what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 78 RSS Feed

Files from Akastep

First Active2011-01-02
Last Active2015-03-17
Applicure Dotdefender WAF 5.13-13282 Cross Site Scripting
Posted Mar 17, 2015
Authored by Akastep

Applicure Dotdefender WAF versions 5.13-13282 and below suffer from a persistent cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | d05822677796f7d42a5885b32d014b3e46f07144db1a28c4abd29b4ef4b5fb85
Protecting IIS With Apache Mod Proxy And Dotdefender WAF
Posted Mar 17, 2015
Authored by Akastep

This is a whitepaper discussing using Apache with mod_proxy and Dotdefender to protect IIS installs. Written in Azerbaijani.

tags | paper
SHA-256 | d05d7429ea70363cecca14474d2edcf047db67733e981e02c510f7d4967caf65
NETIS DL4322D XSS / CSRF / DoS
Posted Oct 16, 2014
Authored by Akastep

NETIS DL4322D 300Mbps Wireless N ADSL2+ modem router suffers from cross site request forgery, cross site scripting, and denial of service vulnerabilities.

tags | exploit, denial of service, vulnerability, xss, info disclosure, csrf
SHA-256 | b0c14dece0ef955428e9b6e9f570ca06da3ba8d664cbb649ec238a4e2091226d
EaseUS Todo Backup 5.8.0.0 Hardcoded Password
Posted Mar 20, 2014
Authored by Akastep

EaseUS Todo Backup version 5.8.0.0 comes with a hardcoded administrative password that is a potential backdoor.

tags | exploit
SHA-256 | 0cc6d6d41811254e9e104cbf690cb20d99997fc1e10e662ae84fce53fa90ec43
Basic Authentication Bruteforcer
Posted Mar 16, 2014
Authored by Akastep

This is a php script for brute forcing basic authentication. Takes a word list as input.

tags | cracker, php
SHA-256 | 2c34929a4ee75e635f22f8cd534b8efd1b01310758d6e71dc4bf7d43ccbfac8f
WordPress LayerSlider 4.6.1 CSRF / Traversal
Posted Mar 11, 2014
Authored by Akastep

WordPress LayerSlider plugin version 4.6.1 suffers from cross site request forgery and directory traversal vulnerabilities.

tags | exploit, vulnerability, file inclusion, csrf
SHA-256 | ee946745fef274d92410d3a5ad6ce3b5a599ed334d2b42371eea610f180683d6
MiniWeb (Build 300) Arbitrary File Upload
Posted Aug 14, 2013
Authored by Akastep, Brendan Coles | Site metasploit.com

This Metasploit module exploits a vulnerability in MiniWeb HTTP server (build 300). The software contains a file upload vulnerability that allows an unauthenticated remote attacker to write arbitrary files to the file system. Code execution can be achieved by first uploading the payload to the remote machine as an exe file, and then upload another mof file, which enables WMI (Management Instrumentation service) to execute the uploaded payload. Please note that this module currently only works for Windows before Vista.

tags | exploit, remote, web, arbitrary, code execution, file upload
systems | windows
advisories | OSVDB-92198, OSVDB-92200
SHA-256 | b4d11d94bdfda21fed51296f5789bea65f23c1f03f5b7bd525895268f5a560b0
RootPanel SQL Injection
Posted Jul 22, 2013
Authored by Akastep

RootPanel suffers from a remote SQL injection vulnerability that allows for account takeover.

tags | exploit, remote, sql injection
SHA-256 | 3b0a2b15e86e26905ee913231acbaecfa5ddc1f2eefcea4109cfc8734f8e8c13
InstantCMS 1.6 Remote PHP Code Execution
Posted Jul 3, 2013
Authored by Akastep | Site metasploit.com

This Metasploit module exploits an arbitrary php command execution vulnerability, because of a dangerous use of eval(), in InstantCMS versions 1.6.

tags | exploit, arbitrary, php
SHA-256 | f892f3ba804eed45332252715f4d92a0ebdcd7ca8371e0832ec7162473120f06
InstantCMS 1.6 Code Execution
Posted Jun 26, 2013
Authored by Akastep

InstantCMS version 1.6 remote PHP code execution exploit that spawns a reverse shell.

tags | exploit, remote, shell, php, code execution
SHA-256 | 58c5a918b42d3c4c9947890483bf68e4a4eea813701b686f794e5f548a9a717d
Avira Personal Privilege Escalation
Posted May 12, 2013
Authored by Akastep

Avira Personal appears to suffer from a privilege escalation vulnerability.

tags | exploit
SHA-256 | eaf724f00a57c953aa68cb8bf5bf660c22076238cbf4e3a71e4f2c63cd81df8a
MiniWeb File Upload / Directory Traversal
Posted Apr 9, 2013
Authored by Akastep

MiniWeb build 300 suffers from remote arbitrary file upload and directory traversal vulnerabilities.

tags | exploit, remote, arbitrary, vulnerability, file inclusion, file upload
SHA-256 | a57a2db6fe50d9e301599498e605af858c7f62b49d0e6f59f1d1c1a196cf857a
Easy FTP Server 1.7.0.2 Denial Of Service
Posted Apr 6, 2013
Authored by Akastep

Easy FTP Server version 1.7.0.2 CPU consumption denial of service exploit that causes the condition when sending a POST request with an empty body. Written in AutoIT.

