what you don't know can hurt you
Showing 1 - 25 of 5,008 RSS Feed

PHP Files

Tapatalk Plugins PHP Object Injection
Posted Oct 5, 2021
Authored by dH team

dH team discovered a PHP object injection vulnerability in all Tapatalk plugins that can allow attackers to execute PHP code, perform SQL injection, or cause denial of service conditions.

tags | exploit, denial of service, php, sql injection
MD5 | 5e25a7c61dd64722f78c981335320c7b
Company's Recruitment Management System SQL Injection
Posted Oct 4, 2021
Authored by nu11secur1ty

Company's Recruitment Management System in PHP and SQLite Free Source Code suffers from a remote SQL injection vulnerability.

tags | exploit, remote, php, sql injection
MD5 | 5dad0ab07935fd852a5f37380715c9c9
Local Offices Contact Directory Site SQL Injection
Posted Oct 4, 2021
Authored by nu11secur1ty

Local Offices Contact Directory Site using PHP and SQLite Free Source Code suffers from a remote SQL injection vulnerability.

tags | exploit, remote, local, php, sql injection
MD5 | b6786101aa6c4cb696251f2b75da6e63
PASS-PHP 1.0 SQL Injection / Cross Site Scripting
Posted Sep 27, 2021
Authored by nu11secur1ty

PASS-PHP version 1.0 suffers from remote SQL injection and cross site scripting vulnerabilities.

tags | exploit, remote, php, vulnerability, xss, sql injection
MD5 | 0c7e1fdc0dcd0a919eee65b9dd1e364d
elFinder Archive Command Injection
Posted Sep 15, 2021
Authored by Shelby Pace, Thomas Chauchefoin | Site metasploit.com

elFinder versions below 2.1.59 are vulnerable to a command injection vulnerability via its archive functionality. When creating a new zip archive, the name parameter is sanitized with the escapeshellarg() php function and then passed to the zip utility. Despite the sanitization, supplying the -TmTT argument as part of the name parameter is still permitted and enables the execution of arbitrary commands as the www-data user.

tags | exploit, arbitrary, php
advisories | CVE-2021-32682
MD5 | 748ee7b37719159b8db8d6bf33aad64b
AHSS-PHP 1.0 Cross Site Scripting / SQL Injection
Posted Sep 15, 2021
Authored by nu11secur1ty

AHSS-PHP version 1.0 suffers from cross site scripting and remote SQL injection vulnerabilities.

tags | exploit, remote, php, vulnerability, xss, sql injection
MD5 | 00674176fa93d01b22d17bb2c4952741
POMS-PHP 1.0 SQL Injection
Posted Sep 9, 2021
Authored by nu11secur1ty

POMS-PHP version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

tags | exploit, remote, php, sql injection
MD5 | bd8eafbd3e81ab90a2981a83f111f34c
Firebase PHP-JWT Algorithm Confusion
Posted Aug 15, 2021
Site paragonie.com

Firebase's PHP-JWT suffers from an algorithm confusion issue. Proof of concept code included.

tags | exploit, php, proof of concept
MD5 | 4c84fb0fba2f42d4741760b2e2b2764c
COVID19 Testing Management System 1.0 SQL Injection
Posted Aug 12, 2021
Authored by Ashish Upsham

COVID19 Testing Management System version 1.0 suffers from a remote SQL injection vulnerability leveraging the searchdata parameter on the patient-search-report.php page. This is a variant of the original discovery of SQL injection in this version as discovered by Rohit Burke in May of 2021.

tags | exploit, remote, php, sql injection
MD5 | b36fd4281ed2835482616a0d0da9e478
Red Hat Security Advisory 2021-2992-01
Posted Aug 3, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-2992-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Issues addressed include bypass, null pointer, and server-side request forgery vulnerabilities.

tags | advisory, web, php, vulnerability
systems | linux, redhat
advisories | CVE-2020-7068, CVE-2020-7069, CVE-2020-7070, CVE-2020-7071, CVE-2021-21702, CVE-2021-21705
MD5 | 0321756619f042ba1c91635b25b8fce2
Hotel Management System 1.0 Cross Site Scripting / Shell Upload
Posted Aug 3, 2021
Authored by Merbin Russel

Hotel Management System version 1.0 exploit that leverages a blind cross site scripting attack against the admin to have a reverse PHP shell uploaded.

tags | exploit, shell, php, xss
MD5 | aa7d7b6de743aefd9eda1c19bbe45794
PHP 7.3.15-3 PHP_SESSION_UPLOAD_PROGRESS Session Data Injection
Posted Jul 27, 2021
Authored by Faisal Alhadlaq

