exploit the possibilities
Showing 1 - 25 of 4,965 RSS Feed

PHP Files

Klog Server 2.4.1 Command Injection
Posted Feb 15, 2021
Authored by Brendan Coles, Metin Yunus Kandemir, B3KC4T | Site metasploit.com

This Metasploit module exploits an unauthenticated command injection vulnerability in Klog Server versions 2.4.1 and prior. The authenticate.php file uses the user HTTP POST parameter in a call to the shell_exec() PHP function without appropriate input validation, allowing arbitrary command execution as the apache user.

tags | exploit, web, arbitrary, php
advisories | CVE-2020-35729
MD5 | 2fcde862940be1be38194631a27617e3
PEAR Archive_Tar Arbitrary File Write
Posted Jan 25, 2021
Authored by gwillcox-r7, xorathustra | Site metasploit.com

This Metasploit module takes advantages of Archive_Tar versions prior to 1.4.11 which fail to validate file stream wrappers contained within filenames to write an arbitrary file containing user controlled content to an arbitrary file on disk. Note that the file will be written to disk with the permissions of the user that PHP is running as, so it may not be possible to overwrite some files if the PHP user is not appropriately privileged.

tags | exploit, arbitrary, php
advisories | CVE-2020-28949
MD5 | 7c33e20f3f1e07af9b1f4641460e7354
PHP-Fusion 9.03.90 Cross Site Request Forgery
Posted Jan 15, 2021
Authored by Mohamed Oosman B S

PHP-Fusion version 9.03.90 suffers from a cross site request forgery vulnerability.

tags | exploit, php, csrf
MD5 | a76b7516f7ee7034ed0e11633425eb87
WordPress AIT CSV Import/Export 3.0.3 Shell Upload
Posted Jan 12, 2021
Authored by h00die | Site metasploit.com

WordPress AIT CSV Import/Export plugin versions 3.0.3 and below allow unauthenticated remote attackers to upload and execute arbitrary PHP code. The upload-handler does not require authentication, nor validates the uploaded content. It may return an error when attempting to parse a CSV, however the uploaded shell is left. The shell is uploaded to wp-content/uploads/. The plugin is not required to be activated to be exploitable.

tags | exploit, remote, arbitrary, shell, php
MD5 | c39ac90e0b404ac71d25decc4f495aec
WordPress wpDiscuz 7.0.4 Shell Upload
Posted Jan 8, 2021
Authored by Hoa Nguyen, Chloe Chamberland | Site metasploit.com

This Metasploit module exploits an arbitrary file upload in the WordPress wpDiscuz plugin version 7.0.4. This flaw gave unauthenticated attackers the ability to upload arbitrary files, including PHP files, and achieve remote code execution on a vulnerable server.

tags | exploit, remote, arbitrary, php, code execution, file upload
MD5 | 77c5903183e5519dfd6d1477ae0018a4
Practical PHP Security
Posted Jan 8, 2021
Authored by Andrey Stoykov

Whitepaper called Practical PHP Security.

tags | paper, php
MD5 | ba9dacc8d65da0f08072dc4b5e4512f6
WordPress Autoptimize Shell Upload
Posted Jan 8, 2021
Authored by Hoa Nguyen, Thien Ngo, Khanh Nguyen | Site metasploit.com

WordPress Autoptimize plugin suffers from a remote shell upload vulnerability. The ao_ccss_import AJAX call does not ensure that the file provided is a legitimate zip file, allowing high privilege users to upload arbitrary files, such as PHP, leading to remote code execution.

tags | exploit, remote, arbitrary, shell, php, code execution
advisories | CVE-2020-24948
MD5 | b411262c32d42ec1cbf7382e1a8f4a37
qdPM 9.1 PHP Object Injection
Posted Dec 31, 2020
Authored by EgiX | Site karmainsecurity.com

qdPM versions 9.1 and below suffer from an executeExport PHP object injection vulnerability.

tags | exploit, php
advisories | CVE-2020-26165
MD5 | 59a37dff15f2cdae915eeb5509b2b6a3
Gentoo Linux Security Advisory 202012-16
Posted Dec 24, 2020
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202012-16 - Multiple vulnerabilities have been found in PHP, the worst of which could result in a Denial of Service condition. Versions less than 8.0.0 are affected.

