Jump to content

Kev

Active Members
 View Profile  See their activity

  • Posts

    1026

  • Joined

  • Days Won

    55

 Content Type 

Everything posted by Kev

  1. Kev

    apk2url

    Kev posted a topic in Programe hacking

    apk2url easily extracts URL and IP endpoints from an APK file and performs filtering into a .txt output. This is suitable for information gathering by the red team, penetration testers and developers to quickly identify endpoints associated with an application. NOTE: Why use apk2url? When compared with APKleaks, MobSF and AppInfoScanner, apk2url identifies a significantly higher number of endpoints. Running apk2url NOTE: apk2url requires apktool and jadx which can be easily installed with apt. Please refer to the dependencies section. git clone https://github.com/n0mi1k/apk2url ./apk2url.sh /path/to/apk/file.apk UPDATE v1.2 now supports directory input for multiple APKs! ./apk2url.sh /path/to/apk-directory/ You can also install directly for easy access by running ./install.sh. After that you can run apk2url anywhere: By default there are 2 output files in the "endpoints" directory: <apkname>_endpoints.txt - Contains endpoints with full URL paths <apkname>_uniq.txt - Contains unique endpoint domains and IPs By default, the program does not log the Android file name/path where endpoints are discovered. To enable logging, run as follows: apk2url /path/to/apk/file.apk log *Tested on Kali 2023.2 and Ubuntu 22.04 Dependencies Use apt for easy installation of these tools required by apk2url: sudo apt install apktool sudo apt install jadx Demonstration Disclaimer This tool is for educational and testing purposes only. Do not use it to exploit the vulnerability on any system that you do not own or have permission to test. The authors of this script are not responsible for any misuse or damage caused by its use. Download: git clone https://github.com/n0mi1k/apk2url.git Source
  2. Kev
    Complete comprehensive archive of all 1,863 exploits added to Packet Storm in 2023. Content: ³ 202301-exploits ³ 2adgb20-disclose.txt ³ academylms511-xss.txt ³ activeecommercecms650-sql.txt ³ activeecommercecms650-xss.txt ³ activematrimonialcms35-insecure.txt ³ activematrimonialcms36-sql.txt ³ adminabulgaria10-sql.txt ³ adminseg2155-idor.txt ³ amazcartlescms34-xss.txt ³ askey-escalate.txt ³ bdweblinklms1115-idor.txt ³ blesta541-insecure.txt ³ bootcommerce321-sql.txt ³ bootcommerce321-xss.txt ³ cacti_unauthenticated_cmd_injection.rb.txt ³ carrentalscript30-sql.txt ³ chikoi10-sql.txt ³ chikoinewmvcshop10-xss.txt ³ cicms7-sql.txt ³ citrixclient-disclose.txt ³ cmsglobalpctech10-insecure.txt ³ control_web_panel_login_cmd_exec.rb.txt ³ corpatechcms2-sql.txt ³ CVE-2022-44149.py.txt ³ cwp7-exec.txt ³ dcastaliacms12-idor.txt ³ deprixapro75-insecure.txt ³ deprixaprocms325-insecure.txt ³ eatself115-sql.txt ³ ecartmves1-insecure.txt ³ ecartweb400-insecure.txt ³ ecartweb500-xss.txt ³ enci41-sql.txt ³ erpgosaas39-csvinject.txt ³ erpgosaascrm33-upload.txt ³ flex522-insecure.txt ³ foloosishopping557-insecure.txt ³ foodordersystem2-shell.txt ³ get41-disclose.txt ³ gic10-sql.txt ³ goldfilledcrm20-upload.txt ³ GS20230102143226.tgz ³ GS20230102143415.tgz ³ GS20230103153417.tgz ³ GS20230106134403.tgz ³ GS20230109135640.tgz ³ GS20230110134636.tgz ³ GS20230110135120.tgz ³ GS20230111153522.tgz ³ GS20230112140635.tgz ³ GS20230113150343.txt ³ GS20230113150649.tgz ³ GS20230117164337.tgz ³ GS20230117164548.tgz ³ GS20230118170140.txt ³ HNS-2022-01-dtprintinfo.txt ³ incrementercms01-insecure.txt ³ infobool30-sql.txt ³ infokart11-sql.txt ³ inlislite32-insecure.txt ³ inouthomestay22-sql.txt ³ inoutjobsportal222-sql.txt ³ inoutjobsportal222-xss.txt ³ inoutmusic511-sql.txt ³ inoutmvsc323-sql.txt ³ inoutmvsc323-xss.txt ³ inoutrealestate213-sql.txt ³ inoutse1013-xss.txt ³ ivanti_csa_unauth_rce_cve_2021_44529.rb.txt ³ jettweb3-sql.txt ³ jettwebreadyrentacar4-xss.txt ³ kesioncms15-addadmin.txt ³ kesioncms15160902-insecure.txt ³ KIS-2023-01.txt ³ KIS-2023-02.txt ³ KIS-2023-03.txt ³ KIS-2023-04.txt ³ laravel9470-disclose.txt ³ linear_emerge_unauth_rce_cve_2019_7256.rb.txt ³ listserv17-idor.txt ³ listserv17-xss.txt ³ medisensehealthcaresolcrm20-xsrf.txt ³ mremoteng17620-escalate.txt ³ netchess21-overflow.txt ³ ofoo2-shell.txt ³ ofoo2-sql.txt ³ ofos20-exec.txt ³ ofos20-sql.txt ³ ofos20-xss.txt ³ oracledbmetadata-exposure.txt ³ oracledbmsredact-bypass.txt ³ oracleuap-bypass.txt ³ phpjabbersacs32-xss.txt ³ phpjabbersbds32-xss.txt ³ phpjabberscpbs20-xss.txt ³ phpjabbersetss10-xss.txt ³ phpjabberspls31-sql.txt ³ phpjabberspls31-xss.txt ³ phpjabberstts10-sql.txt ³ phpjabberstts10-xss.txt ³ prms10-bypass.txt ³ raptor_dtprintlibXmas.c ³ rt-sa-2022-002.txt ³ SA-20230117-2.txt ³ slims952-xss.txt ³ SYSS-2022-047.txt ³ tikiwikicms250-xss.txt ³ TRSA-2203-01.txt ³ wolfssl-overread.txt ³ wpmmm222-disclose.txt ³ wpprofilebuilder305-sql.txt ³ wproyalelemntor1359-insecure.txt ³ wpsliderrevolution412-traversal.txt ³ wpsliderrevolution413-traversal.txt ³ wpsliderrevolution465-shell.txt ³ wpsliderrevolution465-traversal.txt ³ wpsliderrevolution492-traversal.txt ³ wpsliderrevolution4xx-shell.txt ³ wpsliderrevoluvation308-traversal.txt ³ wptouch375-redirect.txt ³ wptouch382-redirect.txt ³ wptouch4347-redirect.txt ³ wptouchpro3091-redirect.txt ³ wptouchpro334-redirect.txt ³ xcash15-insecure.txt ³ yjh3-sql.txt ³ yjh3-xss.txt ³ yuvaneducationcrm30-sql.txt ³ zstore654-xss.txt ³ zstore660-xss.txt ³ 202302-exploits ³ 101newsbymk10-sql.txt ³ acdme78-sqlexecxsstraversal.txt ³ adms10-escalate.txt ³ adms10-sql.txt ³ argondashboard112-sql.txt ³ atrocore1525-shell.txt ³ bestposms10-shell.txt ³ bestposms10-sql.txt ³ bestposms10-xss.txt ³ CDSR-20230213-0.txt ³ chikoi10-traversal.txt ³ chikoi10-xss.txt ³ churchcrm453-sql.txt ³ cisco_rv340_lan.rb.txt ³ CVE-2022-45701.py.txt ³ cve_2022_1043_io_uring_priv_esc.rb.txt ³ cve_2022_3699_lenovo_diagnostics_driver.rb.txt ³ demanzomatrimony15-xsrf.txt ³ empc17-sql.txt ³ empc17-xss.txt ³ etms10-escalate.txt ³ etms10-sql.txt ³ f5_create_user.rb.txt ³ fortra_goanywhere_rce_cve_2023_0669.rb.txt ³ froxlor_log_path_rce.rb.txt ³ gitlab_github_import_rce_cve_2022_2992.rb.txt ³ globalinfotechcms10-sql.txt ³ GS20230206163255.tgz ³ GS20230206163837.tgz ³ GS20230209162439.tgz ³ GS20230210152355.tgz ³ GS20230210152910.tgz ³ GS20230210153345.tgz ³ GS20230210153626.tgz ³ GS20230224194934.tgz ³ GS20230227151433.tgz ³ kardexmlogvcc5712-exec.txt ³ kshitish20-insecure.txt ³ mac_dirty_cow.rb.txt ³ manageengine_adselfservice_plus_saml_rce_cve_2022_47966.rb.txt ³ manageengine_endpoint_central_saml_rce_cve_2022_47966.rb.txt ³ manageengine_servicedesk_plus_saml_rce_cve_2022_47966.rb.txt ³ materialdashboard2-sql.txt ³ mefidot22-insecure.txt ³ mefidot22-sql.txt ³ mgs10-escalate.txt ³ mgs10-sql.txt ³ Monitorrv1.7.6_RCE.py.txt ³ nagios_xi_configwizards_authenticated_rce.rb.txt ³ NWSSA-001-2023.txt ³ NWSSA-002-2023.txt ³ onlineeyewearshop10-sql.txt ³ oracle12102-escalate.txt ³ pfblockerng2146-exec.txt ³ pyload_js2py_exec.rb.txt ³ SA-20230214-0.txt ³ salestrackerssytem10-sql.txt ³ sfos10-sql.txt ³ tomcat_ubuntu_log_init_priv_esc.rb.txt ³ vmwgfx_fd_priv_esc.rb.txt ³ weby125-xsrf.txt ³ wpqsm808-delete.txt ³ wpqsm808-xsrf.txt ³ wprealestate7theme334-abuse.txt ³ wprealestate7theme334-xsrf.txt ³ wprealestate7theme334-xss.txt ³ wpwoodmarttheme710-inject.txt ³ wpwoodmarttheme711-xsrf.txt ³ xworm21-dos.txt ³ ycrs10-sql.txt ³ zabbix627-escalate.txt ³ ZSL-2023-5744.txt ³ ZSL-2023-5745.txt ³ ZSL-2023-5746.txt ³ ZSL-2023-5747.txt ³ ZSL-2023-5748.txt ³ ZSL-2023-5749.txt ³ ZSL-2023-5750.txt ³ ZSL-2023-5751.txt ³ ZSL-2023-5752.txt ³ ZSL-2023-5753.txt ³ ZSL-2023-5754.txt ³ 202303-exploits ³ 101newsportal10-sql.txt ³ abantecart132-exec.txt ³ adobeconnect1145-disclose.txt ³ aerocms001-shellinject.txt ³ aerocms001-sql.txt ³ atomcms20noauth-sql.txt ³ beautysalon10-shell.txt ³ bitbucket700-exec.txt ³ bitbucket_env_var_rce.rb.txt ³ bludit3141-shell.txt ³ boxbilling42215-exec.txt ³ bsms100-xss.txt ³ cacti1222-exec.txt ³ clanspherecms20114-xss.txt ³ composrcms10039-exec.txt ³ coolermastermasterplus185-unquotedpath.txt ³ covenant05-exec.txt ³ crowdstrikefa64415806-bypass.txt ³ CVE-2023-23397_EXPLOIT_0DAY-main.zip ³ cve-2023-24217.py.txt ³ cve_2023_21768_afd_lpe.rb.txt ³ desktopcentral910-ssrfcrlf.txt ³ dlinkdir819a1-dos.txt ³ dlinkdnr322l-exec.txt ³ dreamercms400-sql.txt ³ dsl124-disclose.txt ³ eqems220-sql.txt ³ eveng50113-xss.txt ³ explorer32135531-overflow.txt ³ extplorer2114-bypassexec.txt ³ fastly-disclose.txt ³ flatcorecms211-xss.txt ³ forcepoint680-escalate.txt ³ forti721-bypass.txt ³ fortinac_keyupload_file_write.rb.txt ³ frhed160-overflow.txt ³ gestionaleopen120000-unquotedpath.txt ³ googlechrome109-insecure.txt ³ grafana624-inject.txt ³ GS20230306144436.txt ³ GS20230313141819.tgz ³ GS20230316143751.tgz ³ GS20230317134218.tgz ³ GS20230317135224.tgz ³ GS20230317135918.tgz ³ GS20230317140600.tgz ³ GS20230320131339.tgz ³ hashicorpconsul10-exec.txt ³ hddhealth420112-unquotedpath.txt ³ hexworkshop67-dos.txt ³ hrms10-sql.txt ³ hrms10noauth-sql.txt ³ hss10un-sql.txt ³ ibooking108-shell.txt ³ impresscms143-sql.txt ³ inbitmessenger490-exec.txt ³ inbitmessenger490-overflow.txt ³ jms10-shell.txt ³ jms10-sql.txt ³ joomla427-disclose.rb.txt ³ labelstudio150-ssrf.txt ³ lavalite900-traversal.txt ³ lavasoftwc410409-unquotedpath.txt ³ linksysax32001100-exec.txt ³ lucee_scheduled_job.rb.txt ³ maneam0003324-xml.txt ³ mediaconta3723-unquotedpath.txt ³ mgs10-xss.txt ³ modxrevolution283pl-exec.txt ³ monitorr_webshell_rce_cve_2020_28871.rb.txt ³ moodlelms40-xss.txt ³ mssql-passwordhash.txt ³ mts10-xss.txt ³ mybbactivethreads130-xss.txt ³ mybbexportuser20-xss.txt ³ mybbexternalredirectwarning13-xss.txt ³ mybbforums1826-xss.txt ³ netbsd_hfs-main.zip ³ nvflare-deserialize.txt ³ odv19c-access.txt ³ ogts10-sql.txt ³ openbsd_tcpip_overflow-main.zip ³ open_web_analytics_rce.rb.txt ³ opo10-sql.txt ³ opoo10-sql.txt ³ opswatmetadc4211-escalate.txt ³ optergy_bms_backdoor_rce_cve_2019_7276.rb.txt ³ oracledb-disclose.txt ³ oracle_ebs_rce_cve_2022_21587.rb.txt ³ ossa10-sqlxssexec.txt ³ outline160-unquotedpath.txt ³ pom10-shell.txt ³ pom10-sql.txt ³ pom10-xss.txt ³ pythoncgidoc-xss.txt ³ qubesmiragefirewall083-dos.txt ³ rconfig397-sql.txt ³ realestatecrmpro57-sql.txt ³ realtimeautomation460mcbs5214-xss.txt ³ reqlogic113-xss.txt ³ resourcehacker36092-overflow.txt ³ rhms10-xss.txt ³ rielloups-bypass.txt ³ rpicamera10-bypass.txt ³ RSA_NETWITNESS_EDR_AGENT_INCORRECT_ACCESS_CONTROL_CVE-2022-47529.txt ³ rukovoditel321-xss.txt ³ SA-20230228-0.txt ³ SA-20230306-0.txt ³ scdbg10-dos.txt ³ shopify-xss.txt ³ sipxopenfire2104-exec.txt ³ smf211-exec.txt ³ sms695-dos.txt ³ solarwinds_amqp_deserialization.rb.txt ³ stms10-xss.txt ³ subrioncms421tooltip-xss.txt ³ sugarcrm_webshell_cve_2023_22952.rb.txt ³ sugarsync413-unquotedpath.txt ³ supermailer1120-dos.txt ³ supremabiostar2816-sql.txt ³ tapoc310130-bypass.txt ³ textpattern488-exec.txt ³ tftpd32se460-unquotedpath.txt ³ tomcat_rhel_based_temp_priv_esc.rb.txt ³ tunnelid-dos.txt ³ univiewnvr301-xss.txt ³ virtualreception10-traversal.txt ³ webgrind11-xssexec.txt ³ WebPower-UPS-DDOS.py.txt ³ webtareas24-shell.txt ³ webtareas24-xss.txt ³ webtareas24unauth-sql.txt ³ wifimouse1832-exec.txt ³ wkhtmltopdf0126-ssrf.txt ³ wondersharedrfone1296-escalate.txt ³ wpallimport367-exec.txt ³ wpforms178-xss.txt ³ wpjetpack114-xss.txt ³ wpnexforms79-sql.txt ³ wpnxmserverstack086-lfixss.txt ³ wpprofilebuilder390-missingauthz.txt ³ wptml-sql.txt ³ wpwatugnpubwoo-xss.txt ³ wpwoocommerce710-exec.txt ³ xskipperproxy013237-ssrf.txt ³ ycr10-sql.txt ³ ycrs10-xss.txt ³ youphptube78-lfi.txt ³ zoneminder-xssxsrf.txt ³ zwiiicms12204-exec.txt ³ zyxel_multiple_devices_zhttp_lan_rce.rb.txt ³ 202304-exploits ³ actfax1010-unquotedpath.txt ³ admanagerplus7122-exec.txt ³ adms10-accesscontrol.txt ³ agmsp10-sql.txt ³ agmsp10-xss.txt ³ aigitalwireless-exec.txt ³ aigitalwireless-xss.txt ³ aimonebvc204-overflow.txt ³ altenergypcsc125-exec.txt ³ answerdev103-accounttakeover.txt ³ apache24x-overflow.txt ³ apachetomcat101-dos.txt ³ arcsoftphotostudio600172-unquotedpath.txt ³ aspemail5602-escalate.txt ³ bangresto10-xss.txt ³ bangresto10multi-sql.txt ³ bgerp2231-xss.txt ³ binwalk232-exec.txt ³ bludit400rc2-escalate.txt ³ brainycp10-exec.txt ³ btcpaysever174-inject.txt ³ BulletProof_FTP_Server_2019.0.0.51.py.txt ³ buspassms10-xss.txt ³ cemv1407-xss.txt ³ chatgpt-xss.txt ³ chitorcms112-sql.txt ³ chitorcms112name-sql.txt ³ chromacam4030-unquotedpath.txt ³ churchcrm451-sql.txt ³ churchcrm453event-sql.txt ³ cialms514-xss.txt ³ citrix231111-escalate.txt ³ CVE-2022-44268-master.zip ³ CVE-2023-27350-main.zip ³ cwp709811147-exec.txt ³ dellemcpc5500-disclose.txt ³ dlinkdir846-exec.txt ³ dompdf121-exec.txt ³ dotclear2253-shell.txt ³ easynas110-exec.txt ³ ebankit6-dos.txt ³ ebankit6-xss.txt ³ elsismartfloor333-xss.txt ³ entaberp10-disclose.txt ³ erpnext1229-xss.txt ³ esetservice160260-unquotedpath.txt ³ ffsts550-disclose.txt ³ ffsts550-discloseidor.txt ³ filereplicationpro750-escalate.txt ³ filezilla3631-dllhijack.txt ³ flatnux20210325-exec.txt ³ fortirecorder643-dos.txt ³ froxlor203-exec.txt ³ fuxa11131186-exec.txt ³ gdideescms391-disclose.txt ³ geovisiongvadr2701-bypass.txt ³ gitlab153-exec.txt ³ glpi1002-sqlexec.txt ³ glpiactivity310-lfi.txt ³ glpicartography600-shell.txt ³ glpiinventory101-lfi.txt ³ glpime402-lfi.txt ³ gnuscreen490-escalate.txt ³ goanywhereeh711-exec.txt ³ GS20230410171218.tgz ³ GS20230410171551.tgz ³ GS20230410171746.tgz ³ GS20230413153431.tgz ³ GS20230413153910.tgz ³ GS20230418165507.tgz ³ GS20230421170737.tgz ³ GS20230421171253.tgz ³ GS20230421173314.tgz ³ gta3vcsf11-overflow.txt ³ hospitalrun100beta-escalate.txt ³ hotkeyclipboard2106-unquotedpath.txt ³ ibmasperafaspex441-deserialize.txt ³ ibminstana2x-missingauth.txt ³ icingaweb210-disclose.txt ³ internrs10-sql.txt ³ iwysiwygeditor54-shelltraversal.txt ³ kardexmlogmcc5712-exec.txt ³ kodexplorer449-xsrfshell.txt ³ ldaptbssp162-accounttakeover.txt ³ liferayportal625-insecure.txt ³ lrn208-exec.txt ³ mac1200r-traversal.txt ³ marsstealer83-takeover.txt ³ meadt15021118007-unquotedpath.txt ³ millegpg5592-escalate.txt ³ mma913-traversallfi.txt ³ modoboa204-takeover.txt ³ monitorr176-xss.txt ³ msexcel-spoof.txt ³ msexcel2302-exec.txt ³ msword-exec.txt ³ mts10-sql.txt ³ mvogms10-exec.txt ³ mybb1832-exec.txt ³ nacos203-accesscontrol.txt ³ netiqmfpe51-exec.txt ³ nokiaonensd17-escalate.txt ³ nokieonends209-escalate.txt ³ notrinoserp07-sql.txt ³ oahms10-xssdelete.txt ³ oas10-xss.txt ³ obs10process-sql.txt ³ ocls10-shell.txt ³ ocsing2300-unquotedpath.txt ³ opo10-shell.txt ³ paloaltocortexxsoar650-xss.txt ³ papercutngmg2204-bypass.txt ³ paradoxssipr512-dos.txt ³ pdfkit0872-exec.txt ³ pentahobaserveree9300428-sstiexec.txt ³ perfsonar445-xsrf.txt ³ pfsensece260-bypass.txt ³ photoshow30-exec.txt ³ phprestaurants10-sqlxss.txt ³ piwigo1360-xss.txt ³ polrurl230-takeover.txt ³ postgresql961-exec.txt ³ ppms1032-shell.txt ³ projectsendr1605-exec.txt ³ provideserver144-xssxsrfexec.txt ³ qdpm9x-xss.txt ³ repriserlm142bl4-xss.txt ³ rfm995-exec.txt ³ rms10-sql.txt ³ roxyfileman145-shell.txt ³ roxywi6100-exec.txt ³ roxywi6100-improperauth.txt ³ roxywi6110-exec.txt ³ rukovoditel331-exec.txt ³ schneiderelectric10-idor.txt ³ securepointutm12-disclose.txt ³ securepointutm12x-memoryleak.txt ³ serendipity240-shell.txt ³ serendipity240-xss.txt ³ sleuthkit4111-exec.txt ³ smg1074-xss.txt ³ snitzforum10-sql.txt ³ sophoswa43104-exec.txt ³ spip_rce_form.rb.txt ³ splashtop871120010-unquotedpath.txt ³ sqlmonitor12131893-xss.txt ³ stms10-disclose.txt ³ stms10-sql.txt ³ stms10oneclick-xss.txt ³ sudo1912p1-escalate.txt ³ swaggerui413-misrepresent.txt ³ telit-cinterion.tgz ³ tendan300f312010148-header.txt ³ titanftp2-traversal.txt ³ tplinktlwr902ac-exec.txt ³ trainsmart1044-sql.txt ³ TSI-ADV032023.txt ³ ums1321-xss.txt ³ unidata_udadmin_auth_bypass.rb.txt ³ unidata_udadmin_password_stack_overflow.rb.txt ³ unifiedremote3130-exec.txt ³ uptimekuma1196-xss.txt ³ vmware_workspace_one_access_cve_2022_22960.rb.txt ³ vmware_workspace_one_access_vmsa_2022_0011_chain.rb.txt ³ websitebaker2133-xss.txt ³ wimaxswc5100w-exec.txt ³ wondersharefilmora12292233-unquotedpath.txt ³ wpah11-xss.txt ³ wpdataaccess537-escalate.txt ³ wpfilemanager69-shell.txt ³ wplla171-xss.txt ³ wpmetformelementorcfb312-xss.txt ³ wppaidmembershipspro298-sql.txt ³ wpsimplefirewall17017-xss.txt ³ wpweaver-xss.txt ³ x2crm69-xss.txt ³ xcms183-exec.txt ³ yui2tv282-xss.txt ³ zcbszbbszpbs414-xss.txt ³ ZSL-2023-5755.txt ³ ZSL-2023-5756.txt ³ ZSL-2023-5757.txt ³ ZSL-2023-5758.txt ³ ZSL-2023-5759.txt ³ ZSL-2023-5760.txt ³ ZSL-2023-5761.txt ³ ZSL-2023-5762.txt ³ ZSL-2023-5763.txt ³ ZSL-2023-5764.txt ³ ZSL-2023-5765.txt ³ ZSL-2023-5766.txt ³ ZSL-2023-5767.txt ³ ZSL-2023-5768.txt ³ ZSL-2023-5769.txt ³ ZSL-2023-5770.txt ³ 202305-exploits ³ 1twoecommerce10-missingauth.txt ³ 2023ocr10-sql.txt ³ acart10-disclose.txt ³ acrepairservices10-sql.txt ³ admidio425-inject.txt ³ adobe_coldfusion_rce_cve_2023_26360.rb.txt ³ affiliateme501-sql.txt ³ ahm1256-unquotedpath.txt ³ aigitalwnr-bypass.txt ³ apachesuperset200-bypass.txt ³ applezeedayc20-sql.txt ³ applezeedaysc100-sql.txt ³ argondashboard2-sql.txt ³ bestposmgmtsys10-shell.txt ³ blogmagzcms10-xss.txt ³ bluditcms3141-xss.txt ³ camaleoncms270-ssti.txt ³ cameleoncms274-xss.txt ³ CDSR-20230511-0.txt ³ chitorcms112rollno-sql.txt ³ churchcrm454-xss.txt ³ civicrm559alpha1-xss.txt ³ cmaps80-sql.txt ³ cmaps80-xss.txt ³ cmaps890r-xss.txt ³ codebacker10-missingauth.txt ³ codebakers10-sql.txt ³ codigome101-exec.txt ³ CVE-2023-25394.pdf ³ CVE-2023-26818.pdf ³ e107232-xss.txt ³ easyphpwd141-exectraversal.txt ³ ebankit6-smsspoof.txt ³ ebiztechnocrats-sql.txt ³ emv21-xss.txt ³ epsonsx510w-dos.txt ³ escanmgmtconsole14014002281-sql.txt ³ escanmgmtconsole14014002281-xss.txt ³ esetforwarder160260-unquotedpath.txt ³ esg25-sql.txt ³ esg25-xss.txt ³ fg7stack_poc.py.txt ³ ficoomdm481-xss.txt ³ filethingie257-shell.txt ³ filmora12-unquotedpath.txt ³ fis10-sql.txt ³ flex1080-dos.txt ³ fss390024t4s-escalate.txt ³ fusioninvoice202310-xss.txt ³ gaanagawaana10-sql.txt ³ gaanagawaana10-xss.txt ³ getsimplecms3316-shell.txt ³ ggmp10-sqlxss.txt ³ ginmarkdowneditor074-exec.txt ³ glpi957-enumerate.txt ³ GS20230504142541.tgz ³ GS20230504142933.tgz ³ GS20230504143512.tgz ³ GS20230504144557.txt ³ GS20230505165717.tgz ³ GS20230509154909.tgz ³ GS20230511150756.tgz ³ GS20230511151023.tgz ³ GS20230511151556.tgz ³ GS20230511151850.tgz ³ GS20230511152144.tgz ³ GS20230511152456.tgz ³ GS20230511152747.tgz ³ GS20230511153336.tgz ³ GS20230511154004.tgz ³ GS20230511154513.tgz ³ GS20230531163207.txt ³ GS20230531163517.txt ³ housekit10-sql.txt ³ housekit10-xss.txt ³ hubstaff1614-dllhijack.txt ³ hyiplab21-insecure.txt ³ invscout_rpm_priv_esc.rb.txt ³ ivanti_avalanche_filestoreconfig_upload.rb.txt ³ jedox202025-xss.txt ³ jedox202025csp-exec.txt ³ jedox202025gs-exec.txt ³ jedox202025iac-disclose.txt ³ jedox202242-disclose.txt ³ jedox202242erpc-traversalexec.txt ³ jedox202242rpc-exec.txt ³ jobsportal36-insecure.txt ³ leadprocrm10-sql.txt ³ lostfound10-missingauth.txt ³ manageengine_adaudit_plus_authenticated_rce.rb.txt ³ mgsn127730010-unquotedpath.txt ³ millhouseproject1414-shell.txt ³ millhouseproject1414-xss.txt ³ mobilemouse3604v2-exec.txt ³ mobiletrans4011-weakpermissions.txt ³ newmvcshop10-sql.txt ³ oahm2022202310-sql.txt ³ ocms22-xss.txt ³ openemr701-bypassbrute.txt ³ opos10-shell.txt ³ optoma1080pstx-bypass.txt ³ oraclerman-missing.txt ³ papercut2204-exec.txt ³ pentaho_business_server_authbypass_and_ssti.rb.txt ³ phpfusion91030-xss.txt ³ phpmyfaq3112-inject.txt ³ pjsimplecms50-sql.txt ³ pjsimplecms50-xss.txt ³ pluckcms4718-xss.txt ³ pnpscada2x-sql.txt ³ podcastgenerator329-xss.txt ³ prestashop804-csvinject.txt ³ printerlogic10757-bypassxsssql.txt ³ projectsendr1605-disclose.txt ³ quicklancer10-sql.txt ³ reviveadserver541-xss.txt ³ rockmongo117-xss.txt ³ rolloutui05-xss.txt ³ roxywi6100ipb-exec.txt ³ rt-sa-2023-003.txt ³ rt-sa-2023-004.txt ³ rt-sa-2023-005.txt ³ SA-20230502-0.txt ³ SA-20230515-0.txt ³ SA-20230516-0.txt ³ SA-20230517-0.txt ³ SCHUTZWERK-SA-2022-001.txt ³ SCHUTZWERK-SA-2023-001.txt ³ scmmanager160-xss.txt ³ scrms2023-sql.txt ³ scs20150916-exec.rb.txt ³ seofriendly10-xss.txt ³ siemenssimatics71200cpu-xsrf.txt ³ sitemagiccms443-shell.txt ³ smartschool10-sql.txt ³ softexpertsuite213-lfi.txt ³ softofpm1120-dllhijack.txt ³ spms10-sql.txt ³ ssmt10-sql.txt ³ sudoedit_bypass_priv_esc.rb.txt ³ taw12-missingauth.txt ³ textpattern488-disclose.txt ³ therossiemp1414-shell.txt ³ trendmicroosc10-escalate.txt ³ twg25-exec.txt ³ twg25-xss.txt ³ ulicms20231-createadmin.txt ³ ulicms20231-shell.txt ³ ulicms20231-xss.txt ³ vaskarcourier320-insecure.txt ³ votab10-sql.txt ³ votab10-xss.txt ³ wbcecms161-xss.txt ³ wbizdesk12-sql.txt ³ wbizdesk12-xss.txt ³ wbizdesk12idtk-sql.txt ³ webkulqloapps152-xss.txt ³ wftpd325-disclose.txt ³ wolfcms0831-shell.txt ³ wpbackupmigration128-disclose.txt ³ wpbccb2101-xss.txt ³ wpcore620-traversalxssxsrf.txt ³ wpdownloadmanager3270-xss.txt ³ wpreviewx1613-escalate.txt ³ yanknote3521-exec.txt ³ zenphoto16-xss.txt ³ ZSL-2023-5771.txt ³ ZSL-2023-5772.txt ³ ZSL-2023-5773.txt ³ ZSL-2023-5774.txt ³ ZSL-2023-5775.txt ³ ZSL-2023-5776.txt ³ zyxel_lfi_unauth_ssh_rce.rb.txt ³ 202306-exploits ³ 3cxossippbxt203-xss.txt ³ aac20-disclose.txt ³ abc18-xss.txt ³ acart20-disclose.txt ³ acelleem3015-upload.txt ³ acelleem4025-upload.txt ³ acjwebdesigner10-sql.txt ³ acjwebdesigner10-xss.txt ³ acm10-insecure.txt ³ acmt227-sql.txt ³ aconcms12-insecure.txt ³ activeecomcms650-xss.txt ³ activenewspaper20-inject.txt ³ adisconloganalyzer415-xss.txt ³ afb20-upload.txt ³ afs21-xss.txt ³ aims100-sql.txt ³ alhotphparticlecms10-xsrf.txt ³ altisacms521-sql.txt ³ amcms14-inject.txt ³ amcms15-inject.txt ³ amcms16-inject.txt ³ amcms24-traversal.tt ³ amp305-disclose.txt ³ amss20-insecure.txt ³ amss42-insecure.txt ³ anuranansbadmin2-insecure.txt ³ apache_druid_cve_2023_25194.rb.txt ³ apccms305-xss.txt ³ apport-dosoverflow.tgz ³ apus10-xss.txt ³ asupershop152-inject.txt ³ atm411-sql.txt ³ atm55-addadmin.txt ³ atm57-disclose.txt ³ avs30-rfilfi.txt ³ avs82-rfilfi.txt ³ azureapacheambari-spoof.txt ³ barebonescms202-xss.txt ³ bbmachineforum10-xss.txt ³ bboardforum10-xss.txt ³ biigorder2-sql.txt ³ bludit-download.txt ³ cas10-xss.txt ³ cimg-exec.tgz ³ classifiedsads104-sql.txt ³ cloudpanel222-traversal.txt ³ cls18-xss.txt ³ cmmtcsw11-xss.txt ³ cmvdpm10-xss.txt ³ courselapcsw10-xss.txt ³ crmplatform18-xss.txt ³ CVE-2017-0141.tgz ³ CVE-2017-13782.tgz ³ CVE-2017-13904.tgz ³ CVE-2018-1000140.tgz ³ CVE-2018-11776.tgz ³ CVE-2018-4259.tgz ³ CVE-2018-4407.tgz ³ CVE-2018-5388.tgz ³ CVE-2019-13115.tgz ³ CVE-2019-17498.tgz ³ CVE-2019-3560.tgz ³ CVE-2019-3828.tgz ³ CVE-2019-6986.tgz ³ CVE-2020-11239.tgz ³ CVE-2020-12049.tgz ³ CVE-2020-12861.tgz ³ CVE-2020-15972.tgz ³ CVE-2020-6449.tgz ³ CVE-2021-30528.tgz ³ CVE-2021-30632.tgz ³ CVE-2021-3560.tgz ³ CVE-2021-37975.tgz ³ CVE-2021-3939.tgz ³ CVE-2021-4115.tgz ³ CVE-2022-22057.tgz ³ CVE-2023-2283.tgz ³ CVE-2023-34096-exploit.py.txt ³ CVE-2023-34362-master.zip ³ CVE_2022_1134.tgz ³ CVE_2022_20186.tgz ³ CVE_2022_25664.tgz ³ CVE_2022_38181.tgz ³ CVE_2022_46395.tgz ³ cve_2023_21839_weblogic_rce.rb.txt ³ delta_electronics_infrasuite_deserialization.rb.txt ³ diafancms60-xss.txt ³ easyanswer101-xsrf.txt ³ easyanswer101-xss.txt ³ ejpms10-sql.txt ³ elearningses10-sql.txt ³ emvetb10-xss.txt ³ ere10-sql.txt ³ ere10-xss.txt ³ esp10-sql.txt ³ eventbookingcalendar18-xss.txt ³ eventscript21-xss.txt ³ expertjpms10-xss.txt ³ expertxjobsportalrb10-xss.txt ³ faqscript23-xss.txt ³ fastcmsblogging310-xss.txt ³ fcredbullsalzburg519r-auth.txt ³ fes10-shell.txt ³ flexense10624-overflow.rb.txt ³ fmas232-exec.txt ³ funeralscript31-xss.txt ³ gbscript22-xss.txt ³ GHSL-2020-165.tgz ³ GHSL-2023-005.tgz ³ groomify10-sql.txt ³ GS20230619145910.tgz ³ GS20230627135655.txt ³ GS20230630140844.txt ³ GS20230630141055.txt ³ gzas18-xss.txt ³ gzelp18-xss.txt ³ gzfs18-xss.txt ³ gzhbs18-xss.txt ³ gzmhbs18-xss.txt ³ hisecos04001-escalate.txt ³ hms10-xss.txt ³ hvciscan-dllhijack.txt ³ inlislite31-insecure.txt ³ instagram287002285-dos.txt ³ jobboard10-shell.txt ³ jobpilot261-sql.txt ³ kesioncmsasp95-addadmin.txt ³ kesioncmsx20-addadmin.txt ³ kesioncmsx95-addadmin.txt ³ learndesk10-xss.txt ³ macroexpert49-unquotedpath.txt ³ magentoecom240-disclose.txt ³ magicai155r-xss.txt ³ manageengine_admanager_plus_cve_2023_29084_auth_cmd_injection.rb.txt ³ mclnet4358788-disclose.txt ³ menorahrestaurant100-insecure.txt ³ motocms343-sql.txt ³ moveit_cve_2023_34362.rb.txt ³ movierocket10-xss.txt ³ mrmver10-xss.txt ³ ms365mso-exec.txt ³ msexcel365mso-exec.txt ³ msoffice-exec.txt ³ msonenote2305-spoof.txt ³ mssharepoint-spoof.txt ³ mswindows1122h2-escalate.txt ³ mvcshop05-traversal.txt ³ mvcshop05-xss.txt ³ mybbfavicon10-xss.txt ³ nchei-takeover.txt ³ netxpertscms01-sql.txt ³ newsletterscript24-xss.txt ³ newsscriptpro24-xss.txt ³ nmbloglite21-xss.txt ³ nmphphotelsite20-xss.txt ³ nmtjs10-xss.txt ³ nodcms341-xss.txt ³ nokiaasika71352-disclose.txt ³ oagp10-upload.txt ³ oesp10-xsrf.txt ³ oicms8-sql.txt ³ omnicart340-xss.txt ³ onestcrm10-xss.txt ³ oscommerce4-lfi.txt ³ osghs10-xss.txt ³ osp109142602-lfi.txt ³ osp109142602-traversal.txt ³ osp109142602-xss.txt ³ otas10-sql.txt ³ p2scms01-xss.txt ³ pannresidencecms73-xsrf.txt ³ papercut_ng_auth_bypass.rb.txt ³ pesprocms197-addadmin.txt ³ photogallery20-xss.txt ³ photoswipe537-filedownload.txt ³ phpanalyzer204-insecure.txt ³ phpcardealer30-xss.txt ³ phpfk80-xss.txt ³ phpjabbersfs30-pxss.txt ³ phpjabbersfs30-xss.txt ³ phpjabberskbb30-xss.txt ³ phpjabberssbs41-xss.txt ³ phplive31-xss.txt ³ phpmail50-xss.txt ³ phponlineschool10-xss.txt ³ piyanas01-xsrf.txt ³ pls10-xss.txt ³ polycombtoeconn4400-overflowmitm.txt ³ prestashopwinbizpayment-poorcontrol.txt ³ projectsendr1605-csvinject.txt ³ projectsendr1605-xss.txt ³ prologin19-idor.txt ³ PSTrojanFile.txt ³ ptclab35-insecure.txt ³ purledp10-idor.txt ³ pyload050-exec.txt ³ qhrealestatecms13-xss.txt ³ qjportal61-xss.txt ³ qlfreelancemp24-xss.txt ³ QSA-RenderDoc.txt ³ Qualcomm-NPU.tgz ³ quickadcms73-xsrf.txt ³ rentequipmpr10-xss.txt ³ restcafewebsitecms200-insecure.txt ³ rocketlms17-xss.txt ³ rt-sa-2022-004.txt ³ rukovoditel331-csvinject.txt ³ scriptio14-xss.txt ³ simpleblog32-xss.txt ³ simpleforum27-xss.txt ³ smartofficeweb2028-discloseidor.txt ³ spip421-exec.txt ³ spip423-sql.txt ³ sscms10-xss.txt ³ stms10-inject.txt ³ symantecsmwa1252-xss.txt ³ symmetricom_syncserver_rce.rb.txt ³ systemknvr-exec.txt ³ tbs18-xss.txt ³ tendaac6ac1200-xss.txt ³ terramaster_unauth_rce_cve_2020_35665.rb.txt ³ terramaster_unauth_rce_cve_2021_45837.rb.txt ³ terramaster_unauth_rce_cve_2022_24990.rb.txt ³ textpatterncms488-exec.txt ³ theshop25-sql.txt ³ thinucmsblogsystem15-sql.txt ³ thinucmsblogsystem15-xss.txt ³ totalcms174-shell.txt ³ totalcms174-xss.txt ³ trms10-bypass.txt ³ tsbc18-xss.txt ³ ub103beta-shell.txt ³ usbfdc4100-unquotedpath.txt ³ vrs18-xss.txt ³ wgticket10-xss.txt ³ wizcyb20-sql.txt ³ wpabandonedcart5142-bypass.txt ³ wpaclwc5142-bypass.txt ³ wpbackupwordpress38-disclose.txt ³ wpbookit237-bypass.txt ³ wpcircleprogress10-xss.txt ³ wpdirectorist754-idor.txt ³ wpduplicator-disclose.txt ³ wpduplicator405-disclose.txt ³ wpenvato207-disclose.txt ³ wpfilemanagerpro717-disclose.txt ³ wpfmp831-disclose.txt ³ wpggb183-ssrf.txt ³ wpgooglemaps9017-disclose.txt ³ wpkero2386-sql.txt ³ wplearndashlms460-idor.txt ³ wpslr764-bypass.txt ³ wpstickysocial101-xsrfxss.txt ³ wpsupersocializer71352-xss.txt ³ wpthememedic100-weakcontrol.txt ³ wpthemeworkreap222-exec.txt ³ wptouchpro4-disclose.txt ³ wptreepageview167-xss.txt ³ wpunyson2728-disclose.txt ³ wpupdraft061-disclose.txt ³ xenforo2213-xss.txt ³ xoopscms2510-xss.txt ³ ziprarfileextractor57-xss.txt ³ ZSL-2023-5777.txt ³ ZSL-2023-5778.txt ³ ZSL-2023-5779.txt ³ ZSL-2023-5780.txt ³ zstore654-disclose.txt ³ zyxel_ike_decoder_rce_cve_2023_28771.rb.txt ³ 202307-exploits ³ aatheshsoftcms030-xss.txt ³ abbflowx400-disclose.txt ³ abcphp-uploadxss.txt ³ abdl213-xss.txt ³ academylms515-xss.txt ³ acmt227-sqlupload.txt ³ acmt227-xss.txt ³ activess15-inject.txt ³ admidio4210-exec.txt ³ adminabulgaria10-insecure.txt ³ adveriscms30-xss.txt ³ agvirtuesgaleria20-sql.txt ³ ahmcms301-sql.txt ³ ahmlms20-insecure.txt ³ ahmlms20-xsrf.txt ³ ahrm16-idor.txt ³ ahsb223-upload.txt ³ aicteindialms30-sql.txt ³ alkaconopencms150-xss.txt ³ amazons3droppy146-shell.txt ³ ams516-sql.txt ³ amslogistics22-sql.txt ³ amss52109-sql.txt ³ angularjsfm151-shell.txt ³ anuranansbadmin20-sql.txt ³ apache_rocketmq_update_config.rb.txt ³ apnatrademarkcms25-sql.txt ³ apphpmicrocms101-inject.txt ³ applezeedcms20-insecure.txt ³ applezeedcms20-sql.txt ³ arabinfotechcms20-xss.txt ³ arabinfotechcms201-xss.txt ³ archoncms314-xss.txt ³ ariadnacms03-xss.txt ³ arlisistem30-sql.txt ³ articart201-xssredirect.txt ³ artistrylimitedlms05-insecure.txt ³ artistrylimitedlms05-sql.txt ³ asanhamayeshcms346-traversal.txt ³ asikcms109-lfi.txt ³ asikcms109-rfi.txt ³ asscms102-xsrf.txt ³ atomcms20-traversal.txt ³ attestimonialscms12-missingauth.txt ³ avgas75-unquotedpath.txt ³ avidimedia20-insecure.txt ³ backdropcms1251-xss.txt ³ balajicms103-sql.txt ³ bannermgmtcms10-disclose.txt ³ bbamcms11-idor.txt ³ bbook57-upload.txt ³ bdcms2-disclose.txt ³ bdschoolslms102-xss.txt ³ bdsfl164-disclose.txt ³ beautysalonms10-sql.txt ³ bfcms10-sql.txt ³ bg5lib-xss.txt ³ bigwareshop23-xss.txt ³ bigwareshopcms21-idor.txt ³ bismi20-idor.txt ³ bkmobilecms150-sql.txt ³ blackboard202-disclose.txt ³ blackcatcms14-shell.txt ³ blackcatcms14-xss.txt ³ blogator093-xss.txt ³ blogatorscript093-insecure.txt ³ bloly13-addadmin.txt ³ bloly13-sql.txt ³ bloodbank10-idor.txt ³ bloodbank10-xss.txt ³ bloodbank11-sql.txt ³ bloodbank11-xss.txt ³ bluelaat10-idor.txt ³ bmitbms21-sql.txt ³ bmitcms10-insecure.txt ³ bobec092019-sql.txt ³ bookingwiz55-disclose.txt ³ bookingwizz550-sql.txt ³ boomchat30-shell.txt ³ brcms10-disclose.txt ³ brigadasoftcms21-sql.txt ³ brightcubelms201-sql.txt ³ brsiscms102-sql.txt ³ brsiscms102-xss.txt ³ brsscms21-sql.txt ³ bslsw232-escalate.txt ³ bslswphpt232-xss.txt ³ buzzynvlpv131-insecure.txt ³ buzzynvlpv132-insecure.txt ³ buzzynvlpv14-insecure.txt ³ buzzynvlpv2-insecure.txt ³ buzzynvlpv251-insecure.txt ³ buzzynvlpv252-insecure.txt ³ bwcms19-sql.txt ³ bwdcmcms011-sql.txt ³ c3imcms20-xss.txt ³ cakephptestsuite270-xss.txt ³ candooscms20-sql.txt ³ carlisting16-sql.txt ³ carlisting16-xss.txt ³ carrentalscript18-xss.txt ³ catpopstbcms40-xss.txt ³ cbmsgms460-insecure.txt ³ cbmsgms460-sql.txt ³ cbscms120-insecure.txt ³ cbts10-lfi.txt ³ ccomeventscms0102-shell.txt ³ ccomeventscms0102-sql.txt ³ ccreip10-sql.txt ³ ccreip10-xss.txt ³ cheveretocms370-hpp.txt ³ chipsacms102-xss.txt ³ chrome_webgpu_crash.txt ³ ciscoucsimcsupervisor2200-bypass.txt ³ ciuiscrm107-addadmin.txt ³ ciuiscrm107-lfi.txt ³ clarityppm1430298-xss.txt ³ clipshare414-xss.txt ³ cmbc15-sql.txt ³ cmsbmpm100-xss.txt ³ cmscb100-xsrf.txt ³ cmsctwebcreative10-xss.txt ³ cmsdcreations10-sql.txt ³ cmsdosma50-idor.txt ³ cmsemlakscripti2-xss.txt ³ cmsengeplus201-xss.txt ³ cmsgrafia7-sql.txt ³ cmsiqdigital20-xss.txt ³ cmsjerusalemwf13-traversal.txt ³ cmsmadesimple2217-exec.txt ³ cmsmadesimple2217-ssti.txt ³ cmsmadesimple2217-xss.txt ³ cmsnaivescripters301-xss.txt ³ cmsnak12-insecure.txt ³ cmsnexinengine20-insecure.txt ³ cmsninesol10-xss.txt ³ cmsporviax20-sql.txt ³ cmssaudisoftech502-sql.txt ³ cmsshop1-xss.txt ³ cmssirfth206-xss.txt ³ cmstssest100-sql.txt ³ cmsusd14-shell.txt ³ cmsusd14-xss.txt ³ cmvcshoplms210-sql.txt ³ copyparty182-traversal.txt ³ copyparty186-xss.txt ³ daillytools-exec.txt ³ dbdecomm206-sql.txt ³ dlinkdap1325-idor.txt ³ dmc20-disclose.txt ³ ecommerce115-xss.txt ³ epmcrm50-xss.txt ³ exrate10-xss.txt ³ fes10-sql.txt ³ finounce10-xss.txt ³ foodyfriend10-uploadxss.txt ³ frappe1340-exec.txt ³ fuguhub81-exec.txt ³ gamejackal5-unquotedpath.txt ³ gilacms1109-exec.txt ³ greenshot1210-exec.txt ³ GS20230702181333.tgz ³ GS20230704140821.tgz ³ GS20230705144631.tgz ³ GS20230717133256.tgz ³ hvhsdsa71024-sql.txt ³ icingaweb210-exec.txt ³ icogenie10-xss.txt ³ inoutbcfe30-sql.txt ³ inoutseaie11-xss.txt ³ insurance12-xss.txt ³ iobcae20-sql.txt ³ iobcep101-sql.txt ³ jms124-sql.txt ³ jobportalcms2302-sql.txt ³ jobseeker15-xss.txt ³ joomlabooking249-enumerate.txt ³ joomlafireboard13-sql.txt ³ joomlahikashop474-xss.txt ³ joomlahotelguide10-xss.txt ³ joomlaipropertyrealestate411-xss.txt ³ joomlajomestate40-sql.txt ³ joomlajsngruvepro210-traversal.txt ³ joomlasolidres2133-xss.txt ³ joomlavirtuemart26122-sql.txt ³ joomlavmsc4012-xss.txt ³ keepersecurity-dump.txt ³ lawyercms16-xss.txt ³ ldlp30-upload.txt ³ ldlp30-xss.txt ³ lfis10-sql.txt ³ masterylms12-xss.txt ³ minestack10-xss.txt ³ mojobox14-replay.txt ³ montage10-xss.txt ³ moodating12-xss.txt ³ mremoteng17731784nb-disclose.txt ³ msoffice36518230512220-exec.txt ³ msoutlook365-exec.txt ³ mtpws127-unquotedpath.txt ³ nedalcms12-sql.txt ³ netlifycms210192-xss.txt ³ newsportal40-sql.txt ³ nicecms208-insecure.txt ³ octobercms344-xss.txt ³ openfire_auth_bypass_rce_cve_2023_32315.rb.txt ³ opms10-shell.txt ³ perch32-exec.txt ³ perch32-xss.txt ³ pfsense_config_data_exec.rb.txt ³ phpfk92beta-sqlxss.txt ³ phpfm179-bypassshell.txt ³ pimpmylog1714-escalate.txt ³ piwigo1370-xss.txt ³ pluck4718-shell.txt ³ pluckcms4718-exec.txt ³ podcastgenerator329-ssrf.txt ³ poscodekop20-shell.txt ³ ppms1041-xss.txt ³ prestashop804-xss.txt ³ qatannapos10-sql.txt ³ QSA-OpenSSH.txt ³ quickaiopenai381-sql.txt ³ quickjob61-sql.txt ³ quickorder637-sql.txt ³ quickqr637-sql.txt ³ quickvcard21-sql.txt ³ raidenftpd244005-overflow.txt ³ recipepoint19-sql.txt ³ restcaferwcms200-xss.txt ³ RoomCast-TA-2400.pdf ³ rosariosis1084-csvinject.txt ³ rpmcrm241-lfi.txt ³ rt-sa-2023-001.txt ³ rudder_server_sqli_rce.rb.txt ³ rukovoditel341-xss.txt ³ SA-20230627-0.txt ³ SA-20230628-0.txt ³ SA-20230703-0.txt ³ SA-20230705-0.txt ³ sassbiller10-xss.txt ³ smartermail_rce.rb.txt ³ socg10-xss.txt ³ springcloud322-exec.txt ³ ssfinder36-sql.txt ³ ssialms193-xss.txt ³ statamic470-xss.txt ³ strawberry119-xss.txt ³ superstorefinder36-sql.txt ³ tplinktlwr740n-traversal.txt ³ tplinktlwr940n4-overflow.txt ³ travelable10-xss.txt ³ vacationrental18-xss.txt ³ vaidyamitra10-sql.txt ³ virtualfreer157-xss.txt ³ VL-2274.txt ³ VL-2276.txt ³ VL-2278.txt ³ VL-2285.txt ³ VL-2286.txt ³ VL-2317.txt ³ VL-2321.txt ³ VL-2323.txt ³ VL-2324.txt ³ VL-2327.txt ³ vmware_vrni_rce_cve_2023_20887.rb.txt ³ wbce161-xss.txt ³ wbcecms161-redirectxsrf.txt ³ wd_mycloud_unauthenticated_cmd_injection.rb.txt ³ WebPower-UPS-DDOS.py.txt ³ websitebaker2133-traversal.txt ³ websitebaker2133svg-xss.txt ³ weddingwonders10-xss.txt ³ wintercms122-xss.txt ³ wondercms06beta-disclose.txt ³ wpangradebook501-sql.txt ³ wpautocomplete104-sql.txt ³ wpbrutalai-sqlxsrf.txt ³ wpbrutalai-xss.txt ³ wpbrutalai2x-xss.txt ³ wpchurchopert47x-traversal.txt ³ wpduplicator387-disclose.txt ³ wpduplicator388-disclose.txt ³ wpeventsmanager561-sql.txt ³ wpfid18-xsrfssrf.txt ³ wpimageoptimization382-redirect.txt ³ wpkaptheme20-traversal.txt ³ wploginconfigurator21-xss.txt ³ wploginrebuilder-xss.txt ³ wpoxygentheme78-traversal.txt ³ wppbkc281-xss.txt ³ wppbkc296-redirect.txt ³ wppbkc296-xss.txt ³ wppgkc295-redirect.txt ³ wpprepostseo30-xss.txt ³ wpseoalert159-xss.txt ³ wpseoby10web-xss.txt ³ wpsruccss465-traversal.txt ³ wptablesome-xss.txt ³ wpupartsthemes49x-traversal.txt ³ wpuserreg302-shell.txt ³ wp_plugin_fma_shortcode_unauth_rce.rb.txt ³ wsua31-sql.txt ³ xampp824-unquotedpath.txt ³ xelcms11-xsrf.txt ³ xforupsfu10-sql.txt ³ xlagenda44-xsrf.txt ³ xoodigital210-xss.txt ³ yourdoctorcms14-idor.txt ³ zamancms10-xss.txt ³ zomplog39-exec.txt ³ zomplog39-pxss.txt ³ ZSL-2023-5781.txt ³ zuzcms10-xss.txt ³ 202308-exploits ³ aca2140-disclose.txt ³ academylms60-xss.txt ³ academylms61-uploadxss.txt ³ adisconloganalyzer4113-xss.txt ³ advantecheki12-xss.txt ³ amss61-sql.txt ³ amss611-sql.txt ³ apache_nifi_h2_rce.rb.txt ³ bdms10-xss.txt ³ bds32-sql.txt ³ bookingwizz601-disclose.txt ³ campcodesomws33-xss.txt ³ cca30-sql.txt ³ cct95-addadmin.txt ³ cdpiws325-xsrf.txt ³ chamilo_unauth_rce_cve_2023_34960.rb.txt ³ chatonesnps16-addadmin.txt ³ cheveretocms370-sql.txt ³ citrix_formssso_target_rce.rb.txt ³ cityvarietycms12-sql.txt ³ cityvarietylms22-xss.txt ³ cms351-sql.txt ³ cmsbmgii40-sql.txt ³ cmsbmgii40-xss.txt ³ cmsgeneticscentre401-sql.txt ³ cmspro50-sql.txt ³ cmssite10-escalate.txt ³ cmsusina223-xsrf.txt ³ codoforum34-upload.txt ³ codoforum521-upload.txt ³ comfexcms2010-sql.txt ³ comfexcms2010-xss.txt ³ composeitcms20-secrets.txt ³ composeitcms20-sql.txt ³ conferencemgmtsys351-sql.txt ³ connectixboards052-rfi.txt ³ connectixboards052-sql.txt ³ cooladmin120-sqlbypass.txt ³ couponscms400-redirect.txt ³ couponscms600-redirect.txt ³ couponscms700-redirect.txt ³ courierdeprixa25-xsrf.txt ³ cpcms102-xss.txt ³ cpg10-sql.txt ³ cpgpr8120-exec.txt ³ creditlite154-sql.txt ³ crmea90-traversal.txt ³ cryptolivecms10-sql.txt ³ csccms100-insecure.txt ³ csccms100-sql.txt ³ ctvdc142-download.txt ³ cvanavdawcms01-xss.txt ³ cyberinfinitecms10-sql.txt ³ dabcms100-xss.txt ³ datadrivencms041-disclose.txt ³ datalifeengine10-sql.txt ³ datoocds10-htmlinject.txt ³ datoocds10-insecure.txt ³ dbcinfotechcms20-reinstall.txt ³ dbcompcms12-xss.txt ³ dbgcms10-xss.txt ³ deprixa325-sql.txt ³ deprixa325-xsrf.txt ³ desenvolvidoc3imcms20-xss.txt ³ dexxcmshsb223-upload.txt ³ dieboldnvvc531-dllhijack.txt ³ digasell100-xss.txt ³ digiaselldsphps100-sql.txt ³ digishacms127-sql.txt ³ dmiscrilms20-sql.txt ³ doktephpsnp118-xss.txt ³ dolibarr1701-xss.txt ³ domacms10-xss.txt ³ doorgets12-disclose.txt ³ doorgetscms12-shell.txt ³ doorgetscms70-shell.txt ³ doorgetscms70admin-disclose.txt ³ doubleclickadmin1-xsrf.txt ³ driverpacksolutioncms1711108-xss.txt ³ dynamicjournalcms25-disclose.txt ³ e2distrcms2853-disclose.txt ³ eabws16-overflowxss.txt ³ easy2pilot7-sql.txt ³ easymemberpro30-idor.txt ³ easypxcms060204-xss.txt ³ ebizcms20-xsrf.txt ³ ecommgrowiseicms2-insecure.txt ³ ecommresp12-idor.txt ³ edencms102-xss.txt ³ efuncms50-xml.txt ³ ehatocms10-redirect.txt ³ ehatocms10-xss.txt ³ eitubeyoutubeapi3-sql.txt ³ eitubeyoutubeapi3-xss.txt ³ ejournalhomoeocms203-sql.txt ³ elevelcms10-sql.txt ³ elitecmspro201-sql.txt ³ elitius10-disclose.txt ³ emaarreagds57-shell.txt ³ emagicdcms60-exec.txt ³ emhcms01-xss.txt ³ emiswebschoolcms1-sql.txt ³ eneblurcms10-sql.txt ³ enmsagl116-disclose.txt ³ enum_azuresubdomains.rb.txt ³ epartenairelms100-xss.txt ³ epm11-disclose.txt ³ epmcrm31-insecure.txt ³ erimupload4-disclose.txt ³ etiscrm17-sql.txt ³ etiscrm17-traversal.txt ³ etiscrm17-xss.txt ³ eventlocationscms101-shell.txt ³ eventlocationscms101-xss.txt ³ evsanatiradyo10-insecure.txt ³ evsanatiradyo10-shell.txt ³ ewncms40-disclose.txt ³ ewp211-xss.txt ³ faramelkestatecms150-disclose.txt ³ fasttechcms10-sql.txt ³ fasttechcms10-xsrf.txt ³ fireshopacms23-upload.txt ³ fixbookrsmt22-disclose.txt ³ fixbookrsmt30-disclose.txt ³ flatapppad10-sql.txt ³ fleetcartles112-insecure.txt ³ flightpathlms482-idor.txt ³ flightpathlms482-xss.txt ³ flightpathlms50rc2-idor.txt ³ flightpathlms50rc2-xss.txt ³ fluentcms100-sql.txt ³ fmits20-sql.txt ³ foccuswebcms01-xss.txt ³ fogforum08-xss.txt ³ foodieecms101-idor.txt ³ foodieeofowa100-insecure.txt ³ foodieeofowa100-xss.txt ³ formalms14-disclose.txt ³ forumfiresoftboard030-xss.txt ³ freshrss1111-htmlinject.txt ³ gdi20-htmlinject.txt ³ gdi20-xss.txt ³ gdm2522-overflow.txt ³ geeklog210b1-disclose.txt ³ geeklog210b1-sql.txt ³ gensecurity40-sql.txt ³ gensecurity40-xss.txt ³ getsimplecms332-xss.txt ³ ggcorporatecms10-sql.txt ³ ggcorporatecms10-xss.txt ³ gmsmse10-sql.txt ³ gnomefiles434-escalate.txt ³ gomplayer23905360-mitm.txt ³ gracehrm103-traversal.txt ³ gravigracms10-sql.txt ³ grawlix151-xss.txt ³ grawlixcms111-xss.txt ³ greenshot_deserialize_cve_2023_34634.rb.txt ³ greeva20-sql.txt ³ groupoffice3421-traversal.txt ³ GS20230810151726.tgz ³ GS20230810152050.tgz ³ GS20230810152505.tgz ³ GS20230810152741.tgz ³ GS20230818142737.tgz ³ gustorecipesmgmt151-insecure.txt ³ gustorecipesmgmt151-xss.txt ³ h2_webinterface_rce.rb.txt ³ haascms10-xss.txt ³ haraj11-addadmin.txt ³ hasanmwb1-addadmin.txt ³ hasanmwb1-xss.txt ³ hellogtxtpcrm16-idor.txt ³ hesktrlcms1-xss.txt ³ highpluscms013-sql.txt ³ hloun100-insecure.txt ³ hmsrps157-xss.txt ³ hospitalhms2-sql.txt ³ hospitalhms27-sql.txt ³ hpboost40-addadmin.txt ³ hrmsaas219-insecure.txt ³ hsbookingcms279-sql.txt ³ hudaallahlinkercms10-xss.txt ³ humanresourcepms14-disclose.txt ³ humbertocaldascms013-xss.txt ³ humhub1313-traversal.txt ³ hyiprio21-upload.txt ³ i2softcms20-idor.txt ³ ibillingcrm450-idor.txt ³ igallery34db-disclose.txt ³ imaxcms10-sql.txt ³ imghosting12-xss.txt ³ innovinscms47-sql.txt ³ inosoftvisin7-escalate.txt ³ interphoto230-shell.txt ³ invasordiagonalcms10-xss.txt ³ iqmedyacms20-xss.txt ³ islamcms10-exec.txt ³ joomlajlexgb164-xss.txt ³ joomlajlexreview601-xss.txt ³ jorani103-xss.txt ³ jorani_path_trav.rb.txt ³ juniper-rce_cve-2023-36844-main.zip ³ KIS-2023-05.txt ³ KIS-2023-06.txt ³ KIS-2023-07.txt ³ KIS-2023-08.txt ³ KIS-2023-09.txt ³ KL-001-2023-001.txt ³ KL-001-2023-002.txt ³ KL-001-2023-003.txt ³ kolibri20-overflow.txt ³ lucee54217-xss.txt ³ maltrail053-exec.txt ³ maltrail_rce.rb.txt ³ metabase_setup_token_rce.rb.txt ³ moosocial318-xss.txt ³ odlm10-sql.txt ³ oidg10-sqlshell.txt ³ outsystemsss115330-dllhijack.txt ³ ovoompcms333-sql.txt ³ ozekismsgateway103208-fileread.txt ³ perchcms32-xss.txt ³ phoenixctcc2-xssdos.txt ³ phpjabbersbds32-xssxsrf.txt ³ phpjabbersprs10-xss.txt ³ phpjabbersvrs40-xsrf.txt ³ phpjabc50-xss.txt ³ phpjbrs11-sql.txt ³ phpjbrs11-xss.txt ³ phpjcb10-xss.txt ³ phpjncb10-xss.txt ³ phpjrpb20-xss.txt ³ phpjsbs10-xss.txt ³ phpjservicebs10-xss.txt ³ phpjtb20-xss.txt ³ phpvalleymj201-idor.txt ³ pyrocms39-ssti.txt ³ raspap_rce.rb.txt ³ requestsbaskets121-ssrf.txt ³ reyeeos12041614-mitm.txt ³ savantws31-overflow.txt ³ shellypro4pm0110-bypass.txt ³ socialcommerce316-xss.txt ³ spacartecomcm1903-sql.txt ³ spacartecomcms1903-xss.txt ³ subrion_cms_file_upload_rce.rb.txt ³ SYSS-2022-052.txt ³ SYSS-2022-054.txt ³ SYSS-2022-055.txt ³ SYSS-2023-011.txt ³ systemd246-escalate.txt ³ taskhubcrmtool286-sql.txt ³ tplinkarcherax21-exec.txt ³ TRSA-2303-01.txt ³ tsplus1600-insecure.txt ³ tsplus1600f-insecure.txt ³ tsplus160214-inscure.txt ³ urlums30-sql.txt ³ urlums30-xss.txt ³ uvdesk113-shell.txt ³ uvdesk114-xss.txt ³ videoflixcms13-insecure.txt ³ videoplay130-insecure.txt ³ videoprocms20-insecure.txt ³ videowhisperconf101-xss.txt ³ virtualsnipersdms10-sql.txt ³ virtuescpanelcms10-sql.txt ³ virtuscpanelcms10-sql.txt ³ vnms22-insecure.txt ³ vocbseco13-disclose.txt ³ voodochat13-xss.txt ³ voodoochat10rc1b-disclose.txt ³ wchat16-htmlinject.txt ³ webcalendar13-xsrf.txt ³ webcodercms10-sql.txt ³ webcomcms10-sql.txt ³ webeditioncms2988-exec.txt ³ webeditioncms2988-xss.txt ³ webincorpcms10-xss.txt ³ webinstamm13-disclose.txt ³ webportalpeoplecms28-redirect.txt ³ webportalpeoplecms28-xss.txt ³ webstock30-idor.txt ³ webutler32-shell.txt ³ webwizforums1206-disclose.txt ³ webwizforums1206-sql.txt ³ wolfcms081-addadmin.txt ³ wondercms06beta-rfi.txt ³ wpadihavatp23-sql.txt ³ wpadivahatravel23-xss.txt ³ wpcore562-xpath.txt ³ wpdfc17012-escalate.txt ³ wpeventoncalendar44-idor.txt ³ wpeventoncalendar44post-idor.txt ³ wpforminator1246-shell.txt ³ wpninjaforms3625-xss.txt ³ wppgswi377-bypass.txt ³ wpwpm264-escalate.txt ³ xlightftp3936-overflow.txt ³ xzengine17-addadmin.txt ³ yourdoctorcms15-idor.txt ³ ZSL-2023-5782.txt ³ ZSL-2023-5783.txt ³ ZSL-2023-5784.txt ³ 202309-exploits ³ 202308-exploits.tgz ³ academylms62-sql.txt ³ academylms62-xss.txt ³ adminltepihole518-access.txt ³ apache_airflow_dag_rce.rb.txt ³ atlasvpn103-disclose.txt ³ aunair160se-xssdos.txt ³ axigen10-xss.txt ³ bbdms22-xss.txt ³ cbs10-xss.txt ³ cinemabookingsystem10-xss.txt ³ clcknshop100-sql.txt ³ clicknshop100-xss.txt ³ cszcms130-xss.txt ³ CVE-2022-44898_MSIO64_xort.zip ³ CVE-2023-28809.tgz ³ CVE-2023-34039-main.zip ³ cve_2023_28252_clfs_driver.rb.txt ³ dlinkdph400se-disclose.txt ³ drupal1012-poison.txt ³ ebc40-xss.txt ³ elasticsearch853-overflow.txt ³ ers10-sql.txt ³ eventts10-xss.txt ³ filemagegateway1109-lfi.txt ³ firefox117-dos.txt ³ fosims10-sql.txt ³ freefloatftpserver10-overflow.txt ³ fundraisingscript10-sql.txt ³ gomplayer23905360-overflow.txt ³ GS20230902130835.tgz ³ GS20230904171659.txt ³ GS20230906164848.tgz ³ GS20230908204616.tgz ³ GS20230908204945.tgz ³ GS20230911161531.tgz ³ GS20230915134449.txt ³ GS20230929143528.tgz ³ humhunb1313-shell.txt ³ imcas162-xss.txt ³ imghosting13-htmlinject.txt ³ imghosting13-sql.txt ³ imghosting13-xss.txt ³ impresscms139-redirect.txt ³ impressiontechcms14-sql.txt ³ islamntcms210-addadmin.txt ³ islamntcms210-xss.txt ³ ismilesoftcms030-addadmin.txt ³ ismilesoftcms030-xss.txt ³ italiamediaskycms20-xsrf.txt ³ italiamediaskycms20-xss.txt ³ ivantiavalanche-exec.txt ³ ivanti_avalanche_mdm_bof.rb.txt ³ ivanti_sentry_misc_log_service.rb.txt ³ iwtimaginecms10-xss.txt ³ izdelavaids20-xss.txt ³ jetbrains_teamcity_rce_cve_2023_42793.rb.txt ³ jpc2cms10-sql.txt ³ jzdcms13-xss.txt ³ kaledordcms10-sql.txt ³ kalimatangms100-xss.txt ³ karnederiamrs53-traversal.txt ³ kibana_timelion_prototype_pollution_rce.rb.txt ³ kingoroot158-unquotedpath.txt ³ kleeja154-xss.txt ³ kloans145-insecure.txt ³ kolifadownloadcms12-htmlinject.txt ³ kpkcms10-sql.txt ³ kpotstealercms20-traversal.txt ³ kylincms130-sql.txt ³ lacabane10-sql.txt ³ lamanocms20-sql.txt ³ lamanocms20-xsrf.txt ³ lamanolms01-insecure.txt ³ lexmark_faxtrace_settings.rb.txt ³ lg_simple_editor_rce.rb.txt ³ logobeecms02-xss.txt ³ luxcalec323-xsrf.txt ³ mrbs10-sql.txt ³ ncbs10-xss.txt ³ nvclient50-overflow.txt ³ opencartcms4022-bruteforce.txt ³ openplc-crash.py.txt ³ opentsdb_key_cmd_injection.rb.txt ³ opoo-shell.rb.txt ³ oraclermancf-missing.txt ³ phpshoppingcart42-sql.txt ³ playtube301-disclose.txt ³ pmms1-sql.tgz ³ SA-20230829-0.txt ³ SA-20230918-0.txt ³ shuttlebs10-sql.txt ³ solarview_unauth_rce_cve_2023_23333.rb.txt ³ sonicwall_shell_injection_cve_2023_34124.rb.txt ³ soosyze200-upload.txt ³ splunk-takeover.txt ³ superstorefinder37-exec.txt ³ syncbreeze15224-dos.txt ³ SYSS-2023-002.txt ³ taskhub287-sql.txt ³ taskjub288-xss.txt ³ techviewla5570-traversal.txt ³ totolink_unauth_rce_cve_2023_30013.rb.txt ³ vmware_vrli_rce.rb.txt ³ vnms130-insecure.txt ³ webigniter28723-shell.txt ³ webigniter28723-xss.txt ³ winrar_cve_2023_38831.rb.txt ³ win_error_cve_2023_36874.rb.txt ³ wp2fac-inject.txt ³ wpeb420-inject.txt ³ wpelementor-inject.txt ³ wpmla309-lfiexec.tgz ³ wpmylogin-bruteforce.txt ³ wpnewsletter789-xss.txt ³ wpslimstat509-xsssql.txt ³ wpstatistics1315-sql.txt ³ X41-2023-001.txt ³ ZSL-2023-5785.txt ³ ZSL-2023-5786.txt ³ ZSL-2023-5787.txt ³ ZSL-2023-5788.tgz ³ 202310-exploits ³ 2023mcs641-xss.txt ³ aicteindialms30-xss.txt ³ apache_superset_cookie_sig_rce.rb.txt ³ atcom27xx-exec.txt ³ atlassian_confluence_rce_cve_2023_22515.rb.txt ³ boidcms200-shell.txt ³ cacti1224-exec.txt ³ chicvmsl456-idor.txt ³ churchcrm454-sql.txt ³ copperminegallery1625-exec.txt ³ cpms10-shell.txt ³ CVE-2023-4966.tgz ³ dawapharma10-sql.txt ³ eclassip25-sql.txt ³ eclassjunior40-sql.txt ³ gaatitrack102023-sql.txt ³ glpigzip945-exec.txt ³ GS20231005150730.tgz ³ GS20231005153526.tgz ³ GS20231005153811.tgz ³ GS20231005154016.tgz ³ GS20231016141539.tgz ³ GS20231016145204.tgz ³ GS20231016145420.tgz ³ GS20231016145748.tgz ³ GS20231023141516.tgz ³ junos_phprc_auto_prepend_file.rb.txt ³ kibana_upgrade_assistant_telemetry_rce.rb.txt ³ KIS-2023-10.txt ³ KIS-2023-11.txt ³ KIS-2023-12.txt ³ lfis10-idor.txt ³ minio220220729-traversal.txt ³ moodle43-xss.txt ³ mswin11apds-dllhijack.txt ³ nconvert7136-overflowdos.tgz ³ openplcwebserver3-dos.txt ³ oracledbshard-disclose.txt ³ QSA-glibc.txt ³ SA-20230925-0.txt ³ SA-20230927-0.txt ³ SA-20231005-0.txt ³ smartschool641-sql.txt ³ splunk_privilege_escalation_cve_2023_32707.rb.txt ³ Squid-Security-Audit-main.zip ³ torchserver_cve_2023_43654.rb.txt ³ vmware_vrni_known_privkey.rb.txt ³ webeditioncms2988-ssrf.txt ³ wpaichatbot489-sqltraversaldelete.txt ³ wpcfg255-xss.txt ³ wpcore631-exec.txt ³ wperp1122-sql.txt ³ wpkivicare320-xss.txt ³ wplitespeedcache56-xss.txt ³ wpmasterstudylms3017-create.txt ³ wproyalelementor1378-shell.txt ³ wpsonaarmusic47-xss.txt ³ ws_ftp_rce_cve_2023_40044.rb.txt ³ xampp330-overflow.txt ³ zms10-shell.txt ³ ZSL-2023-5789.txt ³ ZSL-2023-5790.txt ³ ZSL-2023-5791.txt ³ ZSL-2023-5792.txt ³ ZSL-2023-5793.txt ³ ZSL-2023-5794.txt ³ ZSL-2023-5795.txt ³ ZSL-2023-5796.txt ³ ZSL-2023-5797.txt ³ ZSL-2023-5798.txt ³ ZSL-2023-5799.txt ³ ZSL-2023-5800.txt ³ 202311-exploits ³ ajaxpro_deserialization_rce.rb.txt ³ apache_activemq_rce_cve_2023_46604.rb.txt ³ cephoenix10820-exec.py.txt ³ cephoenix10820-exec.txt ³ cephoenix10820-xss.txt ³ cisco_ios_xe_rce.rb.txt ³ cszcms130-exec.txt ³ cszcms130-shell.txt ³ CVE-2022-3436.py.txt ³ etcdbrowser87ae63d75260-traversal.txt ³ ewb3-sql.txt ³ ezvizstudio220-dllhijack.txt ³ f5_bigip_tmui_rce_cve_2020_5902.rb.txt ³ f5_bigip_tmui_rce_cve_2023_46747.rb.txt ³ fiie386-xslt.txt ³ gaatitrackcms10-xss.txt ³ GS20231113234953.tgz ³ GS20231113235758.tgz ³ GS20231114000351.tgz ³ GS20231128154206.tgz ³ jlms102-headerinject.txt ³ loytec-multi.txt ³ loyteclinx-disclosure.txt ³ loyteclinxconfigurator7410-insecure.txt ³ magento246-xslt.txt ³ magento246-xsltssi.txt ³ magnusbilling_unauth_rce_cve_2023_30258.rb.txt ³ maximamaxpropower-replay.txt ³ oscommerce4-xss.txt ³ penglead20-sql.txt ³ Ph0s-2023-001.txt ³ Ph0s-2023-002.txt ³ Ph0s-2023-003.txt ³ Ph0s-2023-004.txt ³ Ph0s-2023-005.txt ³ phpjabbersabc50-csvinject.txt ³ phpjabbersabc50-xss.txt ³ popojicms201-exec.txt ³ pyrocms301-xss.txt ³ SA-20231122-0.txt ³ SA-20231123-0.txt ³ sbs20-xss.txt ³ SYSS-2023-019.txt ³ travel10-sql.txt ³ wpcftaa112-sql.txt ³ wpuserpro511-bypassescalate.txt ³ wp_royal_elementor_addons_rce.rb.txt ³ zoneminder_snapshots.rb.txt ³ ZSL-2023-5801.txt ³ 202312-exploits apacheofbiz181209-exec.txt atlassian_confluence_unauth_backup.rb.txt boidcms201-xss.txt cephoenixcart10820-shell.txt craftcms_unauth_rce_cve_2023_41892.rb.txt CVE-2021-21220.tgz CVE-2023-3079-escape.tgz CVE-2023-3079-main.zip CVE-2023-43641.tgz dicomsrv-conq.py.txt docker_cgroup_escape.rb.txt ES2023-01.txt ES2023-02.txt ES2023-03.txt fortiwebvm740-crash.txt gaatitrackcms10-sql.txt gilacms1154-sql.txt glibc_tunables_priv_esc.rb.txt GS20231204130056.txt GS20231208152838.tgz GS20231208153209.tgz GS20231214133522.tgz hms40-sqlxssshellupload.txt HNS-2023-04-tinydir.txt KIS-2023-13.txt KIS-2023-14.txt kopagewb4415-shell.txt kwb4415-xss.txt lrms10-disclose.txt lrms10-shell.txt majordomo-exec.txt MICROSOFT_DEFENDER_ANTI_MALWARE_POWERSHELL_API_UNINTENDED_CODE_EXECUTION.txt oscommerce4-sql.txt oscommerce41360075-shell.txt phpjabbersabc50-htmlinject.txt phpjabbersabc50-ratelimit.txt phpjabbersas30-csvinject.txt phpjabbersas30-htmlinject.txt phpjabbersas30-ratelimit.txt phpjabbersas30-xss.txt phpjabberscarrental30-csvinject.txt phpjabberscarrental30-htmlinject.txt phpjabberscarrental30-xss.txt phpjabberscr30-ratelimit.txt phpjabberssbs20-csvinject.txt phpjabberstsbc40-csvinject.txt phpjabberstsbc40-htmlinject.txt phpjabberstsbc40-ratelimit.txt phpjabberstsbc40-xss.txt SA-20231128-0.txt SA-20231205-0.txt SA-20231206-0.txt SA-20231211-0.txt SBA-ADV-20220120-01.txt shopsite140-xss.txt splunk_xslt_authenticated_rce.rb.txt Terrapin-ssh.tgz typo311524-traversal.txt v8-sandbox-escape.tgz vinchin_backup_recovery_cmd_inject.rb.txt wbcecms161-exec.txt whatacart207-xss.txt WINDOWS_POWERSHELL_SINGLE_QUOTE_CODE_EXEC_EVENT_LOG_BYPASS.txt wpbackupmigration137-exec.txt wpbravotranslate12-sql.txt wpcftaa116-xsrf.txt wpphloxpro5140-xss.txt wptextmesms190-xsrf.txt ZSL-2023-5802.txt ZSL-2023-5803.txt ZSL-2023-5804.txt ZSL-2023-5805.txt ZSL-2023-5806.txt ZSL-2023-5807.txt Download: 2023-exploits.tgz (33.4 MB) Source
  3. Kev

