| Real Name | Bobby Cooke |
|---|---|
| Email address | private |
| First Active | 2019-12-13 |
| Last Active | 2022-12-22 |
286 bytes small macOS/x64 execve Caesar cipher string null-free shellcode.
aa23ac4a240ae6871b72d0723b1c8d4ebded5889ad862b0dd0455f86699c05a2253 bytes small macOS/x64 execve null-free shellcode.
8b589116ca43d93bd39b3f0f87c1530ec372e055ebb8ddff6b021bf288966dd7Library Management System version 1.0 suffers from a remote blind time-based SQL injection vulnerability.
09e215838b64206f4d4119c058c5e284bdd8e98c69dab8b13f7377a4746d602fThe Custom JS plugin version 0.1 for GetSimple CMS suffers from a cross site request forgery vulnerability that allows remote unauthenticated attackers to inject arbitrary client-side code into authenticated administrators browsers, which results in remote code execution on the hosting server, when an authenticated administrator visits a malicious third party website.
37fb00eaa335aa6aa61ddf4f19d244b74484eafd86b630f87d5ad3af340ea879655 bytes small 64-bit Windows 10 shellcode that injects all processes with Meterpreter reverse shells.
9b8f41be48c0a71cc5b34fd0d409faea955538963763a4a5c5ca27e1ec4d2afb205 bytes small 64-bit Windows 10 shellcode that dynamically resolves the base address of kernel32.dll via PEB and ExportTable method. It contains no null bytes (0x00), and therefore will not crash if injected into typical stack buffer overflow vulnerabilities.
6143eebe8156ea982d4ef3362eab1915ca829a3ac99ed38af8a6c4ca2e852a0d387 bytes small 64-bit Windows 10 shellcode that adds user BOKU:SP3C1ALM0V3 to the system and the localgroups. Shellcode must be executed from a process with either a HIGH or SYSTEM integrity level.
0e9ecdb6d32c850a8cd46f1c273c31f8a22128d898a75e6f5be2706159ec67b0GetSimple CMS My SMTP Contact plugin versions 1.1.1 and below cross site request forgery to persistent cross site scripting to remote code execution exploit.
41f7e0ef54e05dad22d7753afc0b084638622f4b9593b685c302c7652a13556cGetSimple CMS My SMTP Contact plugin versions 1.1.1 and below cross site request forgery to remote code execution exploit.
2258d141aff440b13bbfd4362d347becfdafdef8d0b55521c249b9ab20702509GetSimple CMS version 3.3.16 cross site scripting to remote shell upload exploit.
ff447b6110d359109791159d602b028e64b080305d8c9119c22a55bb1534f865House Rental version 1.0 remote SQL injection exploit that leverages the keywords variable.
f3ce405357239bc159864db3af6456bd0791342c989bbfdf3d252560b427b3d3CloudMe version 1.11.2 exploit that uses MSVCRT.System to create a new user (boku:0v3R9000!) and add the new user to the Administrators group. A requirement of successful exploitation is the CloudMe.exe process must be running as administrator.
fa72c3ffb403b1cf08f01966de80e025ee648636329bef78008faa0a5aee32e9Tailor MS version 1.0 suffers from a cross site scripting vulnerability.
e5d3f596826a09594cd3da84dcda261dea5ea9721eb1dcd54f95e306795f8d75GetSimple CMS Multi User plugin version 1.8.2 suffers from multiple cross site request forgery vulnerabilities.
075778612c10f536d4c7290644af4418086d7b993e4b199b7293a0ab52418e5eTravel Management System version 1.0 unauthenticated remote code execution exploit.
ae792bbf40d2a842ca65d8accf25592c3e2dabed687c3b2b2ed5ea3351984110Travel Management System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
760a289450add3ed69ac34686c2ac0875e492c2eaedd8b52cd0215906b35ebdcWarehouse Inventory System version 1.0 suffers from a cross site request forgery vulnerability.
9259a5dd56037ce00a387f69f7055e6c55dbde1233f6394e2f390ff750bc8b9bTailor MS version 1.0 reflected cross site scripting key logger exploit.
24220cad535f63bbf6ab9fb8609e3780a5eb9b381a139bf42293242409ed5b05BarracudaDrive version 6.5 suffers from a privilege escalation vulnerability.
bd93725c180cdafc139079c727d570922f7d871548126bc0ba7bf1843d4f7cb3House Rental version 1.0 SQL injection exploit that changes the administrative password. Written in python.
03add875cfdb342001765974b146763270038bf46f6fe406f0e48df2834e06a7Car Rental Management System version 1.0 unauthenticated persistent cross site scripting session harvester exploit.
b40d22bc3d4f56d3e0cef9a50ef2bae88ee704433658470af06ab12026f23b0aStock Management System version 1.0 suffers from a cross site request forgery vulnerability.
8721d9d0b4fda87f3d87fe69d111a14351e5052fb99acd5d3ea19f598339654bStock Management System version 1.0 cross site scripting credential harvesting exploit.
0aa55b6e25b3a9933f28634730833294cbcfe2ff2ac206b516d5e1c2fa64234aOnline Bike Rental version 1.0 suffers from an authenticated remote shell upload vulnerability.
3df5a1467fc3909370ba828c15f93e72b4265fd87271aa821233dcccaae9f382Daily Tracker System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
a8be4ff2a62d77c301deb8c022913ab021be0ba97c5458a6e843f74c9b13d029
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed