exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 76 RSS Feed

Files from Ozkan Mustafa Akkus

First Active2018-05-22
Last Active2021-10-12
Moodle Admin Shell Upload
Posted Oct 12, 2021
Authored by h00die, Ozkan Mustafa Akkus | Site metasploit.com

This Metasploit module will generate a plugin which can receive a malicious payload request and upload it to a server running Moodle provided valid admin credentials are used. Then the payload is sent for execution, and the plugin uninstalled. You must have an admin account to exploit this vulnerability. Successfully tested against versions 3.6.3, 3.8.0, 3.9.0, 3.10.0, and 3.11.2.

tags | exploit
advisories | CVE-2019-11631
SHA-256 | 8e027d34ac307719476edac910f52b3c1a60df2f19ea4139da74bef6fe99f771
TerraMaster TOS 4.2.06 Remote Code Execution
Posted Dec 23, 2020
Authored by IHTeam, Ozkan Mustafa Akkus | Site metasploit.com

This Metasploit module exploits an unauthenticated command execution vulnerability in TerraMaster TOS version 4.2.06 leveraging include/makecvs.php.

tags | exploit, php
SHA-256 | 1ca4ee63f6107490fe17d396df7f0153a5c29930a496321ceec2101872db5321
ManageEngine Application Manager 14.2 Privilege Escalation / Remote Command Execution
Posted Aug 12, 2019
Authored by Ozkan Mustafa Akkus | Site metasploit.com

This Metasploit module exploits SQL injection and command injection vulnerabilities in the ManageEngine Application Manager versions 14.2 and below.

tags | exploit, vulnerability, sql injection
SHA-256 | e517b45142b3447dbab8ec2a891e10876f6c09291a138de7f5a84363ffe2c8c1
ManageEngine OpManager 12.4x Privilege Escalation / Remote Command Execution
Posted Aug 12, 2019
Authored by Ozkan Mustafa Akkus | Site metasploit.com

This Metasploit module exploits SQL injection and command injection vulnerability in the OpManager versions 12.4.034 and below.

tags | exploit, sql injection
SHA-256 | fc57c3cfc093c3e5df0726909ea0618e1444102b4b8d154f2216ed157bc46225
ManageEngine OpManager 12.4x Remote Command Execution
Posted Aug 12, 2019
Authored by Ozkan Mustafa Akkus | Site metasploit.com

This Metasploit module bypasses the user password requirement in the OpManager versions 12.4.034 and below. It performs authentication bypass and executes commands on the server.

tags | exploit
SHA-256 | 0b10df1665aeb6bf150dfd60da9fbbcaa339ab52f578cd7f8af7b97ef10ca2a8
Webmin 1.920 Remote Code Execution
Posted Aug 12, 2019
Authored by Ozkan Mustafa Akkus | Site metasploit.com

This Metasploit module exploits an arbitrary command execution vulnerability in Webmin versions 1.920 and below. If the password change module is turned on, the unauthenticated user can execute arbitrary commands with root privileges.

tags | exploit, arbitrary, root
SHA-256 | ec772fb6a45fb88e2351faaab0600ee20a86b66126a1ccf91608cd56b9347361
AROX School-ERP Pro Unauthenticated Remote Code Execution
Posted Jun 17, 2019
Authored by Ozkan Mustafa Akkus | Site metasploit.com

This Metasploit module exploits a command execution vulnerability in AROX School-ERP. "import_stud.php" and "upload_fille.php" do not have session control. Session start/check functions in Line 8,9,10 are disabled with slashes. Therefore an unauthenticated user can execute the command on the system.

tags | exploit, php
SHA-256 | f8695970cb9115acc551ef84cf8f3a91d67684104fecb0e75de5899ea5b7a48b
Webmin 1.910 Remote Command Execution
Posted Jun 11, 2019
Authored by Ozkan Mustafa Akkus | Site metasploit.com

This Metasploit module exploits an arbitrary command execution vulnerability in Webmin 1.910 and lower versions. Any user authorized to the "Package Updates" module can execute arbitrary commands with root privileges.

tags | exploit, arbitrary, root
advisories | CVE-2019-12840
SHA-256 | caa352f2bdb2cd2ebe21355770a606a5756d88a75639e90b6ef5f0792ec9e235
PHP-Fusion 9.03.00 Remote Code Execution
Posted May 14, 2019
Authored by Ozkan Mustafa Akkus | Site metasploit.com

This Metasploit module exploits a command execution vulnerability in PHP-Fusion versions 9.03.00 and below. It is possible to execute commands in the system with ordinary user authority.

tags | exploit, php
SHA-256 | f3a52a3d14252043e24c4033fb9468a3f180a732dde81b0cd6a71ae559187ee5
osTicket 1.11 Cross Site Scripting / Local File Inclusion
Posted Apr 25, 2019
Authored by Ozkan Mustafa Akkus

osTicket version 1.11 suffers from cross site scripting and local file inclusion vulnerabilities.

