exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 33 RSS Feed

Files from SunCSR

First Active2020-03-24
Last Active2021-05-05
Hacking HTTP CORS
Posted May 5, 2021
Authored by SunCSR, Minh Tuan

Whitepaper called Hacking HTTP CORS.

tags | paper, web
SHA-256 | b61e090c2844b313bc5bcf80a898258cecf16f0d35e5763fa01cfa2c26e996cb
HTTP Host Header Attacks
Posted Apr 22, 2021
Authored by SunCSR

This is a brief whitepaper that discuss HTTP Host header attacks.

tags | paper, web
SHA-256 | a6fa96ce1a609cfb613a8375b0180918f63f56cc17ee3a3c76e0de0ea38c3e92
GraphQL Attack
Posted Mar 30, 2021
Authored by SunCSR

This is a whitepaper that discusses attacking GraphQL.

tags | paper
SHA-256 | aa2a135e3c79bce67c8da5438837eb4be4d82d6384d4352b498bfce711c37beb
LiteSpeed Web Server Enterprise 5.4.11 Command Injection
Posted Feb 5, 2021
Authored by SunCSR, cmOs

LiteSpeed Web Server Enterprise version 5.4.11 suffers from an authenticated remote command injection vulnerability.

tags | exploit, remote, web
SHA-256 | 3ba47cb0d0b0247ab02f85b865390f467999b58710524e0b2140b93cf1e7dd71
Malware Hunting 101
Posted Feb 1, 2021
Authored by SunCSR

Whitepaper called Malware Hunting 101. Written in Vietnamese.

tags | paper
SHA-256 | 4c7c6fc0b06cba7e2b4fb8988f1c690f57a0745feb25e07266255d76ec474755
Openlitespeed Web Server 1.7.8 Command Injection
Posted Jan 27, 2021
Authored by SunCSR, cmOs

Openlitespeed Web Server version 1.7.8 suffers from an authenticated command injection vulnerability.

tags | exploit, web
SHA-256 | 6245ded7393648d6817b10e62fc6f6b93770c5c229af1eac1d2e7523eb97a85a
Android Application Vulnerabilities
Posted Jan 26, 2021
Authored by SunCSR

Whitepaper called Android Application Vulnerabilities. Written in Vietnamese.

tags | paper, vulnerability
SHA-256 | 25a9be443e83e5ebb65adc0990933e8bc358ae4df7692ffa351cac1c3505acde
Simple JobBoard Authenticated File Read
Posted Jan 21, 2021
Authored by SunCSR, Hoa Nguyen, Arcangelo Saracino | Site metasploit.com

This Metasploit module exploits an authenticated directory traversal vulnerability in WordPress plugin Simple JobBoard versions prior to 2.9.3 to perform an arbitrary file read with the web server privileges.

tags | exploit, web, arbitrary
advisories | CVE-2020-35749
SHA-256 | 6496c8aa6342663e882ec2f4a0d63167dcd9c32f65f07c081d82e365efcf4f8d
Laravel 8.4.2 Remote Code Execution
Posted Jan 14, 2021
Authored by SunCSR

Laravel version 8.4.2 suffers from a debug mode remote code execution vulnerability.

tags | exploit, remote, code execution
SHA-256 | e34cd9189ebccce75149b7a897ad6f0f8f21c47b20e534aec63a70a6024d57f6
Apache Flink 1.11.0 Arbitrary File Read / Directory Traversal
Posted Jan 8, 2021
Authored by SunCSR, Hoa Nguyen, 0rich1 | Site metasploit.com

This Metasploit module exploits an unauthenticated directory traversal vulnerability in Apache Flink version 1.11.0.

tags | exploit
advisories | CVE-2020-17519
SHA-256 | 79df4302ec4ea436f7e67026dddc838b8aa4610460bb6f8baa402ecd0a91ba4d
Responsive FileManager 9.13.4 Path Traversal
Posted Jan 5, 2021
Authored by SunCSR

Responsive FileManager version 9.13.4 path traversal exploit. Original discovery of this finding is attributed to farisv in December of 2018.

tags | exploit, file inclusion
SHA-256 | e60dde7a6fb3e57f25bc60645a9e6b12692e86e856f5127f0306b5a233418882
CSZ CMS 1.2.9 Cross Site Scripting
Posted Jan 5, 2021
Authored by SunCSR

CSZ CMS version 1.2.9 suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | 79f1df60bfb3aadd09240d3b2f1db88b5dd5c450c8c2e5cd822fcbfb3e1d4cbb
Object Prototype Pollution Attack
Posted Dec 23, 2020
Authored by SunCSR

