1886 matches found
Exploit for Deserialization of Untrusted Data in Fasterxml Jackson-Databind
CVE-2020-8840 Jackson-databind远程代码执行漏洞(CVE-2020-8840)分析复现环境代码。 项目包含: jackson-databind、Fastjson中payload WebServer恶意类 编译好的marshalsec-0.0.3-SNAPSHOT-all.jar 漏洞简介 Jackson-databind远程代码执行漏洞(CVE-2020-8840),攻击者可利用xbean-reflect的利用链(org.apache.xbean.propertyeditor.JndiConverter)触发JNDI远程类加载从而达到远程代码执行。...
Exploit for Off-by-one Error in Sudo_Project Sudo
PoC exploit for CVE-2021-3156, an exploit module targeting the WangluoAnquan framework. The exploit is designed to demonstrate the vulnerability in the framework's UploadHandler.ashx component, which allows for arbitrary file uploads. The exploit uses a simple form submission to upload a maliciou...
exploitdb
This is an official repository of The Exploit Database, a project sponsored by Offensive Security. The repository contains exploits, shellcodes, and papers for various vulnerabilities in different software and systems. The exploits are categorized by operating system and vulnerability type, and c...
Exploit for Off-by-one Error in Sudo_Project Sudo
PoC exploit for CVE-2021-3156, a heap-based buffer overflow in Sudo. The target product/service is Sudo, a Unix command to execute a command with superuser root privileges. The vulnerability class/vector is a heap-based buffer overflow. Notable dependencies/tooling include the Qualys Security...
Exploit for CVE-2020-1938
This is a proof-of-concept PoC exploit for CVE-2020-1938, a vulnerability in Apache Tomcat's AJP protocol. The exploit is written in Python and utilizes the ajpy library to interact with the AJP protocol. The exploit targets the Local File Inclusion LFI vulnerability in Tomcat, allowing an attack...
Exploit for Code Injection in Drupal
Drupal 远程代码执行漏洞(CVE-2018-7602) 影响软件:drupal 方式:对URL中的进行编码两次,绕过sanitize函数过滤 效果:任意命令执行 漏洞环境 执行如下命令启动drupal 7.57的环境: bash docker-compose up -d 环境启动后,访问 http://your-ip:8081/ 将会看到drupal的安装页面,一路默认配置下一步安装。因为没有mysql环境,所以安装的时候可以选择sqlite数据库。 漏洞复现 参考pimps/CVE-2018-7600的PoC。 如下图所示,执行以下命令即可复现该漏洞。示例命令为...
Hack-Tools
This is an offensive tool for Web Pentesters. It is a browser extension called HackTools, which facilitates web application penetration tests. The extension includes cheat sheets and tools such as XSS payloads, reverse shells, and more, accessible in one click. It can be used in pop-up mode or in...
Exploit for Use After Free in Microsoft
微软3389远程漏洞CVE-2019-0708批量检测工具 0x001 Win下检测 https://github.com/robertdavidgraham/rdpscan C:\Users\K8team\Desktop\rdpscan-master\vs10\Release 的目录 2019/06/02 02:11 DIR . 2019/06/02 02:11 DIR .. 2019/06/02 01:55 2,582,016 libcrypto-11.dll 2019/06/02 01:57 619,520 libssl-11.dll 2019/06/02 02:04 172,03...
Exploit for Out-of-bounds Write in Php
This is an exploit for a bug in php-fpm CVE-2019-11043. The bug is possible to trigger from the outside in certain nginx + php-fpm configurations, allowing a web user to execute code if the configuration is vulnerable. The exploit works by setting the PHPVALUE path info to a malicious value, whic...
Exploit for Out-of-bounds Write in Php
This is an exploit module for a bug in php-fpm CVE-2019-11043. The bug allows a web user to execute code on a vulnerable server if the server has a specific configuration. The exploit targets the PHP 7+ versions, but the bug itself is present in earlier versions. The exploit works by setting the...