tags | exploit, local, vulnerability, xss, file inclusion
SHA-256 | a3a0c940e3990234b185e1da84523131a41176574735f7fdcd88b7bd105ca85a
ManageEngine Applications Manager 14.0 SQL Injection / Command Injection
Posted Apr 23, 2019
Authored by Ozkan Mustafa Akkus | Site metasploit.com

This Metasploit module exploits SQL injection and command injection vulnerability in the ManageEngine AM versions 14 and below.

tags | exploit, sql injection
advisories | CVE-2019-11469
SHA-256 | bb5aa065425ceff2e56e199ea57ee45786a565ab2e6b71aad1d4ada0423d0544
ManageEngine Applications Manager 14 SQL Injection / Remote Code Execution
Posted Apr 18, 2019
Authored by Ozkan Mustafa Akkus | Site metasploit.com

This Metasploit module exploits SQL injection and command injection vulnerabilities in ManageEngine AM 14 and prior versions. An unauthenticated user can gain the authority of "system" on the server due to the SQL injection vulnerability. The exploit allows the writing of the desired file to the system using the postgresql structure. The module is written over the payload by selecting a file with the extension ".vbs" that is used for monitoring by the ManageEngine which working with "system" authority. In addition, it dumps the users and passwords from the database for us. After the harmful ".vbs" file is written, the shell session may be a bit late.

tags | exploit, shell, vulnerability, sql injection
SHA-256 | 95106466679de2024b9e4469f4bb9b8acabf974bb4ab6e9e3cbc9623f7471fd4
CuteNews 2.1.2 Remote Code Execution
Posted Apr 15, 2019
Authored by Ozkan Mustafa Akkus | Site metasploit.com

This Metasploit module exploits a command execution vulnerability in CuteNews prior to version 2.1.2. The attacker can infiltrate the server through the avatar upload process in the profile area. There is no realistic control of the $imgsize function in "/core/modules/dashboard.php" Header content of the file can be changed and the control can be bypassed. We can use the "GIF" header for this process. An ordinary user is enough to exploit the vulnerability. No need for admin user. The module creates a file for you and allows RCE.

tags | exploit, php
SHA-256 | 623af1c20140392eea85e311d20f5eb4a793c36624f957a81e2e931d894e980c
ATutor file_manager Remote Code Execution
Posted Apr 12, 2019
Authored by Ozkan Mustafa Akkus | Site metasploit.com

This Metasploit module allows the user to run commands on the server with the teacher user privilege. The 'Upload files' section in the 'File Manager' field contains an arbitrary file upload vulnerability.

tags | exploit, arbitrary, file upload
SHA-256 | e818dbce1a6208f6186c65252ddd95a25f1f0b84f2a4a999e93d6590533bfe01
TeemIp IPAM Command Injection
Posted Apr 3, 2019
Authored by Ozkan Mustafa Akkus | Site metasploit.com

This Metasploit module exploits a command injection vulnerability in TeemIp versions prior to 2.4.0. The "new_config" parameter of "exec.php" allows you to create a new PHP file with the exception of config information. The malicious PHP code sent is executed instantaneously and is not saved on the server. The vulnerability can be exploited by an authorized user (Administrator). Module allows remote command execution by sending php payload with parameter 'new_config'.

tags | exploit, remote, php
SHA-256 | 6b23f44b58a78b7d7096bae0b41143c292c72490f68b7275ef4ce25d71e55466
Webmin 1.900 Upload Authenticated Remote Command Execution
Posted Mar 15, 2019
Authored by Ozkan Mustafa Akkus, Ziconius | Site metasploit.com

This Metasploit module exploits an arbitrary command execution vulnerability in Webmin 1.900 and lower versions. Any user authorized to the "Upload and Download" module can execute arbitrary commands with root privileges. In addition, if the Running Processes (proc) privilege is set the user can accurately determine which directory to upload to. Webmin application files can be written/overwritten, which allows remote code execution. The module has been tested successfully with Webmin 1.900 on Ubuntu v18.04.

tags | exploit, remote, arbitrary, root, code execution
systems | linux, ubuntu
SHA-256 | cb30da254f071764bf5594bfe148a729f959e85798593b2141d4d5c66b873f67
Liferay CE Portal Groovy-Console Remote Command Execution
Posted Mar 11, 2019
Authored by Ozkan Mustafa Akkus | Site metasploit.com

This Metasploit module uses the Liferay CE Portal Groovy script console to execute OS commands. The Groovy script can execute commands on the system via a [command].execute() call. Valid credentials for an application administrator user account are required. This module has been tested successfully with Liferay CE Portal Tomcat 7.1.2 ga3 on Debian 4.9.18-1kali1 system.

tags | exploit
systems | linux, debian
SHA-256 | 3f493346c1e9eb0567ff5a73ec406ade5fe2deff6c0f318670247793c4d63a4d
OpenKM Document Management Remote Command Execution
Posted Mar 11, 2019
Authored by Ozkan Mustafa Akkus | Site metasploit.com

This Metasploit module allows the execution of remote commands on the server by creating a malicious JSP file. Module has been tested successfully with OpenKM DM between 6.3.2 and 6.3.7 on Debian 4.9.18-1kali1 system. There is also the possibility of working in lower versions.

