Code16 is a compilation of notes from research performed by Cody16. This issue discusses setting up your browser with extensions for inspection of payloads while pentesting, fuzzing, and more.
dcdbad11d4199df8034996d251435301
Code16 is a compilation of notes from research performed by Cody16. This issue discusses creating web modules for Metasploit, a mass scanner for WordPress plugins, Learning Arduino, and more.
3dc7de3a1510e8929e532e7ea94698de
Code16 is a compilation of notes from research performed by Cody16. This issue discusses creating web modules for Metasploit and more.
37e9cde49e5ddf663379d345d4abcce3
Code16 is a compilation of notes from research performed by Cody16. This issue discusses exploring heap overflows and more.
69a5018313932a09abe01bb1cf8ab55f
Symantec Web Gateway version 5.0.2.8 pre-authentication remote code execution exploit.
4626e1e8d0204fec4863f5b78c64b0a5
NagiosXL version 5.6.11 post authentication orderby parameter remote SQL injection exploit.
af00914d51be1605d7261a4e4640d262
Centreon version 19.11 post authentication acl_res_name parameter remote SQL injection vulnerability.
dbfffa02418a8f8265e03ea289bcae42
NagiosXI version 5.6.11 post authentication start, end, and step parameter remote code execution exploit.
03df490fde128bbcbed70d7a7cbbf943
Symantec Web Gateway version 5.0.2.8 post authentication remote code execution exploit.
c88d1355f7cf9690236ca64c4866aaac
NagiosXI version 5.6.11 post authentication address parameter remote code execution exploit.
92ef7b4ba5ce159306931d3e4c660d97
This is a whitepaper tutorial that describes steps taken to identify post-authentication remote SQL injection vulnerabilities in Centreon version 19.10-3.el7.
dbac0cf531ae47db48c0dc6c68b92930
This is a whitepaper tutorial that describes steps taken to identify post-authentication remote code execution vulnerabilities in Symantec Web Gateway version 5.0.2.8.
abc6efe48f42679d3df8d10a4ab60e49
This is a whitepaper tutorial that describes steps taken to identify post-authentication remote code execution vulnerabilities in ManageEngine version 14.
361d79554df5c1c70d3bd1a4ab11c9d7
This is a whitepaper tutorial that describes steps taken to identify post-authentication remote command execution vulnerabilities in NagiosXI version 5.6.11.
73a519ae9906fa675e36f00d2ae34802
This is a whitepaper tutorial that walks through creating a proof of concept exploit for a pre-authentication remote command execution vulnerability in Symantec Web Gateway version 5.0.2.8.
e3a2193e793902cf582aa14cc8f1a1ee
This is a whitepaper tutorial that walks through creating a proof of concept exploit for a remote command execution vulnerability in NagiosXI version 5.6.
af4fa3179a109a0ef5f00713c259a926
This whitepaper documents a walk through that describes the steps taken to identify a remote code execution vulnerability in multiOTP version 5.0.4.4.
168865d3c5de4d20e8f3595f40cf8679
Zen Load Balancer version 3.10.1 suffers from a remote code execution vulnerability.
8a94b04383ba5845668af5b40ea1572f
This whitepaper is a quick tutorial on pentesting the Zen load balancer.
861099cc2be81725b83792a18b56b14b
VA MAX version 8.3.4 suffers from a post-authentication remote code execution vulnerability.
2f7f205175ffba97f02f89ae90c1840a
Zoho ManageEngine Applications Manager version 13 suffers from multiple post-authentication remote SQL injection vulnerabilities.
8115dc4d1bf7c179bd4ceb7ff2fb80df
This Metasploit module exploits a command injection vulnerability in the Trend Micro IMSVA product. An authenticated user can execute a terminal command under the context of the web server user which is root. Besides, default installation of IMSVA comes with a default administrator credentials. WizardSetting_sys.imss endpoint takes several user inputs and performs LAN settings. After that it use them as argument of predefined operating system command without proper sanitation. It's possible to inject arbitrary commands into it. InterScan Messaging Security prior to 9.1.-1600 affected by this issue.
7eadfd94788e579c42212511e87507fe
This proof of concept code shows how manager functionality can be abused in ModX CMS to upload a shell.
4a9e82ae99c6a9dbf9554d110145a1a4
RealPlayer version 18.1.7.344 suffers from memory corruption vulnerabilities.
016abfd3fbb9683bb3cb4c4d5b774f1e
This proof of concept code shows how administrator functionality can be abused in Joomla to upload a shell.
5342f1f41088abee2af959b87cbce235