what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 46 RSS Feed

Files

Biesta Billing 4.0 Beta Cross Site Request Forgery / Traversal
Posted Nov 29, 2016
Authored by Taurus Omar

Biesta Billing version 4.0 Beta suffers from cross site request forgery and directory traversal vulnerabilities.

tags | exploit, vulnerability, file inclusion, csrf
SHA-256 | 1dbc8d21c6556545a544de74ed9e813e4cb5d2098b52219b9c607c83be2a4e40

Related Files

MagnusBilling Remote Command Execution
Posted Nov 14, 2023
Authored by h00die-gr3y, Eldstal | Site metasploit.com

This Metasploit module exploits a command injection vulnerability in MagnusBilling application versions 6.x and 7.x that allows remote attackers to run arbitrary commands via an unauthenticated HTTP request. A piece of demonstration code is present in lib/icepay/icepay.php, with a call to an exec(). The parameter to exec() includes the GET parameter democ, which is controlled by the user and not properly sanitised/escaped. After successful exploitation, an unauthenticated user is able to execute arbitrary OS commands. The commands run with the privileges of the web server process, typically www-data or asterisk. At a minimum, this allows an attacker to compromise the billing system and its database.

tags | exploit, remote, web, arbitrary, php
advisories | CVE-2023-30258
SHA-256 | 62af9cc329c88e7f145a1675e178871c1a75c9da5de26c8c623bef2bde4a73c2
iBilling CRM 4.5.0 Add Administrator / Insecure Direct Object Reference
Posted Aug 29, 2023
Authored by indoushka

iBilling CRM version 4.5.0 suffers from add administrator and insecure direct object reference vulnerabilities.

tags | exploit, vulnerability
SHA-256 | 760baebd14cdc30ea709aa4ed257510e4dc9b7a598037e6d629a4edd54e2b4aa
BoxBilling 4.22.1.5 Remote Code Execution
Posted Mar 28, 2023
Authored by zetc0de

BoxBilling versions 4.22.1.55 and below suffer from a remote code execution vulnerability.

tags | exploit, remote, code execution
advisories | CVE-2022-3552
SHA-256 | 6e59fbe468fead5a4191e76bf74361a19de1ba2b8e6b5604dcfb35095342aea9
Billing System Project 1.0 Shell Upload
Posted Jul 6, 2021
Authored by Talha Demirsoy

Billing System Project version 1.0 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
SHA-256 | e94c56a7fafc4a099efd8662b58fe076775c9b56f0490facd6cbadf266936e7c
Billing Management System 2.0 SQL Injection
Posted May 17, 2021
Authored by Mohammad Koochaki

Billing Management System version 2.0 suffers from multiple remote SQL injection vulnerabilities. Original discovery of SQL injection in this version is attributed to Pintu Solanki in February of 2021.

tags | exploit, remote, vulnerability, sql injection
SHA-256 | 25b099897c38e0ddaff2308cfd1337fd34b11049beb099e604bd657696024b66
Billing Management System 2.0 SQL Injection
Posted Feb 17, 2021
Authored by Pintu Solanki

Billing Management System version 2.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

tags | exploit, remote, sql injection
SHA-256 | 71ffd66c09e6b0d4438a03d01a3389ed91c8a27fc42a3d07c73dccbccbe16f11
Advanced Webhost Billing System 3.7.0 Cross Site Request Forgery
Posted Jan 6, 2021
Authored by Rahul Ramakant Singh

Advanced Webhost Billing System version 3.7.0 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
SHA-256 | bc3eb51d27d3ddf82da984c0a0e9b5fcfaa7e62708458fba473d13c34d055205
Water Billing System 1.0 SQL Injection
Posted Nov 16, 2020
Authored by Mehmet Kelepce

Water Billing System version 1.0 suffers from a remote SQL injection vulnerability. This version was already found to be susceptible to SQL injection by Sarang Tumne in November of 2020.

tags | exploit, remote, sql injection
SHA-256 | f0f6069ec9c64c3cfabb29159fe32ae5d1d26753c3377fb06573faee908f7854
Water Billing System 1.0 SQL Injection
Posted Nov 12, 2020
Authored by Sarang Tumne

Water Billing System version 1.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | da4935484a736dd28bb1bd7434dbaa49972e285c27f5ee9f6dcebc0854b673b1
ASTPP 4.0.1 Database Disclosure
Posted Jan 10, 2020
Authored by Fabien Aunay

ASTPP version 4.0.1 VoIP billing suffers from a database backup disclosure vulnerability.

tags | exploit, info disclosure
SHA-256 | a2174d3dba9ae9ae0510d2c1aa2607002f40276b2fd998186e770707831fcc82
Neo Billing 3.5 Cross Site Scripting
Posted Aug 19, 2019
Authored by n1x_

Neo Billing version 3.5 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 962e3dd6f61149f627bcad16099db88da89289a4c5cc7ff5743fc5ef8c25644d
EasyService Billing 1.0 CSRF / XSS / SQL Injection
Posted May 26, 2018
Authored by Divya Jain

EasyService Billing version 1.0 suffers from cross site request forgery, cross site scripting, and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection, csrf
advisories | CVE-2018-11442, CVE-2018-11443, CVE-2018-11444, CVE-2018-11445
SHA-256 | a2a4de4eb18f28d5c18f12db019b54a2f3656bdfb574a24eefe0aa0628fb25e6
EasyService Billing 1.0 SQL Injection / Cross Site Scripting
Posted May 22, 2018
Authored by Ozkan Mustafa Akkus

