39001 matches found
Agent Tesla Botnet - Arbitrary Code Execution Exploit
Agent Tesla Botnet - Arbitrary Code Execution import requests import argparse import base64 Agent Tesla C2 RCE by prsecurity For research purposes only. Don't pwn what you don't own. def getargs: parser = argparse.ArgumentParser prog="agentteslasploit.py", formatterclass=lambda prog:...
Azorult Botnet - SQL Injection Exploit
Azorult Botnet - SQL Injection import requests import argparse import base64 Azorult 3.3.1 C2 SQLi by prsecurity For research purposes only. Don't pwn what you don't own. change GUID and XOR key to specific beacon, can be extracted from a sample guid =...
Steam Windows Client - Local Privilege Escalation Exploit
Steam Windows Client - Local Privilege Escalation Exploit $SteamRegKey = "HKLM:\SOFTWARE\WOW6432Node\Valve\Steam\NSIS" $MSIRegKey = "HKLM:\SYSTEM\CurrentControlSet\Services\msiserver" $RegDir = "C:\Windows\Temp\RegLN.exe" $PayDir = "C:\Windows\Temp\payload.exe" $Payload =...
osTicket 1.12 - Formula Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: osTicket-v1.12 Formula Injection Vendor Homepage: https://osticket.com/ Software Link: https://osticket.com/download/ Exploit Author: Aishwarya Iyer Contact: https://twitter.com/aish9524 Website: https://about.me/aishiyer...
osTicket 1.12 - Persistent Cross-Site Scripting via File Upload Vulnerability
Exploit for php platform in category web applications Exploit Title: osTicket-v1.12 Stored XSS via File Upload Vendor Homepage: https://osticket.com/ Software Link: https://osticket.com/download/ Exploit Author: Aishwarya Iyer Contact: https://twitter.com/aish9524 Website: https://about.me/aishiy...
BSI Advance Hotel Booking System 2.0 - (booking_details.php) Persistent Cross-Site Scripting Vulnera
Exploit for php platform in category web applications Exploit Title:BSI Advance Hotel Booking System Persistent XSS Google Dork: intext:Hotel Booking System v2.0 © 2008 - 2012 Copyright Best Soft Inc Exploit Author: Angelo Ruwantha Vendor Homepage: http://www.bestsoftinc.com Software Link:...
UNA 10.0.0 RC1 - (polyglot.php) Persistent Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: UNA - 10.0.0-RC1 stored XSS vuln. Exploit Author: Greg.Priest Vendor Homepage: https://una.io/ Software Link: https://github.com/unaio/una/tree/master/studio Version: UNA - 10.0.0-RC1 Tested on: Windows/Linux CVE : CVE-2019-1480...
osTicket 1.12 - Persistent Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: osTicket-v1.12 Stored XSS Vendor Homepage: https://osticket.com/ Software Link: https://osticket.com/download/ Exploit Author: Aishwarya Iyer Contact: https://twitter.com/aish9524 Website: https://about.me/aishiyer Category:...
ABC2MTEX 1.6.1 Stack Overflow Exploit
Exploit Title: ABC2MTEX 1.6.1 - Command Line Stack Overflow Exploit Author: Carter Yagemann Vendor Homepage: https://abcnotation.com/abc2mtex/ Software Link: https://github.com/mudongliang/source-packages/raw/master/CVE-2004-1257/abc2mtex1.6.1.tar.gz Version: 1.6.1 Tested on: Debian Buster An...
ManageEngine Application Manager 14.2 - Privilege Escalation / Remote Command Execution Exploit
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "ManageEngine Application Manager v14.2 - Privilege Escalation / Remote Command Execution", 'Description' = %q This module exploits sqli and comman...
Webmin 1.920 - Unauthenticated Remote Code Execution Exploit
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Webmin 1.920 Unauthenticated RCE', 'Description' = %q This module exploits an arbitrary command execution vulnerability in Webmin 1.920 and prior...
Joomla JS Jobs Component (com_jsjobs) 1.2.5 - cities.php SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Joomla! component comjsjobs - SQL Injection Dork: inurl:"index.php?option=comjsjobs" Exploit Author: qw3rTyTy Vendor Homepage: https://www.joomsky.com/ Software Link: https://www.joomsky.com/5/download/1 Version: 1.2.5 Tested on...
ManageEngine OpManager 12.4x - Unauthenticated Remote Command Execution Exploit
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "ManageEngine OpManager v12.4x - Unauthenticated Remote Command Execution", 'Description' = %q This module bypasses the user password requirement i...