tags | advisory, denial of service, php, vulnerability
systems | linux, gentoo
advisories | CVE-2020-7069, CVE-2020-7070
MD5 | 96e08b0d750daa800cc55885a3ab17ec
TerraMaster TOS 4.2.06 Remote Code Execution
Posted Dec 23, 2020
Authored by IHTeam, Ozkan Mustafa Akkus | Site metasploit.com

This Metasploit module exploits an unauthenticated command execution vulnerability in TerraMaster TOS version 4.2.06 leveraging include/makecvs.php.

tags | exploit, php
MD5 | 72ff1d9e5912a41c8347d8d1f28bc5dd
WordPress Yet Another Stars Rating PHP Object Injection
Posted Dec 18, 2020
Authored by gx1, Paul Dannewitz | Site metasploit.com

This Metasploit module affects WordPress Yet Another Stars Rating plugin versions prior to 1.8.7 and demonstrates a PHP object injection vulnerability.

tags | exploit, php
MD5 | 8575b651a2e17e6d64eb04ca924071af
Onilne Bus Booking System Project 1.0 Cross Site Scripting
Posted Dec 11, 2020
Authored by Krishna Yadav

Online Bus Booking System Project using PHP MySQL version 1.0 suffers from a persistent cross site scripting vulnerability.

tags | exploit, php, xss
MD5 | 208efcea716842d4864b2ad444c630e5
Student Management System Project PHP 1.0 Cross Site Scripting
Posted Dec 8, 2020
Authored by Krishna Yadav

Student Management System PHP version 1.0 suffers from a persistent cross site scripting vulnerability.

tags | exploit, php, xss
advisories | CVE-2020-25955
MD5 | f1a1446475423ccf2da04b2a71a635da
Online Bus Booking System Project Using PHP MySQL 1.0 SQL Injection
Posted Dec 8, 2020
Authored by Krishna Yadavu

Online Bus Booking System Project using PHP MySQL version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

tags | exploit, remote, php, sql injection
advisories | CVE-2020-25889
MD5 | ac5a96c53a70bbf801b09b3978043c7f
Online Voting System Project In PHP Cross Site Scripting
Posted Dec 2, 2020
Authored by Sagar Banwa

Online Voting System Project in PHP suffers from a persistent cross site scripting vulnerability.

tags | exploit, php, xss
MD5 | 89b15c6e9643f5e189ef4b32f2c59242
Red Hat Security Advisory 2020-5275-01
Posted Dec 1, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-5275-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Issues addressed include buffer over-read, buffer overflow, code execution, information leakage, null pointer, and out of bounds read vulnerabilities.

tags | advisory, web, overflow, php, vulnerability, code execution
systems | linux, redhat
advisories | CVE-2019-11045, CVE-2019-11047, CVE-2019-11048, CVE-2019-11050, CVE-2019-19203, CVE-2019-19204, CVE-2019-19246, CVE-2020-7059, CVE-2020-7060, CVE-2020-7062, CVE-2020-7063, CVE-2020-7064, CVE-2020-7065, CVE-2020-7066
MD5 | 15b6e660f7ec10e7b1caf283b0e647fa
Online Job Portal In PHP/PDO 1.0 SQL Injection
Posted Nov 30, 2020
Authored by Mohamed Elobeid

Online Job Portal in PHP/PDO version 1.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, php, sql injection
MD5 | cb398e4945a60c2e520ea688340416bb
OpenMediaVault rpc.php Authenticated PHP Code Injection
Posted Nov 25, 2020
Authored by Anastasios Stasinopoulos | Site metasploit.com

This Metasploit module exploits an authenticated PHP code injection vulnerability found in openmediavault versions before 4.1.36 and 5.x versions before 5.5.12 inclusive in the "sortfield" POST parameter of the rpc.php page, because "json_encode_safe()" is not used in config/databasebackend.inc. Successful exploitation grants attackers the ability to execute arbitrary commands on the underlying operating system as root.

tags | exploit, arbitrary, root, php
advisories | CVE-2020-26124
MD5 | 5db0392e6b4ca81a678c8e7564a34918
WordPress Simple File List Unauthenticated Remote Code Execution
Posted Nov 25, 2020
Authored by h00die, coiffeur | Site metasploit.com

