exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 30 RSS Feed

Files from Andrey Stoykov

First Active2019-07-15
Last Active2024-10-29
Booked Scheduler 2.8.5 Cross Site Scripting / Open Redirection
Posted Oct 29, 2024
Authored by Andrey Stoykov

Booked Scheduler version 2.8.5 suffers from cross site scripting and open redirection vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | d3d9005e2a6e24e94ad011793b6cdb8a9d7d946e48d81aeec76d221cdc3c47d9
htmly 2.9.9 Cross Site Scripting
Posted Sep 19, 2024
Authored by Andrey Stoykov | Site msecureltd.blogspot.com

htmly version 2.9.9 suffers from multiple persistent cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | b19a6a9192ab7fdb974bbaace4e6310aa155520d7f2a2c087e43a0e209b862b0
HTMLy 2.9.9 Cross Site Scripting
Posted Sep 17, 2024
Authored by Andrey Stoykov | Site msecureltd.blogspot.com

HTMLy version 2.9.9 suffers from a persistent cross site scripting vulnerability that can lead to account takeover.

tags | exploit, xss
SHA-256 | 6bb08fb3fda4692b34b179dbafc8e6a3f67eca89052852c0d0f06bb6f11cdaa8
Simple Machines Forum 2.1.4 Code Injection
Posted Aug 20, 2024
Authored by Andrey Stoykov

Simple Machines Forum version 2.1.4 suffers from an authenticated code injection vulnerability.

tags | exploit
SHA-256 | 5b1fd0910e2bd48c0826ea39984cc8e3a3f91f47ca1adbd1800aace768d2f620
Dolphin 7.4.2 Blind SQL Injection
Posted Aug 5, 2024
Authored by Andrey Stoykov

Dolphin version 7.4.2 suffers from a remote blind SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 8248fa7dd2014942fa684fcf3a8e321be37bb5444685be1d6befc1212eec50e8
SPA-CART CMS 1.9.0.6 Username Enumeration / Business Logic Flaw
Posted Jun 17, 2024
Authored by Andrey Stoykov

SPA-CART CMS version 1.9.0.6 suffers from business logic and user enumeration flaws.

tags | exploit
SHA-256 | c07ecb52014c29ee2ae79ddc27279f57e1299334d6615202ed7fd43f0bfec058
FengOffice 3.11.1.2 SQL Injection
Posted Jun 10, 2024
Authored by Andrey Stoykov

FengOffice version 3.11.1.2 suffers from a remote blind SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | a4d631d58217a0dbbc02735845f2ba3b26d4f99ae6e147a480b6f0cfcdae05fe
Concrete CMS 9.2.7 Cross Site Scripting / Open Redirect
Posted Apr 11, 2024
Authored by Andrey Stoykov

Concrete CMS version 9.2.7 suffers from information disclosure, open redirection, and persistent cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, info disclosure
SHA-256 | a4e09ec269b6fd6e7d21fa37778ad6cc59fa7c6ed21097b3b6e52c179ba94e14
BoidCMS 2.0.1 Cross Site Scripting
Posted Mar 4, 2024
Authored by Andrey Stoykov

BoidCMS version 2.0.1 suffers from multiple cross site scripting vulnerabilities. Original discovery of cross site scripting in this version is attributed to Rahad Chowdhury in December of 2023, though this advisory provides additional vectors of attack.

tags | exploit, vulnerability, xss
SHA-256 | 399c7d150c74e14ff960b4352508c5f4a2a59bf2bfe1f4f390b71685d91640df
XAMPP 5.6.40 SQL Injection
Posted Mar 4, 2024
Authored by Andrey Stoykov

XAMPP version 5.6.40 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 388ddb4dde51e1972477265a1ca501e1b0ccc13ac7cdae3357edbf821cc9e47b
Adapt CMS 3.0.3 Cross Site Scripting / Shell Upload
Posted Feb 14, 2024
Authored by Andrey Stoykov

Adapt CMS version 3.0.3 suffers from persistent cross site scripting and remote shell upload vulnerabilities.

tags | exploit, remote, shell, vulnerability, xss
SHA-256 | ec4109d350da52c327fa8e68529d724cdbaf75ad4605a394f2c19b7289932d0a
Introduction To Web Pentesting
Posted Aug 2, 2023
Authored by Andrey Stoykov