Joomla JS Support Ticket Component (com_jssupportticket) 1.1.6- ticketreply.php SQL Injection Vulner
Exploit for php platform in category web applications Exploit Title: Joomla! component comjssupportticket - Authenticated SQL Injection Dork: inurl:"index.php?option=comjssupportticket" Exploit Author: qw3rTyTy Vendor Homepage: https://www.joomsky.com/ Software Link:...
Joomla JS Support Ticket Component (com_jssupportticket) 1.1.6 - ticket.php Arbitrary File Deletion
Exploit for php platform in category web applications Exploit Title: Joomla! component comjssupportticket - Authenticated Arbitrary File Deletion Dork: inurl:"index.php?option=comjssupportticket" Exploit Author: qw3rTyTy Vendor Homepage: https://www.joomsky.com/ Software Link:...
ManageEngine OpManager 12.4x - Privilege Escalation / Remote Command Execution Exploit
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "ManageEngine OpManager 12.4x - Privilege Escalation / Remote Command Execution", 'Description' = %q This module exploits sqli and command injectio...
Cisco Adaptive Security Appliance - Path Traversal Exploit
Exploit for hardware platform in category web applications require 'msf/core' class MetasploitModule "Cisco Adaptive Security Appliance - Path Traversal", 'Description' = %q Cisco Adaptive Security Appliance - Path Traversal CVE-2018-0296 A security vulnerability in Cisco ASA that would allow an...
VxWorks 6.8 - TCP Urgent Pointer = 0 Integer Underflow Exploit
Exploit Title: VxWorks TCP Urgent pointer = 0 integer underflow vulnerability Discovered By: Armis Security PoC Author: Zhou Yu twitter: @504137480 Vendor Homepage: https://www.windriver.com Tested on: VxWorks 6.8 CVE: CVE-2019-12255 More Details:...
WebKit - UXSS via XSLT and Nested Document Replacements Exploit
VULNERABILITY DETAILS https://trac.webkit.org/browser/webkit/trunk/Source/WebCore/xml/XSLTProcessor.cppL66 Ref XSLTProcessor::createDocumentFromSourceconst String& sourceString, const String& sourceEncoding, const String& sourceMIMEType, Node sourceNode, Frame frame Ref...
Ghidra (Linux) 9.0.4 - .gar Arbitrary Code Execution Exploit
import os import inspect import argparse import shutil from shutil import copyfile print"" print"" print"" print"" print"------------------CVE-2019-13623----------------" print"" print"" print"" print"-----------------Ghidra-Exploit-----------------" print"--Tested version: Ghidra Linux version =...
Mitel 6869i Voip Deskphone 4.2.2032 Command Injection Vulnerability
Mitel 6869i Voip Deskphone version 4.2.2032 suffer from an unauthenticated command injection vulnerability. Vendor: Mitel Affected Products: Mitel 6869i Voip Deskphone Version 4.2.2032 - SIP Not Affected: unknown Vulnerability: Mitel 6869i SIP Deskphone 4.2.2032: Unauthenticated Bash Command...
Adive Framework 2.0.7 - Cross-Site Request Forgery Vulnerability
Exploit for php platform in category web applications Exploit Title: Adive Framework 2.0.7 – Cross-Site Request Forgery CSRF Exploit Author: Pablo Santiago Vendor Homepage: https://adive.es Software Link: https://github.com/ferdinandmartin/adive-php7 Version: 2.0.7 Tested on: Windows and Kali lin...
Joomla JS Support Ticket Component (com_jssupportticket) 1.1.5 - Arbitrary File Download Vulnerabili
Exploit for php platform in category web applications Exploit Title: Joomla! component comjssupportticket - Arbitrary File Download Dork: inurl:"index.php?option=comjssupportticket" Exploit Author: qw3rTyTy Vendor Homepage: http://joomsky.com/ Software Link:...
Joomla JS Support Ticket Component (com_jssupportticket) 1.1.5 - SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Joomla! component comjssupportticket - SQL Injection Dork: inurl:"index.php?option=comjssupportticket" Exploit Author: qw3rTyTy Vendor Homepage: https://www.joomsky.com/ Software Link: https://www.joomsky.com/46/download/1.html...
Open-School 3.0 / Community Edition 2.3 - Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications Open-School 3.0 / Community Edition 2.3 - Cross-Site Scripting Vulnerability Exploit Author: Greg.Priest Vendor Homepage: https://open-school.org/ Software Link: Version: Open-School 3.0/Community Edition 2.3 Tested on: Windows/Linux CVE :...