This Metasploit module exploits WordPress Simple File List plugin versions prior to 4.2.3, which allows remote unauthenticated attackers to upload files within a controlled list of extensions. However, the rename function does not conform to the file extension restrictions, thus allowing arbitrary PHP code to be uploaded first as a png then renamed to php and executed.

tags | exploit, remote, arbitrary, php
MD5 | 53dc99d870452eb23bdf7882ccb0c3e3
Online Doctor Appointment Booking System PHP And MySQL 1.0 SQL Injection
Posted Nov 17, 2020
Authored by Ramil Mustafayev

Online Doctor Appointment Booking System PHP and MySQL version 1.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, php, sql injection
MD5 | 3e8e325ed4abf3f78a52effcfddad10f
HorizontCMS 1.0.0-beta Shell Upload
Posted Nov 13, 2020
Authored by Erik Wynter | Site metasploit.com

This Metasploit module exploits an arbitrary file upload vulnerability in HorizontCMS 1.0.0-beta in order to execute arbitrary commands. The module first attempts to authenticate to HorizontCMS. It then tries to upload a malicious PHP file via an HTTP POST request to /admin/file-manager/fileupload. The server will rename this file to a random string. The module will therefore attempt to change the filename back to the original name via an HTTP POST request to /admin/file-manager/rename. For the php target, the payload is embedded in the uploaded file and the module attempts to execute the payload via an HTTP GET request to /storage/file_name.

tags | exploit, web, arbitrary, php, file upload
advisories | CVE-2020-27387
MD5 | b1586e133ec28d35e83ec172e95fe1d0
WordPress File Manager 6.8 Remote Code Execution
Posted Nov 10, 2020
Authored by Imran E. Dawoodjee, Alex Souza | Site metasploit.com

The WordPress File Manager (wp-file-manager) plugin versions 6.0 through 6.8 allows remote attackers to upload and execute arbitrary PHP code because it renames an unsafe example elFinder connector file to have the .php extension. This, for example, allows attackers to run the elFinder upload (or mkfile and put) command to write PHP code into the wp-content/plugins/wp-file-manager/lib/files/ directory.

tags | exploit, remote, arbitrary, php
advisories | CVE-2020-25213
MD5 | 33be7d7b4c3915b9705e403be54c86a0
Nagios XI 5.7.3 Remote Command Injection
Posted Oct 28, 2020
Authored by Chris Lyne, Matthew Aberegg

Nagios XI version 5.7.3 mibs.php remote command injection exploit.

tags | exploit, remote, php
advisories | CVE-2020-5791
MD5 | 8e729d2d07e2d318addb68643737cde7
Ubuntu Security Notice USN-4583-2
Posted Oct 27, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4583-2 - USN-4583-1 fixed vulnerabilities in PHP. This update provides the corresponding update for Ubuntu 20.10. It was discovered that PHP incorrectly handled certain encrypt ciphers. An attacker could possibly use this issue to decrease security or cause incorrect encryption data. Various other issues were also addressed.

tags | advisory, php, vulnerability
systems | linux, ubuntu
advisories | CVE-2020-7069, CVE-2020-7070
MD5 | 8943172472289400ae6eeaa13c5ed52b
Ubuntu Security Notice USN-4586-1
Posted Oct 21, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4586-1 - It was discovered that PHP ImageMagick extension didn't check the address used by an array. An attacker could use this issue to cause PHP ImageMagick to crash, resulting in a denial of service.

tags | advisory, denial of service, php
systems | linux, ubuntu
advisories | CVE-2019-11037
MD5 | f6fae5027be9e5b089b950f64fd8d5ab
Page 1 of 199
Back12345Next

File Archive:

March 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    19 Files
  • 2
    Mar 2nd
    15 Files
  • 3
    Mar 3rd
    30 Files
  • 4
    Mar 4th
    0 Files
  • 5
    Mar 5th
    0 Files
  • 6
    Mar 6th
    0 Files
  • 7
    Mar 7th
    0 Files
  • 8
    Mar 8th
    0 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    0 Files
  • 12
    Mar 12th
    0 Files
  • 13
    Mar 13th
    0 Files
  • 14
    Mar 14th
    0 Files
  • 15
    Mar 15th
    0 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    0 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close