D-Link DIR-8xx Routers - Root Remote Code Execution

Due to error in hnap protocol implementation we can overflow stack and execute any sh commands under root priviliges. E-DB Note: https://embedi.com/blog/enlarge-your-botnet-top-d-link-routers-dir8xx-d-link-routers-cruisin-bruisin E-DB Note:...

Gr8 Multiple Search Engine Script 1.0 - SQL Injection

Exploit Title: Gr8 Multiple Search Engine Script 1.0 - SQL Injection Dork: N/A Date: 12.09.2017 Vendor Homepage: http://www.gr8script.com/ Software Link: http://www.gr8script.com/multiplesearchscript.php Demo: http://www.gr8script.com/multiplesearch/ Version: 1.0 Category: Webapps Tested on:...

osTicket 1.10 - SQL Injection (PoC)

ADVISORY INFORMATION ======================================== Title: osTicket v1.10 Unauthenticated SQL Injection Application: osTicket Bugs: SQL Injection Class: Sensitive Information disclosure Remotely Exploitable: Yes Authentication Required: NO Versions Affected: = v1.10 Technology: PHP...

Jungo DriverWizard WinDriver < 12.4.0 - Kernel Pool Overflow / Local Privilege Escalation (2)

-- coding: utf-8 -- """ Jungo DriverWizard WinDriver Kernel Pool Overflow Vulnerability Download: http://www.jungo.com/st/products/windriver/ File: WD1240.EXE Sha1: 3527cc974ec885166f0d96f6aedc8e542bb66cba Driver: windrvr1240.sys Sha1: 0f212075d86ef7e859c1941f8e5b9e7a6f2558ad CVE: CVE-2017-14344...

XYZ Auto Classifieds 1.0 - SQL Injection

Exploit Title: XYZ Auto Classifieds v1.0 - SQL Injection Date: 2017-09-12 Exploit Author: 8bitsec Vendor Homepage: http://xyzscripts.com/ Software Link: https://xyzscripts.com/php-scripts/xyz-auto-classifieds/details Version: 1.0 Tested on: Kali Linux 2.0 | Mac OS 10.12.6 Email: [email protected]...

WebKit JSC - 'BytecodeGenerator::emitGetByVal' Incorrect Optimization (1)

Let's start with JS code. let o = ; for let i in xx: 0 oi; 0; i-- ForInContext& context = mforInContextStacki - 1.get; if context.local != property continue; if !context.isValid break; if context.type == ForInContext::IndexedForInContextType property = staticcastcontext.index; break;...

D-Link DIR-8xx Routers - Leak Credentials

phpcgi is responsible for processing requests to .php, .asp and .txt pages. Also, it checks whether a user is authorized or not. Nevertheless, if a request is crafted in a proper way, an attacker can easily bypass authorization and execute a script that returns a login and password to a router...

iTech StockPhoto Script 2.02 - SQL Injection

Exploit Title: iTech StockPhoto Script v2.02 - SQL Injection Date: 2017-09-11 Exploit Author: 8bitsec Vendor Homepage: http://itechscripts.com/ Software Link: http://itechscripts.com/stockphoto-script Version: 2.02 Tested on: Kali Linux 2.0 | Mac OS 10.12.6 Email: [email protected] Contact:...

iTech Book Store Script 2.02 - SQL Injection

Exploit Title: iTech Book Store Script v2.02 - SQL Injection / Reflected XSS Date: 2017-09-11 Exploit Author: 8bitsec Vendor Homepage: http://itechscripts.com/ Software Link: http://itechscripts.com/book-store-script Version: 2.02 Tested on: Kali Linux 2.0 | Mac OS 10.12.6 Email: contact@8bitsec....

EduStar Udemy Clone Script 1.0 - SQL Injection

Exploit Title: EduStar Udemy Clone Script v1.0 - SQL Injection Date: 2017-09-11 Exploit Author: 8bitsec Vendor Homepage: https://www.abservetech.com/ Software Link: https://www.abservetech.com/edustar-udemy-clone/ Version: 1.0 Tested on: Kali Linux 2.0 | Mac OS 10.12.6 Email: [email protected]...

