what you don't know can hurt you
Showing 1 - 25 of 26 RSS Feed

Files from SunCSR

First Active2020-03-24
Last Active2021-01-21
Simple JobBoard Authenticated File Read
Posted Jan 21, 2021
Authored by SunCSR, Hoa Nguyen, Arcangelo Saracino | Site metasploit.com

This Metasploit module exploits an authenticated directory traversal vulnerability in WordPress plugin Simple JobBoard versions prior to 2.9.3 to perform an arbitrary file read with the web server privileges.

tags | exploit, web, arbitrary
advisories | CVE-2020-35749
MD5 | f67aec0e1808a4048efded2042ded5a9
Laravel 8.4.2 Remote Code Execution
Posted Jan 14, 2021
Authored by SunCSR

Laravel version 8.4.2 suffers from a debug mode remote code execution vulnerability.

tags | exploit, remote, code execution
MD5 | 777a54e04861b26de13d508208e0dd5b
Apache Flink 1.11.0 Arbitrary File Read / Directory Traversal
Posted Jan 8, 2021
Authored by SunCSR, Hoa Nguyen, 0rich1 | Site metasploit.com

This Metasploit module exploits an unauthenticated directory traversal vulnerability in Apache Flink version 1.11.0.

tags | exploit
advisories | CVE-2020-17519
MD5 | a8332e42d64ab8da484106f4450b83c2
Responsive FileManager 9.13.4 Path Traversal
Posted Jan 5, 2021
Authored by SunCSR

Responsive FileManager version 9.13.4 path traversal exploit. Original discovery of this finding is attributed to farisv in December of 2018.

tags | exploit, file inclusion
MD5 | 576b9b1598c826767542e7d40705bbc2
CSZ CMS 1.2.9 Cross Site Scripting
Posted Jan 5, 2021
Authored by SunCSR

CSZ CMS version 1.2.9 suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | 1ed4df9d15c3b3ca05832e0d79200b0a
Object Prototype Pollution Attack
Posted Dec 23, 2020
Authored by SunCSR

Whitepaper called Object Prototype Pollution Attack.

tags | paper
MD5 | 47102dc9d96a280fceb29bd1300d2a6a
WordPress W3 Total Cache 0.9.3 File Read / Directory Traversal
Posted Dec 22, 2020
Authored by SunCSR, Hoa Nguyen, VinhJAXT | Site metasploit.com

This Metasploit module exploits an unauthenticated directory traversal vulnerability in WordPress plugin W3 Total Cache version 0.9.2.6 through 0.9.3, allowing arbitrary file read with the web server privileges.

tags | exploit, web, arbitrary
advisories | CVE-2019-6715
MD5 | 7ead4511c9260d6098e2191ece098f61
Exploit WordPress Plugin Vulnerability Using Static Source Code Analysis Techniques
Posted Dec 18, 2020
Authored by SunCSR

Whitepaper called Exploit WordPress Plugin Vulnerability Using Static Source Code Analysis Techniques.

tags | paper
MD5 | 5547d9c5988fdab38bfb79b10e2532b8
Mobile App Security
Posted Dec 9, 2020
Authored by SunCSR, Nghia Van Le

This is a brief whitepaper discussing best practices in mobile application security.

tags | paper
MD5 | 077ad6207fbdc6a00700a76feb4cde0c
API Security Overview
Posted Dec 8, 2020
Authored by SunCSR

Whitepaper called API Security Overview that discusses different types of flaws and exploitation of API insecurities.

tags | paper
MD5 | 569e9618b5cbeac20e8fe78ab24f61fe
WonderCMS 3.1.3 Cross Site Scripting
Posted Nov 27, 2020
Authored by SunCSR

WonderCMS version 3.1.3 suffers from a persistent cross site scripting vulnerability. Original finding for persistent cross site scripting in this version of WonderCMS is attributed to Hemant Patidar.

tags | exploit, xss
MD5 | 0a86a07638c2bc4b20e96c08d1fd7f89
WordPress Accesspress Social Icons Theme 1.7.9 SQL Injection
Posted Nov 27, 2020
Authored by SunCSR

WordPress Accesspress Social Icons theme version 1.7.9 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | d3cb5885976c55c92fedea658fd20a13
Apache OpenMeetings 5.0.0 Denial Of Service
Posted Nov 24, 2020
Authored by SunCSR

Apache OpenMeetings version 5.0.0 suffers from a denial of service vulnerability.

tags | exploit, denial of service
advisories | CVE-2020-13951
MD5 | 59eb8c12340cd20675e0710a793e9bcb
BigTree CMS 4.4.10 Remote Code Execution
Posted Sep 25, 2020
Authored by SunCSR