PHP version 7.3.15-3 suffers from a PHP_SESSION_UPLOAD_PROGRESS session data injection vulnerability.

tags | exploit, php
MD5 | c88e9682c0140b88e53745d1f1516e69
WordPress SP Project And Document Remote Code Execution
Posted Jul 26, 2021
Authored by Ron Jost, Yann Castel | Site metasploit.com

This Metasploit module allows an attacker with a privileged WordPress account to launch a reverse shell due to an arbitrary file upload vulnerability in WordPress SP Project and Document plugin versions prior to 4.22. The security check only searches for lowercase file extensions such as .php, making it possible to upload .pHP files for instance. Finally, the uploaded payload can be triggered by a call to /wp-content/uploads/sp-client-document-manager/<user_id>/<random_payload_name>.php.

tags | exploit, arbitrary, shell, php, file upload
advisories | CVE-2021-24347
MD5 | d73daa7ac6681410691920aff7640598
WordPress Modern Events Calendar Remote Code Execution
Posted Jul 26, 2021
Authored by Ron Jost, Yann Castel, Nguyen Van Khanh | Site metasploit.com

This Metasploit module allows an attacker with a privileged WordPress account to launch a reverse shell due to an arbitrary file upload vulnerability in WordPress Modern Events Calendar plugin versions prior to 5.16.5. This is due to an incorrect check of the uploaded file extension. Indeed, by using text/csv content-type in a request, it is possible to upload a .php payload as is is not forbidden by the plugin. Finally, the uploaded payload can be triggered by a call to /wp-content/uploads/<random_payload_name>.php.

tags | exploit, arbitrary, shell, php, file upload
advisories | CVE-2021-24145
MD5 | 75b29e689541f825031d9308d2c36b24
WordPress Backup Guard Authenticated Remote Code Execution
Posted Jul 21, 2021
Authored by Ron Jost, Nguyen Van Khanh | Site metasploit.com

This Metasploit module allows an attacker with a privileged WordPress account to launch a reverse shell due to an arbitrary file upload vulnerability in Wordpress plugin Backup Guard versions prior to 1.6.0. This is due to an incorrect check of the uploaded file extension which should be of SGBP type. Then, the uploaded payload can be triggered by a call to /wp-content/uploads/backup-guard/<random_payload_name>.php.

tags | exploit, arbitrary, shell, php, file upload
advisories | CVE-2021-24155
MD5 | a13b79ee96d9f6b0f86db446a8c091a9
KevinLAB BEMS 1.0 Authenticated File Path Traversal / Information Disclosure
Posted Jul 20, 2021
Authored by LiquidWorm | Site zeroscience.mk

KevinLAB BEMS version 1.0 suffers from an authenticated arbitrary file disclosure vulnerability. Input passed through the page GET parameter in index.php is not properly verified before being used to include files. This can be exploited to disclose the contents of arbitrary and sensitive files via directory traversal attacks.

tags | exploit, arbitrary, php
MD5 | 4bc3f448faf6a5df2c5354ab9084063b
KevinLAB BEMS 1.0 Unauthenticated SQL Injection / Authentication Bypass
Posted Jul 20, 2021
Authored by LiquidWorm | Site zeroscience.mk

KevinLAB BEMS version 1.0 suffers from an unauthenticated SQL Injection vulnerability. Input passed through input_id POST parameter in /http/index.php is not properly sanitized before being returned to the user or used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code to bypass the authentication mechanism.

tags | exploit, web, arbitrary, php, sql injection
MD5 | 3498bc654a493cbf9b46522829eb067c
Concrete5 8.5.5 Phar Deserialization
Posted Jul 20, 2021
Authored by EgiX | Site karmainsecurity.com

Concrete5 versions 8.5.5 suffer from a logging settings phar deserialization vulnerability. User input passed through the logFile request parameter is not properly sanitized before being used in a call to the file_exists() function at line 91. This can be exploited by malicious users to inject arbitrary PHP objects into the application scope (PHP Object Injection via phar:// stream wrapper), allowing them to carry out a variety of attacks, such as executing arbitrary PHP code. Successful exploitation of this vulnerability requires an administrator account.

tags | advisory, arbitrary, php
advisories | CVE-2021-36766
MD5 | a1fb25a9ba4326669a0ede911fe27d02
Ubuntu Security Notice USN-5006-2
Posted Jul 14, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5006-2 - USN-5006-1 fixed several vulnerabilities in PHP. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. It was discovered that PHP incorrectly handled certain PHAR files. A remote attacker could possibly use this issue to cause PHP to crash, resulting in a denial of service, or possibly obtain sensitive information. Various other issues were also addressed.