JobStar Monster Clone Script 1.0 - SQL Injection

Exploit Title: JobStar Monster Clone Script v1.0 - SQL Injection Date: 2017-09-11 Exploit Author: 8bitsec Vendor Homepage: https://www.abservetech.com/ Software Link: https://www.abservetech.com/jobstar-monster-clone/ Version: 1.0 Tested on: Kali Linux 2.0 | Mac OS 10.12.6 Email: contact@8bitsec....

PHP Dashboards NEW 4.4 - SQL Injection

Exploit Title: PHP Dashboards NEW 4.4 - SQL Injection Dork: N/A Date: 11.09.2017 Vendor Homepage: http://dataninja.biz/ Software Link: https://codecanyon.net/item/php-dashboards-v40-collaborative-social-dashboards/19314871 Demo: http://phpdashboardv4.dataninja.biz/ Version: 4.4 Category: Webapps...

Nimble Professional 1.0 - Cross-Site Request Forgery (Update Admin)

Edit Profile: Admin Name: Admin Email: Admin Password: Save Profile...

Hanbanggaoke IP Camera - Arbitrary Password Change

Vulnerability summary The following advisory describes an arbitrary password change vulnerability found in Hanbanggaoke webcams. Beijing Hanbang Technology, “one of the first enterprises entering into digital video surveillance industry, has been focusing on R&D of products and technology of...

WiseGiga NAS - Multiple Vulnerabilities

Source: https://blogs.securiteam.com/index.php/archives/3402 Vulnerabilities summary The following advisory describes five 5 vulnerabilities and default accounts / passwords found in WiseGiga NAS devices. WiseGiga is a Korean company selling NAS products. The vulnerabilities found in WiseGiga NAS...

PHP Dashboards NEW 4.4 - Arbitrary File Read

Exploit Title: PHP Dashboards NEW 4.4 - Arbitrary File Read Dork: N/A Date: 11.09.2017 Vendor Homepage: http://dataninja.biz/ Software Link: https://codecanyon.net/item/php-dashboards-v40-collaborative-social-dashboards/19314871 Demo: http://phpdashboardv4.dataninja.biz/ Version: 4.4 Category:...

tcprewrite - Heap Buffer Overflow

Title: tcprewrite Heap-Based Buffer Overflow CVE: CVE-2017-14266 CWE: CWE-122 Exploit Author: Hosein AskariFarazPajohan Vendor HomePage: http://tcpreplay.synfin.net/ Product Description: When you want to give a PCAP file to someone, it gives away certain sensitive information such as an...

AirStar Airbnb Clone Script 1.0 - SQL Injection

Exploit Title: AirStar Airbnb Clone Script v1.0 - SQL Injection Date: 2017-09-11 Exploit Author: 8bitsec Vendor Homepage: https://www.abservetech.com/ Software Link: https://www.abservetech.com/airstar-airbnb-clone/ Version: 1.0 Tested on: Kali Linux 2.0 | Mac OS 10.12.6 Email: [email protected]...

Docker Daemon - Unprotected TCP Socket (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Docker Daemon - Unprotected TCP Socket Exploit', 'Description' = %q Utilizing Docker via unprotected tcp socket 2375/tcp, maybe 2376/tcp with tls...

Linux/ARM (Raspberry Pi) - Bind TCP Shell (4444/TCP) Shellcode (192 bytes)

Linux/ARM Raspberry Pi - Bind TCP Shell 4444/TCP Shellcode 192 bytes. Shellcode exploit for ARM platform / Andrea Sindoni - @invictus1306 This schellcode is part of my episodes: - ARM exploitation for IoT - https://quequero.org/2017/07/arm-exploitation-iot-episode-2/ Enviroment: Raspberry pi 3...