tags | exploit, remote
systems | linux, debian
SHA-256 | b484ce434849b0e636117356302856ef9777c0efd7a2a6dcd294dce74e53a4aa
QNAP TS-431 QTS Remote Command Execution
Posted Mar 7, 2019
Authored by Ozkan Mustafa Akkus | Site metasploit.com

This Metasploit module creates a virtual web server and uploads the php payload into it. Admin privileges cannot access any server files except File Station files. The user who is authorized to create Virtual Web Server can upload malicious php file by activating the server. Exploit creates a new directory into File Station to connect to the web server. However, only the "index.php" file is allowed to work in the virtual web server directory. No files can be executed except "index.php". Gives an access error. After the harmful "index.php" has been uploaded, the shell can be retrieved from the server. There is also the possibility of working in higher versions. Affects versions prior to 4.2.2.

tags | exploit, web, shell, php
SHA-256 | 712e61a13313ebb126b64c908b54585d5ae2d8054cbfe62c42977aa9f74c1068
Booked Scheduler 2.7.5 Remote Command Execution
Posted Mar 5, 2019
Authored by Ozkan Mustafa Akkus | Site metasploit.com

This Metasploit module exploits a file upload vulnerability Booked 2.7.5. In the "Look and Feel" section of the management panel, you can modify the Logo-Favico-CSS files. Upload sections has file extension control except favicon part. You can upload the file with the extension you want through the Favicon field. The file you upload is written to the main directory of the site under the name "custom-favicon". After you upload the php payload to the main directory, the exploit executes the payload and receives a shell.

tags | exploit, shell, php, file upload
SHA-256 | fd1000e5cac89ace858ec8875c56402a580102eca4787adce2c81e8909ed4842
Feng Office 3.7.0.5 Remote Command Execution
Posted Feb 28, 2019
Authored by Ozkan Mustafa Akkus | Site metasploit.com

This Metasploit module exploits an arbitrary file upload vulnerability in Feng Office version 3.7.0.5. The application allows unauthenticated users to upload arbitrary files. There is no control of any session. All files are sent under /tmp directory. The .htaccess file under the /tmp directory prevents files with the php, php2, and php3 extensions. This exploit creates the php payload and moves the payload to the main directory via shtml. After moving the php payload to the main directory, the exploit executes payload and receives a shell.

tags | exploit, arbitrary, shell, php, file upload
SHA-256 | a940da2e6fa296310cce651b821c9fdf8c7a9ec1bb8147e392837045d45532aa
Usermin 1.750 Remote Command Execution
Posted Feb 28, 2019
Authored by Ozkan Mustafa Akkus | Site metasploit.com

This Metasploit module exploits an arbitrary command execution vulnerability in Usermin 1.750 and lower versions. This vulnerability has the same characteristics as the Webmin 1.900 RCE.

tags | exploit, arbitrary
SHA-256 | 505ea2f8624f6e3310d6adcbed739f255d5848596538d08bca4e2634ea2ba8d5
Jenkins 2.150.2 Remote Command Execution Via Node JS
Posted Feb 12, 2019
Authored by Ozkan Mustafa Akkus | Site metasploit.com

This Metasploit module can run commands on the system using Jenkins users who has JOB creation and BUILD privileges. The vulnerability is exploited by a small script prepared in NodeJS. The sh parameter allows us to run commands. Sample script: node { sh "whoami" } In addition, ANONYMOUS users also have the authority to JOB create and BUILD by default. Therefore, all users without console authority can run commands on the system as root privilege.

tags | exploit, root
SHA-256 | 8ea53be5af0483c2c3d30fcac65026e3a286197d419ceee4de6b5bf2f1cabbcc
SirsiDynix e-Library 3.5.x Cross Site Scripting
Posted Jan 24, 2019
Authored by Ozkan Mustafa Akkus

SirsiDynix e-Library version 3.5.x suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2018-20503
SHA-256 | ff68cc093cad71b3daf1be92223c3d972c0471970400b0371cd0c0dce3e39c4d
Webmin 1.900 Remote Command Execution
Posted Jan 18, 2019
Authored by Ozkan Mustafa Akkus | Site metasploit.com

This Metasploit module exploits an arbitrary command execution vulnerability in Webmin versions 1.900 and below. Any user authorized to the "Java file manager" and "Upload and Download" fields, to execute arbitrary commands with root privileges. In addition, "Running Processes" field must be authorized to discover the directory to be uploaded. A vulnerable file can be printed on the original files of the Webmin application. The vulnerable file we are uploading should be integrated with the application. Therefore, a ".cgi" file with the vulnerability belong to webmin application should be used. The module has been tested successfully with Webmin version 1.900 over Debian 4.9.18.

tags | exploit, java, arbitrary, cgi, root
systems | linux, debian
SHA-256 | 220bdda523afcc7f1ded8735ea03ed18dad447ecbc6744a6c32035e4ce3c5dfe
Page 1 of 4
Back1234Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close