Exploits
July 3, 2016
[WordPress] Real 3D Flipbook Plugin Exploit
Wordpress 3d flipbook vulnerabilities. Delete any file or directory from the server (Unauthenticated). Upload images in Root directory (Unauthenticated). XSS vuln.
ReadMay 7, 2016
ImageTragick Exploitation – CVE-2016-3714
ImageTragick is very simple to exploit. An end user can exploit this issue by simply uploading an image. It doesn't matter how secure your image uploader is
ReadNovember 9, 2015
[Exploit] vBulletin 5.1.x – PreAuth Remote Code Execution
vBulletin team has patched a critical object injection vulnerability in version 5.1.x, which can lead to Remote code execution. CVE-2015-7808 has been assigned to this vulnerability. The POC of this exploit was released by some guy on twitter after defacing the official portal of vBulletin using the same exploit.
ReadOctober 25, 2015
[Mass Exploit] Joomla 3.2 to 3.4 SQL Injection
You guys know how I love to automate stuff. So earlier today I decided to automate the SQL injection vulnerability in open source CMS joomla (3.2 to 3.4.4) found by Trust Wave Labs. CVE-2015-7297, CVE-2015-7857, and CVE-2015-7858 cover this SQL Injection vulnerability.
ReadSeptember 29, 2015
[PHP][C++] Root Exploiter (Part 2) – No Back-Connect
This post has the same goals as of the previous one i.e. to get root access on the target machine with just a PHP interface and no back-connect or reverse connection. So, if you haven't already, read the part 1 of this post here [PHP][Python] Root Exploiter – No Back-Connect.
ReadSeptember 23, 2015
[PHP][Python] Root Exploiter – No Back-Connect
Have you ever had any of the following issues? Shell access to a vulnerable (Rootable) server with a known root exploit but no reverse or back connection. Shell access to a server and you know the root login credentials but no SSH or any other means
ReadAugust 26, 2015
[Python] Making Your Own Google Scraper & Mass Exploiter
In this Step by Step Tutorial, I'll show you how to make your own Google Scraper (Dork Scanner) and Mass Vulnerability Scanner / Exploiter in Python. Why Python? .. Because Why not ? Simplicity Efficiency Extensibility Cross-Platform Runability Best Community.
Read