what you don't know can hurt you

Register | Login

FilesNewsUsersAuthors

Home Files News &[SERVICES_TAB]About Contact Add New

Showing 1 - 23 of 23

Files from Andrey Stoykov

Concrete CMS 9.2.7 Cross Site Scripting / Open Redirect

Posted Apr 11, 2024

Authored by Andrey Stoykov

Concrete CMS version 9.2.7 suffers from information disclosure, open redirection, and persistent cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, info disclosure

SHA-256 | a4e09ec269b6fd6e7d21fa37778ad6cc59fa7c6ed21097b3b6e52c179ba94e14

Download | Favorite | View

BoidCMS 2.0.1 Cross Site Scripting

Posted Mar 4, 2024

Authored by Andrey Stoykov

BoidCMS version 2.0.1 suffers from multiple cross site scripting vulnerabilities. Original discovery of cross site scripting in this version is attributed to Rahad Chowdhury in December of 2023, though this advisory provides additional vectors of attack.

tags | exploit, vulnerability, xss

SHA-256 | 399c7d150c74e14ff960b4352508c5f4a2a59bf2bfe1f4f390b71685d91640df

Download | Favorite | View

XAMPP 5.6.40 SQL Injection

Posted Mar 4, 2024

Authored by Andrey Stoykov

XAMPP version 5.6.40 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection

SHA-256 | 388ddb4dde51e1972477265a1ca501e1b0ccc13ac7cdae3357edbf821cc9e47b

Download | Favorite | View

Adapt CMS 3.0.3 Cross Site Scripting / Shell Upload

Posted Feb 14, 2024

Authored by Andrey Stoykov

Adapt CMS version 3.0.3 suffers from persistent cross site scripting and remote shell upload vulnerabilities.

tags | exploit, remote, shell, vulnerability, xss

SHA-256 | ec4109d350da52c327fa8e68529d724cdbaf75ad4605a394f2c19b7289932d0a

Download | Favorite | View

Introduction To Web Pentesting

Posted Aug 2, 2023

Authored by Andrey Stoykov

This archive holds a whitepaper called Introduction to Web Pentesting. It provides basic configuration for Burpsuite Proxy along with basic exploitation cross site scripting, SQL injection, cross site request forgery, and open redirects. Two copies of the whitepaper are included. One is in English and one is in Bulgarian.

tags | paper, web, xss, sql injection, csrf

SHA-256 | 1f0745a5f6bf458420ce54f01247d5149ab58cb8886e6f6c015a8dbfc0d9a6de

Download | Favorite | View

Perch CMS 3.2 Cross Site Scripting

Posted Aug 2, 2023

Authored by Andrey Stoykov

Perch CMS version 3.2 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss

SHA-256 | 586bd1206b838db2276e13fced4b53256b8b848641a29e35a78967042d604683

Download | Favorite | View

Availability Booking Calendar PHP XSS / Arbitrary File Upload

Posted Jul 26, 2023

Authored by Andrey Stoykov

Availability Booking Calendar PHP suffers from cross site scripting and arbitrary file upload vulnerabilities. This was tested in July of 2023 but it is unclear what versions are affected.

tags | exploit, arbitrary, php, vulnerability, xss, file upload

SHA-256 | e67ac34384ab2be0d18a5bd94e4c7187126859aaf2b755a195aa0c55fd5cf914

Download | Favorite | View

WBCE 1.6.1 Cross Site Scripting

Posted Jul 17, 2023

Authored by Andrey Stoykov

WBCE version 1.6.1 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss

SHA-256 | c17b616715baffae3d84e0d4550487c0ddcd5bf0f23819f9fafe7404baa9ed74

Download | Favorite | View

XAMPP 8.2.4 Unquoted Service Path

Posted Jul 12, 2023

Authored by Andrey Stoykov

XAMPP version 8.2.4 suffers from an unquoted service path vulnerability.

tags | exploit

SHA-256 | 013b0dbd256f27abaa69c15d5aeec4553beac733154cfc7e150b3559ea0da2d5

Download | Favorite | View

Faculty Evaluation System 1.0 SQL Injection

Posted Jul 10, 2023

Authored by Andrey Stoykov

Faculty Evaluation System version 1.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection

SHA-256 | 7bc59cd66aeba7e9b21206240985c2d932ac5f46cc03f4460693c631b14c393d

Download | Favorite | View

myBB forums 1.8.26 Cross Site Scripting

Posted Mar 30, 2023

Authored by Andrey Stoykov

myBB forums version 1.8.26 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss

SHA-256 | 49b4fc9b3db0a04ca44a9ec1d64e1ec281a090a818f848111b735b27147db2e9

Download | Favorite | View

Fastly Secret Disclosure

Posted Mar 13, 2023

Authored by Andrey Stoykov

Fastly suffers from the poor practice of sending a temporary password in plaintext.

tags | exploit, info disclosure

SHA-256 | 09181b45538cae9f3688cd0f1f65f20913277a3c96827c11f9df3ad8004ab8bc

Download | Favorite | View

Shopify Cross Site Scripting

Posted Mar 13, 2023

Authored by Andrey Stoykov

Shopify suffers from a cross site scripting vulnerability.

tags | exploit, xss

SHA-256 | dcca389f2f44bc6e6960d4aefe61cbb9c3906a55351986f2a658754795ce9f62

Download | Favorite | View

4images 1.9 Remote Command Execution

Posted Dec 22, 2022

Authored by Andrey Stoykov

4images version 1.9 suffers from a remote command execution vulnerability.

tags | exploit, remote

SHA-256 | d876d4e5b40a274d6db099e265423f9f96e10557a0bc7523e13fbd5618f59557

Download | Favorite | View

Shoplazza 1.1 Cross Site Scripting

Posted Dec 14, 2022

Authored by Andrey Stoykov

Shoplazza version 1.1 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss

SHA-256 | 45b096fd0c06d29314c47d3820cded151b1d0ea4c399a761b64fcc8eebcca9fe

Download | Favorite | View

4images 1.8 SQL Injection

Posted Aug 13, 2021

Authored by Andrey Stoykov

4images version 1.8 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection

SHA-256 | c9c2aa91ec745bbdba6b1c78ba101be04ed9dc59fee041d1a36097cb86d846a9

Download | Favorite | View

Practical PHP Security

Posted Jan 8, 2021

Authored by Andrey Stoykov

Whitepaper called Practical PHP Security.

tags | paper, php

SHA-256 | 197e4ac0326bbfca74f1394ddd7a80a6c26652441548adc45d5fc3339e7c5fd7

Download | Favorite | View

CMS Made Simple 2.2.15 Remote Command Execution

Posted Jan 5, 2021

Authored by Andrey Stoykov

CMS Made Simple version 2.2.15 suffers from an authenticated remote command execution vulnerability.

tags | exploit, remote

SHA-256 | f81ab1c1e2ff5e2fa026def00f13ab6e4b6c7c7b23c69a25b39e1e7b1af8c1c3

Download | Favorite | View

BlogEngine 3.3.8 Cross Site Scripting

Posted Nov 6, 2020

Authored by Andrey Stoykov

BlogEngine version 3.3.8 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss

SHA-256 | aa9030bfadf39927f86c29d447c3d4d846efbfc9fa4bf002e5a8f9a03481201f

Download | Favorite | View

BoltWire 6.03 Local File Inclusion

Posted May 4, 2020

Authored by Andrey Stoykov

BoltWire version 6.03 suffers from a local file inclusion vulnerability.

tags | exploit, local, file inclusion

SHA-256 | 5bccddcdf955aa9e8c8ca3bf0f7f17107851ff49aa2ae6656444a81d38391290

Download | Favorite | View

Cyberoam Authentication Client 2.1.2.7 Buffer Overflow

Posted Mar 2, 2020

Authored by Andrey Stoykov

Cyberoam Authentication Client version 2.1.2.7 suffers from a buffer overflow vulnerability.

tags | exploit, overflow

SHA-256 | 8de7e2da3c8e229cd09e1484f910a5e1e10dde2d8754d786bf6d3a031f64da4f

Download | Favorite | View

ATutor 2.2.4 SQL Injection

Posted Feb 23, 2020

Authored by Andrey Stoykov

ATutor version 2.2.4 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection

SHA-256 | e1926912b31ec559709af89d502a88acfe99b72aab9f35f9d21f289e65d21149

Download | Favorite | View

Streamripper 2.6 Buffer Overflow

Posted Jul 15, 2019

Authored by Andrey Stoykov

Streamripper version 2.6 Song Pattern buffer overflow exploit.

tags | exploit, overflow

SHA-256 | ef83fc76efb2de2e63f756763b24c71a9ec0d5274e3cb615c01c2164e72a8401

Download | Favorite | View