Linux/ARM (Raspberry Pi) - Reverse TCP Shell (192.168.0.12:4444/TCP) Shellcode (160 bytes)

Linux/ARM Raspberry Pi - Reverse TCP Shell 192.168.0.12:4444/TCP Shellcode 160 bytes. Shellcode exploit for ARM platform / Andrea Sindoni - @invictus1306 This schellcode is part of my episodes: - ARM exploitation for IoT - https://quequero.org/2017/07/arm-exploitation-iot-episode-2/ Enviroment:...

Job Board Software 1.0 - SQL Injection

Exploit Title: Job Board Software 1.0 - SQL Injection Dork: N/A Date: 09.09.2017 Vendor Homepage: http://scriptzee.com/ Software Link: http://scriptzee.com/best-softwares/job-board-software Demo: http://jobsite.scriptzee.com/ Version: 1.0 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CVE: N/A...

Law Firm 1.0 - SQL Injection

Exploit Title: Law Firm Website Script 1.0 - SQL Injection Dork: N/A Date: 09.09.2017 Vendor Homepage: http://scriptzee.com/ Software Link: http://scriptzee.com/small-business/law-firm-website Demo: http://lawwebsite.scriptzee.com/ Version: 1.0 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CV...

Escort Marketplace 1.0 - SQL Injection

Exploit Title: Escort Website Script 1.0 - SQL Injection Dork: N/A Date: 09.09.2017 Vendor Homepage: http://scriptzee.com/ Software Link: http://scriptzee.com/escort-website Demo: http://escortwebsite.scriptzee.com/ Version: 1.0 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CVE: N/A Exploit...

Professional Service Booking 1.0 - SQL Injection

Exploit Title: Professional Service Booking Software 1.0 - SQL Injection Dork: N/A Date: 09.09.2017 Vendor Homepage: http://scriptzee.com/ Software Link: http://scriptzee.com/best-softwares/professional-service-booking-engine Demo: http://professionalservice.scriptzee.com/ Version: 1.0 Category:...

My Builder Marketplace 1.0 - SQL Injection

Exploit Title: My Builder Marketplace Script 1.0 - SQL Injection Dork: N/A Date: 09.09.2017 Vendor Homepage: http://scriptzee.com/ Software Link: http://scriptzee.com/best-softwares/my-builder-marketplace Demo: http://mybuilderjobs.scriptzee.com/ Version: 1.0 Category: Webapps Tested on:...

Just Dial Marketplace 1.0 - SQL Injection

Exploit Title: Just Dial Marketplace Software 1.0 - SQL Injection Dork: N/A Date: 09.09.2017 Vendor Homepage: http://scriptzee.com/ Software Link: http://scriptzee.com/best-softwares/just-dial-marketplace Demo: http://classified.scriptzee.com/ Version: 1.0 Category: Webapps Tested on:...

Topsites Script 1.0 - Cross-Site Request Forgery / PHP Code Injection

Meta Tags File Footer File...

Restaurant Website Script 1.0 - SQL Injection

Exploit Title: Restaurant Website Script 1.0 - SQL Injection Dork: N/A Date: 09.09.2017 Vendor Homepage: http://scriptzee.com/ Software Link: http://scriptzee.com/small-business/restaurant-website-script Demo: http://restaurant.scriptzee.com/ Version: 1.0 Category: Webapps Tested on:...

Babysitter Website Script 1.0 - SQL Injection

Exploit Title: Babysitter Website Script 1.0 - SQL Injection Dork: N/A Date: 09.09.2017 Vendor Homepage: http://scriptzee.com/ Software Link: http://scriptzee.com/best-softwares/babysitter-website Demo: http://babysitter.scriptzee.com/ Version: 1.0 Category: Webapps Tested on: WiN7x64/KaLiLinuXx6...

Online Print Business 1.0 - SQL Injection

Exploit Title: Online Print Business Software 1.0 - SQL Injection Dork: N/A Date: 09.09.2017 Vendor Homepage: http://scriptzee.com/ Software Link: http://scriptzee.com/best-softwares/online-print-business Demo: http://onlineprintbssiness.scriptzee.com/ Version: 1.0 Category: Webapps Tested on:...