    Useful stuff

    Kev replied to Nytro's topic in Discutii non-IT

    https://www.facebook.com/DIYCraftsAmerica/videos/making-a-256-gb-floppy-disk/352957490661779/
  4. Kev
    Shadowserver sees possible in-the-wild exploitation of a critical Apache OFBiz vulnerability tracked as CVE-2023-49070. The Shadowserver Foundation has been seeing attempts to exploit a critical vulnerability affecting the Apache OFBiz open source enterprise resource planning (ERP) system. Apache OFBiz is leveraged by several ERP and other types of projects, including the widely used Atlassian Jira issue tracking and project management software. The nonprofit cybersecurity organization Shadowserver reported seeing signs of in-the-wild exploitation for an Apache OFBiz vulnerability tracked as CVE-2023-49070 shortly after details of a different OFBiz bug, CVE-2023-51467, were disclosed by SonicWall. SonicWall, whose researchers discovered CVE-2023-51467 during a root cause analysis of CVE-2023-49070, disclosed technical details on December 26. The security firm explained that CVE-2023-51467 is the result of an incomplete patch for CVE-2023-49070. Apache OFBiz developers were notified about CVE-2023-51467 and version 18.12.11 was released last week to fix the vulnerability. The security hole can be exploited to bypass authentication and achieve server-side request forgery (SSRF), enabling the attacker to obtain sensitive information and possibly to execute arbitrary code. Proof-of-concept (PoC) exploits have been publicly available for CVE-2023-49070 (the older flaw) and the Shadowserver Foundation on Thursday reported seeing “quite a few scans” targeting the vulnerability. The organization said the available PoCs have been used to look for vulnerable systems, and later clarified that attackers have also attempted to execute arbitrary code on impacted hosts. Shadowserver has urged organizations to ensure that their systems are patched against the newer vulnerability as well. According to the internet search engine Hunter, there were 170 internet-exposed OFBiz instances in early December, but that number has now dropped to just over 70. This is not the only critical Apache vulnerability targeted by threat actors in recent weeks. Hackers have also been scanning the internet for systems affected by CVE-2023-50164, a Struts 2 flaw that allows remote code execution. It also came to light recently that an Apache ActiveMQ vulnerability tracked as CVE-2023-46604 had been exploited as a zero-day. Via securityweek.com
  5. Kev
    This is a small extension script to monitor suff.py, or the Simple Universal Fortigate Fuzzer, and to collect crashlogs for future analysis. Download: suff_monitor.py.txt Mirror: #!/usr/bin/env python3 # suff_monitor.py -- basic monitoring for fuzzing scenarios (suff/burp/mutiny) # # -- updates -- # 22.11.2023 @ 02:23 :: shame init version ready to go # 21.11.2023 @ 19:18 :: log me if you can # 21.11.2023 @ 15:14 :: added: time, sleep, log2fp # 21.11.2023 @ 01:19 :: started this lame code # # idea - run suff_monitor.py against the box you're testing (fgvm): # - add time to sleep and date to log updates # - log in (so same creds as for suff.py, postauth testing, etc) # - get ver/info -> log2file # ** (should be ready at this stage, so): ** # while true: # check_diag_deb(+log2file,+a) # sleep 1 # end_of_file # # ------------- # # for more details: # https://code610.blogspot.com/2023/12/monitoring-suff.html # https://code610.blogspot.com/2023/04/fuzzing-fortigate-7.html # https://github.com/c610/free/blob/master/suff-v0.1.py # https://github.com/c610/free/blob/master/fg7stack_poc.py # # from netmiko import Netmiko import sys,os import time import paramiko ################### ############## ######## #### ## # fplog = open('saveme.log','+a') command = 'diag debug crashlog show' # did you enable logs in your FGVM? def connect_to_crashlog(): # set up for the target try: fw_01 = { 'host':'192.168.56.231', 'username':'admin', 'password':'P@ssw0rd', 'device_type':'fortinet', 'timeout':3 } net_connect = Netmiko( **fw_01 ) print("+ Connected to FG!") print("+ logfile: savethis.log") fplog.write('----starting suff_monitor.py ----\n') fplog.write(net_connect) fplog.write('\n-- results below: --\n') # if we're connected: check diag debug crashlog (or any other you'd like to) send_logcheck_cfg = net_connect.send_config_set( command ) fplog.write(send_logcheck_cfg) fplog.write('\n---- next while loop ----\n') print("+ looks like we just sent this command:\n\t%s\n\n" % send_logcheck_cfg ) print("send_init_cfg finished") ## check crashlog finished except paramiko.ssh_exception.SSHException as e: print(" > connection error: %s" % e) except ConnectionResetError as e: print("> connection error2: %s" % e) except UnboundLocalError as e: print("UnboundLocalError: local variable 'net_connect' referenced before assignment") print("> unbound variable error: %s" % e) ## end of connect_to_crashlog() # ########## #### main ########## print('y0;[') print('starting: connect_to_crashlog()') while True: print('debug: connect_to_crashlog() starting...') connect_to_crashlog() print("... sleeping 1...") time.sleep(1) print('sleep done. next True iter...') #### print("finished main()") Source
  6. Kev
    Posibil sa le gasesti pe aici. Spor la treabă!
  7. Kev
    CMS theme detector. O cumperi.
  8. Kev
    A sarit din slot. Thanks
  9. Kev
    Salut? Am avut si in trecut aceasta problema insa acum a cazut desktop-ul de pe birou, primesc aceeasi eroare, sunt 3 beep-uri primul din lista este bateria, al doilea din lista cu 3 beep-ri este ca se poate fi ars un tranzistor ceva. Intrebarea ar fi: se potrivesc bateriile de la Acer, Lenovo, DELL si viceversa? Cumpar si pasta daca e cazut. Stima
  10. Kev
  11. Kev
    Daca nu e furat ai support https://www.getac.com/intl/help-support/getac-system-recovery/
  12. Kev
    Salut, caut de ceva timp o aplicatoie call changing voice in timp real de la Madonna pana la Optimus Prime, in timp real, free, ce am gasit in G store sunt doar recordere si fake call... Stiu sigur ca sunt, m-a sunat un tovaras sa me intalnim la suc... Multumesc
  13. Kev
    TrafficWatch TrafficWatch, a packet sniffer tool, allows you to monitor and analyze network traffic from PCAP files. It provides insights into various network protocols and can help with network troubleshooting, security analysis, and more. Protocol-specific packet analysis for ARP, ICMP, TCP, UDP, DNS, DHCP, HTTP, SNMP, LLMNR, and NetBIOS. Packet filtering based on protocol, source IP, destination IP, source port, destination port, and more. Summary statistics on captured packets. Interactive mode for in-depth packet inspection. Timestamps for each captured packet. User-friendly colored output for improved readability. Requirements Python 3.x scapy argparse pyshark colorama Installation Clone the repository: git clone https://github.com/HalilDeniz/TrafficWatch.git Navigate to the project directory: cd TrafficWatch Install the required dependencies: pip install -r requirements.tx Usage python3 trafficwatch.py --help usage: trafficwatch.py [-h] -f FILE [-p {ARP,ICMP,TCP,UDP,DNS,DHCP,HTTP,SNMP,LLMNR,NetBIOS}] [-c COUNT] Packet Sniffer Tool options: -h, --help show this help message and exit -f FILE, --file FILE Path to the .pcap file to analyze -p {ARP,ICMP,TCP,UDP,DNS,DHCP,HTTP,SNMP,LLMNR,NetBIOS}, --protocol {ARP,ICMP,TCP,UDP,DNS,DHCP,HTTP,SNMP,LLMNR,NetBIOS} Filter by specific protocol -c COUNT, --count COUNT Number of packets to display To analyze packets from a PCAP file, use the following command: python trafficwatch.py -f path/to/your.pcap To specify a protocol filter (e.g., HTTP) and limit the number of displayed packets (e.g., 10), use: python trafficwatch.py -f path/to/your.pcap -p HTTP -c 10 Options -f or --file: Path to the PCAP file for analysis. -p or --protocol: Filter packets by protocol (ARP, ICMP, TCP, UDP, DNS, DHCP, HTTP, SNMP, LLMNR, NetBIOS). -c or --count: Limit the number of displayed packets. Contributing Contributions are welcome! If you want to contribute to TrafficWatch, please follow our contribution guidelines. Contact If you have any questions, comments, or suggestions about Dosinator, please feel free to contact me: LinkedIn: Halil Ibrahim Deniz TryHackMe: Halilovic Instagram: deniz.halil333 YouTube: Halil Deniz Email: halildeniz313@gmail.com License This project is licensed under the MIT License. Download: TrafficWatch-main.zip or git clone https://github.com/HalilDeniz/TrafficWatch.git Source
  14. Kev
    This archive contains all of the 305 exploits added to Packet Storm in August, 2023. Content: Directory of 2308-exploits 09/04/2023 06:53 AM <DIR> . 09/04/2023 06:53 AM <DIR> .. 08/07/2023 06:56 PM 1,403 aca2140-disclose.txt 08/03/2023 05:00 PM 1,173 academylms60-xss.txt 08/21/2023 07:23 PM 1,678 academylms61-uploadxss.txt 08/04/2023 05:46 PM 1,336 adisconloganalyzer4113-xss.txt 08/14/2023 08:13 PM 5,303 advantecheki12-xss.txt 08/01/2023 07:36 PM 1,353 amss61-sql.txt 08/08/2023 06:30 PM 1,354 amss611-sql.txt 08/30/2023 06:12 PM 11,046 apache_nifi_h2_rce.rb.txt 08/15/2023 06:20 PM 651 bdms10-xss.txt 08/25/2023 10:02 PM 2,139 bds32-sql.txt 08/14/2023 07:58 PM 1,725 bookingwizz601-disclose.txt 08/04/2023 05:39 PM 3,338 campcodesomws33-xss.txt 08/02/2023 06:49 PM 1,237 cca30-sql.txt 08/21/2023 07:19 PM 860 cct95-addadmin.txt 08/02/2023 06:47 PM 5,652 cdpiws325-xsrf.txt 08/24/2023 05:27 PM 7,835 chamilo_unauth_rce_cve_2023_34960.rb.txt 08/09/2023 06:39 PM 1,636 chatonesnps16-addadmin.txt 08/09/2023 06:39 PM 1,410 cheveretocms370-sql.txt 08/04/2023 06:49 PM 5,348 citrix_formssso_target_rce.rb.txt 08/01/2023 07:37 PM 1,203 cityvarietycms12-sql.txt 08/01/2023 07:38 PM 1,414 cityvarietylms22-xss.txt 08/07/2023 06:15 PM 1,533 cms351-sql.txt 08/08/2023 06:36 PM 1,436 cmsbmgii40-sql.txt 08/07/2023 06:25 PM 1,526 cmsbmgii40-xss.txt 08/07/2023 06:30 PM 1,568 cmsgeneticscentre401-sql.txt 08/02/2023 06:23 PM 1,539 cmspro50-sql.txt 08/01/2023 07:27 PM 1,699 cmssite10-escalate.txt 08/01/2023 07:25 PM 2,326 cmsusina223-xsrf.txt 08/01/2023 07:28 PM 1,574 codoforum34-upload.txt 08/07/2023 06:10 PM 1,717 codoforum521-upload.txt 08/01/2023 07:29 PM 1,575 comfexcms2010-sql.txt 08/02/2023 06:24 PM 1,609 comfexcms2010-xss.txt 08/01/2023 07:33 PM 1,433 composeitcms20-secrets.txt 08/02/2023 06:28 PM 1,545 composeitcms20-sql.txt 08/01/2023 07:33 PM 1,533 conferencemgmtsys351-sql.txt 08/01/2023 07:35 PM 1,540 connectixboards052-rfi.txt 08/02/2023 06:33 PM 1,559 connectixboards052-sql.txt 08/01/2023 07:41 PM 1,190 cooladmin120-sqlbypass.txt 08/02/2023 06:45 PM 1,624 couponscms400-redirect.txt 08/07/2023 06:24 PM 1,624 couponscms600-redirect.txt 08/09/2023 06:41 PM 1,624 couponscms700-redirect.txt 08/04/2023 06:16 PM 5,150 courierdeprixa25-xsrf.txt 08/02/2023 06:49 PM 1,631 cpcms102-xss.txt 08/22/2023 06:12 PM 1,934 cpg10-sql.txt 08/02/2023 07:09 PM 2,041 cpgpr8120-exec.txt 08/21/2023 07:21 PM 1,824 creditlite154-sql.txt 08/02/2023 06:50 PM 1,600 crmea90-traversal.txt 08/02/2023 06:51 PM 1,350 cryptolivecms10-sql.txt 08/15/2023 05:19 PM 1,573 csccms100-insecure.txt 08/07/2023 06:33 PM 1,527 csccms100-sql.txt 08/02/2023 06:45 PM 1,933 ctvdc142-download.txt 08/07/2023 06:33 PM 1,903 cvanavdawcms01-xss.txt 08/07/2023 06:35 PM 1,491 cyberinfinitecms10-sql.txt 08/09/2023 06:49 PM 1,679 dabcms100-xss.txt 08/08/2023 06:26 PM 2,387 datadrivencms041-disclose.txt 08/07/2023 06:54 PM 1,508 datalifeengine10-sql.txt 08/09/2023 06:44 PM 1,568 datoocds10-htmlinject.txt 08/15/2023 05:20 PM 1,448 datoocds10-insecure.txt 08/14/2023 07:54 PM 1,646 dbcinfotechcms20-reinstall.txt 08/07/2023 06:53 PM 1,557 dbcompcms12-xss.txt 08/09/2023 06:48 PM 1,402 dbgcms10-xss.txt 08/09/2023 06:47 PM 1,375 deprixa325-sql.txt 08/10/2023 05:31 PM 5,425 deprixa325-xsrf.txt 08/10/2023 05:33 PM 1,623 desenvolvidoc3imcms20-xss.txt 08/09/2023 06:51 PM 2,580 dexxcmshsb223-upload.txt 08/04/2023 06:04 PM 1,080 dieboldnvvc531-dllhijack.txt 08/11/2023 03:54 PM 1,610 digasell100-xss.txt 08/10/2023 05:38 PM 1,579 digiaselldsphps100-sql.txt 08/10/2023 05:41 PM 1,505 digishacms127-sql.txt 08/10/2023 05:43 PM 1,817 dmiscrilms20-sql.txt 08/10/2023 05:42 PM 1,381 doktephpsnp118-xss.txt 08/22/2023 06:19 PM 2,049 dolibarr1701-xss.txt 08/10/2023 05:33 PM 1,245 domacms10-xss.txt 08/22/2023 06:05 PM 2,068 doorgets12-disclose.txt 08/24/2023 05:09 PM 1,929 doorgetscms12-shell.txt 08/15/2023 05:23 PM 1,963 doorgetscms70-shell.txt 08/21/2023 07:07 PM 2,068 doorgetscms70admin-disclose.txt 08/08/2023 06:31 PM 4,547 doubleclickadmin1-xsrf.txt 08/10/2023 05:45 PM 1,600 driverpacksolutioncms1711108-xss.txt 08/10/2023 06:00 PM 2,535 dynamicjournalcms25-disclose.txt 08/10/2023 05:59 PM 1,560 e2distrcms2853-disclose.txt 08/31/2023 06:24 PM 18,046 eabws16-overflowxss.txt 08/14/2023 07:16 PM 1,360 easy2pilot7-sql.txt 08/11/2023 03:57 PM 1,517 easymemberpro30-idor.txt 08/14/2023 07:34 PM 2,052 easypxcms060204-xss.txt 08/14/2023 07:34 PM 8,071 ebizcms20-xsrf.txt 08/14/2023 07:56 PM 1,502 ecommgrowiseicms2-insecure.txt 08/14/2023 07:38 PM 1,445 ecommresp12-idor.txt 08/14/2023 07:39 PM 1,663 edencms102-xss.txt 08/15/2023 06:07 PM 3,435 efuncms50-xml.txt 08/08/2023 06:32 PM 1,249 ehatocms10-redirect.txt 08/09/2023 06:53 PM 1,400 ehatocms10-xss.txt 08/15/2023 06:09 PM 1,352 eitubeyoutubeapi3-sql.txt 08/16/2023 07:16 PM 1,589 eitubeyoutubeapi3-xss.txt 08/15/2023 06:09 PM 1,418 ejournalhomoeocms203-sql.txt 08/21/2023 07:09 PM 2,891 elevelcms10-sql.txt 08/15/2023 06:15 PM 1,533 elitecmspro201-sql.txt 08/15/2023 06:15 PM 1,246 elitius10-disclose.txt 08/21/2023 07:02 PM 1,592 emaarreagds57-shell.txt 08/09/2023 07:08 PM 1,133 emagicdcms60-exec.txt 08/16/2023 07:19 PM 1,612 emhcms01-xss.txt 08/08/2023 06:35 PM 1,426 emiswebschoolcms1-sql.txt 08/08/2023 06:37 PM 1,369 eneblurcms10-sql.txt 08/22/2023 05:58 PM 1,449 enmsagl116-disclose.txt 08/14/2023 08:05 PM 4,779 enum_azuresubdomains.rb.txt 08/16/2023 07:19 PM 1,639 epartenairelms100-xss.txt 08/11/2023 03:59 PM 1,475 epm11-disclose.txt 08/15/2023 06:11 PM 1,573 epmcrm31-insecure.txt 08/16/2023 07:20 PM 2,462 erimupload4-disclose.txt 08/16/2023 07:14 PM 1,579 etiscrm17-sql.txt 08/15/2023 05:27 PM 1,571 etiscrm17-traversal.txt 08/14/2023 07:39 PM 1,922 etiscrm17-xss.txt 08/21/2023 07:14 PM 1,588 eventlocationscms101-shell.txt 08/16/2023 07:21 PM 1,384 eventlocationscms101-xss.txt 08/16/2023 07:21 PM 1,452 evsanatiradyo10-insecure.txt 08/21/2023 07:15 PM 2,037 evsanatiradyo10-shell.txt 08/16/2023 07:23 PM 2,552 ewncms40-disclose.txt 08/11/2023 04:02 PM 1,603 ewp211-xss.txt 08/21/2023 07:17 PM 1,457 faramelkestatecms150-disclose.txt 08/23/2023 04:28 PM 1,492 fasttechcms10-sql.txt 08/24/2023 05:10 PM 3,856 fasttechcms10-xsrf.txt 08/22/2023 06:04 PM 1,827 fireshopacms23-upload.txt 08/22/2023 06:06 PM 1,621 fixbookrsmt22-disclose.txt 08/23/2023 04:30 PM 1,607 fixbookrsmt30-disclose.txt 08/11/2023 04:07 PM 1,361 flatapppad10-sql.txt 08/22/2023 06:07 PM 1,599 fleetcartles112-insecure.txt 08/22/2023 06:08 PM 1,657 flightpathlms482-idor.txt 08/23/2023 04:31 PM 1,714 flightpathlms482-xss.txt 08/24/2023 05:10 PM 1,657 flightpathlms50rc2-idor.txt 08/28/2023 05:30 PM 1,581 flightpathlms50rc2-xss.txt 08/22/2023 06:13 PM 1,479 fluentcms100-sql.txt 08/22/2023 06:00 PM 1,620 fmits20-sql.txt 08/22/2023 06:15 PM 1,511 foccuswebcms01-xss.txt 08/22/2023 06:15 PM 1,821 fogforum08-xss.txt 08/23/2023 04:37 PM 1,572 foodieecms101-idor.txt 08/23/2023 04:36 PM 1,688 foodieeofowa100-insecure.txt 08/29/2023 06:49 PM 1,705 foodieeofowa100-xss.txt 08/23/2023 04:48 PM 1,568 formalms14-disclose.txt 08/23/2023 04:49 PM 1,879 forumfiresoftboard030-xss.txt 08/23/2023 04:50 PM 1,474 freshrss1111-htmlinject.txt 08/25/2023 09:50 PM 1,723 gdi20-htmlinject.txt 08/28/2023 05:30 PM 1,746 gdi20-xss.txt 08/01/2023 07:44 PM 3,458 gdm2522-overflow.txt 08/23/2023 04:52 PM 1,617 geeklog210b1-disclose.txt 08/24/2023 05:26 PM 1,627 geeklog210b1-sql.txt 08/23/2023 04:52 PM 1,504 gensecurity40-sql.txt 08/24/2023 05:26 PM 1,701 gensecurity40-xss.txt 08/25/2023 09:49 PM 2,200 getsimplecms332-xss.txt 08/25/2023 09:47 PM 1,301 ggcorporatecms10-sql.txt 08/23/2023 04:50 PM 1,520 ggcorporatecms10-xss.txt 08/22/2023 06:11 PM 1,940 gmsmse10-sql.txt 08/08/2023 06:54 PM 795 gnomefiles434-escalate.txt 08/29/2023 07:54 PM 6,438 gomplayer23905360-mitm.txt 08/24/2023 05:25 PM 1,472 gracehrm103-traversal.txt 08/25/2023 09:53 PM 1,392 gravigracms10-sql.txt 08/29/2023 08:02 PM 1,785 grawlix151-xss.txt 08/25/2023 09:54 PM 1,655 grawlixcms111-xss.txt 08/17/2023 06:40 PM 2,367 greenshot_deserialize_cve_2023_34634.rb.txt 08/11/2023 04:06 PM 1,224 greeva20-sql.txt 08/25/2023 09:55 PM 1,563 groupoffice3421-traversal.txt 08/10/2023 06:19 PM 5,344 GS20230810151726.tgz 