Baldr Botnet Panel - Arbitrary Code Execution Exploit
This Metasploit module exploits a arbitrary file upload vulnerability within the Baldr stealer malware control panel. Attackers can turn this vulnerability into remote code execution by adding malicious PHP code inside the victim logs ZIP file and registering a new bot to the panel by uploading t...
Aptana Jaxer 1.0.3.4547 - Local File inclusion Vulnerability
Exploit for multiple platform in category web applications Exploit Title: Aptana Jaxer Remote Local File inclusion Exploit Author: Steph Jensen Vendor Homepage: http://www.jaxer.org Version: 1.0.3.4547 Tested on: Linux CVE : CVE-2019-14312 Aptana Jaxer 1.0.3.4547 is vulnerable to a local file...
Daily Expense Manager 1.0 - Cross-Site Request Forgery (Delete Income) Vulnerability
Exploit for php platform in category web applications Exploit Title: Daily Expense Manager - CSRF Delete Income Exploit Author: Mr Winst0n Author E-mail: email protected Vendor Homepage: https://sourceforge.net/projects/daily-expense-manager/ Tested Version: 1.0 Tested on: Parrot OS PoC: 0day.tod...
Fortinet FortiRecorder 2.7.3 Hardcoded Password Vulnerability
Fortinet FortiRecorder 2.7.3 Hardcoded Password Vulnerability Original posting: https://xor.cat/2019/08/05/fortinet-fortirecorder-hardcoded-password/ Text archive available here: https://xor.cat/archive/2019/08/05/fortinet-fortirecorder-hardcoded-password.txt Background In June of 2019 I discover...
WordPress JoomSport 3.3 Plugin - SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: JoomSport 3.3 – for Sports - SQL injection Google Dork: intext:powered by JoomSport - sport WordPress plugin Exploit Author: Pablo Santiago Vendor Homepage: https://beardev.com/ Software Link:...
Google Chrome 74.0.3729.0 / 76.0.3789.0 - Heap Use-After-Free Exploit
Google Chrome 74.0.3729.0 / 76.0.3789.0 - Heap Use-After-Free in blink::PresentationAvailabilityState::UpdateAvailability iterating&iteratinglisteners, true; for auto& listenerref : availabilitylisteners auto listener = listenerref.get; if !listener-urls.Containsurl continue; auto...
KDE 4/5 KDesktopFile Command Injection Exploit
KDE 4/5 is vulnerable to a command injection vulnerability in the KDesktopFile class. When a .desktop or .directory file is instantiated, it unsafely evaluates environment variables and shell expansions using KConfigPrivate::expandString via the KConfigGroup::readEntry function. Using a specially...
Microsoft Windows PowerShell Command Execution Exploit
Microsoft Windows PowerShell Command Execution Exploit + Credits: John Page aka hyp3rlinx Vendor www.microsoft.com Product Windows PowerShell Windows PowerShell is a Windows command-line shell designed especially for system administrators. PowerShell includes an interactive prompt and a scripting...
Opencart 2.3.0.2 Insecure OCMod Generation Remote Command Execution Exploit
Exploit for php platform in category web applications -- !--...
ARMBot Botnet - Arbitrary Code Execution Vulnerability
import requests URL = "http://127.0.0.1/ARMBot/upload.php" r = requests.postURL, data = "file":"../publichtml/lol/../.s.phtml", need some trickery for each server ; "data":"PD9waHAgZWNobyAxOyA/Pg==", "message":"Bobr Dobr" , proxies="http":"127.0.0.1:8080","https":"127.0.0.1:8080" printr.statuscod...
Rest - Cafe and Restaurant Website CMS - (slug) SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Rest - Cafe and Restaurant Website CMS - SQL Injection Exploit Author: n1x MS-WEB Vendor Homepage: https://codecanyon.net/item/rest-cafe-and-restaurant-website-cms/21630154 CWE : CWE-89 Vulnerable parameter: slug news.php GET...
Active PHP Bookmarks 1.3 SQL Injection Vulnerability
Exploit for php platform in category web applications Active PHP Bookmarks v1.3 'cookieauth' Error-Based SQL Injection Vulnerability This is only for demonstration! Exploitation: If you want to retrieve all database, use sqlmap. Disclaimer: This or previous programs is for Educational purpose ONL...
1CRM On-Premise Software 8.5.7 - Persistent Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications 1CRM On-Premise Software 8.5.7 Stored XSS //////////////////////////////////////////////////////////////////////////////////// Exploit Title: 1CRM On-Premise Software 8.5.7 - Cross-Site Scripting Date: 19/07/2019 Exploit Author: Kusol...
