Pluck CMS 4.7.13 - File Upload Remote Code Execution Authenticated Date: 25.05.2021 Exploit Author: Ron Jost Hacker5preme Vendor Homepage: https://github.com/pluck-cms/pluck Software Link: https://github.com/pluck-cms/pluck/releases/tag/4.7.13 Version: 4.7.13 Tested on Xubuntu 20.0...
Codiad 2.8.4 - Remote Code Execution (Authenticated) Exploit (3)
Exploit Title: Codiad 2.8.4 - Remote Code Execution Authenticated 3 Exploit Author: Ron Jost Hacker5preme Vendor Homepage: http://codiad.com/ Software Link: https://github.com/Codiad/Codiad/releases/tag/v.2.8.4 Version: 2.8.4 Tested on Xubuntu 20.04 CVE: CVE-2018-19423 ''' Description: Codiad 2.8...
Pluck CMS 4.7.13 - File Upload Remote Code Execution (Authenticated) Exploit
Exploit Title: Pluck CMS 4.7.13 - File Upload Remote Code Execution Authenticated Exploit Author: Ron Jost Hacker5preme Vendor Homepage: https://github.com/pluck-cms/pluck Software Link: https://github.com/pluck-cms/pluck/releases/tag/4.7.13 Version: 4.7.13 Tested on Xubuntu 20.04 CVE:...
SP Project & Document Manager < 4.22 - Authenticated Shell Upload
The plugin allows users to upload files, however, the plugin attempts to prevent php and other similar files that could be executed on the server from being uploaded by checking the file extension. It was discovered that php files could still be uploaded by changing the file extension's case, for...
File Upload Vulnerability in PatrolFlow Multiservice Security Gateway Intelligent Management Platform
Beijing Byzoro Networks Technology Co., Ltd hereinafter referred to as Byzoro Networks is a high-tech enterprise dedicated to building the next-generation secure Internet. A file upload vulnerability exists in PatrolFlow Multi-service Security Gateway Intelligent Management Platform. Attackers ca...
Subrion CMS 4.2.1 Shell Upload
Exploit Title: File Upload Bypass to RCE Authenticated Google Dork: N/A Date: 17/05/2021 Exploit Author: Fellipe Oliveira Vendor Homepage: https://subrion.org/ Software Link: https://github.com/intelliants/subrion Version: SubrionCMS 4.2.1 Tested on: Debian9, Debian 10 and Ubuntu 16.04 CVE :...
File Upload Vulnerability in Lionfish Merchant Management System
Xiamen Lionfish Network Technology Co., Ltd. is an Internet innovation model software products and solutions as the core, mainly focusing on e-commerce system development and business solutions for high-tech enterprises. A file upload vulnerability exists in the Lionfish Merchant Management Syste...
File Upload Vulnerability in Dahua In-vehicle Integrated Management Platform of Zhejiang Dahua Technology Co.
Zhejiang Dahua Technology Co., Ltd. is a video-centered intelligent IOT solution provider and operation service provider. A file upload vulnerability exists in the Dahua vehicle integrated management platform of Zhejiang Dahua Technology Co. An attacker can exploit the vulnerability to upload a...
File Upload Vulnerability in Dahua In-vehicle Integrated Management Platform of Zhejiang Dahua Technology Co.(CNVD-2021-35890)
Zhejiang Dahua Technology Co., Ltd. is a video-centered intelligent IOT solution provider and operation service provider. A file upload vulnerability exists in the Dahua vehicle integrated management platform of Zhejiang Dahua Technology Co. An attacker can exploit the vulnerability to upload a...
File Upload Vulnerability in SEMCMS PHP (Multilingual) Version
SemCms is an open source foreign trade enterprise website management system. A file upload vulnerability exists in the PHP multilingual version of SEMCMS. An attacker can exploit the vulnerability to upload webshell and gain server privileges...
Pystinger - Bypass Firewall For Traffic Forwarding Using Webshell
Pystinger implements SOCK4 proxy and port mapping through webshell. It can be directly used by metasploit-framework, viper, cobalt strike for session online. Pystinger is developed in python, and currently supports three proxy scripts: php, jspx and aspx. Usage Suppose the domain name of the serv...
GetSimple CMS Custom JS 0.1 CSRF / XSS / Code Execution
Exploit Title: GetSimple CMS Custom JS v0.1 - CSRF to XSS to RCE Exploit Author: Bobby Cooke boku & Abhishek Joshi Date: April 30th, 2021 Vendor Homepage: http://get-simple.info Software Link: http://get-simple.info/download/ & http://get-simple.info/extend/plugin/custom-js/1267/ Vendor: 4Enzo...
File upload vulnerability in ClassCMS backend (CNVD-2021-35844)
ClassCMS is a content management system. A file upload vulnerability exists in the ClassCMS backend. An attacker can exploit the vulnerability to upload a webshell and gain server privileges...
File upload vulnerability in PHPOK backend
PHPOK is a set of enterprise website system developed in PHP + MYSQL language. A file upload vulnerability exists in the PHPOK backend. An attacker can exploit the vulnerability to upload webshell and gain server privileges...
File Upload Vulnerability in Panavision OA
Panavision OA E-Office is a standard version of the Panavision collaborative office system program released by Shanghai Panavision Network Technology Co. A file upload vulnerability exists in E-Office. An attacker can exploit the vulnerability to upload a webshell and gain server privileges...
File Upload Vulnerability in e-office Panmicro Collaboration Office System
e-cology is a collaborative business platform with enterprise information portal, knowledge management, data center, workflow management, human resource management, customer and partner management, project management, financial management, and asset management functions. A file upload vulnerabili...
Document Management System 1.0 SQL Injection / Remote Code Execution Exploit
Exploit Title: Document Management System - SQL Injection to RCE webshell Exploit Author: Richard Jones Vendor Homepage: https://www.sourcecodester.com/php/7652/document-management-system.html Version: 1.0 Tested on: Windows 10 build 19041 + xampp 3.2.4 !/usr/bin/python3 import requests import sy...