Exploit for Out-of-bounds Write in Php
It is an exploit module/toolkit targeting a remote code execution vulnerability. The target product/service or framework is php-fpm and Nginx. The vulnerability class/vector is remote code execution RCE. The probable entry point is not specified. Notable dependencies/tooling include Python and...
Exploit for CVE-2020-1938
It is an exploit module for CNVD-2020-10487 CVE-2020-1938, a file read vulnerability in Tomcat AJP. The vulnerability allows an attacker to read files on the server by sending a specially crafted AJP request. The exploit is implemented in Python 2.7 and uses the ajpy library to interact with the...
Exploit for CVE-2015-0273
phpcodz Php Codz Hacking http://www.80vul.com/pch/ What is PHP? PHP is a widely-used general-purpose scripting language that is especially suited for Web development and can be embedded into HTML. If you are new to PHP and want to get some idea of how it works, try the introductory tutorial. Afte...
Exploit for Improper Encoding or Escaping of Output in F5 Nginx
It is an open-source collection of pre-built vulnerable docker environments. The primary CVE ID is not explicitly mentioned, but the repository contains various vulnerable environments, including ones related to CVE-2016-9086, CVE-2017-1000353, CVE-2013-4547, and CVE-2018-1000006. The target...
Exploit for CVE-2017-0144
PoC exploit for CVE-2017-0144, also known as Eternalblue-Doublepulsar. This Metasploit module exploits the vulnerability to install a Doublepulsar backdoor on a Windows system. The module targets the SMB protocol, specifically the Ring 0 SMB TCP 445 backdoor. The exploit is designed to run on...
Exploit for Deserialization of Untrusted Data in Apache Tomcat
It is an offensive tool for Java. This repository contains a proof-of-concept PoC exploit for CVE-2020-9484, a vulnerability in the Apache Commons Collections library for Java. The exploit is designed to demonstrate the vulnerability and is not intended for malicious use. The exploit is implement...
Exploit for CVE-2017-0144
PoC exploit for CVE-2017-0144 Eternalblue-Doublepulsar. The target product/service is Windows operating system, specifically the SMB Server Message Block protocol. The vulnerability class/vector is a remote code execution RCE vulnerability, which allows an attacker to execute arbitrary code on th...
Exploit for CVE-2013-0422
K8tools 20190521 声明: 工具仅供安全研究或授权渗透,非法用途后果自负。 博客: https://www.cnblogs.com/k8gege 下载: https://github.com/k8gege/K8tools PS: 不定期更新,文件比较大,可按需下载。工具有BUG或建议可直接Github上留言 提权工具均可在远控Cmd或WebShell运行,大部份经过修改编译兼容性稳定性更好 注意:不保证永久有效,喜欢自行保存。 综合工具 + 综合工具 K8飞刀Final.rar + K8data.mdb K8飞刀漏洞数据库20190402 + K8expList.txt...
Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Gitlab
It is an offensive tool for vulnerability research and education. The primary CVE ID is not explicitly mentioned, but the repository contains various vulnerable environments based on Docker-Compose, including ones for CVE-2016-9086, CVE-2017-1000353, and CVE-2018-1000006. The target product/servi...
Exploit for CVE-2017-0213
windows-kernel-exploits 简介 windows-kernel-exploits 漏洞列表 Security Bulletin KB Description Operating System - MS17-017 KB4013081 GDI Palette Objects Local Privilege Escalation windows 7/8 - CVE-2017-8464 LNK Remote Code Execution Vulnerability windows 10/8.1/7/2016/2010/2008 - CVE-2017-0213...
