what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 5,162 RSS Feed

PHP Files

MagnusBilling Remote Command Execution
Posted Nov 14, 2023
Authored by h00die-gr3y, Eldstal | Site metasploit.com

This Metasploit module exploits a command injection vulnerability in MagnusBilling application versions 6.x and 7.x that allows remote attackers to run arbitrary commands via an unauthenticated HTTP request. A piece of demonstration code is present in lib/icepay/icepay.php, with a call to an exec(). The parameter to exec() includes the GET parameter democ, which is controlled by the user and not properly sanitised/escaped. After successful exploitation, an unauthenticated user is able to execute arbitrary OS commands. The commands run with the privileges of the web server process, typically www-data or asterisk. At a minimum, this allows an attacker to compromise the billing system and its database.

tags | exploit, remote, web, arbitrary, php
advisories | CVE-2023-30258
SHA-256 | 62af9cc329c88e7f145a1675e178871c1a75c9da5de26c8c623bef2bde4a73c2
phpFox 4.8.13 PHP Object Injection
Posted Oct 27, 2023
Authored by EgiX | Site karmainsecurity.com

phpFox versions 4.8.13 and below have an issue where user input passed through the "url" request parameter to the /core/redirect route is not properly sanitized before being used in a call to the unserialize() PHP function. This can be exploited by remote, unauthenticated attackers to inject arbitrary PHP objects into the application scope, allowing them to perform a variety of attacks, such as executing arbitrary PHP code.

tags | exploit, remote, arbitrary, php
advisories | CVE-2023-46817
SHA-256 | ee85170a47f6253886312ffd969da7bc6af218c972178b1c78103cec1ae79a03
SugarCRM 13.0.1 Server-Side Template Injection
Posted Oct 27, 2023
Authored by EgiX | Site karmainsecurity.com

SugarCRM versions 13.0.1 and below suffer from a server-side template injection vulnerability in the GetControl action from the Import module. This issue can be leveraged to execute arbitrary php code.

tags | exploit, arbitrary, php
SHA-256 | 482a650864ca894b028d96d1341d94b0fd22a59191625c172302fe115ad4deb5
Ubuntu Security Notice USN-6199-2
Posted Oct 24, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6199-2 - USN-6199-1 fixed a vulnerability in PHP. This update provides the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. It was discovered that PHP incorrectly handled certain Digest authentication for SOAP. An attacker could possibly use this issue to expose sensitive information.

tags | advisory, php
systems | linux, ubuntu
advisories | CVE-2023-3247
SHA-256 | e46b12e2ae2685b34c9735991a469a71e79fcd955c1df600d8da3956401fe3d8
Red Hat Security Advisory 2023-5927-01
Posted Oct 20, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-5927-01 - An update for the php:8.0 module is now available for Red Hat Enterprise Linux 8. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service, php
systems | linux, redhat
advisories | CVE-2023-0567
SHA-256 | 46c527bdcfb2145b61c0830ad98c9738174c2195ac8e1cd6200c84896fdfff5d
Red Hat Security Advisory 2023-5926-01
Posted Oct 20, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-5926-01 - An update for php is now available for Red Hat Enterprise Linux 9. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service, php
systems | linux, redhat
advisories | CVE-2023-0567
SHA-256 | f7b3d25853c407b0835193e19c69c5d5226d02c94935df3692d13b2fede8c6ec
Juniper SRX Firewall / EX Switch Remote Code Execution
Posted Oct 2, 2023
Authored by Ron Bowes, Jacob Baines, jheysel-r7 | Site metasploit.com

This Metasploit module exploits a PHP environment variable manipulation vulnerability affecting Juniper SRX firewalls and EX switches. The affected Juniper devices running FreeBSD and every FreeBSD process can access their stdin by opening /dev/fd/0. The exploit also makes use of two useful PHP features. The first being auto_prepend_file which causes the provided file to be added using the require function. The second PHP function is allow_url_include which allows the use of URL-aware fopen wrappers. By enabling allow_url_include, the exploit can use any protocol wrapper with auto_prepend_file. The module then uses data:// to provide a file inline which includes the base64 encoded PHP payload. By default this exploit returns a session confined to a FreeBSD jail with limited functionality. There is a datastore option JAIL_BREAK, that when set to true, will steal the necessary tokens from a user authenticated to the J-Web application, in order to overwrite the root password hash. If there is no user authenticated to the J-Web application this method will not work. The module then authenticates with the new root password over SSH and then rewrites the original root password hash to /etc/master.passwd.

tags | exploit, web, root, php, protocol
systems | freebsd, bsd, juniper
advisories | CVE-2023-36845
SHA-256 | 23552b23e1cc0e2022181944f8894c8f7203e6893e7d1127561c3ffd867b9517
WordPress Essential Blocks 4.2.0 / Essential Blocks Pro 1.1.0 PHP Object Injection
Posted Sep 19, 2023
Authored by Marco Wotschka | Site wordfence.com