08/10/2023 06:23 PM 4,814 GS20230810152050.tgz 08/10/2023 06:26 PM 4,464 GS20230810152505.tgz 08/10/2023 06:29 PM 4,823 GS20230810152741.tgz 08/18/2023 05:28 PM 4,143 GS20230818142737.tgz 08/25/2023 09:56 PM 1,610 gustorecipesmgmt151-insecure.txt 08/28/2023 05:31 PM 1,660 gustorecipesmgmt151-xss.txt 08/16/2023 07:16 PM 8,039 h2_webinterface_rce.rb.txt 08/28/2023 05:31 PM 1,505 haascms10-xss.txt 08/28/2023 05:33 PM 1,523 haraj11-addadmin.txt 08/29/2023 06:44 PM 1,797 hasanmwb1-addadmin.txt 08/28/2023 05:33 PM 1,450 hasanmwb1-xss.txt 08/11/2023 04:08 PM 1,341 hellogtxtpcrm16-idor.txt 08/28/2023 05:34 PM 1,613 hesktrlcms1-xss.txt 08/28/2023 05:37 PM 1,366 highpluscms013-sql.txt 08/29/2023 06:45 PM 1,872 hloun100-insecure.txt 08/28/2023 05:40 PM 1,688 hmsrps157-xss.txt 08/28/2023 05:34 PM 1,409 hospitalhms2-sql.txt 08/28/2023 05:36 PM 1,617 hospitalhms27-sql.txt 08/29/2023 06:43 PM 1,409 hpboost40-addadmin.txt 08/29/2023 06:48 PM 1,517 hrmsaas219-insecure.txt 08/29/2023 06:50 PM 1,366 hsbookingcms279-sql.txt 08/29/2023 06:51 PM 1,925 hudaallahlinkercms10-xss.txt 08/29/2023 06:52 PM 1,659 humanresourcepms14-disclose.txt 08/29/2023 06:56 PM 1,643 humbertocaldascms013-xss.txt 08/29/2023 07:34 PM 1,535 humhub1313-traversal.txt 08/16/2023 07:31 PM 1,635 hyiprio21-upload.txt 08/11/2023 04:08 PM 1,430 i2softcms20-idor.txt 08/29/2023 07:35 PM 1,716 ibillingcrm450-idor.txt 08/29/2023 07:36 PM 2,404 igallery34db-disclose.txt 08/29/2023 07:37 PM 1,411 imaxcms10-sql.txt 08/29/2023 07:37 PM 1,613 imghosting12-xss.txt 08/31/2023 06:09 PM 1,502 innovinscms47-sql.txt 08/22/2023 06:23 PM 1,824 inosoftvisin7-escalate.txt 08/31/2023 06:04 PM 1,875 interphoto230-shell.txt 08/31/2023 06:05 PM 1,399 invasordiagonalcms10-xss.txt 08/30/2023 06:16 PM 1,585 iqmedyacms20-xss.txt 08/31/2023 06:05 PM 1,625 islamcms10-exec.txt 08/02/2023 06:58 PM 918 joomlajlexgb164-xss.txt 08/01/2023 08:42 PM 1,027 joomlajlexreview601-xss.txt 08/28/2023 05:39 PM 3,711 jorani103-xss.txt 08/21/2023 07:29 PM 5,356 jorani_path_trav.rb.txt 08/30/2023 06:01 PM 2,888 juniper-rce_cve-2023-36844-main.zip 08/23/2023 04:59 PM 1,592 KIS-2023-05.txt 08/23/2023 05:00 PM 1,610 KIS-2023-06.txt 08/23/2023 05:02 PM 3,683 KIS-2023-07.txt 08/23/2023 05:04 PM 1,768 KIS-2023-08.txt 08/23/2023 05:05 PM 1,495 KIS-2023-09.txt 08/18/2023 05:42 PM 6,778 KL-001-2023-001.txt 08/18/2023 05:44 PM 8,470 KL-001-2023-002.txt 08/18/2023 05:50 PM 6,545 KL-001-2023-003.txt 08/04/2023 06:00 PM 3,767 kolibri20-overflow.txt 08/09/2023 06:55 PM 1,907 lucee54217-xss.txt 08/11/2023 04:13 PM 1,142 maltrail053-exec.txt 08/17/2023 06:37 PM 4,233 maltrail_rce.rb.txt 08/09/2023 07:12 PM 6,152 metabase_setup_token_rce.rb.txt 08/07/2023 06:56 PM 875 moosocial318-xss.txt 08/01/2023 07:42 PM 1,809 odlm10-sql.txt 08/31/2023 06:08 PM 1,435 oidg10-sqlshell.txt 08/11/2023 04:09 PM 687 outsystemsss115330-dllhijack.txt 08/22/2023 06:10 PM 1,362 ovoompcms333-sql.txt 08/04/2023 06:05 PM 660 ozekismsgateway103208-fileread.txt 08/02/2023 07:02 PM 1,179 perchcms32-xss.txt 08/14/2023 08:08 PM 5,649 phoenixctcc2-xssdos.txt 08/22/2023 06:18 PM 971 phpjabbersbds32-xssxsrf.txt 08/31/2023 06:13 PM 1,944 phpjabbersprs10-xss.txt 08/09/2023 06:58 PM 1,110 phpjabbersvrs40-xsrf.txt 08/03/2023 04:47 PM 965 phpjabc50-xss.txt 08/03/2023 05:09 PM 1,789 phpjbrs11-sql.txt 08/03/2023 04:49 PM 954 phpjbrs11-xss.txt 08/03/2023 04:56 PM 876 phpjcb10-xss.txt 08/03/2023 04:54 PM 895 phpjncb10-xss.txt 08/03/2023 04:57 PM 905 phpjrpb20-xss.txt 08/03/2023 04:53 PM 748 phpjsbs10-xss.txt 08/03/2023 04:54 PM 884 phpjservicebs10-xss.txt 08/03/2023 04:57 PM 869 phpjtb20-xss.txt 08/29/2023 06:47 PM 1,495 phpvalleymj201-idor.txt 08/09/2023 07:10 PM 2,642 pyrocms39-ssti.txt 08/15/2023 06:32 PM 3,534 raspap_rce.rb.txt 08/11/2023 04:11 PM 1,417 requestsbaskets121-ssrf.txt 08/04/2023 05:51 PM 8,952 reyeeos12041614-mitm.txt 08/03/2023 04:58 PM 3,053 savantws31-overflow.txt 08/04/2023 05:45 PM 2,123 shellypro4pm0110-bypass.txt 08/07/2023 06:57 PM 1,211 socialcommerce316-xss.txt 08/28/2023 05:44 PM 1,248 spacartecomcm1903-sql.txt 08/28/2023 05:43 PM 1,018 spacartecomcms1903-xss.txt 08/04/2023 06:50 PM 7,695 subrion_cms_file_upload_rce.rb.txt 08/16/2023 07:48 PM 6,878 SYSS-2022-052.txt 08/16/2023 07:51 PM 6,276 SYSS-2022-054.txt 08/16/2023 07:44 PM 7,781 SYSS-2022-055.txt 08/04/2023 06:54 PM 5,269 SYSS-2023-011.txt 08/11/2023 04:14 PM 663 systemd246-escalate.txt 08/22/2023 06:09 PM 1,292 taskhubcrmtool286-sql.txt 08/11/2023 04:16 PM 2,860 tplinkarcherax21-exec.txt 08/01/2023 08:43 PM 4,404 TRSA-2303-01.txt 08/22/2023 06:28 PM 2,228 tsplus1600-insecure.txt 08/22/2023 06:30 PM 4,677 tsplus1600f-insecure.txt 08/22/2023 06:35 PM 4,997 tsplus160214-inscure.txt 08/24/2023 05:20 PM 989 urlums30-sql.txt 08/24/2023 05:22 PM 1,067 urlums30-xss.txt 08/01/2023 08:16 PM 1,646 uvdesk113-shell.txt 08/24/2023 05:19 PM 6,586 uvdesk114-xss.txt 08/08/2023 06:40 PM 1,351 videoflixcms13-insecure.txt 08/04/2023 06:09 PM 1,353 videoplay130-insecure.txt 08/04/2023 03:22 PM 1,345 videoprocms20-insecure.txt 08/08/2023 06:42 PM 1,078 videowhisperconf101-xss.txt 08/04/2023 05:58 PM 1,319 virtualsnipersdms10-sql.txt 08/08/2023 06:38 PM 1,231 virtuescpanelcms10-sql.txt 08/04/2023 05:58 PM 1,231 virtuscpanelcms10-sql.txt 08/08/2023 06:47 PM 1,328 vnms22-insecure.txt 08/04/2023 05:48 PM 1,172 vocbseco13-disclose.txt 08/08/2023 06:38 PM 1,376 voodochat13-xss.txt 08/04/2023 05:54 PM 1,172 voodoochat10rc1b-disclose.txt 08/09/2023 06:38 PM 1,633 wchat16-htmlinject.txt 08/03/2023 04:56 PM 9,552 webcalendar13-xsrf.txt 08/03/2023 04:56 PM 1,165 webcodercms10-sql.txt 08/03/2023 04:55 PM 1,326 webcomcms10-sql.txt 08/04/2023 06:14 PM 3,228 webeditioncms2988-exec.txt 08/04/2023 06:15 PM 2,709 webeditioncms2988-xss.txt 08/03/2023 04:50 PM 1,277 webincorpcms10-xss.txt 08/03/2023 04:34 PM 1,192 webinstamm13-disclose.txt 08/04/2023 05:42 PM 1,614 webportalpeoplecms28-redirect.txt 08/07/2023 06:12 PM 1,623 webportalpeoplecms28-xss.txt 08/04/2023 05:41 PM 1,360 webstock30-idor.txt 08/04/2023 06:13 PM 1,280 webutler32-shell.txt 08/07/2023 06:12 PM 2,267 webwizforums1206-disclose.txt 08/04/2023 05:41 PM 1,207 webwizforums1206-sql.txt 08/03/2023 04:31 PM 1,445 wolfcms081-addadmin.txt 08/03/2023 04:28 PM 1,492 wondercms06beta-rfi.txt 08/03/2023 05:14 PM 1,085 wpadihavatp23-sql.txt 08/04/2023 06:33 PM 950 wpadivahatravel23-xss.txt 08/15/2023 06:03 PM 1,534 wpcore562-xpath.txt 08/22/2023 06:38 PM 4,160 wpdfc17012-escalate.txt 08/04/2023 06:20 PM 627 wpeventoncalendar44-idor.txt 08/04/2023 03:02 PM 744 wpeventoncalendar44post-idor.txt 08/04/2023 06:04 PM 2,860 wpforminator1246-shell.txt 08/04/2023 06:19 PM 5,791 wpninjaforms3625-xss.txt 08/01/2023 08:40 PM 4,751 wppgswi377-bypass.txt 08/10/2023 06:06 PM 4,414 wpwpm264-escalate.txt 08/04/2023 06:23 PM 1,001 xlightftp3936-overflow.txt 08/03/2023 04:27 PM 1,465 xzengine17-addadmin.txt 08/03/2023 04:26 PM 1,411 yourdoctorcms15-idor.txt 08/09/2023 07:14 PM 1,706 ZSL-2023-5782.txt 08/09/2023 07:18 PM 1,801 ZSL-2023-5783.txt 08/09/2023 07:19 PM 1,706 ZSL-2023-5784.txt 306 File(s) 683,391 bytes 2 Dir(s) 22,110,568,448 bytes free Download: 202308-exploits.tgz (197.4 KB) Source
  15. Kev
    Zen 2 flaw more simple than Spectre, exploit code already out there – get patching when you can AMD has started issuing some patches for its processors affected by a serious silicon-level bug dubbed Zenbleed that can be exploited by rogue users and malware to steal passwords, cryptographic keys, and other secrets from software running on a vulnerable system. Zenbleed affects Ryzen and Epyc Zen 2 chips, and can be abused to swipe information at a rate of at least 30Kb per core per second. That's practical enough for someone on a shared server, such as a cloud-hosted box, to spy on other tenants. Exploiting Zenbleed involves abusing speculative execution, though unlike the related Spectre family of design flaws, the bug is pretty easy to exploit. It is more on a par with Meltdown. Malware already running on a system, or a rogue logged-in user, can exploit Zenbleed without any special privileges and inspect data as it is being processed by applications and the operating system, which can include sensitive secrets, such as passwords. It's understood a malicious webpage, running some carefully crafted JavaScript, could quietly exploit Zenbleed on a personal computer to snoop on this information. The vulnerability was highlighted today by Google infosec guru Tavis Ormandy, who discovered the data-leaking vulnerability while fuzzing hardware for flaws, and reported it to AMD in May. Ormandy, who acknowledged some of his colleagues for their help in investigating the security hole, said AMD intends to address the flaw with microcode upgrades, and urged users to "please update" their vulnerable machines as soon as they are able to. Proof-of-concept exploit code, produced by Ormandy, is available here, and we've confirmed it works on a Zen 2 Epyc server system when running on the bare metal. While the exploit runs, it shows off the sensitive data being processed by the box, which can appear in fragments or in whole depending on the code running at the time. If you stick any emulation layer in between, such as Qemu, then the exploit understandably fails. What's hit? The bug affects all AMD Zen 2 processors including the following series: Ryzen 3000; Ryzen Pro 3000; Ryzen Threadripper 3000; Ryzen 4000 Pro; Ryzen 4000, 5000, and 7020 with Radeon Graphics; and Epyc Rome datacenter processors. AMD today issued a security advisory here, using the identifiers AMD-SB-7008 and CVE-2023-20593 to track the vulnerability. The chip giant scored the flaw as a medium severity one, describing it as a "cross-process information leak." A microcode patch for Epyc 7002 processors is available now. As for the rest of its affected silicon: AMD is targeting December 2023 for updates for desktop systems (eg, Ryzen 3000 and Ryzen 4000 with Radeon); October for high-end desktops (eg, Threadripper 3000); November and December for workstations (eg, Threadripper Pro 3000); and November to December for mobile (laptop-grade) Ryzens. Shared systems are the priority, it would seem, which makes sense given the nature of the design blunder. Ormandy noted at least some microcode updates from AMD are making their way into the Linux kernel. OpenBSD has some details here. Our advice is to keep an eye out for AMD's Zenbleed microcode updates, and for any security updates for your operating system, and apply them as necessary when available. There's no word yet on whether there will be a performance hit from installing these but we can imagine it'll mostly depend on your workloads. There is a workaround in the meantime, which Ormandy set out in his write-up of the bug (archived copy as his site was being pummeled with traffic earlier). This involves setting a control bit that disables some functionality that prevents exploitation. We imagine this dials back some of the speculative execution required to exploit Zenbleed, and this may cause some kind of performance hit. How does the bug work? For the full technical details, see the above write-up. But we'll summarize it here; understanding of how CPU cores work at the machine-code level is useful here. As a modern x86 processor family, AMD's Zen 2 chips offer vector registers, a bunch of long registers for performing operations. These vector registers are used by applications and operating systems to do all kinds of things, such as doing math operations and processing strings. As such these registers have all sorts of data flying through them, including passwords and keys. There is an instruction called vzeroupper [AMD PDF, page 860] that zeroes some of these vector registers, and it's used in OS and application library routines that are invoked hundreds or thousands of times a second by all processor cores in a box. For example, the strlen() function uses vzeroupper, and that's called quite a lot. When AMD's chips execute vzeroupper, they simply mark the affected registers as zero by setting a special bit, and then allow those registers to be used for other operations. If vzeroupper is speculatively executed – the processor anticipates it will need to run that instruction – it sets this zero bit and frees the registers in the register file for reuse. This can happen if the vzeroupper instruction lies right after a branch instruction; if the processor thinks the branch is unlikely to be taken, it will start the vzeroupper speculatively. As we saw with Spectre and Meltdown, CPUs do this kind of thing to gain big performance boosts. If the processor core realizes soon after, actually, it shouldn't have speculatively executed the vzeroupper instruction, it tries to rewind that decision and undo the zeroing by clearing the bit that indicates the registers are zero. Unfortunately, by that point, the registers are probably in use by some other code, and are no longer marked as zero, so their contents from the previous operation are now accessible to that other code. This is why the flaw is being compared to a use-after-free()-style vulnerability. With threads being scheduled all over the processor core complex, and with some clever exploit code, it is possible to cause vzeroupper to be incorrectly speculatively executed, rewound, and data to leak by observing the content of those vector registers. It relies on the speculative execution of vzeroupper and the fact that registers are stored in a large register file and reassigned to operations as needed. As Ormandy noted, "bits and bytes are flowing into these vector registers from all over your system constantly." He continued: His takeaway: "It turns out that memory management is hard, even in silicon." We've asked AMD for further comment. ® Via theregister.com
  16. Kev
    Shell confirms that employee personal information has been stolen after the Cl0p ransomware group leaked data allegedly stolen from the energy giant. Energy giant Shell has confirmed that personal information belonging to employees has been compromised as a result of the recent MOVEit Transfer hack. The Cl0p ransomware group exploited a zero-day vulnerability in the MOVEit managed file transfer (MFT) product to steal data from at least 130 organizations that had been using the solution. To date, at least 15 million individuals are believed to be impacted. The Russia-linked cybercrime gang has started naming victims that refused to negotiate on its leak website and Shell was among the first organizations. In a brief statement issued on Wednesday, Shell confirmed being hit by the MOVEit hack, clarifying that the MFT software was “used by a small number of Shell employees and customers”. “Some personal information relating to employees of the BG Group has been accessed without authorisation,” the company said. It’s unclear exactly what type of information has been compromised, but impacted individuals are being notified. Toll-free phone numbers where additional information can be obtained have been made available for employees in Malaysia, South Africa, Singapore, Philippines, UK, Canada, Australia, Oman, Indonesia, Kazakhstan, and Netherlands, suggesting that affected people may be from these countries. Shell pointed out that “this was not a ransomware event” — likely referring to the fact that file-encrypting malware was not deployed in the attack — and that there is no evidence of any other IT systems being affected. Shell confirmed the incident after the Cl0p cybercrime gang published files allegedly stolen from the firm. The group has made available 23 archive files labeled ‘part1’, which could suggest that they are in possession of more data. SecurityWeek was unable to download the archive files so it’s unclear what type of information they contain. When they published the Shell files, the cybercriminals noted that the company did not want to negotiate. It’s worth noting that Shell was also targeted by the Cl0p group in 2020, through a zero-day exploit targeting an Accellion file transfer service. The company confirmed at the time that the hackers had stolen personal and corporate data. Other major organizations that have been named by Cl0p and confirmed being affected by the recent MOVEit exploit include Siemens Energy, Schneider Electric, UCLA, and EY. Some government organizations have also admitted being hit, but the cybercriminals claim to have deleted all data obtained from these types of entities. Related: Norton Parent Says Employee Data Stolen in MOVEit Ransomware Attack Related: MOVEit Customers Urged to Patch Third Critical Vulnerability Via securityweek.com
  17. Kev
    incearca sa citesti fisierele cu un Live Linux
  18. Kev

    WebChat

    Kev posted a topic in Programe utile

    About project WebChat is a simple chatting app writed for learning purposes. It communicates between server and clients via SignalR with JWT authentication. Images below shows old version of UI. New design is dark and has login interface made with tsParticles library. Requirements & Installation To run this program you need npm, dotnet, and mssql server. Run the frontend (WebChat.Web directory) with npm server. Compile and run the backend. It should use https protocol and 5001 port. In other case, you must change hub connection settings in WebChat.Web/src/App.js. Compile solution with visual studio is recommended (instead of it you can use dotnet /build command). If you want change the DB connection string or JWT settings, look at WebChat/appsettings.Development.json file. Dont Read Me This chart perfectly shows my feelings about writing this program. 60.4% of fun 20.8% of try to not break up the keyboard 18.8% of boring ofc this values is percent of codes line. Writing 20% of the code in JS took about 70% of the time spent on project Download: WebChat-master.zip or git clone https://github.com/Reykez/WebChat.git Source
  19. Kev
    Simple python script to send commands prepared in text files mutated by an example payload string, e.g. multiple A or B letters. Using Fortigate's credentials, a user should be able to use this script to automate a basic fuzzing process for commands available in CLI. c@ubuntu:~/LABS/_SUFLET2$ cat suff.py #!/usr/bin/env python3 # suff.py -- simple universal fortigate fuzzer # # initial idea : xx.10.2022 # finished idea: xx.04.2023 # # special thanks goes to Reykez (https://github.com/Reykez) # # for more details: # https://code610.blogspot.com/2023/04/fuzzing-fortigate-7.html # from netmiko import Netmiko import sys,os import time import paramiko def readFile(filename): words = [] fileText = open(filename.strip(), 'r') for line in fileText.readlines(): for word in line.strip().split(): words.append(word.strip()) words.append('\n') return words ## def writeFile(words, filename): text = ''; for word in words: text += word; if word!='\n': text += ' ' ; f = open(filename, 'w') f.write(text) f.close() ## run modified payload: send is as cfg: fpread = open(filename, 'r') lines = fpread.read() command = lines print("DEBUG :::: type of: %s" % type(command) ) print( command ) print("DEBUG :::: eof\n") ## # set up for the target fw_01 = { 'host':'192.168.56.231', 'username':'admin', 'password':'admin', 'device_type':'fortinet' } # connecting to the target host try: net_connect = Netmiko( **fw_01 ) print("+ connected, checking prompt...") except paramiko.ssh_exception.SSHException as e: print(" > connection error: %s" % e) except ConnectionResetError as e: print("> connection error2: %s" % e) except UnboundLocalError as e: print("UnboundLocalError: local variable 'net_connect' referenced before assignment") print("> unbound variable error: %s" % e) print("... sleeping 1...") time.sleep(2) print("> sending fuzzed command...") send_init_cfg = net_connect.send_config_set( command ) # init_cfg... print("+ looks like we just sent this command:\n\t%s\n\n" % send_init_cfg ) ## finished fuzzed super-payload attack ## #### def modifyFilename(filename, number): name, extension = os.path.splitext(filename) return "{name}{uid}{extension}".format(name=name, uid=str(number).zfill(2), extension=extension) #### parse and validate command line args, proceed program args = sys.argv[1:] filename = args[0] if 0 in range(len(args)) else input ('Filename?') textToReplace = args[1] if 1 in range(len(args)) else input ('text to replace? ') outputBasename = args[2] if 2 in range(len(args)) else input ('output basename') words = readFile(filename); # reaplce any occurency and print fileIndex = 0 for wordIndex in range(len(words)): if words[wordIndex] == '\n': continue fileIndex += 1 wordsCopy = words.copy() try: wordsCopy[wordIndex] = textToReplace writeFile(wordsCopy, modifyFilename(outputBasename, fileIndex ) ) except UnboundLocalError as e: print("UnboundLocalError: local variable 'net_connect' referenced before assignment") print("> unbound variable error: %s" % e) pass print('Successfully generated', modifyFilename(outputBasename, 1), '-', modifyFilename(outputBasename, fileIndex), ' files!') Source
  20. Kev
    Ar merge si medium
  21. Kev
    la turci gasesti haine marfa ieftina, cauta cu VPN de Turcia, am gasit magazine ieftine, dar de proasta calitate, am cumparat o pereche de jeans pentru test, la prima ploaie a cazut toata cerneala pa mine, de m-am facut tot albastru, brand personalizat la comanda, =1$ perechea
  22. Kev
    Articol complet: Meet 'Jack' from Romania! Mastermind Behind Golden Chickens Malware The identity of the second threat actor behind the Golden Chickens malware has been uncovered courtesy of a "fatal" operational security blunder, cybersecurity firm eSentire said. The individual in question, who lives in Bucharest, Romania, has been given the codename Jack. He is one of the two criminals operating an account on the Russian-language Exploit.in forum under the name "badbullzvenom," the other being "Chuck from Montreal." eSentire characterized Jack as the true mastermind behind Golden Chickens. Evidence unearthed by the Canadian company shows that he is also listed as the owner of a vegetable and fruit import and export business. "Like 'Chuck from Montreal,' 'Jack' uses multiple aliases for the underground forums, social media, and Jabber accounts, and he too has gone to great lengths to disguise himself," eSentire researchers Joe Stewart and Keegan Keplinger said. "'Jack' has taken great pains to obfuscate the Golden Chickens malware, trying to make it undetectable by most [antivirus] companies, and strictly allowing only a small number of customers to buy access to the Golden Chickens MaaS." Golden Chickens (aka More_eggs) is a malware suite used by financially-motivated cybercrime actors such as Cobalt Group and FIN6. The threat actors behind the malware, also known as Venom Spider, operate under a malware-as-a-service (MaaS) model. The JavaScript malware is distributed via phishing campaigns and comes with several components to harvest financial information, perform lateral movement, and even drop a ransomware plugin for PureLocker called TerraCrypt. Jack's online activities, according to eSentire, go all the way back to 2008, when he was just 15 years old and signed up for various cybercrime forums as a novice member. All his aliases are being collectively tracked as LUCKY. The investigation, in putting together his digital trail, traces Jack's progression from a teenager interested in building malicious programs to a longtime hacker involved in developing password stealers, crypters, and More_eggs. Golden Chickens Malware Some of the earliest malware tools developed by Jack in 2008 consisted of Voyer, which is capable of harvesting a user's Yahoo! instant messages, and an information stealer christened FlyCatcher that can record keystrokes. A year later, Jack released a new password stealer dubbed CON that's designed to siphon credentials from different web browsers, VPN, and FTP applications as well as now-defunct messaging apps like MSN Messenger and Yahoo! Messenger. Jack, later that same year, began advertising a crypter referred to as GHOST to help other actors encrypt and obfuscate malware with the goal of evading detection. The unexpected demise of his father in a car accident is believed to have caused him to pause development of the tool in 2010. Fast forward to 2012, Jack started to gain a reputation in the cybercriminal community as a scammer for failing to provide adequate support to customers purchasing the product from him. He also cited "big life problems" in a forum post on April 27, 2012, stating he is contemplating moving to Pakistan to work for the government as a security specialist and that one among his crypter customers "works at pakistan guv" [read government]. It's not immediately clear if Jack ended up going to Pakistan, but eSentire said it spotted tactical overlaps between a 2019 campaign conducted by a Pakistani threat actor known as SideCopy and Jack's VenomLNK malware, which functions as the initial access vector for the More_eggs backdoor. Jack is suspected to have crossed paths with "Chuck from Montreal" sometime between late 2012 and October 4, 2013, the date on which a message was posted from Chuck's badbullz account on the Lampeduza forum containing contact information – a Jabber address – associated with LUCKY. It's speculated that Jack brokered a deal with Chuck that would allow him to post under Chuck's aliases "badbullz" and "badbullzvenom" on various underground forums as a way to get around his notoriety as a ripper. Lending credence to this hypothesis is the fact that one of LUCKY's new tools, a kit for building macros called MULTIPLIER, was released in 2015 via the badbullzvenom account, while the threat actor behind the LUCKY account ceased posting through that handle. "By using the badbullzvenom and badbullz accounts, and unbeknownst to forum members, he is essentially starting with a clean slate, and he can continue to build his credibility under the account aliases: badbullz and badbullzvenom," the researchers explained. Subsequently in 2017, badbullzvenom (aka LUCKY) released a separate tool called VenomKit, which has since evolved into the Golden Chickens MaaS. The malware's ability to bypass security software also caught the attention of Cobalt Group, a Russia-based cybercrime gang that leveraged it to deploy Cobalt Strike in attacks aimed at financial entities. Two years later, another financially motivated threat actor labeled FIN6 (aka ITG08 or Skeleton Spider) was observed using the Golden Chickens service to anchor its intrusions targeting point-of-sale (POS) machines used by retailers in Europe and the U.S. The cybersecurity firm said it also found the identities of his wife, mother, and two sisters. He and his wife are said to reside in an upscale part of Bucharest, with his wife's social media accounts documenting their trips to cities like London, Paris, and Milan. The photos further show them wearing designer clothing and accessories. "The threat actor who went by the alias LUCKY and who also shares the badbullz and badbullzvenom accounts with the Montreal-based cybercriminal 'Chuck,' made his fatal mistake when he used the Jabber account," the researchers said. Author: Ravie Lakshmanan
  23. Kev
    cum vrei sa te protejezi cu IP-uri publice? majoritatea utilizate de ciori
  24. Kev

    intrebare

    Kev replied to UnixDevel's topic in Programare

    https://docs.directadmin.com/other-hosting-services/preventing-spam/outgoing-spam.html
  25. Kev
    An advance cross-platform and multi-feature GUI web spider/crawler for cyber security proffesionals. Spider Suite can be used for attack surface mapping and analysis. For more information visit SpiderSuite's website. Installation and Usage Spider Suite is designed for easy installation and usage even for first timers. First, download the package of your choice. Then install the downloaded SpiderSuite package. See First time crawling with SpiderSuite article for tutorial on how to get started. For complete documentation of Spider Suite see wiki. Contributing Can you translate? Visit SpiderSuite's translation project to make translations to your native language. Not a developer? You can help by reporting bugs, requesting new features, improving the documentation, sponsoring the project & writing articles. For More information see contribution guide. Contributers 3nock (main developer) Credits This product includes software developed by the following open source projects: Google's Gumbo HTML Parser Google's Protocal bufffers SQLite database library Graphviz library Download: SpiderSuite-main.zip or git clone https://github.com/3nock/SpiderSuite Source
×
×
  • Create New...