what you don't know can hurt you
Showing 1 - 25 of 4,925 RSS Feed

PHP Files

Baldr Botnet Panel Shell Upload
Posted Jul 29, 2020
Authored by Ege Balci | Site metasploit.com

This Metasploit module exploits a arbitrary file upload vulnerability within the Baldr stealer malware control panel. Attackers can turn this vulnerability into remote code execution by adding malicious PHP code inside the victim logs ZIP file and registering a new bot to the panel by uploading the ZIP file under the logs directory. On versions 3.0 and 3.1 victim logs are ciphered by a random 4 byte XOR key. This exploit module retrieves the IP specific XOR key from panel gate and registers a new victim to the panel with adding the selected payload inside the victim logs.

tags | exploit, remote, arbitrary, php, code execution, file upload
MD5 | 3aee05fb3bfa3e3eb0452ce7bbf7bdfb
Pandora FMS 7.0 NG 7XX Remote Command Execution
Posted Jul 11, 2020
Authored by Fernando Catoira, Erik Wynter, Julio Sanchez | Site metasploit.com

This Metasploit module exploits a vulnerability (CVE-2020-13851) in Pandora FMS versions 7.0 NG 742, 7.0 NG 743, and 7.0 NG 744 (and perhaps older versions) in order to execute arbitrary commands. This module takes advantage of a command injection vulnerability in th e Events feature of Pandora FMS. This flaw allows users to execute arbitrary commands via the target parameter in HTTP POST requests to the Events function. After authenticating to the target, the module attempts to exploit this flaw by issuing such an HTTP POST request, with the target parameter set to contain the payload. If a shell is obtained, the module will try to obtain the local MySQL database password via a simple grep command on the plaintext /var/www/html/pandora_console/include/config.php file. Valid credentials for a Pandora FMS account are required. The account does not need to have admin privileges. This module has been successfully tested on Pandora 7.0 NG 744 running on CentOS 7 (the official virtual appliance ISO for this version).

tags | exploit, web, arbitrary, shell, local, php
systems | linux, centos
advisories | CVE-2020-13851
MD5 | f5291266eaebb8b290e3a0b7e6659455
Impress CMS 1.4.0 Code Execution / SQL Injection
Posted Jul 10, 2020
Authored by AppleBois

Impress CMS version 1.4.0 has an issue where an authenticated user can make use of the AutoTask feature to execute php code, allowing for remote SQL injection and remote code execution.

tags | exploit, remote, php, code execution, sql injection
MD5 | b5f8c806b5bde139ab34a7e35d46ad18
PHP 7.4 FFI disable_functions Bypass
Posted Jul 9, 2020
Authored by Hunter Gregal

PHP version 7.4 FFI disable_functions bypass proof of concept exploit.

tags | exploit, php, proof of concept, bypass
MD5 | 837034ab8198c13f97935215b65ad576
Red Hat Security Advisory 2020-2835-01
Posted Jul 7, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-2835-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Issues addressed include an underflow vulnerability.

tags | advisory, web, php
systems | linux, redhat
advisories | CVE-2019-11043
MD5 | 7d3efa23b778cb571c090b3a2406b404
openSIS 7.4 Unauthenticated PHP Code Execution
Posted Jul 6, 2020
Authored by EgiX | Site metasploit.com

This Metasploit module exploits multiple vulnerabilities in openSIS 7.4 and prior versions which could be abused by unauthenticated attackers to execute arbitrary PHP code with the permissions of the webserver. The exploit chain abuses an incorrect access control issue which allows access to scripts which should require the user to be authenticated, and a local file inclusion to reach a SQL injection vulnerability which results in execution of arbitrary PHP code due to an unsafe use of the eval() function.

tags | exploit, arbitrary, local, php, vulnerability, sql injection, file inclusion
advisories | CVE-2020-13381, CVE-2020-13382, CVE-2020-13383
MD5 | 07a638401a07dae3fe0cc15b5a196965
Nagios XI 5.6.12 Remote Code Execution
Posted Jul 6, 2020
Authored by Basim Alabdullah

Nagios XI version 5.6.12 remote code execution exploit that leverages export-rrd.php.

tags | exploit, remote, php, code execution
MD5 | 31691ce3c81c37946e036a7240a1b83f
e-learning PHP Script 0.1.0 SQL Injection
Posted Jul 1, 2020
Authored by KeopssGroup0day Inc

e-learning PHP Script version 0.1.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, php, sql injection
MD5 | d3535b2b5828fb6373c1ce7b70ade504
PHP-Fusion 9.03.60 PHP Object Injection
Posted Jul 1, 2020
Authored by coiffeur