WordPress Essential Blocks plugin versions 4.2.0 and below and Essential Blocks Pro versions 1.1.0 and below suffer from multiple PHP object injection vulnerabilities.

tags | exploit, php, vulnerability
advisories | CVE-2023-4386, CVE-2023-4402
SHA-256 | 3bc456da9e240b7476040544d3e4f0b5fa6f68d4e3ad65a015be529481ab73ad
PHP Shopping Cart 4.2 SQL Injection
Posted Sep 13, 2023
Authored by nu11secur1ty

PHP Shopping Cart version 4.2 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, php, sql injection
SHA-256 | 606411a83a93b9d6c705936cd642d323cf06f1e728faa5294bef0c1a617f8551
Online Pizza Ordering System 1.0 Shell Upload
Posted Sep 12, 2023
Authored by Sefa Ozan | Site metasploit.com

This Metasploit module exploits a vulnerability found in Online Pizza Ordering System version 1.0. By abusing the admin_class.php file, a malicious user can upload a file to the img/ directory without any authentication, which results in arbitrary code execution. The module has been tested successfully on Ubuntu 22.04.

tags | exploit, arbitrary, php, code execution
systems | linux, ubuntu
SHA-256 | 3002ce5e2a8a96ceb421dddfd1cd12fa3676d726242592bcbe8fb80e7b19715f
SolarView Compact 6.00 Remote Command Execution
Posted Sep 6, 2023
Authored by h00die-gr3y | Site metasploit.com

This Metasploit module exploits a command injection vulnerability on the SolarView Compact version 6.00 web application via the vulnerable endpoint downloader.php. After exploitation, an attacker will have full access with the same user privileges under which the webserver is running (typically as user contec).

tags | exploit, web, php
advisories | CVE-2023-23333
SHA-256 | d0437fdd852a45a2f8dcde9836a0c763b4e6b928a9997b6532fb7346909945a8
PHP JABBERS PHP Review Script 1.0 Cross Site Scripting
Posted Aug 31, 2023
Authored by nu11secur1ty

PHP JABBERS PHP Review Script version 1.0 suffers from a cross site scripting vulnerability.

tags | exploit, php, xss
SHA-256 | b9b98b4a795bf346b16b6fba859f15dc9f9da7740340375a350eddf3a8d1d69f
Islam CMS 1.0 Code Injection
Posted Aug 31, 2023
Authored by indoushka

Islam CMS version 1.0 suffers from a remote PHP code injection vulnerability.

tags | exploit, remote, php
SHA-256 | 39b07aef1fa1c0862a22398b5f20aabeb8f16190e023159d1c613e4cc63eef60
Ubuntu Security Notice USN-6305-1
Posted Aug 24, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6305-1 - It was discovered that PHP incorrectly handled certain XML files. An attacker could possibly use this issue to expose sensitive information. It was discovered that PHP incorrectly handled certain PHAR files. An attacker could possibly use this issue to cause a crash, expose sensitive information or execute arbitrary code.

tags | advisory, arbitrary, php
systems | linux, ubuntu
advisories | CVE-2023-3823, CVE-2023-3824
SHA-256 | 1dc8c3dad3030fd034169b595c1d037465ec0558c0e070e9e64ad1aef797927d
Chamilo 1.11.18 Command Injection
Posted Aug 24, 2023
Authored by RandoriSec, h00die-gr3y | Site metasploit.com

This Metasploit module exploits an unauthenticated remote command execution vulnerability that affects Chamilo versions 1.11.18 and below. Due to a functionality called Chamilo Rapid to easily convert PowerPoint slides to courses on Chamilo, it is possible for an unauthenticated remote attacker to execute arbitrary commands at the OS level using a malicious SOAP request at the vulnerable endpoint /main/webservices/additional_webservices.php.

tags | exploit, remote, arbitrary, php
advisories | CVE-2023-34960
SHA-256 | 9eddd6c9a39fb97ca77aeebd1ec713969953ce2f89e609c528b4a46ca5ec152d
SugarCRM 12.2.0 PHP Object Injection
Posted Aug 23, 2023
Authored by EgiX | Site karmainsecurity.com

SugarCRM versions 12.2.0 and below suffer from a PHP object injection vulnerability.

tags | exploit, php
advisories | CVE-2023-35810
SHA-256 | 32f7ef69ef5791e90290f62780a766a77c6238a01e2c71417b234a5b64db910c
RaspAP 2.8.7 Unauthenticated Command Injection
Posted Aug 15, 2023
Authored by Ege Balci, Ismael0x00 | Site metasploit.com

RaspAP is feature-rich wireless router software that just works on many popular Debian-based devices, including the Raspberry Pi. A Command Injection vulnerability in RaspAP versions 2.8.0 thru 2.8.7 allows unauthenticated attackers to execute arbitrary commands in the context of the user running RaspAP via the cfg_id parameter in /ajax/openvpn/activate_ovpncfg.php and /ajax/openvpn/del_ovpncfg.php. Successfully tested against RaspAP 2.8.0 and 2.8.7.

