what you don't know can hurt you
Showing 1 - 25 of 81 RSS Feed

Files from Bobby Cooke

Real NameBobby Cooke
Email addressprivate
First Active2019-12-13
Last Active2021-09-17
View User Profile

Personal Background

Just a dude who's passionate about infosec.


Library Management System 1.0 SQL Injection
Posted Sep 17, 2021
Authored by Bobby Cooke, Adeeb Shah

Library Management System version 1.0 suffers from a remote blind time-based SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | d1b3bec04564901a9e4024f4c99cae47
GetSimple CMS Custom JS 0.1 CSRF / XSS / Code Execution
Posted May 2, 2021
Authored by Bobby Cooke, Abhishek Joshi

The Custom JS plugin version 0.1 for GetSimple CMS suffers from a cross site request forgery vulnerability that allows remote unauthenticated attackers to inject arbitrary client-side code into authenticated administrators browsers, which results in remote code execution on the hosting server, when an authenticated administrator visits a malicious third party website.

tags | exploit, remote, arbitrary, code execution, csrf
MD5 | f84e4d61a61db6947381a07172b5af44
Windows/x64 Inject All Processes With Meterpreter Reverse Shell Shellcode
Posted May 2, 2021
Authored by Bobby Cooke

655 bytes small 64-bit Windows 10 shellcode that injects all processes with Meterpreter reverse shells.

tags | shell, shellcode
systems | windows
MD5 | 75a126bd35170b68365261ae4f904c66
Windows/x64 Dynamic Null-Free WinExec PopCalc Shellcode
Posted May 2, 2021
Authored by Bobby Cooke

205 bytes small 64-bit Windows 10 shellcode that dynamically resolves the base address of kernel32.dll via PEB and ExportTable method. It contains no null bytes (0x00), and therefore will not crash if injected into typical stack buffer overflow vulnerabilities.

tags | overflow, vulnerability, shellcode
systems | windows
MD5 | 02563e617ae846cbf28e476c3c33e2a9
Windows/x64 Dynamic NoNull Add RDP Admin Shellcode
Posted May 2, 2021
Authored by Bobby Cooke

387 bytes small 64-bit Windows 10 shellcode that adds user BOKU:SP3C1ALM0V3 to the system and the localgroups. Shellcode must be executed from a process with either a HIGH or SYSTEM integrity level.

tags | shellcode
systems | windows
MD5 | 6df3a5415bbadd51489ca198606490f1
GetSimple CMS My SMTP Contact 1.1.1 CSRF/ XSS / Code Execution
Posted Apr 23, 2021
Authored by Bobby Cooke

GetSimple CMS My SMTP Contact plugin versions 1.1.1 and below cross site request forgery to persistent cross site scripting to remote code execution exploit.

tags | exploit, remote, code execution, xss, csrf
MD5 | 931e4a8e898c36150bfb22c1e2de3963
GetSimple CMS My SMTP Contact 1.1.1 CSRF / Remote Code Execution
Posted Apr 16, 2021
Authored by Bobby Cooke

GetSimple CMS My SMTP Contact plugin versions 1.1.1 and below cross site request forgery to remote code execution exploit.

tags | exploit, remote, code execution, csrf
MD5 | 7d48adbe7385fbb2fa16170c86231d41
GetSimple CMS 3.3.16 Cross Site Scripting / Shell Upload
Posted Mar 30, 2021
Authored by Bobby Cooke

GetSimple CMS version 3.3.16 cross site scripting to remote shell upload exploit.

tags | exploit, remote, shell, xss
advisories | CVE-2020-23839
MD5 | 3c1d773d613339fb004324bead97e042
House Rental 1.0 SQL Injection
Posted Nov 25, 2020
Authored by Bobby Cooke, hyd3sec

House Rental version 1.0 remote SQL injection exploit that leverages the keywords variable.

tags | exploit, remote, sql injection
MD5 | c74de0bcdcb478a0ebbca36dac706cc0
CloudMe 1.11.2 Buffer Overflow
Posted Sep 29, 2020
Authored by hyp3rlinx, Bobby Cooke

CloudMe version 1.11.2 exploit that uses MSVCRT.System to create a new user (boku:0v3R9000!) and add the new user to the Administrators group. A requirement of successful exploitation is the CloudMe.exe process must be running as administrator.

tags | exploit, overflow
advisories | CVE-2018-6892
MD5 | ee00ae19cbee8ea397dcd21d71b0c0f1
Tailor MS 1.0 Cross Site Scripting
Posted Sep 15, 2020
Authored by Bobby Cooke, hyd3sec

Tailor MS version 1.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 8b140ec9d3e79e50039c0fd163119144
GetSimple CMS Multi User 1.8.2 Cross Site Request Forgery
Posted Aug 13, 2020
Authored by Bobby Cooke, hyd3sec

GetSimple CMS Multi User plugin version 1.8.2 suffers from multiple cross site request forgery vulnerabilities.