PHP-Fusion version 9.03.60 suffers from a PHP object injection vulnerability.

tags | exploit, php
MD5 | 17b561a217b4cfbeba912004f8ef1c98
Agent Tesla Panel Remote Code Execution
Posted Jun 18, 2020
Authored by Ege Balci, mekhalleh, gwillcox-r7 | Site metasploit.com

This Metasploit module exploits a command injection vulnerability within the Agent Tesla control panel, in combination with an SQL injection vulnerability and a PHP object injection vulnerability, to gain remote code execution on affected hosts. Panel versions released prior to September 12, 2018 can be exploited by unauthenticated attackers to gain remote code execution as user running the web server. Agent Tesla panels released on or after this date can still be exploited however, provided that attackers have valid credentials for the Agent Tesla control panel. Note that this module presently only fully supports Windows hosts running Agent Tesla on the WAMP stack. Support for Linux may be added in a future update, but could not be confirmed during testing.

tags | exploit, remote, web, php, code execution, sql injection
systems | linux, windows
MD5 | d4d981962d4baab56ec1e03af0dd4132
College-Management-System-Php 1.0 SQL Injection
Posted Jun 18, 2020
Authored by BLAY ABU SAFIAN

College-Management-System-Php version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

tags | exploit, remote, php, sql injection
MD5 | fedd77cb039b3c893f4bfd8b2086e2ca
PHP-Fusion 9.03.60 PHP Object Injection / SQL Injection
Posted Jun 15, 2020
Authored by coiffeur

PHP-Fusion version 9.03.60 PHP object injection to SQL injection pre-authentication exploit.

tags | exploit, php, sql injection
MD5 | cb7df3cd8016da3a40d81715186ff656
LinuxKI Toolset 6.01 Remote Command Execution
Posted Jun 10, 2020
Authored by numan turle, Cody Winkler | Site metasploit.com

This Metasploit module exploits a vulnerability in LinuxKI Toolset versions 6.01 and below which allows remote code execution. The kivis.php pid parameter received from the user is sent to the shell_exec function, resulting in the security vulnerability.

tags | exploit, remote, php, code execution
advisories | CVE-2020-7209
MD5 | cd78cc0c010d3ea09c0e4662335d84a3
WordPress Drag And Drop Multi File Uploader Remote Code Execution
Posted Jun 4, 2020
Authored by h00die, Austin Martin | Site metasploit.com

This Metasploit module exploits a file upload feature of Drag and Drop Multi File Upload - Contact Form 7 for versions prior to 1.3.4. The allowed file extension list can be bypassed by appending a %, allowing for php shells to be uploaded. No authentication is required for exploitation.

tags | exploit, shell, php, file upload
advisories | CVE-2020-12800
MD5 | 8741d1320b67d5240a0da5c63f0f5065
NeonLMS Learning Management System PHP Laravel Script 4.6 XSS
Posted Jun 4, 2020
Authored by th3d1gger

NeonLMS Learning Management System PHP Laravel Script version 4.6 suffers from a persistent cross site scripting vulnerability.

tags | exploit, php, xss
MD5 | 2e508022471e1a49271d4745b0b3e811
NeonLMS Learning Management System PHP Laravel Script 4.6 File Download
Posted Jun 4, 2020
Authored by th3d1gger

NeonLMS Learning Management System PHP Laravel Script version 4.6 suffers from an arbitrary file download vulnerability.

tags | exploit, arbitrary, php, info disclosure
MD5 | e762859b96e7391cb7c4d0f1d5bc1371
Sabberworm PHP CSS Code Injection
Posted Jun 3, 2020
Authored by Eldar Marcussen

Sabberworm PHP CSS parser suffers from a code injection vulnerability. Many versions are affected.

tags | exploit, php
advisories | CVE-2020-13756
MD5 | 3a39459dcc05923af09d4a4ccd02d788
Ubuntu Security Notice USN-4375-1
Posted May 27, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4375-1 - It was discovered that PHP incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service.

tags | advisory, denial of service, php
systems | linux, ubuntu
advisories | CVE-2019-11048
MD5 | ac90635f0db37791117aaebd12e9e72c
Kuicms PHP EE 2.0 Cross Site Scripting
Posted May 27, 2020
Authored by CBIITMC

Kuicms PHP EE version 2.0 suffers from a persistent cross site scripting vulnerability.

