exploit the possibilities

Register | Login

FilesNewsUsersAuthors

Home Files News &[SERVICES_TAB]About Contact Add New

Showing 1 - 3 of 3

Files from Julien Voisin

MantisBT Password Reset

Posted Aug 31, 2024

Authored by John Page, Julien Voisin | Site metasploit.com

MantisBT before 1.3.10, 2.2.4, and 2.3.1 are vulnerable to unauthenticated password reset.

tags | exploit

advisories | CVE-2017-7615

SHA-256 | b841a48022b6fff1808993ef21d4fbe8a00fa654f48327de4ebf89027be87ffc

Download | Favorite | View

SPIP 4.2.12 Remote Code Execution

Posted Aug 22, 2024

Authored by Valentin Lobstein, Laluka, Julien Voisin | Site metasploit.com

This Metasploit module exploits a remote code execution vulnerability in SPIP versions up to and including 4.2.12. The vulnerability occurs in SPIP's templating system where it incorrectly handles user-supplied input, allowing an attacker to inject and execute arbitrary PHP code. This can be achieved by crafting a payload manipulating the templating data processed by the echappe_retour() function, invoking traitements_previsu_php_modeles_eval(), which contains an eval() call.

tags | exploit, remote, arbitrary, php, code execution

SHA-256 | 220b4c7418ac511ddb8ab8d9f4dfe87f0368c9ca91b9699fa9d3b9a0c425f434

Download | Favorite | View

SPIP Remote Command Execution

Posted Apr 18, 2023

Authored by coiffeur, Laluka, Julien Voisin | Site metasploit.com

This Metasploit module exploits a PHP code injection in SPIP. The vulnerability exists in the oubli parameter and allows an unauthenticated user to execute arbitrary commands with web user privileges. Branches 3.2, 4.0, 4.1 and 4.2 are concerned. Vulnerable versions are below 3.2.18, below 4.0.10, below 4.1.18 and below 4.2.1.

tags | exploit, web, arbitrary, php

advisories | CVE-2023-27372

SHA-256 | da36b42d35a291178bebac45397335e931352a6a022f64275dfb7fc469079f1f

Download | Favorite | View