Whitepaper called Object Prototype Pollution Attack.

tags | paper
SHA-256 | 0cf71dcc65c57e4d0d55c1d72779900dfcd3e0f7bb0d277277738f83613d8f75
WordPress W3 Total Cache 0.9.3 File Read / Directory Traversal
Posted Dec 22, 2020
Authored by SunCSR, Hoa Nguyen, VinhJAXT | Site metasploit.com

This Metasploit module exploits an unauthenticated directory traversal vulnerability in WordPress plugin W3 Total Cache version 0.9.2.6 through 0.9.3, allowing arbitrary file read with the web server privileges.

tags | exploit, web, arbitrary
advisories | CVE-2019-6715
SHA-256 | b1fd7066d25604160753e81eec4934df777ae2201da72af60ddf06186600cd4d
Exploit WordPress Plugin Vulnerability Using Static Source Code Analysis Techniques
Posted Dec 18, 2020
Authored by SunCSR

Whitepaper called Exploit WordPress Plugin Vulnerability Using Static Source Code Analysis Techniques.

tags | paper
SHA-256 | c79b819f3916ff0be16a8f92b4bb6d4ac20350c987de62c68c23246986271990
Mobile App Security
Posted Dec 9, 2020
Authored by SunCSR, Nghia Van Le

This is a brief whitepaper discussing best practices in mobile application security.

tags | paper
SHA-256 | b1918abbd608009a0920e4a9bc031809a5b57b44c3c36e87343ee875c3173748
API Security Overview
Posted Dec 8, 2020
Authored by SunCSR

Whitepaper called API Security Overview that discusses different types of flaws and exploitation of API insecurities.

tags | paper
SHA-256 | 19487e6fb12e5fd2ce1d15d579fca1015fa6eb99c113ccce6a7fd2ae4947256b
WonderCMS 3.1.3 Cross Site Scripting
Posted Nov 27, 2020
Authored by SunCSR

WonderCMS version 3.1.3 suffers from a persistent cross site scripting vulnerability. Original finding for persistent cross site scripting in this version of WonderCMS is attributed to Hemant Patidar.

tags | exploit, xss
SHA-256 | 5c77636e1392acaaefaad99cda395188e1f61fbc280e529b78e09a0273f56e6c
WordPress Accesspress Social Icons Theme 1.7.9 SQL Injection
Posted Nov 27, 2020
Authored by SunCSR

WordPress Accesspress Social Icons theme version 1.7.9 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | df164b02a712cca62c1fad6d88d073af2a72295ef861341c2f8f29ebd0a7522f
Apache OpenMeetings 5.0.0 Denial Of Service
Posted Nov 24, 2020
Authored by SunCSR

Apache OpenMeetings version 5.0.0 suffers from a denial of service vulnerability.

tags | exploit, denial of service
advisories | CVE-2020-13951
SHA-256 | 7539b0d8fbb557e732f484501716397e2294abadc113cf2d94a89501dcf3e5de
BigTree CMS 4.4.10 Remote Code Execution
Posted Sep 25, 2020
Authored by SunCSR

BigTree CMS version 4.4.10 suffers from a remote code execution vulnerability.

tags | exploit, remote, code execution
SHA-256 | 92f4a303fee246d434165dc019b78a49fcc67be677212629c4facc2f010f054c
Symphony CMS 3.0.0 Cross Site Scripting
Posted Aug 28, 2020
Authored by SunCSR

Symphony CMS version 3.0.0 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 2e44366f893d3e12294a36d49eeaca34428e4d82f50595d15725bbc37035ee42
WordPress Autoptimize 2.7.6 Shell Upload
Posted Aug 28, 2020
Authored by SunCSR

WordPress Autoptimize plugin version 2.7.6 suffers from an authenticated remote shell upload vulnerability.

tags | exploit, remote, shell
SHA-256 | 22351f0d0d7c3f44bb5f337f9236dda428c979d350043aa67d965801fc39d337
Exploit Command Injection Router Via Reverse Firmware Technique
Posted Jun 25, 2020
Authored by SunCSR

Whitepaper called Exploit Command Injection Router via reverse firmware technique.

tags | paper
SHA-256 | 52e2f44996fd104e80355da0a4c50a392a577914c8465b2dd09f44548afeaad0
Detect SQL Injection WordPress Plugin Using RegEx
Posted Jun 16, 2020
Authored by SunCSR

Whitepaper called Detect SQL Injection WordPress Plugin using RegEx.

tags | paper, sql injection
SHA-256 | 085b2a3d5011566b3a2e006830d12feacf5415f9dcda5ab618f5ff59125c9106
Page 1 of 2
Back12Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close