BigTree CMS version 4.4.10 suffers from a remote code execution vulnerability.

tags | exploit, remote, code execution
MD5 | 353327fef903019f8b589b0223caf8ba
Symphony CMS 3.0.0 Cross Site Scripting
Posted Aug 28, 2020
Authored by SunCSR

Symphony CMS version 3.0.0 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
MD5 | 057fa5a8fd0169b62ab2a607007249aa
WordPress Autoptimize 2.7.6 Shell Upload
Posted Aug 28, 2020
Authored by SunCSR

WordPress Autoptimize plugin version 2.7.6 suffers from an authenticated remote shell upload vulnerability.

tags | exploit, remote, shell
MD5 | 07265bbb9062f5d7ecf6fa2ea1b61683
Exploit Command Injection Router Via Reverse Firmware Technique
Posted Jun 25, 2020
Authored by SunCSR

Whitepaper called Exploit Command Injection Router via reverse firmware technique.

tags | paper
MD5 | d656257a28af7647491580460f2f0396
Detect SQL Injection WordPress Plugin Using RegEx
Posted Jun 16, 2020
Authored by SunCSR

Whitepaper called Detect SQL Injection WordPress Plugin using RegEx.

tags | paper, sql injection
MD5 | 2f1d697338aa6cf05465453dbe6e9a2a
WordPress Form Maker 5.4.1 SQL Injection
Posted May 23, 2020
Authored by SunCSR

WordPress Form Maker plugin versions 5.4.1 and below suffer from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | c2037ea8b7b6a7adb05a327e9db1593d
PHP-Fusion 9.03.50 SQL Injection
Posted May 19, 2020
Authored by SunCSR

PHP-Fusion version 9.03.50 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, php, sql injection
MD5 | 0a1a9de287822195e0373a79ec7c6409
E-Commerce System 1.0 Remote Code Execution
Posted May 14, 2020
Authored by SunCSR

E-Commerce System version 1.0 suffers from a remote code execution vulnerability.

tags | exploit, remote, code execution
MD5 | 4ab9f87ae2b591ad7409c2f5ebf2477c
WordPress ChopSlider3 3.4 SQL Injection
Posted May 12, 2020
Authored by SunCSR

WordPress ChopSlider3 plugin version 3.4 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2020-11530
MD5 | 6955d4cbf37044560edc06209617d1ab
Orchard Core RC1 Cross Site Scripting
Posted May 12, 2020
Authored by SunCSR

Orchard Core version RC1 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
MD5 | cdded030e80995cdb86d3d60eef1e4f7
PHP-Fusion 9.03.50 Cross Site Scripting
Posted Apr 30, 2020
Authored by SunCSR

PHP-Fusion version 9.03.50 suffers from a persistent cross site scripting vulnerability.

tags | exploit, php, xss
MD5 | 939a3889a23fef8e94256b55ad25eb83
LeptonCMS 4.5.0 Cross Site Scripting
Posted Mar 25, 2020
Authored by SunCSR

LeptonCMS version 4.5.0 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
MD5 | 63e48f62f520be8f9282125543a59a16
Page 1 of 2
Back12Next

File Archive:

January 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jan 1st
    4 Files
  • 2
    Jan 2nd
    3 Files
  • 3
    Jan 3rd
    3 Files
  • 4
    Jan 4th
    33 Files
  • 5
    Jan 5th
    31 Files
  • 6
    Jan 6th
    21 Files
  • 7
    Jan 7th
    15 Files
  • 8
    Jan 8th
    19 Files
  • 9
    Jan 9th
    1 Files
  • 10
    Jan 10th
    1 Files
  • 11
    Jan 11th
    33 Files
  • 12
    Jan 12th
    19 Files
  • 13
    Jan 13th
    27 Files
  • 14
    Jan 14th
    8 Files
  • 15
    Jan 15th
    16 Files
  • 16
    Jan 16th
    1 Files
  • 17
    Jan 17th
    2 Files
  • 18
    Jan 18th
    20 Files
  • 19
    Jan 19th
    32 Files
  • 20
    Jan 20th
    15 Files
  • 21
    Jan 21st
    10 Files
  • 22
    Jan 22nd
    16 Files
  • 23
    Jan 23rd
    0 Files
  • 24
    Jan 24th
    0 Files
  • 25
    Jan 25th
    0 Files
  • 26
    Jan 26th
    0 Files
  • 27
    Jan 27th
    0 Files
  • 28
    Jan 28th
    0 Files
  • 29
    Jan 29th
    0 Files
  • 30
    Jan 30th
    0 Files
  • 31
    Jan 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close