tags | exploit, vulnerability, csrf
MD5 | b7868197fa770b7cffbd822964b7f528
Travel Management System 1.0 Remote Code Execution
Posted Aug 11, 2020
Authored by Bobby Cooke, hyd3sec

Travel Management System version 1.0 unauthenticated remote code execution exploit.

tags | exploit, remote, code execution
MD5 | 481e294a5c3b19ae9308d1e27f22aece
Travel Management System 1.0 SQL Injection
Posted Aug 11, 2020
Authored by Bobby Cooke, hyd3sec

Travel Management System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

tags | exploit, remote, sql injection
MD5 | c518e2efaa06ce2e1007f8bacde5aec9
Warehouse Inventory System 1.0 Cross Site Request Forgery
Posted Aug 10, 2020
Authored by Bobby Cooke, hyd3sec

Warehouse Inventory System version 1.0 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
MD5 | 01290f1430fc0c874d2441c5bbeb39f0
Tailor MS 1.0 Cross Site Scripting
Posted Aug 10, 2020
Authored by Bobby Cooke, hyd3sec

Tailor MS version 1.0 reflected cross site scripting key logger exploit.

tags | exploit, xss
MD5 | e7c6a76445ffac2108a614abbaec5d98
BarracudaDrive 6.5 Local Privilege Escalation
Posted Aug 10, 2020
Authored by Bobby Cooke, hyd3sec

BarracudaDrive version 6.5 suffers from a privilege escalation vulnerability.

tags | exploit
MD5 | 46d297f212c73f78372745c92dba3e78
House Rental 1.0 SQL Injection
Posted Aug 10, 2020
Authored by Bobby Cooke, hyd3sec

House Rental version 1.0 SQL injection exploit that changes the administrative password. Written in python.

tags | exploit, sql injection, python
MD5 | 4835e335cf4e574990008b7767ccd72a
Car Rental Management System 1.0 Cross Site Scripting
Posted Aug 7, 2020
Authored by Bobby Cooke

Car Rental Management System version 1.0 unauthenticated persistent cross site scripting session harvester exploit.

tags | exploit, xss
MD5 | af3f86a5e983da7361832c54ce227ebd
Stock Management System 1.0 Cross Site Request Forgery
Posted Aug 3, 2020
Authored by Bobby Cooke

Stock Management System version 1.0 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
MD5 | 3c5b73ade86e8add863d011533c5b13b
Stock Management System 1.0 Cross Site Scripting
Posted Aug 3, 2020
Authored by Bobby Cooke

Stock Management System version 1.0 cross site scripting credential harvesting exploit.

tags | exploit, xss
MD5 | e446b8905eecb3fea89495e9af42d485
Online Bike Rental 1.0 Shell Upload
Posted Aug 1, 2020
Authored by Bobby Cooke, hyd3sec

Online Bike Rental version 1.0 suffers from an authenticated remote shell upload vulnerability.

tags | exploit, remote, shell
MD5 | c24d92ba32b907f53df823c312feb8d2
Daily Tracker System 1.0 SQL Injection
Posted Jul 31, 2020
Authored by Bobby Cooke, hyd3sec

Daily Tracker System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

tags | exploit, remote, sql injection
advisories | CVE-2020-24193
MD5 | 4f5a24a83647c98bdc4387fb5214ec35
LibreHealth 2.0.0 Remote Code Execution
Posted Jul 27, 2020
Authored by Bobby Cooke

LibreHealth version 2.0.0 authenticated remote code execution exploit.

tags | exploit, remote, code execution
MD5 | c21b4b511f291e76d1d84cb98e90cd06
LibreHealth 2.0.0 Remote Code Execution
Posted Jul 20, 2020
Authored by Bobby Cooke

LibreHealth version 2.0.0 authentication remote code execution exploit that leverages file upload.

tags | exploit, remote, code execution, file upload
MD5 | fdb429c0607ceadf1536570f0e8ac8d9
Page 1 of 4
Back1234Next

File Archive:

September 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    14 Files
  • 2
    Sep 2nd
    19 Files
  • 3
    Sep 3rd
    9 Files
  • 4
    Sep 4th
    1 Files
  • 5
    Sep 5th
    2 Files
  • 6
    Sep 6th
    3 Files
  • 7
    Sep 7th
    12 Files
  • 8
    Sep 8th
    22 Files
  • 9
    Sep 9th
    17 Files
  • 10
    Sep 10th
    19 Files
  • 11
    Sep 11th
    3 Files
  • 12
    Sep 12th
    2 Files
  • 13
    Sep 13th
    15 Files
  • 14
    Sep 14th
    16 Files
  • 15
    Sep 15th
    15 Files
  • 16
    Sep 16th
    7 Files
  • 17
    Sep 17th
    13 Files
  • 18
    Sep 18th
    2 Files
  • 19
    Sep 19th
    2 Files
  • 20
    Sep 20th
    14 Files
  • 21
    Sep 21st
    20 Files
  • 22
    Sep 22nd
    28 Files
  • 23
    Sep 23rd
    13 Files
  • 24
    Sep 24th
    10 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close