Exploit for CVE-2018-8581
CVE-2018-8581 这是一个邮箱层面的横向渗透和提权漏洞 它可以在拥有了一个普通权限邮箱账号密码后,完成对其他用户包括域管理员邮箱收件箱的委托接管 本EXP脚本是在原PoC基础上修改的增强版一键脚本,它将在配置好相关参数后,自动完成目标邮箱inbox收件箱的添加委托和删除委托操作,以方便甲方安全部门和红队对授权企业完成一次模拟攻击过程 原PoC是两个脚本配合使用完成添加收信规则的操作,在甲方红队实际工作中不怎么实用,而原PoC除了需要邮箱外,还需要设置目标邮箱用户的SID,但在参考文章中提到的获取用户SID的方法,我在实际环境中测试Exchange Server...
Exploit for Improper Input Validation in Jenkins
hackUtils It is a hack tool kit for pentest and web security research, which is based on BeautifulSoup bs4 module http://www.crummy.com/software/BeautifulSoup/bs4/. Usage: hackUtils.py options Options: -h, --help Show basic help message and exit -b keyword, --baidu=keyword Fetch URLs from Baidu...
Exploit for Deserialization of Untrusted Data in Oracle Weblogic_Server
ysoserial-cve-2018-2628 0x1. 准备工作 - 准备好POC脚本及Payload Object生成、JRMPListener运行所需软件环境 Python 2.7.x Oracle Java SE 1.7+ - 准备好一套安装好Patch Set Update 180417补丁的WebLogic Server 10.3.6环境(仅有AdminServer即可) 如果有现成的、已经安装好这个PSU版本的WebLogic环境,则可跳过这一步。 - 准备好POC工具 从本项目里下载POC脚本(wls-cve-2018-2628-poc.py)...
Exploit for Improper Encoding or Escaping of Output in F5 Nginx
It is an open-source collection of pre-built vulnerable docker environments. The primary CVE ID is not explicitly mentioned, but the repository contains various vulnerable environments based on Docker-Compose, including ones for CVE-2016-9086, CVE-2013-4547, and CVE-2017-1000353. The target...
Exploit for Improper Input Validation in Jenkins
hackUtils It is a hack tool kit for pentest and web security research, which is based on BeautifulSoup bs4 module http://www.crummy.com/software/BeautifulSoup/bs4/. Usage: hackUtils.py options Options: -h, --help Show basic help message and exit -b keyword, --baidu=keyword Fetch URLs from Baidu...
Exploit for Improper Encoding or Escaping of Output in F5 Nginx
This repository is an offensive tool for a vulnerability environment. It is a collection of Docker Compose files for various vulnerabilities, allowing users to easily set up and test vulnerable environments. The repository includes files for vulnerabilities such as CVE-2016-9086, CVE-2017-1000353...
Exploit for Improper Input Validation in Joomla Joomla\!
CMS-Hunter 简介 Content Management System Vulnerability Hunter 说明:目前来看,本项目会进行长期维护,有修改的建议或者想法欢迎联系作者。 CMS 漏洞列表 Discuz - Discuz<3.4birthprovince前台任意文件删除 DedeCMS - DedeCMSv5.7shopsdelivery存储型XSS - DedeCMSv5.7carbuyaction存储型XSS - DedeCMSv5.7友情链接CSRFGetShell Drupal - Drupal远程代码执行漏洞CVE-2017-6920 Struts -...
Exploit for CVE-2017-8570
Based on the provided context, here is a summary of the analysis: Classification: Exploit toolkit for CVE-2017-8570, a Microsoft Office PPSX RCE vulnerability. Primary Functionality: The toolkit generates a malicious PPSX file and delivers a payload either local or remote to the victim. Key...
Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Apple Iphone_Os
CVE-2018-4407 is a heap buffer overflow vulnerability in the XNU operating system kernel, affecting both iOS and macOS. The vulnerability can lead to a denial-of-service DOS attack. The exploit is a simple and fast BOF Buffer Overflow attack that can be launched using the provided Python script...