tags | advisory, remote, denial of service, php, vulnerability
systems | linux, ubuntu
advisories | CVE-2020-7068, CVE-2020-7071, CVE-2021-21702, CVE-2021-21704, CVE-2021-21705
MD5 | 66293c19cf8113112211326af4be7f4c
Ubuntu Security Notice USN-5006-1
Posted Jul 7, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5006-1 - It was discovered that PHP incorrectly handled certain PHAR files. A remote attacker could possibly use this issue to cause PHP to crash, resulting in a denial of service, or possibly obtain sensitive information. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. It was discovered that PHP incorrectly handled parsing URLs with passwords. A remote attacker could possibly use this issue to cause PHP to mis-parse the URL and produce wrong data. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 20.10. Various other issues were also addressed.

tags | advisory, remote, denial of service, php
systems | linux, ubuntu
advisories | CVE-2020-7068, CVE-2020-7071, CVE-2021-21702, CVE-2021-21704, CVE-2021-21705
MD5 | d2eaebcf41b9edfd36340798eb2ac873
WordPress wpDiscuz 7.0.4 Shell Upload
Posted Jun 28, 2021
Authored by Hoa Nguyen, Chloe Chamberland | Site metasploit.com

This Metasploit module exploits an arbitrary file upload in the WordPress wpDiscuz plugin versions from 7.0.0 through 7.0.4. This flaw gave unauthenticated attackers the ability to upload arbitrary files, including PHP files, and achieve remote code execution on a vulnerable server.

tags | exploit, remote, arbitrary, php, code execution, file upload
advisories | CVE-2020-24186
MD5 | fdf8135289f12d026401f86e91ab3f6d
Lightweight Facebook-Styled Blog Remote Code Execution
Posted Jun 25, 2021
Authored by Maide Ilkay Aydogdu

This Metasploit module exploits the file upload vulnerability of Lightweight self-hosted facebook-styled PHP blog and allows remote code execution.

tags | exploit, remote, php, code execution, file upload
MD5 | 574d24d96494d02754d265cd9346aa85
rConfig Shell Upload
Posted Jun 24, 2021
Authored by Murat Seker, Vishwaraj Bhattrai | Site metasploit.com

This Metasploit module allows an attacker with a privileged rConfig account to start a reverse shell due to an arbitrary file upload vulnerability in /lib/crud/vendors.crud.php.

tags | exploit, arbitrary, shell, php, file upload
MD5 | b0d94160c515ca53615beeeac06c2e14
SuiteCRM Log File Remote Code Execution
Posted Jun 4, 2021
Authored by M. Cory Billington | Site metasploit.com

This Metasploit module exploits an input validation error on the log file extension parameter. It does not properly validate upper/lower case characters. Once this occurs, the application log file will be treated as a php file. The log file can then be populated with php code by changing the username of a valid user, as this info is logged. The php code in the file can then be executed by sending an HTTP request to the log file. A similar issue was reported by the same researcher where a blank file extension could be supplied and the extension could be provided in the file name. This exploit will work on those versions as well, and those references are included.

tags | exploit, web, php
advisories | CVE-2020-28328
MD5 | d7acd34cfa8d5f47a3eb69700fe86af1
PHP 8.1.0-dev User-Agentt Remote Code Execution
Posted Jun 3, 2021
Authored by flast101

PHP version 8.1.0-dev remote code execution exploit that leverages a backdoor under the User-Agentt header.

tags | exploit, remote, php, code execution
MD5 | 4a66165091ec5e614d9f7b2d045ffcb8
Page 1 of 201
Back12345Next

File Archive:

October 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    16 Files
  • 2
    Oct 2nd
    1 Files
  • 3
    Oct 3rd
    1 Files
  • 4
    Oct 4th
    24 Files
  • 5
    Oct 5th
    24 Files
  • 6
    Oct 6th
    11 Files
  • 7
    Oct 7th
    14 Files
  • 8
    Oct 8th
    19 Files
  • 9
    Oct 9th
    1 Files
  • 10
    Oct 10th
    0 Files
  • 11
    Oct 11th
    7 Files
  • 12
    Oct 12th
    15 Files
  • 13
    Oct 13th
    26 Files
  • 14
    Oct 14th
    10 Files
  • 15
    Oct 15th
    6 Files
  • 16
    Oct 16th
    2 Files
  • 17
    Oct 17th
    1 Files
  • 18
    Oct 18th
    14 Files
  • 19
    Oct 19th
    15 Files
  • 20
    Oct 20th
    20 Files
  • 21
    Oct 21st
    12 Files
  • 22
    Oct 22nd
    14 Files
  • 23
    Oct 23rd
    3 Files
  • 24
    Oct 24th
    1 Files
  • 25
    Oct 25th
    33 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close