Apache Struts 2.0.1 < 2.3.33 / 2.5 < 2.5.10 - Arbitrary Code Execution

import requests import sys from urllib import quote def exploiturl: res = requests.geturl, timeout=10 if res.statuscode == 200: print "+ Response: ".formatstrres.text print "\n+ Exploit Finished!" else: print "\n! Exploit Failed!" if name == "main": if lensys.argv != 4: print """S2-053 Exploit...

Gh0st Client (C2 Server) - Remote Buffer Overflow (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'zlib' class MetasploitModule 'Gh0st Client buffer Overflow', 'Description' = %q This module exploits a Memory buffer overflow in the Gh0st client C2 server ,...

Huawei HG255s - Directory Traversal

Exploit Title: Server Directory Traversal at Huawei HG255s Date: 07.09.2017 Exploit Author: Ahmet Mersin Vendor Homepage: www.huawei.com Software Link: Not published this modem just used by Turkey Version: V100R001C163B025SP02 POC: https://www.youtube.com/watch?v=n02toTFkLOU&feature=youtu.be...

Online Invoice System 3.0 - SQL Injection

Exploit Title: Online Invoice System 3.0 - SQL Injection Dork: N/A Date: 07.09.2017 Vendor Homepage: http://www.onlineinvoicesystem.com/ Software Link: http://www.onlineinvoicesystem.com/indexv3.html Demo: http://www.onlineinvoicesystem.com/onlineinvoicesystem3/index.php Version: 3.0 Category:...

HiSilicon DVR Devices - Remote Code Execution

!/usr/bin/env python2 pwn hisilicon dvr web service from pwn import from time import sleep import re import argparse import os parser = argparse.ArgumentParserdescription='exploit HiSilicon DVR devices' parser.addargument'--rhost', help='target host', required=True parser.addargument'--rport',...

Roteador Wireless Intelbras WRN150 - Cross-Site Scripting

Exploit Title: XSS persistent on intelbras router with firmware WRN 250 Date: 07/09/2017 Exploit Author: Elber Tavares Vendor Homepage: http://intelbras.com.br/ Version: Intelbras Wireless N 150Mbps - WRN 240 Tested on: kali linux, windows 7, 8.1, 10 CVE-2017-14219 For more info:...

McAfee LiveSafe 16.0.3 - Man In The Middle Registry Modification Leading to Remote Command Execution

Vulnerabilities Summary The following advisory describes a Remote Command Execution found in McAfee McAfee LiveSafe MLS versions prior to 16.0.3. The vulnerability allows network attackers to modify the Windows registry value associated with the McAfee update via the HTTP backend-response. McAfee...

EzInvoice 6.02 - SQL Injection

Exploit Title: EzInvoice - Invoice Management System 6.0.2 - SQL Injection Dork: N/A Date: 07.09.2017 Vendor Homepage: http://www.mysticdreams.net/ Software Link: http://www.mysticdreams.net/resources/ezinvoicedemo.zip Demo: http://www.mysticdreams.net/products/ezinvoice/ Version: 6.0.2 Category:...

EzBan 5.3 - 'id' SQL Injection

Exploit Title: EzBan - Banner Management System 5.3 - SQL Injection Dork: N/A Date: 07.09.2017 Vendor Homepage: http://www.mysticdreams.net/ Software Link: http://www.mysticdreams.net/resources/ezbandemo.zip Demo: http://www.mysticdreams.net/products/ezban/ Version: 5.3 Category: Webapps Tested o...

Apache Struts 2.5 < 2.5.12 - REST Plugin XStream Remote Code Execution

Exploit Title: Struts 2.5 - 2.5.12 REST Plugin XStream RCE Google Dork: filetype:action Date: 06/09/2017 Exploit Author: Warflop Vendor Homepage: https://struts.apache.org/ Software Link: http://mirror.nbtelecom.com.br/apache/struts/2.5.10/struts-2.5.10-all.zip Version: Struts 2.5 – Struts 2.5.12...