Exploit for Improper Encoding or Escaping of Output in F5 Nginx
This is a repository for Vulhub, a collection of vulnerable environments for testing and learning about web application security. The repository contains a variety of vulnerable environments, including web servers, databases, and applications, which can be used to test and demonstrate various typ...
Exploit for SQL Injection in Zabbix
It is an offensive tool for Vulnerability Exploitation and Research. The repository contains a collection of vulnerability exploitation tools and research materials, including exploits for various vulnerabilities, proof-of-concept PoC code, and research notes. The tools are organized by...
Exploit for Server-Side Request Forgery in Grafana
This is a PoC Proof of Concept repository for various web vulnerabilities, specifically SQL injection and SSRF Server-Side Request Forgery vulnerabilities. The repository contains a list of vulnerabilities, including: CVE-2021-21315: Node.js command injection vulnerability CVE-2020-13379: Grafana...
Exploit for Out-of-bounds Write in Polkit_Project Polkit
PoC exploit for CVE-2021-4034, a local privilege escalation vulnerability in Polkit's pkexec. The repository contains Python code that exploits this vulnerability to gain root privileges. The code is based on the original C code by blasty and uses the msfvenom payload generator to create a shared...
Exploit for Out-of-bounds Write in Polkit_Project Polkit
This repository is a proof-of-concept PoC exploit for CVE-2021-4034, a vulnerability in the polkit privilege escalation exploit. The exploit is implemented in C and uses the execve system call to execute a shell with elevated privileges. The vulnerability is related to the way polkit handles user...
Exploit for Classic Buffer Overflow in Openssl
Vulnerabilityrecurrence-漏洞复现 介绍 复现部分与汽车网络安全相关的漏洞. 软件架构 - OpenSSL CVE-2021-3711 SM2 Decryption Buffer Overflow 使用说明 1. 请参考各分部分 readme 文件. 2. 所有内容搜集于网路,请勿用于非法途径,仅供学习参考. 参与贡献 1. Fork 本仓库 2. 新建 Featxxx 分支 3. 提交代码 4. 新建 Pull Request...
Exploit for Privilege Context Switching Error in Canonical Ubuntu_Linux
PoC exploit for CVE-2021-3493, a local privilege escalation vulnerability in Ubuntu OverlayFS. The target is the Linux kernel, specifically the overlayfs file system, which did not properly validate the application of file system capabilities with respect to user namespaces. A local attacker coul...
Exploit for Off-by-one Error in Sudo_Project Sudo
This is a PoC Proof of Concept exploit for the CVE-2021-3156 vulnerability in the sudo package. The vulnerability is a heap-based buffer overflow that can be exploited to gain elevated privileges. The exploit is written in C and uses a brute-force approach to identify the correct offset and...
Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Microsoft
CVE-2020-0796 PoC exploit for SMBGhost vulnerability in Windows 10 1903/1909's SMB3 compression capability. This PoC connects to the target host, compresses the authentication request with a bad offset field set in the transformation header, causing the decompressor to buffer overflow and crash t...
Exploit for Files or Directories Accessible to External Parties in Apache Flink
Based on the provided code and analysis, here is a summary of the vulnerabilities: 1. Apache Flink 1.9.x Jar Upload RCE: This vulnerability allows an attacker to upload a malicious JAR file to the Apache Flink server, which can lead to arbitrary command execution and reverse shell. The affected...
Exploit for Improper Restriction of XML External Entity Reference in Apache Solr
注意: 切勿利用本工具对未授权的网站进行非法攻击。由此产生的法律后果由使用者自行承担!!! 软件更新早知道 下一版本将补weblogic漏洞将新增spring data Spring Cloud 漏洞敬请期待!!!! AttackWebFrameworkTools 1.0 2021-03-06 AttackWebFrameworkTools For RedTeam 更新状态日志: 2021-03-28 新增 CNVD-2021-10543 MessageSolution信息泄露漏洞,新增Apache OFBiz...