tags | exploit, arbitrary, php
systems | linux, debian
advisories | CVE-2022-39986
SHA-256 | abc5a8577c76d38277377259204d36eaaa8e98293d1ed4d1030fb74de2c622f0
DigaSell Digital Store PHP Script 1.0.0 Cross Site Scripting
Posted Aug 11, 2023
Authored by indoushka

DigaSell Digital Store PHP Script version 1.0.0 suffers from a cross site scripting vulnerability.

tags | exploit, php, xss
SHA-256 | f72dfd55d23408ab5429974dee598db6c2f5f4c1ad279051decdd75964ab240b
Discussion On Kontackt 1.18 Cross Site Scripting
Posted Aug 10, 2023
Authored by indoushka

Discussion On Kontackt The Exclusive PHP Social Network Platform version 1.18 suffers from a cross site scripting vulnerability.

tags | exploit, php, xss
SHA-256 | 7d18de8acfc063f172113a27af33ebbcf209b0dcb3d43c8ec163f7ff1adefc84
DigaSell Digital Store PHP Script 1.0.0 SQL Injection
Posted Aug 10, 2023
Authored by indoushka

DigaSell Digital Store PHP Script version 1.0.0 suffers from a remote blind SQL injection vulnerability.

tags | exploit, remote, php, sql injection
SHA-256 | 8729994d50fb2282a91511c1471e529be3acfb58262a0d60949d1b29f6c5d7a6
Chatone Social Networking PHP Script 1.6 Add Administrator
Posted Aug 9, 2023
Authored by indoushka

Chatone Social Networking PHP Script version 1.6 suffers from an add administrator vulnerability.

tags | exploit, php, add administrator
SHA-256 | aa549a9947a1342ad9aeff37c9e15f1e470ba8802ce29b603d258f911541cf20
Western Digital MyCloud Unauthenticated Command Injection
Posted Jul 28, 2023
Authored by Remco Vermeulen, Erik Wynter, Steven Campbell | Site metasploit.com

This Metasploit module exploits authentication bypass (CVE-2018-17153) and command injection (CVE-2016-10108) vulnerabilities in Western Digital MyCloud before 2.30.196 in order to achieve unauthenticated remote code execution as the root user. The module first performs a check to see if the target is WD MyCloud. If so, it attempts to trigger an authentication bypass (CVE-2018-17153) via a crafted GET request to /cgi-bin/network_mgr.cgi. If the server responds as expected, the module assesses the vulnerability status by attempting to exploit a commend injection vulnerability (CVE-2016-10108) in order to print a random string via the echo command. This is done via a crafted POST request to /web/google_analytics.php. If the server is vulnerable, the same command injection vector is leveraged to execute the payload. This module has been successfully tested against Western Digital MyCloud version 2.30.183.

tags | exploit, remote, web, cgi, root, php, vulnerability, code execution
advisories | CVE-2016-10108, CVE-2018-17153
SHA-256 | 0ce2f1497429d5e02113422d33a5d38d119e0b68b4af0aa04d5b4189b6ef07f8
Availability Booking Calendar PHP XSS / Arbitrary File Upload
Posted Jul 26, 2023
Authored by Andrey Stoykov

Availability Booking Calendar PHP suffers from cross site scripting and arbitrary file upload vulnerabilities. This was tested in July of 2023 but it is unclear what versions are affected.

tags | exploit, arbitrary, php, vulnerability, xss, file upload
SHA-256 | e67ac34384ab2be0d18a5bd94e4c7187126859aaf2b755a195aa0c55fd5cf914
WordPress File Manager Advanced Shortcode 2.3.2 Remote Code Execution
Posted Jul 25, 2023
Authored by h00die-gr3y, Mateus Machado Tesser | Site metasploit.com

WordPress File Manager Advanced Shortcode plugin does not adequately prevent uploading files with disallowed MIME types when using the shortcode. This leads to remote code execution in cases where the allowed MIME type list does not include PHP files. In the worst case, this is available to unauthenticated users, but it also works in an authenticated configuration. Versions 2.3.2 and below are affected. To install the Shortcode plugin File Manager Advanced version 5.0.5 or lower is required to keep the configuration vulnerable. Any user privileges can exploit this vulnerability which results in access to the underlying operating system with the same privileges under which the Wordpress web services run.

tags | exploit, remote, web, php, code execution
advisories | CVE-2023-2068
SHA-256 | 70276f13c7da05f57a272fbb51cb03ce6c129189c7bb524b4612cc20be063403
Bazaar Social Listing Shopping Web PHP Template 2.3.2 Cross Site Scripting
Posted Jul 14, 2023
Authored by indoushka

Bazaar Social Listing Shopping Web PHP Template version 2.3.2 suffers from a cross site scripting vulnerability.

tags | exploit, web, php, xss
SHA-256 | c6e4d11aa955cb2bed6d76defb35557734149c0312ced065d9b37014584f212f
Page 1 of 207
Back12345Next

File Archive:

December 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    11 Files
  • 2
    Dec 2nd
    0 Files
  • 3
    Dec 3rd
    0 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close