Pay Banner Text Link Ad 1.0.6.1 - SQL Injection

Exploit Title: Pay Banner Text Link Ad 1.0.6.1 - SQL Injection Dork: N/A Date: 06.09.2017 Vendor Homepage: http://www.dijiteol.com/ Software Link: http://www.dijiteol.com/p-Pay-Banner-Textlink-Ad-Pay-Banner-Advertisement-PHP-Script-i-1.html Demo: http://dijiteol.com/demos/pbtla Version: 1.0.6.1...

Cory Support - 'pr' SQL Injection

Exploit : Cory Support pr SQL Injection Vulnerability Author : v3n0m Contact : v3n0matoutlookdotcom Date : September, 06-2017 GMT +7:00 Jakarta, Indonesia Developer : Cory App Software : Cory Support App Link : http://coryapp.com/?product&index Demo : http://coryapp.com/demo/support/ Tested On :...

Tor (Linux) - X11 Linux Sandbox Breakout

/ Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1293&desc=2 EDIT: I mixed up two different sandboxes; see the comment below for a correction. From inside the Linux sandbox described in , it is still possible to talk to the X server without any restrictions. This means that a...

Pay Banner Text Link Ad 1.0.6.1 - Cross-Site Request Forgery (Update Admin)

Exploit Title: Pay Banner Text Link Ad 1.0.6.1 - Cross-Site Request Forgery Update Admin User&Pass Dork: N/A Date: 06.09.2017 Vendor Homepage: http://www.dijiteol.com/ Software Link: http://www.dijiteol.com/p-Pay-Banner-Textlink-Ad-Pay-Banner-Advertisement-PHP-Script-i-1.html Demo:...

Advertiz PHP Script 0.2 - Cross-Site Request Forgery (Update Admin)

Exploit Title: Advertiz PHP Script 0.2 - Cross-Site Request Forgery Update Admin User&Pass Dork: N/A Date: 06.09.2017 Vendor Homepage: http://www.dijiteol.com/ Software Link: http://www.dijiteol.com/p-Advertiz-PHP-Script--No-Accounts-Required--i-2.html Demo: http://dijiteol.com/demos/advertiz/...

Jungo DriverWizard WinDriver < 12.4.0 - Kernel Out-of-Bounds Write Privilege Escalation

-- coding: utf-8 -- """ Jungo DriverWizard WinDriver Kernel Out-of-Bounds Write Privilege Escalation Vulnerability Download: http://www.jungo.com/st/products/windriver/ File: WD1240.EXE Sha1: 3527cc974ec885166f0d96f6aedc8e542bb66cba Driver: windrvr1240.sys Sha1:...

Jungo DriverWizard WinDriver < 12.4.0 - Kernel Pool Overflow / Local Privilege Escalation (1)

-- coding: utf-8 -- """ Jungo DriverWizard WinDriver Kernel Pool Overflow Vulnerability Download: http://www.jungo.com/st/products/windriver/ File: WD1240.EXE Sha1: 3527cc974ec885166f0d96f6aedc8e542bb66cba Driver: windrvr1240.sys Sha1: 0f212075d86ef7e859c1941f8e5b9e7a6f2558ad CVE: CVE-2017-14153...

The Car Project 1.0 - SQL Injection

Exploit Title: The Car Project 1.0 - SQL Injection Dork: N/A Date: 05.09.2017 Vendor Homepage: http://thecarproject.org/ Software Link: http://thecarproject.org/thecarproject.zip Demo: http://www.thecarproject.org/cp Version: 1.0 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CVE: N/A Exploit...

FiberHome ADSL AN1020-25 - Improper Access Restrictions

Title: ==== FiberHome Unauthenticated ADSL Router Factory Reset. Credit: ====== Name: Ibad Shah Twitter: @BeeFaauBee09 Website: beefaaubee09.github.io CVE: ===== CVE-2017-14147 Date: ==== 05-09-2017 dd/mm/yyyy About FiberHome: ====== FiberHome Technologies is a leading equipment vendor and global...