EasyService Billing version 1.0 suffers from cross site scripting and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
SHA-256 | 5e0c599cdc7c6893419a5b4dbfa859bdc71d855ca1c7b03b2de1125a87f17fdc
A2billing 2.x Backup Disclosure / Code Execution / SQL Injection
Posted Sep 5, 2017
Authored by Ahmed Sultan

A2billing version 2.x suffers from backup disclosure, remote code execution, and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, code execution, sql injection, info disclosure
SHA-256 | 8d2bbaa0926ceb30a7440d40f355fe312c328ef5393093dc1eea4fc8bef1da29
A2billing 2.1.1 SQL Injection
Posted Sep 5, 2017
Authored by Ahmed Sultan

A2billing versions 2.1.1 and below suffer from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | fa58d2fa74434d882588706eabcad575be12498aed58f946dec844055a68ab1a
Trashbilling.com / Trashflow 3.0 XSS / SQL Injection
Posted May 12, 2017
Authored by g00se

Trashbilling.com suffered from account enumeration, cross site scripting, denial of service, and remote SQL injection vulnerabilities. Trashflow 3.0 suffers from denial of service and hard-coded credential vulnerabilities.

tags | exploit, remote, denial of service, vulnerability, xss, sql injection
SHA-256 | 470b4eb23083c6d35beb60491c350e8d089794af3047da9432eb27938a471df2
Complete Client Management And Billing 1.0.1 SQL Injection
Posted Feb 9, 2017
Authored by Ihsan Sencan

Complete Client Management and Billing script version 1.0.1 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 81828d960033854d8be40ae6aaf8b6e90387b6315ab6ce7832ebf979e63a6073
BoxBilling 4.20 Cross Site Scripting
Posted Oct 4, 2016
Authored by indoushka

BoxBilling version 4.20 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 4de3724305dd0eaa1fd24b71397703b9e82643aa5955217ddc7ddbde85f6588d
CodeCanyon iBilling 2.4 Cross Site Scripting
Posted Sep 19, 2016
Authored by indoushka

CodeCanyon iBilling version 2.4 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | d41d9e15c4377e6843aa40aa225587fee960487ca541dcbc3aa1522e730879d7
iBilling 3.7.0 Cross Site Scripting
Posted Jun 27, 2016
Authored by Bikramaditya Guha | Site zeroscience.mk

iBilling version 3.7.0 suffers from multiple stored and reflective cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | 90c8a074050732437227d5b545e662c2703b13765c44c9ecfda872f7e4a5d9d0
HotExBilling Manager 73 Cross Site Scripting
Posted Apr 6, 2015
Authored by Bhadresh Patel

HotExBilling Manager version 73 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2015-2781
SHA-256 | f89a76503b13c1babdd6ef06c3833e86ce72585726e830aa66ce9afa10898690
BoxBilling 3.6.11 Cross Site Scripting
Posted Dec 7, 2013
Authored by LiquidWorm | Site zeroscience.mk

BoxBilling suffers from a stored cross site scripting vulnerability. Input passed to the 'message' POST parameter thru the 'Notification Center' extension/module is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Version 3.6.11 is affected.

tags | exploit, arbitrary, xss
SHA-256 | 79655606b0994b8eb520f94b90ad44a33cf34d99fec9a3b40c90c49f32d15daf
Google Play Billing Bypass
Posted Oct 29, 2013
Authored by Dominik Schurmann

All Google Play Billing Library 3 versions before Oct, 8 distributed via Android SDK and marketbilling on Googlecode are susceptible to impersonation and signature verification vulnerabilities.

tags | advisory, vulnerability, bypass
SHA-256 | f68f31523fe048d0a532378407c09820e34245d3b9aac37fc00b428562210019
Paypal Persistent Cross Site Scripting
Posted Jun 9, 2013
Authored by Benjamin Kunz Mejri, Vulnerability Laboratory | Site vulnerability-lab.com

Paypal suffers from a persistent cross site scripting vulnerability in the billing area.

tags | exploit, xss
SHA-256 | 5538c742c9422e011dd25d70e2fa186803a4e5cb078106934cbd7ca927cf4305
FreeSWITCH vBilling SQL Injection
Posted Apr 22, 2013
Authored by Michal Blaszczak

vBilling for FreeSWITCH suffers from multiple remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
SHA-256 | 994b7109cb3e6f3b6c77edff6f1e8d54a0117e5090c812694dab17f3c64c0b94
Page 1 of 2
Back12Next

File Archive:

July 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    27 Files
  • 2
    Jul 2nd
    10 Files
  • 3
    Jul 3rd
    35 Files
  • 4
    Jul 4th
    27 Files
  • 5
    Jul 5th
    18 Files
  • 6
    Jul 6th
    0 Files
  • 7
    Jul 7th
    0 Files
  • 8
    Jul 8th
    28 Files
  • 9
    Jul 9th
    44 Files
  • 10
    Jul 10th
    24 Files
  • 11
    Jul 11th
    25 Files
  • 12
    Jul 12th
    11 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    28 Files
  • 16
    Jul 16th
    6 Files
  • 17
    Jul 17th
    34 Files
  • 18
    Jul 18th
    6 Files
  • 19
    Jul 19th
    34 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    19 Files
  • 23
    Jul 23rd
    17 Files
  • 24
    Jul 24th
    47 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close