tags | exploit, denial of service
SHA-256 | 5444040cb0c0fc5ebba94c6715a808fd92aca58033ee9f78ebbb2646a8c9747e
SmallFTPd 1.0.3 Denial Of Service
Posted Apr 3, 2013
Authored by Akastep

SmallFTPd version 1.0.3 denial of service exploit that is written in AutoIT.

tags | exploit, denial of service
SHA-256 | 490e57206bbfaabcb311fd30eaeb013e30240b0f0f106cd454c6062b57aa06e9
TinyWeb 1.93 Denial Of Service
Posted Apr 1, 2013
Authored by Akastep

TinyWeb version 1.93 remote denial of service exploit.

tags | exploit, remote, denial of service
SHA-256 | 242e36e9ce450ee2d014a6cc29e51d1b091945a978d90246115388bd0ba9453a
ClipShare 4.1.4 SQL Injection / Plaintext Password
Posted Mar 14, 2013
Authored by Akastep

ClipShare version 4.1.4 suffers from remote blind SQL injection and plaintext password vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
SHA-256 | a568735b6f3205c221aee116bd737215c0b537dd6bb646bc342ef61168392866
Glossword 1.8.12 Arbitrary File Upload
Posted Feb 26, 2013
Authored by Akastep, Brendan Coles | Site metasploit.com

This Metasploit module exploits a file upload vulnerability in Glossword versions 1.8.8 through 1.8.12 when run as a standalone application. This application has an upload feature that allows an authenticated user with administrator roles to upload arbitrary files to the 'gw_temp/a/' directory.

tags | exploit, arbitrary, file upload
advisories | OSVDB-89960
SHA-256 | 6a00fc56bffca149e62d8602fbecdb81bf01e94e53c11f7eba4da3baed5c74a4
CKEditor 4.0.1 CSRF / XSS / Path Disclosure
Posted Feb 19, 2013
Authored by Akastep

CKEditor version 4.0.1 suffers from cross site request forgery, cross site scripting, and path disclosure vulnerabilities.

tags | exploit, vulnerability, xss, file inclusion, info disclosure, csrf
SHA-256 | 2c20ce891948eae0f4f51822b52a5828b5323feb467a4e2335e8e988ab6aa4ce
Glossword 1.8.12 XSS / CSRF / Shell Upload / Database Disclosure
Posted Feb 3, 2013
Authored by Akastep

Glossword version 1.8.12 suffers from database backup disclosure, cross site request forgery, cross site scripting, and remote shell upload vulnerabilities.

tags | exploit, remote, shell, vulnerability, xss, csrf
SHA-256 | 2d5417850fab055452a54292f538cc5ad51a4ade48693dde348bc6cc0b306a79
Glossword 1.8.3 SQL Injection
Posted Feb 3, 2013
Authored by Akastep

Glossword version 1.8.3 remote SQL injection exploit written in AutoIT.

tags | exploit, remote, sql injection
SHA-256 | b1647adab7c95838d52a37152ef0a824efa23e82e75330c6ada125d53919fbdf
PHP Weby Directory Software 1.2 SQL Injection / Cross Site Request Forgery
Posted Jan 25, 2013
Authored by Akastep

PHP Weby Directory Software version 1.2 suffers from cross site request forgery and remote blind SQL injection vulnerabilities.

tags | exploit, remote, php, vulnerability, sql injection, csrf
SHA-256 | 572d1b20768e8331c2b66eac4d6d1dc5cfdf85fc241f40af5ca5afd11e3ac57f
Weboptima CMS Add Administrator / Shell Upload
Posted Jan 23, 2013
Authored by Akastep

Weboptima CMS suffers from add administrator and remote shell upload vulnerabilities.

tags | exploit, remote, shell, vulnerability, add administrator
SHA-256 | fc99f270ff007095d824949c224a7ce7178b34040bce8b1aaa503770f5db42fc
PHP-Charts 1.0 PHP Code Execution
Posted Jan 20, 2013
Authored by Akastep | Site metasploit.com

This Metasploit module exploits a PHP code execution vulnerability in php-Charts version 1.0 which could be abused to allow users to execute arbitrary PHP code under the context of the webserver user. The 'url.php' script calls eval() with user controlled data from any HTTP GET parameter name.

tags | exploit, web, arbitrary, php, code execution
advisories | OSVDB-89334
SHA-256 | 86b5c1161bf85a443f8e4b8508791a0ee94d2cdae006c712017aee8069f71402
PHP Charts 1.0 Code Execution
Posted Jan 16, 2013
Authored by Akastep

PHP Charts version 1.0 suffers from a remote code execution vulnerability.

tags | exploit, remote, php, code execution
SHA-256 | 64dbb04aef88e5fb2954ee4818a1aac7de41ecf55f1212bd08d0eddd49109241
Business Solutions CMS Add Admin
Posted Jan 10, 2013
Authored by Akastep

Business Solutions CMS add administrator exploit that does not require authentication.

tags | exploit
SHA-256 | fa6b20834c1535c6a89139a7f3194efde7fe3bb133b1ffaf7e80a747ce527856
Page 1 of 4
Back1234Next

File Archive:

December 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    2 Files
  • 2
    Dec 2nd
    12 Files
  • 3
    Dec 3rd
    0 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    14 Files
  • 6
    Dec 6th
    18 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close