This archive holds a whitepaper called Introduction to Web Pentesting. It provides basic configuration for Burpsuite Proxy along with basic exploitation cross site scripting, SQL injection, cross site request forgery, and open redirects. Two copies of the whitepaper are included. One is in English and one is in Bulgarian.

tags | paper, web, xss, sql injection, csrf
SHA-256 | 1f0745a5f6bf458420ce54f01247d5149ab58cb8886e6f6c015a8dbfc0d9a6de
Perch CMS 3.2 Cross Site Scripting
Posted Aug 2, 2023
Authored by Andrey Stoykov

Perch CMS version 3.2 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 586bd1206b838db2276e13fced4b53256b8b848641a29e35a78967042d604683
Availability Booking Calendar PHP XSS / Arbitrary File Upload
Posted Jul 26, 2023
Authored by Andrey Stoykov

Availability Booking Calendar PHP suffers from cross site scripting and arbitrary file upload vulnerabilities. This was tested in July of 2023 but it is unclear what versions are affected.

tags | exploit, arbitrary, php, vulnerability, xss, file upload
SHA-256 | e67ac34384ab2be0d18a5bd94e4c7187126859aaf2b755a195aa0c55fd5cf914
WBCE 1.6.1 Cross Site Scripting
Posted Jul 17, 2023
Authored by Andrey Stoykov

WBCE version 1.6.1 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | c17b616715baffae3d84e0d4550487c0ddcd5bf0f23819f9fafe7404baa9ed74
XAMPP 8.2.4 Unquoted Service Path
Posted Jul 12, 2023
Authored by Andrey Stoykov

XAMPP version 8.2.4 suffers from an unquoted service path vulnerability.

tags | exploit
SHA-256 | 013b0dbd256f27abaa69c15d5aeec4553beac733154cfc7e150b3559ea0da2d5
Faculty Evaluation System 1.0 SQL Injection
Posted Jul 10, 2023
Authored by Andrey Stoykov

Faculty Evaluation System version 1.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 7bc59cd66aeba7e9b21206240985c2d932ac5f46cc03f4460693c631b14c393d
myBB forums 1.8.26 Cross Site Scripting
Posted Mar 30, 2023
Authored by Andrey Stoykov

myBB forums version 1.8.26 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 49b4fc9b3db0a04ca44a9ec1d64e1ec281a090a818f848111b735b27147db2e9
Fastly Secret Disclosure
Posted Mar 13, 2023
Authored by Andrey Stoykov

Fastly suffers from the poor practice of sending a temporary password in plaintext.

tags | exploit, info disclosure
SHA-256 | 09181b45538cae9f3688cd0f1f65f20913277a3c96827c11f9df3ad8004ab8bc
Shopify Cross Site Scripting
Posted Mar 13, 2023
Authored by Andrey Stoykov

Shopify suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | dcca389f2f44bc6e6960d4aefe61cbb9c3906a55351986f2a658754795ce9f62
4images 1.9 Remote Command Execution
Posted Dec 22, 2022
Authored by Andrey Stoykov

4images version 1.9 suffers from a remote command execution vulnerability.

tags | exploit, remote
SHA-256 | d876d4e5b40a274d6db099e265423f9f96e10557a0bc7523e13fbd5618f59557
Shoplazza 1.1 Cross Site Scripting
Posted Dec 14, 2022
Authored by Andrey Stoykov

Shoplazza version 1.1 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 45b096fd0c06d29314c47d3820cded151b1d0ea4c399a761b64fcc8eebcca9fe
4images 1.8 SQL Injection
Posted Aug 13, 2021
Authored by Andrey Stoykov

4images version 1.8 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | c9c2aa91ec745bbdba6b1c78ba101be04ed9dc59fee041d1a36097cb86d846a9
Practical PHP Security
Posted Jan 8, 2021
Authored by Andrey Stoykov

Whitepaper called Practical PHP Security.

tags | paper, php
SHA-256 | 197e4ac0326bbfca74f1394ddd7a80a6c26652441548adc45d5fc3339e7c5fd7
CMS Made Simple 2.2.15 Remote Command Execution
Posted Jan 5, 2021
Authored by Andrey Stoykov

CMS Made Simple version 2.2.15 suffers from an authenticated remote command execution vulnerability.

tags | exploit, remote
SHA-256 | f81ab1c1e2ff5e2fa026def00f13ab6e4b6c7c7b23c69a25b39e1e7b1af8c1c3
Page 1 of 2
Back12Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    69 Files
  • 14
    Nov 14th
    0 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close