Exploit for CVE-2020-1938
CVE-2020-1938Tomcat-fileinclude and filered Tomcat的文件包含及文件读取漏洞利用POC 文件读取 Usage :python2 "Tomcat-ROOT路径下文件读取CVE-2020-1938.py" -p 8009 -f /test.txt 127.0.0.1 文件包含 Usage :python2 "Tomcat-ROOT路径下文件包含CVE-2020-1938.py" -p 8009 -f /test.txt 127.0.0.1 复现详情:http://www.svenbeast.com/post/fqSI9laE8/ img:...
Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Microsoft
This repository contains a collection of Python scripts for various tasks, including password cracking, port scanning, URL to IP conversion, file deduplication, and vulnerability scanning. The scripts are designed to be used for educational purposes, as indicated by the author's blog and the...
Exploit for SQL Injection in Djangoproject Django
CVE-2020-7471 这个仓库提供 CVE-2020-7471 Potential SQL injection via StringAggdelimiter 漏洞的环境和 POC 受影响的 django 版本 - 1.11 到 1.11.28(不含) - 2.2 到 2.2.10(不含) - 3.0 到 3.0.3(不含) 下载使用前需要如下操作: 1. 安装 django 漏洞版本,我测试用的是 python pip install django==3.0.2 -i https://pypi.tuna.tsinghua.edu.cn/simple 2. 参考...
Exploit for SQL Injection in Zabbix
This repository is an offensive tool for various vulnerability exploitation and testing. It contains a collection of tools and scripts for identifying and exploiting vulnerabilities in various software and systems. The repository includes tools for testing web applications, network services, and...
Exploit for Off-by-one Error in Sudo_Project Sudo
This is a Python-based exploit for the CVE-2021-3156 vulnerability in sudo. The exploit targets Linux systems with glibc and nscd service not running. It overwrites the struct serviceuser to gain root privileges. The exploit has several variants, including: 1. exploitnss.py: This is the main...
Exploit for Improper Encoding or Escaping of Output in F5 Nginx
It is an offensive tool for various areas. The repository contains a collection of vulnerable docker environments, including: CouchDB FFmpeg Git InfluxDB Jenkins Nginx Oracle Java Apache HTTP Server GitLab FastJSON Jenkins Electron The vulnerabilities include: CVE-2016-9086 GitLab CVE-2016-10134...
Exploit for CVE-2021-3129
CVE-2021-3129 Laravel debug rce 食用方法 执行docker-compse up -d启动环境 访问8888端口后点击首页面的generate key就可以复现了 关于docker环境想说的几点: - 把.env.example复制到.env作用是开启debug环境 - 关闭了php.ini的phar.readonly - 在resources/view/里添加了一个hello模板并引用了一个未定义变量,同时在routes/web.php添加路由这个我加在源码里了,没写dockerfile里 复现效果 脚本已放出,脚本要和phpggc项目文件夹在同一级目录下...
Exploit for Deserialization of Untrusted Data in Microsoft
CVE-2020-17144-EXP 条件: Exchange2010; 普通用户 默认用法写webshell: CVE-2020-17144-EXP.exe mail.example.com user pass 执行命令 & 端口复用: 修改ExploitClass.cs 参考 @zcgonvh...
Exploit for CVE-2020-2551
CVE-2020-2551 Weblogic IIOP 反序列化 测试环境 Weblogic10.3.6+jdk1.6 打包好的jar包 提取码:a6ob 漏洞利用 下载jar包,然后使用marshalsec起一个恶意的RMI服务,本地编译一个exp.java java package payload; import java.io.IOException; public class exp public exp String cmd = "curl http://172.16.1.1/success"; try...
dahua
This is a collection of proof-of-concept PoC exploit code and research notes for various vulnerabilities in IP cameras and other network devices. The code is written in Python and C, and the notes provide information on the vulnerabilities, including the attack vector, authentication requirements...