tags | exploit, php, xss
MD5 | 1ce0e2a58f4c205e0f768a130497d76c
PHP-Fusion 9.03.50 Cross Site Scripting
Posted May 20, 2020
Authored by coiffeur

PHP-Fusion version 9.03.50 has been found susceptible to additional methods of persistent cross site scripting. Initial findings in this version were discovered by SunCSR.

tags | exploit, php, xss
MD5 | 1ddd5d7ad012d226ccc8051352c24f77
PHP-Fusion 9.03.50 SQL Injection
Posted May 19, 2020
Authored by SunCSR

PHP-Fusion version 9.03.50 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, php, sql injection
MD5 | 0a1a9de287822195e0373a79ec7c6409
Pi-Hole heisenbergCompensator Blocklist OS Command Execution
Posted May 18, 2020
Authored by h00die, Nick Frichette | Site metasploit.com

This Metasploit module exploits a command execution in Pi-Hole versions 4.4 and below. A new blocklist is added, and then an update is forced (gravity) to pull in the blocklist content. PHP content is then written to a file within the webroot. Phase 1 writes a sudo pihole command to launch teleporter, effectively running a privilege escalation. Phase 2 writes our payload to teleporter.php, overwriting the content. Lastly, the phase 1 PHP file is called in the web root, which launches our payload in teleporter.php with root privileges.

tags | exploit, web, root, php
advisories | CVE-2020-11108
MD5 | 45a7854959d2d37b594d4f7a3b3c052e
Netsweeper WebAdmin unixlogin.php Python Code Injection
Posted May 12, 2020
Authored by wvu | Site metasploit.com

This Metasploit module exploits a Python code injection in the Netsweeper WebAdmin component's unixlogin.php script, for versions 6.4.4 and prior, to execute code as the root user. Authentication is bypassed by sending a random whitelisted Referer header in each request. Tested on the CentOS Linux-based Netsweeper 6.4.3 and 6.4.4 ISOs. Though the advisory lists 6.4.3 and prior as vulnerable, 6.4.4 has been confirmed exploitable.

tags | exploit, root, php, python
systems | linux, centos
MD5 | f3a7e388a69ddecf6195fe24bcc68477
Ubuntu Security Notice USN-4330-2
Posted May 6, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4330-2 - USN-4330-1 fixed vulnerabilities in PHP. This update provides the corresponding update for Ubuntu 20.04 LTS. It was discovered that PHP incorrectly handled certain EXIF files. An attacker could possibly use this issue to access sensitive information or cause a crash. Various other issues were also addressed.

tags | advisory, php, vulnerability
systems | linux, ubuntu
advisories | CVE-2020-7064, CVE-2020-7065, CVE-2020-7066
MD5 | fa624b67647513f5623dee65a7767548
TrixBox CE 2.8.0.4 Command Execution
Posted May 5, 2020
Authored by Anastasios Stasinopoulos, Obrela Labs Team | Site metasploit.com

This Metasploit module exploits an authenticated OS command injection vulnerability found in Trixbox CE versions 1.2.0 through 2.8.0.4 inclusive in the network POST parameter of the /maint/modules/endpointcfg/endpoint_devicemap.php page. Successful exploitation allows for arbitrary command execution on the underlying operating system as the asterisk user. Users can easily elevate their privileges to the root user however by executing sudo nmap --interactive followed by !sh from within nmap.

tags | exploit, arbitrary, root, php
advisories | CVE-2020-7351
MD5 | fd5084cbbf34c562fd7812f4604bd3eb
Page 1 of 197
Back12345Next

File Archive:

August 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    3 Files
  • 2
    Aug 2nd
    2 Files
  • 3
    Aug 3rd
    32 Files
  • 4
    Aug 4th
    22 Files
  • 5
    Aug 5th
    15 Files
  • 6
    Aug 6th
    19 Files
  • 7
    Aug 7th
    6 Files
  • 8
    Aug 8th
    1 Files
  • 9
    Aug 9th
    2 Files
  • 10
    Aug 10th
    27 Files
  • 11
    Aug 11th
    0 Files
  • 12
    Aug 12th
    0 Files
  • 13
    Aug 13th
    0 Files
  • 14
    Aug 14th
    0 Files
  • 15
    Aug 15th
    0 Files
  • 16
    Aug 16th
    0 Files
  • 17
    Aug 17th
    0 Files
  • 18
    Aug 18th
    0 Files
  • 19
    Aug 19th
    0 Files
  • 20
    Aug 20th
    0 Files
  • 21
    Aug 21st
    0 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close