CentOS Control Web Panel 0.9.8.846 Cross Site Scripting Vulnerability
Exploit for linux platform in category web applications Exploit Title: CWP CentOS Control Web Panel Reflected Cross Site Scripting Exploit Author: Pongtorn Angsuchotmetee, Nissana Sirijirakal, Narin Boonwasanarak Vendor Homepage: https://control-webpanel.com/ Version: 0.9.8.846 Tested on: CentOS...
CentOS Control Web Panel 0.9.8.840 User Enumeration Vulnerability
Exploit for linux platform in category web applications Exploit Title: CWP CentOS Control Web Panel User Enumeration Exploit Author: Pongtorn Angsuchotmetee, Nissana Sirijirakal, Narin Boonwasanarak Vendor Homepage: https://control-webpanel.com/ Version: 0.9.8.836 to 0.9.8.840 Tested on: CentOS...
CentOS Control Web Panel 0.9.8.836 Remote Command Execution Vulnerability
Exploit for linux platform in category web applications Exploit Title: CWP CentOS Control Web Panel 0.9.8.836 - Remote Command Execution Exploit Author: Pongtorn Angsuchotmetee, Nissana Sirijirakal, Narin Boonwasanarak Vendor Homepage: https://control-webpanel.com/ Version: 0.9.8.836 Tested on:...
College Notes Management System 1.0 Cross Site Request Forgery Vulnerability
Exploit for php platform in category web applications Exploit Title: College Notes Management System 1.0 - CSRF Add Note Exploit Author: Mr Winst0n Author E-mail: email protected Vendor Homepage: https://anirbandutta.ml/ Software Link: https://sourceforge.net/projects/college-notes-management/...
ATutor 2.2.4 Arbitrary File Upload / Command Execution Exploit
Exploit for php platform in category web applications !/usr/bin/env python Exploit Title: ATutor 2.2.4 'languageimport' Arbitrary File Upload / RCE CVE-2019-12169 Date: 5/24/19 Exploit Author: liquidsky JMcPeters Vendor Homepage: https://atutor.github.io/ Software Link:...
Apache Tika 1.15 - 1.17 - Header Command Injection Exploit
This Metasploit module exploits a command injection vulnerability in Apache Tika versions 1.15 through 1.17 on Windows. A file with the image/jp2 content-type is used to bypass magic byte checking. When OCR is specified in the request, parameters can be passed to change the parameters passed at...
macOS iMessage - Heap Overflow when Deserializing Exploit
macOS iMessage - Heap Overflow when Deserializing Exploit There is a heap overflow in NSURL initWithCoder: that can be reached via iMessage and likely other paths. When an NSURL is deserialized, one property its plist can contain is NS.minimalBookmarkData, which is then used as a parameter for...
Sar2HTML 3.2.1 - Remote Command Execution Exploit
Exploit for php platform in category web applications Exploit Title: sar2html Remote Code Execution Exploit Author: Furkan KAYAPINAR Vendor Homepage:https://github.com/cemtan/sar2html Software Link: https://sourceforge.net/projects/sar2html/ Version: 3.2.1 Tested on: Centos 7 In web application y...
D-Link 6600-AP XSS / DoS / Information Disclosure Vulnerabilities
Exploit for hardware platform in category web applications Security Advisory - 22/07/2019 Multiple vulnerabilities found in the D-Link 6600-AP device running the latest firmware version 4.2.0.14. D-Link 6600-AP is not produced anymore but the support is still provided by D-Link as per described o...
Linux/x86 chmod(/etc/shadow, 0666) Polymorphic Shellcode (53 bytes)
---------------------- DESCRIPTION ------------------------------------- ; Title: chmod“/etc/shadow”, 0666 and exit for Linux/x86 - Polymorphic ; Author: Daniel Ortiz ; Tested on: Linux 4.18.0-25-generic 26 Ubuntu ; Size: 53 bytes ; SLAE ID: PA-9844 ---------------------- ASM CODE...
Linux/x86 - ASLR Disable Polymorphic Shellcode (107 bytes)
---------------------- DESCRIPTION ------------------------------------- ; Title: Linux x86 ASLR deactivation for Linux/x86 - Polymorphic ; Author: Daniel Ortiz ; Tested on: Linux 4.18.0-25-generic 26 Ubuntu ; Size: 107 bytes ; SLAE ID: PA-9844 ---------------------- ASM CODE...
WebIncorp ERP - SQL injection Vulnerability
Exploit for php platform in category web applications Exploit Title: WebIncorp ERP - SQL injection Exploit Author: n1x MS-WEB Vendor Homepage: https://www.webincorp.com/products/erp-software-qatar Version: Every version CWE : CWE-89 Vulnerable parameter: prodid productdetail.php GET Request GET...